Digital devices generate personal data that expose us to cyber spying. PHOTO | FOTOSEARCH
In what is an increasingly digital first world, there have been calls from consumers and consumer groups to regulate and monitor the collection, storage and usage of uniquely identifying data by large corporates and also recently, smaller companies and independent developers in the search for the holy grail of monetisation.
A lot has been done on this front with service providers deploying a myriad of interventions to calm nerves by protecting and securing data from creation, while in transit and in storage.
What we as creators of digital footprints, intended or unintended from the daily ebb and flow of life, must realise is that our greatest threats lie not in the siloed accumulation of personal information in huge data warehouses run and operated by the service providers we patronise daily but in the metadata that is appended to every little piece of content we generate.
The definition so succinctly captured on Wikipedia is “Metadata is “data [information] that provides information about other data”. Often ignored due to the focus on the primary data, we leave our personal lives and also those of our commercial enterprises vulnerable to compromise in various forms.
Without access to the actual content generated, information contained in metadata can be used with great accuracy to map out very intimate parts of us and on the corporate front reveal the outlines of strategic plans and playbooks.
What is this metadata I hear you ask? On the personal level, for example, when you make a phone call, I do not need to know the contents of the call, but with knowledge on the time of the call, duration, location before, during and after and the call recipient I can form a hunch.
Now couple that with the many apps that we have on our phones at have the full gamut of permissions enabled such as access to the SMS inbox and also the ability to read what apps we have active, I could enrich my profiling — knowing that soon after that call you sent an M-Pesa. I can get eerily close to making inferences on your movement, location and relations, among others.
For the enterprise world, as we fall in love with plugins, widgets and extensions accessed primarily via the browser that make our day-to-day tasks a breeze, the intel would follow a similar invisible path.
Some may request among others the permission to; “read all data on your computer and the websites you visit,” “access your data on all the websites you visit” and “access your data on a list of websites”.
From the Google Support page that list low to high risk permission levels, the first “means that the app or extension can access almost anything (webcam, personal files), inside or outside of your browser” the second “gives access to read, request or modify data from every page you visit (bank account, Facebook)” and the third “gives access to read, request or modify data on pages you visit on a list of specified websites”.
Now imagine the ramifications; and yes, it is okay to get scared.
Njihia is CEO of Symbiotic. Twitter: @mbuguanjihia.
PAYE Tax Calculator
Note: The results are not exact but very close to the actual.
