How Privacy in the Cloud Affects End-Users

Cloud services and privacy, what are they?

Why Cloud services are so much popular?

Why do they collect personal information?

How do they collect personal information?

Why should we be concerned?

How can we protect ourselves?

Cloud ServicesA cloud service is any resource that is provided over the Internet. These can be email services, maps, source control services, storage services, diagramming tools, social sites or any other service you can imagine of that is served via the internet.

Privacy

- International Association of Privacy Professionals (IAPP)

Cloud services and privacy, what are they?

● Work from anywhere○ just having an internet connection is sufficient○ sometimes just having a mobile device is enough○ doesn’t require carrying data in USBs and laptops to different places○ promotes work-life balance

■ One study reported that “42% of workers would swap a portion of their pay for the ability to telecommute. On average they’d be willing to take a 6% pay cut”

● Maintains Productivity and improves sharing○ allows several people to work on the same document in real time○ eliminates the need for back-and-forth exchange of documents

Why Cloud services are so much popular?

● Ensures Security○ Data in local computers can get lost or infected/corrupted due to

viruses etc.○ Not practical to backup data on a regular basis○ Local computer security might be lower when compared to strong

authentication policies of cloud

● Saves Money○ No need to buy expensive desktop applications when a similar

service is provided by a cloud provider○ No need to buy hardware storage devices to keep backups

Source: “Cloud Adoption & Risk Report 2015 Q4” by Skyhigh

Why do they collect personal information?

● To personalize user experience

● To show relevant advertisements○ Ads are the revenue generator for free services

Source: http://www.whoishostingthis.com/blog/2013/05/29/internet-privacy-infographic/

Via Data Collection Mechanisms

● Various data collection forms● What you click on the site● What you click on a partner/subsidiary site● Apps you access● Data collection agencies

Via User Tracking Mechanisms

● Cookies● Click Redirects● Pixel Tags (aka web bugs)

How do they collect personal information?

Via UX Dark Patterns

Why should we be concerned?Ordering Pizza in the Future ;)

Source: https://www.skyhighnetworks.com/cloud-security-blog/only-9-4-of-cloud-providers-are-encrypting-data-at-rest/

www.propublica.org/article/google-has-quietly-dropped-ban-on-personally-identifiable-web-tracking

“

Source: http://www.observeit.com/blog/importance-data-misuse-prevention-and-detection

Understand the Cloud Service● Don’t sign up for new cloud services without researching it.

○ Do they have encryption at rest?○ Do they give your data to governments? ○ Do they give your data to other 3rd parties?

■ E.g. other service and advertising companies○ Do they control their own servers, or do they rent out servers from other

companies? ■ E.g. Dropbox and Apple use Amazon’s servers for a portion of online

services.)● Read the user agreement and privacy policy - yeah you heard it right! :)

How can we protect ourselves?

Avoid/minimize storing sensitive information● There’s no 100% privacy in cloud and identity theft is increasing● Keep only the files that require frequent access● Avoid storing passwords, Personally Identifiable Information (PII): credit card

numbers, national id, home address etc.

Use a “Zero Knowledge Privacy” service● Service takes care of encrypting the files on the local computer and storing them

safely on the cloud● Not even service providers or server administrators can gain access● E.g. Spideroak, tresorit

Encrypt sensitive information before uploading● Use encryption software - e.g. TrueCrypt● Can create a password protected archive - e.g. B1 Free Archiver

Use strong passwords and multi-factor authentication● - infosecurity-magazine● Don’t reuse passwords● Change it frequently● Opt for multi-factor authentication - e.g. sms verification

Be cautious of your online activities● Don’t save your password, and ensure that you logged out● Don’t use open and unsecured Wi-Fi hotspots in public places

Be alert to security news related to your Cloud Service● Be informed about breaches● Be ready to take actions - e.g. password reset upon a breach

Be balanced about convenience vs. level of protection● how valuable is that information? and to what extent it is reasonable to

protect it? ● Higher protection == high cost (and could be higher time and effort too)● convenience usually wins out. But be aware of the trade off.

Example Privacy Guidelines: Facebook

See what your profile looks like to a stranger:

In Facebook profile page, click the three dots next to "View Activity Log" and then select "View As..."

Other Privacy Stuff ...

Adjust Apps Setting ...

Adjust Ads Setting ...

Opt out from Ads via http://www.aboutads.info/choices ...

Data Protection Laws?

Thank You!