Canadian Internet Providers may not be protecting your privacy

A recent study by CBC has revealed that the largest internet service providers in Canada may not be protecting your private data as much as you thought they were.

You can access the CBC article at the link referenced below

http://www.cbc.ca/news/technology/internet-carriers-may-be-breaching-canadian-privacy-laws-1.2992125

Unfortunately, this doesn't come as much of a surprise to those in the information security field.  The field of Privacy is evolving, and consumers, whether they know it or not consistently give the rights to their information away to various service providers and search engine agents such as Google, Facebook, etc.  

The routing of information in the internet is complex as well.  Our internet traffic can be routed around the world whenever we visit a webpage, or send an email, which puts that information into the jurisdiction of other countries.  Once there, it is relatively trivial for governmental agencies to listen in if they are inclined to do so.  This is why we need be selective in what mediums we use for communicating sensitive information.  For example:

  1. Never put passwords into an email - email contents are generally not encrypted and can be picked up by organizations who want to intercept your traffic.  It is a  better idea, to communicate the password in person, over the phone, or through an encrypted instant messaging service
  2. Never give out your credit card information to a telephone solicitor when you did not initiate the conversation.  If there is a product you really want to buy, ask the vendor for a phone number you can call.  Look it up before placing the call to ensure it is legitimite, and then proceed.  It is simple for crooks to spoof or fake a phone number, so we cannot rely on caller id to weed out the scammers from the authentic service providers.
  3. When websites ask for your birthday, ask yourself why they need that information.  Does the recipe of the day really need to know when you were born?  Consider creating a fake birthday for these types of sites to prevent the risk of a data breach from leaking your information to bad guys whose intentions may not be very pure.

Password reuse is strongly discouraged.  At a bare minimum, your banking and email passwords should be drastically different.  If you are having a hard time remembering all those passwords, use a password keeper tool.  There are many free and paid solutions available for download.  They are simple to use, provide good security to your information, and many will give you options to back up your password lists in case your computer crashes and you lose everything in it.

Category: