Identity management, also known as identity and access management, is such an important aspect of modern internet security. This is often just shortened to IdM, IAM, or IdAM. This is the organizational and technical processes for first registering and authorizing access rights in the configuration phase, and then in the operation phase for identifying, authenticating and controlling individuals or groups of people to have access to applications, systems or networks based on previously authorized access rights. In English, it’s the information websites and applications have on their users. This includes login information, as well as tracking users’ activities on their apps. This information is coalesced into a person’s digital identity.
Anyone who uses the internet at any kind of frequency has a digital identity. Every time you sign up for a service or login to a website or app, you have agreed to give that information to the companies who control that service, site, or app. Why do companies want this info? In a practical sense, obviously these internet features need a way to let users come back and have a consistent account, so of course they need everyone’s login information. The ultimate reason for this collection of user data is capitalism. American sculptor and video artist Richard Serra said in 1973 that, “if something is free, you’re the product”. This has never been truer than it is today.
The internet must be monetized in some way. Companies require financial incentives to provide services, so even though most websites and apps are “free”, they make their money off the people who use these services. Information is the modern internet’s currency, as all these companies take their users’ data and sell it, primarily to advertisers. This is where targeting advertising comes from; the advertisers use the information they have on people to serve them ads that they are most likely to react to. However, this is only the most common use of this digital identity; there are many more questionable and dangerous uses of this information.
You may be under the impression that it's no big deal to have this information out there. Many people would rather be served ads that are more relevant to them, and indeed, if that’s all there was to this collection of data, there would be no issues. The greatest misconception about an individual’s digital identity is that it cannot be used to figure out the person’s real-life identity. This is extremely, dangerously untrue. Data brokers, companies that exist to compile and sell personal data, are very underregulated; they can sell their information to basically anyone. This information can include names, phone numbers, emails, specific location data, IP addresses, and more. Even when apps claim they deidentify the information they sell to data brokers, that information can often be easily extrapolated to determine that person’s identity anyway.
With so much personal identifying information out there, it is important to know the steps you can take to control your digital identity. Many of these steps do involve sacrificing some level of convenience for the sake of security, but depending on your life circumstances, that could be very much worthwhile. You should know that stalkers have bought user data to get closer to their targets, and the government is not at all above using data brokers to acquire data on criminal suspects without needing a warrant. With that in mind, phones do allow you to turn off the ability for apps to ask you for tracking information, and web browsers like DuckDuckGo and Mozilla Firefox are better for concealing user data. However, it is still unlikely that you will be able to go about your normal online business without giving up some user data to data brokers. Apps like Life360 or weather applications require location data to work, and it is very likely that they will or already have sold your information.
The most important thing you can do regarding your online security is ensuring your login information is secure. If you don’t already, use different passwords for all of your accounts online. Obviously, it is impossible for a human to keep track of that many passwords in their head, so use a password management system like 1Password, DashLane, and LastPass. It is absolutely vital that you use a highly complex password to access your password manager, and always avoid using personal information within your passwords. Also, if an app offers the use of multi-factor-authentication, or MFA, you should absolutely take advantage of that. MFA makes it nearly impossible for bad actors to access your accounts, as that would require them to have access to your device, or in some cases, you yourself.
On the topics of logins and authentication, it is important to note the rise of using accounts like Google, Apple, or Facebook to login to third-party applications or websites. This can be very appealing, especially for convenience’s sake, but it is important to be wary of these practices. This is essentially companies that are not necessarily designed to be password managers acting as such. Therefore, you should treat these features as though they were the password manager. Ensure that your password for these apps and websites are especially strong and use MFA if they have an option for it. However, ideally you just want to make a new account for each of these services; you never know what will become of these companies. Businesses like Apple, Google, and Facebook may seem like invincible titans of the internet, but they are not immune to being compromised or even fading away.
Facebook specifically has been under a great deal of scrutiny of late, and they are also in the process of desperately trying to revamp their business, as they have been showing signs of decline lately. No company is immune to failure, and if Facebook were to go under suddenly, you would likely lose access to anything depending on that login information. In addition, Facebook is also one of the companies most infamous for selling off user data. In fact, just last week, Facebook was facing major backlash for their role in the arrest of a 17-year-old and her mother for an illegal, late-term abortion. Without delving into personal, political viewpoints, this is still a dangerous precedent to set for data privacy.
That recent story about Facebook is very much the crux of the modern state of data privacy; the government lacks incentives to regulate this industry. Politicians depend on data brokers to tailor their campaigns for their potential voters. Plus, as aforementioned, law enforcement buys data to skirt the use of warrants and investigate suspects. Therefore, why would the government restrict a tool they may have come to rely on? John Oliver, comedian and host of HBO’s Last Week Tonight, made headlines for using data brokerage services to phish for data on politicians in DC. The act was an attempt to borderline blackmail congress into acting on this matter, but as of the filming of this episode, no action has been taken.
Securing your digital identity should be one of your top priorities in this modern age of the internet. Even if you are under the impression that you have nothing to hide, malicious individuals can use easily acquired personal identifying information to steal your identity or worse. Until congress acts on this issue, be extra mindful of the services using your data. If you currently use one password for all your accounts, acquire a password manager and change them as soon as possible. The allure of convenience is very tempting, but it is very important that convenience not overrule the safety of yourself and your family.
Comments