Four Mistakes that could Undermine Your Privacy
Loyalty Programmes can undermine Your Privacy
In Sri Lanka, there are four major supermarket chains, all of which have loyalty programs. One of these supermarkets has gone so far as to reward its cashiers any time they successfully persuade a customer to join its loyalty program. Loyalty programs are popular because they allow consumers to take advantage of enticing discounts. However, this is not the case. Why are these supermarkets so keen to get grocery shoppers to join their loyalty programmes?
Data is the most precious asset in today’s world. Personally, Identifiable Information or PII, especially (Ex: full name, date of birth, telephone number, email address, home address, national identity card number, etc.) – unfortunately, there are no rules in Sri Lanka regulating how businesses treat consumer records. As a result, there’s nothing to stop a supermarket chain from selling our personal information to the highest bidder. You wouldn’t want to sell such valuable information for a discount of a few rupees, don’t you?
Then there’s the issue of data protection to consider. Is the information being handled in a way that a cybercriminal might take advantage of? How do they dispose of the hard copies after processing them? Don’t sign up for loyalty programmes unless you can answer these questions (I doubt you ever could) – Call me paranoid but there are many benefits a criminal can gain by knowing only your National Identity Card Number.
Contact Tracing Methods can undermine Privacy
Since the COVID-19 Pandemic broke out, logbooks have become commonplace in public places such as supermarkets, hospitals, banking institutions, and places of worship. People who left their information in these logbooks say they have received a noticeable uptick in unsolicited telemarketing calls and text messages. Probably because even the details recorded in these logbooks have been sold to marketing companies. A limited number of women have said they were stalked by strangers after recording their details in the logbooks.
As a result, the state-owned Information Communication Technology Agency (ICTA) launched a nationwide contact tracing app called “Stay Safe.” It also did away with the need for logbooks. Unfortunately, Roar Media reported on December 15th, 2020, that the app was vulnerable because the basic concepts of cybersecurity needed for safeguarding the information in transit had not been implemented.
Although this has now been resolved, it means that contact tracing methods used in Sri Lanka, whether offline or online, are not safe. To get around this challenge, I try to do as much banking and grocery shopping as possible online. Almost every bank now provides clients with online banking services. Online shopping became common during COVID-19 at Cargills Online, and Spar Sri Lanka Online although I prefer Keells Online. PickMe and UberEats both allow you to order groceries, but the selection is small.
Wrong App Permissions can undermine Privacy
According to research in Sri Lanka, 13.5 million people use cell phones with 17.9 million working SIM cards, out of a total population of 21.4 million. (Due to the use of multiple SIM cards, the number of SIM cards is higher.) Nearly half of these users are using smartphones. Regrettably, nearly all smartphone users in Sri Lanka are either oblivious to or uninformed about app permissions.
App permissions clearly define which functions on your phone a given app is allowed to enter. Instagram, for example, cannot run without camera access, while the weather prediction app does not need access to your contacts. Unfortunately, a cybercriminal can leverage your ignorance and lack of knowledge of app permissions for malicious gain.
App permissions are not as complicated as they sound. Your smartphone whether iOS or Android indicates the permissions a particular app requires to function during installation. Check the permissions to see if the app is requiring permission to access an area on your phone not necessary for its functionality. Check the instructions here (Android), or here (iOS) if you want to check or alter the permissions of an app already installed.
The wrong usage of Social Media undermines Privacy
In January 2021, Sri Lanka had 7.90 million social media users. Between 2020 and 2021, this number rose by 1.5 million (+23%). In January 2021, the overall number of social media users in Sri Lanka was 36.8% of the total population [Source: DATAREPORTAL]. These statistics indicate a steady increase in social media users in Sri Lanka. Unfortunately, however, the majority of these users are either unaware or ignorant of the dos and don’ts of Social Media.
Investigations by law enforcement into crimes show criminals nowadays leverage Social Media to discover targets. There are two mistakes many people make when using Social Media, that jeopardize their privacy. One is accepting friend requests from people you’ve never met in person or hardly know in real life. These casual Facebook friends might be frauds or even stalkers. Two posting sensitive information like travel plans with privacy settings set to “Public”. It’s like declaring to the whole world you are away and the house is sitting empty.
Start protecting yourself today by removing people you don’t know in person from your Friends List on Facebook. Stop accepting friend requests from people that you don’t know in person. Remember Facebook is a tool for keeping in touch with people you are already friends with. It’s not a tool for making new friends. Pay attention to privacy settings when posting on Social Media. You can refer to this page on Facebook if you don’t have a clear understanding of privacy settings.
Your privacy is your responsibility. No excuses. Especially when you are living in a country where there is no legislation guarding the privacy of its citizens. While there is no such thing as bulletproof privacy, the best practices I mentioned above are a few ways you can protect yourself from the majority of threats.
I seek to foster thoughtful and respectful dialogue. Toward that end, I require that you use your full name when commenting. Also, any comments with profanity, name-calling, and/or a nasty tone will be deleted.