Bitcoin Security Tips
By Jack Filiba, contributor to Trezor Blog
Many companies view data breaches as little more than a cost of doing business. Yet, in addition to compromising your privacy, these breaches put you at risk of having your funds and online accounts stolen.
In the current landscape, data breaches are a frequent occurrence and the burden unfortunately lies on users to keep themselves safe. In order to do so, we need to be cautious about the services we trust and become aware of the fact that we are constantly sharing information without even realizing it.
What personal information are you giving away?
Tools like Have I Been Pwned allow you to check how many times information relating to your email address or phone number has been included in data leaks. More often than not, being a victim of these leaks is a consequence of companies either failing to protect your information or willingly selling your data to untrustworthy third parties.
However, not appearing in any of these catalogued breaches does not mean that you are in the clear. On any given day, the average person unwittingly shares information about their online behaviors, personal data, and even information about the specific devices they use. The data brokering industry, in which companies trade and collect these types of user information, boasts billions of dollars in profit each year.
When you sign up for an online service, you are typically asked for information that can be used to verify you. At the most basic level, services require an email address with which they can contact you and a password they can use to secure your account. Despite your online behaviors and device information being tracked in these systems, you can still maintain some anonymity by using an email address and other credentials that have no ties to your real identity.
Unfortunately, most online services now require a lot more than just details that allow you to log in. Social media platforms, for instance, usually request additional identifying information such as your full name, age, photos, phone number, and your location — which are harder to keep anonymous. By tracking data about the content you interact with, these platforms also target their services to you and may sell your information to third parties.
Facebook’s strategy to handle these types of frequent breaches is to frame data breaches as a “broad industry issue” that is a regular occurrence rather than a problem that needs to be addressed.
When it comes to cryptocurrency exchanges and financial platforms in particular, providers are often legally bound to collect sensitive information in order to conduct Know Your Customer (KYC) procedures. KYC requirements mandate that companies verify the identity of their users when providing them access to financial services. To verify you, exchanges usually demand sensitive real-world documents that include photo identification and proof of address. This usually means that you cannot register or trade assets without providing information from your passport or driver’s license.
Our data being traded and collected could have long-term consequences
The fact that we constantly give our information to online services and financial platforms, often without realizing it or even having an opportunity to consent, has made many pundits fearful about the future of our digital lives. In fact, experts who responded to a Pew Research Center survey said that people already trade privacy for convenience or perceived security and that constant data monitoring and surveillance is a leading cause for concern.
“It is very likely that the (relatively) free and open internet that flourished across much of the world in the internet’s early days will continue to be threatened and, I fear, all but overwhelmed by an oligopoly of powerful platforms that will have ‘captured’ the time and attention of most internet users most of the time,” said one respondent, who is a senior lecturer on communications at the University of Bedfordshire. “Whether they are aware of it or not, almost everyone will live their lives continually being sorted into different categories depending on their behavior, much of which will be in some way digitally recorded, processed, and shared.”
Beyond the ethical considerations of constantly being tracked and segmented, having your data compromised can place you in financial and physical risk. For instance, it could leave you vulnerable to crimes like identity theft and stalking. Yet in spite of this fact, some of the largest platforms in the world are placing their bets on users continuing to trade privacy for convenience.
Companies are hiding behind the frequency of data breaches, while ordinary people are at risk
According to IT Governance, there were 143 known data breaches in April 2021 alone. These incidents purportedly resulted in more than a billion records being compromised. Unfortunately, companies seem to be using the frequency of these breaches, as well as apathy towards them, to their advantage.
For instance, Facebook recently found itself the subject of controversy among users and privacy advocates for the umpteenth time after personal information belonging to around 530 million of its users leaked online. This breach reportedly exposed phone numbers, full names, locations, birthdates, bios, and email addresses.
Perhaps the most worrying detail of all, however, are reports that Facebook’s strategy to handle these types of frequent breaches is to frame data breaches as a “broad industry issue” that is a regular occurrence rather than a problem that needs to be addressed.
While companies like Facebook may want us to view the frequency of data breaches as an indicator that they are inevitable, privacy advocates point to these incidents as evidence that users need stricter protections online. Protecting your personal information is not an insurmountable task, and people deserve better from the services that they trust and interact with.
Regulation does not yet sufficiently protect and empower users
Acts such as California’s CCPA and the EU’s GDPR have attempted to introduce regulation designed to safeguard users online. However, this type of regulation is few and far between in the world today. As a result, digital rights advocates believe that the current landscape does not adequately safeguard users.
“Technology users need strong data privacy rules to protect their privacy and give them, not tech companies, control over their personal information,” said a representative from the Electronic Frontier Foundation, following SatoshiLabs’ request for comment. “There are currently no federal laws that protect and empower users.”
The Electronic Frontier Foundation emphasizes the need for regulation that mandates businesses obtain consent before sharing user data and allows users to obtain a complete copy of information stored about them. The EFF further states that regulators need to hold companies accountable for data breaches.
Outside of the EU, there are very few jurisdictions in the world that have attempted to adequately protect the public from having their digital rights stepped on. In the United States, for instance, there is no federal law that offers these protections — despite acts enacted by individual states.
How you can take security into your own hands
In addition to demanding that our elected representatives take action, there are steps that individuals should personally take to better safeguard themselves online. The first of which is being conscious of the services that we trust with our data.
When it isn’t practical to find a trustworthy alternative to the platforms that you use to trade cryptocurrencies and communicate with others, be very cautious about the information you share. As a general rule of thumb, you should never trust that these companies will keep the information that you send them secure — even the US federal government was recently breached.
For the time being, your best chance of staying safe online is to avoid using the same password and recovery questions for multiple services. When it comes to more sensitive activities like trading digital assets, you can benefit from generating a new two-factor U2F token for every exchange that you sign up with. That way, when one company fails to protect your data, there is still a barrier preventing hackers from accessing your other accounts.
By regularly updating your passwords and opting to use a password manager, you can further reduce your chances of having your online accounts compromised. For more on using 2FA, check out Trezor’s guide on keeping up with secure authentication methods.
Decentralized technologies could pave the way to increased digital rights
While none have yet reached maturity or widespread adoption, there are ongoing attempts to restructure the internet economy in a way that empowers users rather than companies. By leveraging decentralized and emerging technology, some projects are attempting to give users control over their personal data.
For instance, decentralized social media platforms have emerged over the last few years. These platforms attempt to serve as alternatives to the current social media giants and give users more autonomy. However, they are still a long way away from reaching the level of widespread adoption needed to entice average users to sign up.
In addition, citing the intrusive nature of online advertisements and the fact that the industry currently favors entities such as Google and Facebook over independent websites and users, new solutions are attempting to democratize the landscape. They work by allowing people to choose to interact with adverts in exchange for rewards, rather than forcing them to do so. These projects claim to keep the personal details of users private, but should be treated with the same caution outlined above for the time being.
Verification without data sharing
Looking forward, cryptographic methods known as zero-knowledge proofs could allow people to identify themselves without directly exposing their information. They can be used to allow companies to accurately verify information about users and meet KYC obligations, without the company ever needing to access specific information from a user’s identity documents.
For example, a zero-knowledge proof could be used to verify that someone is over the age of 18 without having to reveal their data of birth. In the case of KYC procedures, it could mean allowing users to prove that they live in a certain area without an exchange or financial platform needing to see a copy of a document that contains their address.
“Zero-knowledge proofs could be used as an electronic analogy of covering up information on your electronic birth certificate or electronic ID card,” explained Andrew Kozlik, a cryptography expert at Trezor. “In fact they are an even more powerful tool, because by selectively covering up your year of birth you can only prove that you were born in a certain year/decade/century, but with zero-knowledge proofs you can prove a yes or no answer to being 18 or older.”
However, as Kozlik explains, zero-knowledge proofs may have a way to go before they become a practical option for everyday use. “These technologies are feasible and safe, but the demand for these features is probably not yet sufficient to motivate wide-scale adoption for this particular purpose.”
For now, the best ways to protect yourself online are to consciously choose the services that you interact with, share limited information about yourself whenever possible, and use secure methods of authentication and different passwords to protect your accounts. On a broader scale, it is important that people do not become apathetic as a consequence of frequent data breaches. Instead, we must demand that regulators take action to protect our digital identities and hold the services we trust with our information accountable when they fail to keep us safe.
Go to Source