Data Privacy Day 2013 – No Digital Footprint Left Behind Tutorials

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

For Data Privacy Day 2013, we decided to give more information on *how* to protect your privacy online.   Following our “No Digital Footprint Left Behind” article is ISOC’s work on:

Have you seen your digital footprint lately?

We are the raw material of the new economy. Data about all of us is being prospected for, mined, refined, and traded…

. . . and most of us don’t even know about it.

Every time we go online, we add to a personal digital footprint that’s interconnected across multiple service providers, and enrich massive caches of personal data that identify us, whether we have explicitly authenticated or not.

That may make you feel somewhat uneasy. It’s pretty hard to manage your digital footprint if you can’t even see it.

Although none of us can control everything that’s known about us online, there are steps we can take to understand and regain some level of control over our online identities, and the Internet Society has developed three interactive tutorials to help educate and inform users who would like to find out more.

We set out to answer some basic questions about personal data and privacy:

1. Who’s interested in our online identity? From advertisers to corporations, our online footprint is what many sales driven companies say helps them make more informed decisions about not only the products and services they provide – but also who to target, when and why.

2. What’s the real bargain we enter into when we sign up? The websites we visit may seem free – but there are always costs. More often than not, we pay by giving up information about ourselves – information that we have been encouraged to think has no value.

3. What risk does this bargain involve? Often, the information in our digital footprint directly changes our online experience. This can range from the advertising we see right down to paying higher prices or being denied services altogether based on some piece of data about us that we may never even have seen. We need to improve our awareness of the risks associated with our digital footprint.

4. The best thing we can do to protect our identity online is to learn more about it.

The aim of the three tutorials is to help everyone learn more about how data about us is collected and used. They also suggest things you need to look out for in order to make informed choices about what you share and when.

Each lasts about 5 minutes and will help empower all of us to not only about what we want to keep private, but also about what we want to share.

After all, if we are the raw material others are mining to make money in the information economy, don’t we deserve a say in how it happens?

Find out more about the Internet Society’s work on Privacy and Identity by visiting its website.    To find out more about Ariel’s work on Privacy, click here.

* Robin Wilton oversees technical outreach for Identity and Privacy at the Internet Society.

SCADA – and now for something new…

Almost three and a half years after I published The SCADA Scandal, and over a year after The Biggest Hole – Keeps Getting Bigger, it seems that something is finally being done.

Over the last weekend, it emerged that two researchers, using a tool not more complicated then Google Search have found more than 500,000 SCADA devices which use little to no security, and are accessible from the Internet.   This deserves repeating:   over 500,000 from Internet-connected SCADA devices alone.  This does not include the many millions of devices that are not direct-connected to the Internet.

The state is truly grim.


From those, it appears that Mark and friends at DHS, have contacted the ‘owners’ for the 7,200 systems judged the most risky or egregious  in terms of potential impact to the country (US) . and are working with these owners to fix the situation or remove these systems from the Internet.


So the good news is that (finally) something is being done.   I wonder if we can continue to be just  step ahead of hackers and rely on luck, or should we have a more fundamental risk-based approach to SCADA security.