Is it safe and secure?

The safety and security of the Internet impacts us all. We should be able to understand what is happening to our data, and have the ability to control how it is used.

From the phones in our pockets to the biometric databases that identify us to government officials, our personal stake in digital security is growing. You can have ‘nothing to hide’ and still not want to be targeted by aggressive advertisers or snoopers.

Our Web browsing is tracked and logged, online cameras are ubiquitous in cities, and we are welcoming more Internet connected devices into our homes. We have gained endless daily conveniences and ‘free’ services from these innovations, but the data they generate is crunched, archived and repurposed for marketing and surveillance.

We face risks now that were unimaginable only a decade ago, and many companies and governments are acquiring and using data in ways that do not have people’s best interests at heart. Unfortunately, those we trust to handle our data sometimes fail us.

Better security – and more choice – is the antidote for a decline in trust of online services. We need to push for more lean data practices, meaning that less personal data is shared and logged in the first place.

Skip to data visuals

Healthy

Public awareness about privacy being under threat in the digital sphere appears to be growing, and this is a helpful precursor to pushing for better rights and services. Lawmakers in many countries are engaging positively with online privacy issues, especially in Europe.

Hundreds of millions of people are taking charge of their personal Web experience by installing ad-blockers. One of the top three stated reasons for blocking ads is security, given that ads can be a channel for malware. This presents challenges for publishers, but also creates a strong incentive for the industry to make online ads better.

More messaging apps, including WhatsApp, now offer end-to-end encryption, meaning that conversations are protected from eavesdroppers, including the service provider.

Web traffic encryption is rising too. One factor is the launch of Let’s Encrypt, a new certificate authority that makes it easy and free to add HTTPS to any website. This helps protect the privacy of users, and offers some guarantee they are not looking at spoof pages. Also driving adoption, search engines and browsers are now subtly rewarding HTTPS websites.

Unknown to most, Internet communication will be more private, and possibly also faster, due to an upcoming new version of the cryptographic protocol called Transport Layer Security (TLS 1.3) that is used to secure all communications between Web browsers and servers.

Unhealthy

In 2013, US whistleblower Edward Snowden opened the world’s eyes to the full extent of government sanctioned, global digital mass surveillance, even in democratic countries. There is more public scrutiny of surveillance laws than before, but it hasn’t stopped greater snooping powers from being proposed in Britain, Pakistan, France and several other countries.

As cars, refrigerators, toys and all manner of devices connect to the Internet, the risks for both surveillance and malicious hacks are growing. In November 2016, a malware program called Mirai mobilized 100,000 connected devices, including webcams and baby monitors, in a distributed denial-of-service attack (DDOS) that briefly took down parts of the Internet. The owners of those compromised devices may never know (or care) what happened, and cheap and insecure devices will continue to be manufactured, unless safety standards, rules and accountability measures take hold.

Data breaches can lay bare the passwords of millions of people when the information is posted online or sold to the highest bidder. Unfortunately, breaches can go undiscovered for years, even when as many as 1 billion accounts are compromised. Which means… you may never learn the source of that identity theft that led your credit score to plunge.

Ransomware that hijacks computers and demands immediate payment to avert deletion, has grown into a multi-million dollar criminal industry with victims ranging from regular users to hospitals, schools, businesses, and one day perhaps critical infrastructure. Just one false click in an email purporting to be legitimate, can be enough to cause real damage.

Prognosis

The Internet depends on the security and trust of its users to function in a healthy way. Will the safety and privacy measures developed for software, networks and devices match the threats? We need to push governments and software makers to ensure that they do.

Through everyday interaction we are generating lifelong digital footprints across a range of corporate and government databases. At the personal level, we should take safety precautions with username and passwords until we have a better form of authentication.

Above all, we should be more critical about what information we share voluntarily. Will the online dating profile you posted 6 years ago ever get deleted? How long do the online ads you view track you? Even if you’d like to know the privacy conditions of online platforms, they are usually not written in language an average person understands.

Technology can be a real source of freedom and empowerment, but it can also be a tool of authoritarian control. No matter where in the world, we need to rein in the ability of officials and corporations to archive every movement and uttered word, for today and the future.

Data visuals

Public opinion

Attitudes about online privacy

People want to control what information they share, but can’t.

Digital systems share our personal preferences over the Internet with… we don’t really know. US Research shows online privacy is “very important” to people, even when they lack skills to protect themselves. Perceptions vary elsewhere, but if we can leverage public opinion to improve privacy rights, there’s hope.

Data protection

Laws to protect personal data

Close to a third of the world’s population still have no data protection rights.

Around half of all countries, including most of Asia, Africa and the United States have no comprehensive laws to define privacy rights or rules for fair handling of personal data. The European Union has strong protections, and national laws in many other countries are forthcoming.

Encryption

HTTPS rising

Many more websites now encrypt Web traffic with HTTPS.

The padlock in your browser’s address bar is seeing more action as nearly 50% of webpages now offer secure connections (compared with around 40% at the start of 2016). HTTPS is no longer limited to just banking and shopping. All Web browsing should be encrypted.

Data breaches

Increased online vulnerability

Breaches affected hundreds of millions of accounts in 2013-2016.

When data is stolen, sometimes no one knows until logins, passwords and other personal information show up for sale online. Breaches are getting bigger and more frequent. Do we have a security epidemic on our hands? In December 2016, Yahoo reported the biggest breach in history: 1 billion accounts.

Sensitive data

Data breaches in different sectors

Breaches in the health and medical sector have skyrocketed in the past 3 years.

If the US numbers are anything to go by, we can see the risk of new sectors adopting more technology without always having the necessary security experience or budgets. There are great opportunities for better healthcare management thanks to the Internet, but also huge personal risks on a global scale. Who weighs the pros and cons?

avatar
13 Comment threads
8 Thread replies
13 Followers
 
Most reacted comment
Hottest comment thread
newest oldest most voted
John S
Guest
John S

No other way to improve privacy on the web then to limit your personal data exposure. Just because you trust a Facebook or Google does not mean that information stays with those entities exclusively. Personal information stored on servers you have no ideal where they are, or how well they are protected is leaving yourself open to losing your information. Its better to assume the more you open your information to the web to more risk you take.

anonymous_guy
Guest
anonymous_guy

Qualifying Whatsapp’s activity as “healthy for the internet” seems quite crazy to me.

whyisthisfieldrequired?
Guest
whyisthisfieldrequired?

Therefore it would be beneficial if Mozilla would remove the tracking abilities from its browser. No unique id is required for surfing the web. So why does Firefox implement a unique id?

Dark Flare
Guest
Dark Flare
marlaw
Guest
marlaw

For more than a decade I’ve been imagining that these things happen. I also suspect that some organizations go out to play at least with two shirts. They have one team in front, and the other one underneath.
But the simple users we can deal with these things? I think these are the conditions of possibility that the Internet has for us. Besides, I am not willing to become paranoid. It would be a waste of useless energy. In any case we should think about returning to the messenger pigeons

WhiskeyTangoFoxtrot
Guest
WhiskeyTangoFoxtrot

Then why does Mozilla have telemetry data enabled as default (Options->Data sources-> Share telemetry)? Why does is private browsing NOT enabled as default? Why does one have to go through Options very carefully to ensure a more private browsing experience?
Seems to me, Mozilla is a bit of an offender.

Algoinde
Guest
Algoinde

What they are talking about is tracking and privacy. The telemetry is completely anonymous and sent over a secure line; Mozilla does not fingerprint you using the data you send. It’s used for statistics and crash reports.

با پیانو
Guest

Thank you for good report

anonrebel
Guest
anonrebel

Also very subtle Mozilla having the eye of Ra/Horas/All seeing eye/eye of providence on the front of your page 🙂 Not like the “about:mozilla/palemoon/iceweasel” ect pages didn’t give away anything.

anonrebel
Guest
anonrebel

Nothing we can do mozilla is controlled too and guess who created TOR? That’s right the government. No such thing as privacy. Look at the RFID chip implants we’re fucked.. I would say switch to a GNU/Linux distro but even Richard Stallman was exposed of being an occult leader of sorts just look up gnu isn’t gng to get my point. :/

For all those who are lazy to do it here’s the link: http://gng.z505.com/

anyone
Guest
anyone

Your conclusion amounts to victim blaming: “Above all, we should be more critical about what information we share voluntarily.” If this advice is to be taken seriously, then let’s illustrate it with an example: You walk into a grocery store. The grocery store performs a quick facial scan to ascertain your mood to gauge how likely you are to cause trouble. You’re sharing this information with the facial recognition system voluntarily. You should be more critical of sharing this information and therefore try not to show emotion. Keep a stoic expression at all times, since who knows maybe that CCTV… Read more »

WhiskeyTangoFoxtrot
Guest
WhiskeyTangoFoxtrot

Good points. I would argue that Mozilla chooses the target of least resistance. Much harder to convince profit-centric private corporations to do the right thing than non-paying essentially free individuals. I agree with all your points btw. The issue remains massive data collection and very little transparency or accountability. Furthermore- in your scenario- you enter a store. It is private property. They would argue (IMHO sophistical) that your choice to enter their premises equates to you signing off on their terms and conditions of entry (data collection, data sharing, surveillance behaviour prediction etc)- yet they never provide you with a… Read more »

Remonteros
Guest
Remonteros

Encryption is critical for individual as well for all business World wide- privite encryption firms have to be funded byeveryone pay more for the best to protect and long prison terms for cyber criminals.

newton batista carneiro
Guest
newton batista carneiro

segurança seria aquilo que buscamos todos os dias pra nós e mais ainda pra nossa família ,e nossa internet caminhamos pra ser livre ,e viver com aquilo que gostamos e desejamos ,pós ainda falta muito pra se chegar a este ponto ,que ira dar mais estabilidade ,de se navegar ,ser livre ir e vir ,sem ser obrigado a seguir regras e ordem ditadas pelo site forte poderoso ,devido a isto gosto muito do nosso Mozilla ,livre sem propagandas e rápido ,muito obrigado

foo
Guest
foo

Security by obscurity works best when there’s also a distance or proximity element involved. For example, I don’t need to put bars on my windows, because there aren’t many criminals on my street, most of them are far away and can’t easily get to every house… but if every worst criminal in the entire world had immediate and full access to my street at any time, and there was little to no cost for them to all try to break into every house worldwide as hard as they could, then I’d need a lot more than mere bars on the… Read more »

WhiskeyTangoFoxtrot
Guest
WhiskeyTangoFoxtrot

“meat space” WTF- don’t make up tech jargon words, it’s obfuscating, stupid and we have plenty of perfectly serviceable well-used English words already widely understood. IF you cannot speak good English, don’t murder it.

Jonathan North Priluck
Guest

As a mathematician, I understand that my best protection is built into the world. Obscurity, vast sums of data, huge amounts of electrons spinning around the globe at the speed of light. The chances of getting affected by these problems is astonishingly small in any given location. I work for the United States Navy, I tell people every day, security is an individual responsibility, which operates on the collective level. If you are secure, the person next to you is probably also secure. You can spend a lot of time and energy trying to avoid possible (but unlikely) events from… Read more »

Troels
Guest
Troels

Well spoken, man. I still worry some though.

Alois Mahdal
Guest
Alois Mahdal

Yes. people know what to do when they smell smoke. They also know what to do when food smells, tastes bad or gives them aches. But they don’t know what to do when their browser warns them about TLS. They don’t know when their OS warns them how many privileges an app has. They don’t know how not to give up control of their devices to someone else (and how to *know* whom are they giving it). They don’t know how to manage all the contacts without submitting their social networks hostage to completely foreign companies. They don’t know how… Read more »

WhiskeyTangoFoxtrot
Guest
WhiskeyTangoFoxtrot

Sophistic argument by the guilty party. You sound much like mathematician Nash whose game theory was heavily biased by his own personal schizophrenia which he believed fervently was real and not a figment of a damaged imagination. Ergo your premises are flawed and your arguments illogical and irrational. Premise one- lots of information alias needle in haystack argument. False analogy- you claim the vast sea of data renders it very difficult to find he one plankton. This is known to be false, considering the data collection auto-tags everything with metadata- at least date, time and origin. This is later filtered… Read more »