In the past, we discussed one of the most overlooked topics in security, linkability, and why this topic should concern everyone when it comes to their security. As we learned, this inherently involves data (see the video for why this matters). However, linkability doesn't stop in what we discussed. In some cases, linkability is a huge risk factor because of events that we did not anticipate. For an example, we know that data leaks occur regularly - companies that "store" our information end up being compromised with information leaked. Designs intended to protect consumer data, like data masking or bureaucratic audits, are completely laughable because they do absolutely nothing to protect consumers' data, as we see from leak after leak. Even teams with the "best talent" in the world, like Facebook, still face embarrassing data leaks. The result of this is that attackers can aggregate attack points on us. In the discussion, Linkability, Data Leaks and Why Identity Sharding Isn't Effective, we look further into linkability in this context.
Some important questions and discussions mentioned in the video that are worth reviewing:
- What should be consider with any behavior online as far as their linkability is concerned?
- How should we approach our data when we consider that any company storing our data will probably be compromised in the future with our information being leaked?
- Using examples from the video, even if we have a user who is strict with their information, why may this not be enough security when a data leak occurs?
- How might a hacker identify personal identifiable details about a person from multiple data leaks? Consider the context of data aggregation, what are the dangers here regarding companies storing this information?
- Why is data sharding ineffective to protect against linkability?
- Even if we have an individual who shards their identity well, what are some factors they may overlook?
- What are two costs mentioned in the video that may occur because of data leaks and linkability?
Keep in mind that we're not discussing any meta-analysis or meta information from data that may be more valuable. For an example, most of us in the tech field understand that images often have underlying meta information that can be extremely valuable and reveal key details. However, even beyond that is the very nature of the image itself. The fact that a person would take an image of something tells us everything about the person - what does the image communicate about the person? This can be especially useful in social engineering, just like social media use can be useful in social engineering. This information is often provided to hackers completely free by users because of social intentions without the consideration of security. In these cases, we cannot criticize companies for the way their users are choosing to use companies' platforms.
As I predicted on a webcast in 2013, data leaks will continue to occur and grow in size. This will mean that more of your information is leaked to other parts of your information, impacting your identity. There are significant costs to this. As we've seen, modern security techniques and audits all fail and completely misunderstand the problem. The solution can only occur at the consumer level because companies and governments are too quick to collect data, even if this amplifies dangers or relies on misguided assumptions.
If the concept of data and security excite or interests you, the below videos make a solid place to start. Unfortunately, very few people discuss key cybersecurity topics like linkability or incentives, which are more important in some cases than the technical focus. The below learning material covers these key concepts to get you started in the dangerous world of data and security.
- What Everyone Should Know About Hackers - Who and Why
- Should We Use the Latest Features/Updates In Development?
- Why Everyone Is Freaking Out About Intellectual Property Theft
- What Is Linkability?
- What Are Sim-Swaps (Sim-Swap Attacks)?
- Advanced Phishing Email - When Protective AI May Harm
- How To Compromise A Cryptocurrency Hardware Wallet
- Oh No, A Hacker Caught Me!