My private data belongs to me! The 28th January 2017 is a special day. It was established to remind us how important data protection is. Organisations in America, Canada and in the EU undertake various actions to contribute to this remembrance.

picture of data protection day

© Tomasz Zajda - fotolia.com

We also consider data protection important and support our clients in meeting data protection regulations by enableing them to share personal and private information safely via email. We dedicate today’s blog entry to this subject. We found three noteworthy examples that illuminate the meaningfulness of data protection and how hard it can be to protect it – even if one tries to follow the rules and attempt to do everything right.

Big deal: credit card provider could give away weight of potential passengers to airlines

The credit card provider Mastercard applied for a patent in 2015. Purchases carried out by credit card give insight into the card owner’s data including his/her family members’ height and weight. With the patent Mastercard sought to share this data with companies in the travel industry such as airlines or bus companies. In plain English: Mastercard analyses its customers‘ size of shoes and clothing.

Wouldn’t that be great? Never again would you need to sit next to an oversized person because the airline took care of it in advance by placing all passengers according to their clothes size in the aircraft in the most appropriate and optimal way. But hang on a second, one gets that suspicious feeling that heavyweights, even midweights might be charged more by transport companies than lightweights without anyone even noticing it. I admit the argument weighs heavy but in our culture of business that strives for optimization this possibility cannot be neglected.

Apparently, for now, Mastercard does not strive to monetize their patent and of course they would need to ask their customers‘ consent before handing over personal data to transport companies. However, it is very likely that Mastercard wants to make use of this data sooner or later in one way or another in view of the costly patent application process.

When your speaker goes shopping,

Don`t be surprised to find a dolls house and a stock of cookies on your door step. That’s what happened just recently in Texas. The Echo Dot is a speaker from Amazon. It can play music, and it can do so much more: schedule dates in your calendar, make a shopping list and go shopping on the internet. Here is what happened: First the intelligent speaker ordered two kilos of cookies and a dolls house for six-year old Brook after she gave ‘him’(or is Alexa her?) the order: “Alexa order me a doll house and some cookies“.

Then the story was taken up by a local tv station and the tv presenter repeated the girl’s magic words „Alexa order me a dolls house“. All of a sudden numerous Echo speakers went on a shopping tour and ordered dolls houses for their families because the tv presenter asked them to. Alexa cannot distinguish voices and therefore placed the orders. Luckily, Amazon had taken care of it in advance: the automatic purchase option can be switched off and there is a possibility to confirm each purchase with a pin. These settings need to be carried out by the user proactively though. What a wonderful new (shopping) world!

And it becomes even more wonderful: at the trade show CES in Las Vegas at the beginning of January 700 new devices and applications were spotted that have to do with the language detection device Alexa from Amazon. Let’s see what our fridge, car, babyphone, or music streamer will order for us next.

uXDT technology traces tor users

The Tor browser enables you to surf the web anonymously. Internet users, who do not want companies to gather their data while surfing and sell it to the advertising industry activate an ad blocker and they can browse the web anonymously using Tor. That’s handy because secret services or other interested (governmental) institutions cannot track you either. But hang on! That’s over now.

Recently scientists found you could identify Tor users with the help of ultra-sonic waves. It worked by using the uXDT technology. This technology has been used by the advertising industry for some years to place ads across various devices. Here is how it works: during lunch break a user surfs on a website to catch up on the latest results of his favourite football club. He scrolls down and overlooks the beer ad that is placed in the middle of the text. In the meantime, the ad has sent an audio signal in ultra-sonic range to some of the user’s apps on his smartphone. Most free apps come with an sdk (software development kit). Thanks to this technology the beer ad will appear later on the smartphone again.

With the help of uXDT in combination with ultra-sonic waves Vasilios Mavroudis managed to get hold of data like email and IP addresses, telephone numbers and geolocation data. He managed to match a formerly anonymous Tor user to an identifiable smartphone. One means of avoiding a potential observation through ultra-sonic waves is to reject using free apps altogether.

There are many ways to stumble and give away personal data in the digital world – even though you try hard not to, be it by paying with your credit card, playing around with your IoT devices or even when surfing the web anonymously. What to do? Get offline? No chance, we love to be online. But from time to time we should keep ourselves aware of the great significance of data protection.