Blog Archives

Privacy in the Age of IoT


Privacy in the Age of IoT
<p value="<amp-fit-text layout="fixed-height" min-font-size="6" max-font-size="72" height="80">The advent of internet enabled ever-connected smart devices in our everyday lives has led to a large-scale proliferation of the Internet of Things into every aspect of our modern lives. It has now become more important than ever to understand the security and privacy risks associated with connected devices. With smart home devices, office tools, home automation systems, children's toys and even medical devices becoming an integral part of our digital lifestyles, becoming technology aware and understanding the key implications of technology in personal privacy and security should be a key priority for every individual.The advent of internet enabled ever-connected smart devices in our everyday lives has led to a large-scale proliferation of the Internet of Things into every aspect of our modern lives. It has now become more important than ever to understand the security and privacy risks associated with connected devices. With smart home devices, office tools, home automation systems, children’s toys and even medical devices becoming an integral part of our digital lifestyles, becoming technology aware and understanding the key implications of technology in personal privacy and security should be a key priority for every individual.

What is IoT?

The Wikipedia article on The Internet of Things (IoT) defines it as:

  • A system of interrelated computing devices, mechanical and digital machines,
  • That are provided with unique identifiers (UIDs) and 
  • The ability to transfer data over a network
  • Without requiring human-to-human or human-to-computer interaction.

IoT as a concept is still in a state of relative infancy in society, as are the regulations that accompany it. At its core, IoT involves the collection, classification and use of data captured by the sensors, which is processed in the cloud and is used to inform decision making and actions driven by the device logic. 

What is Privacy?

In the age of connected devices it can become tricky to define what is privacy – Is privacy a fundamental human right? Is it a right to be left alone? While talking about privacy in the context of information technology and the Internet of Things we tend to focus more towards Information Privacy. However, it isn’t always as simple as just maintaining secrecy. It is also about the right to have some degree of control over how our personal information is collected and used.

Privacy isn’t really about keeping things private, it’s not about secrets, it’s about choice.

Privacy refers to the ideology that individuals should have the freedom, or right, to determine how their digital information, mainly that pertaining to personally identifiable information, is collected and used. 

Impact of IoT on Privacy

Surrounded by a world full of sensors talking not just with us but also with the internet, where data about our everyday activities, our likes, our dislikes, our views and our beliefs is stored in the cloud, the implications of the advent of the age of IoT has serious implications on privacy and security. The potential for such data to be packaged and sold for a variety of purposes is in turn converting us to the product as opposed to being the consumer. While using a lot of free to use services, we might not be paying for using the service with money, but rather with our data, which might not be intended for sharing with anyone

Because a host of convenient smart devices now continuously collect, dissect and process data to make our lives more convenient, they have also magnified the threats to data privacy.

Our ability to collect and process data has overwhelmed our ability to protect that information. Our smartphones, fitness trackers, smart TVs, and even smart appliances generate a massive amount of sensitive information, from browsing habits to purchasing patterns to real-time location and personal health information.

It’s no longer just our photos and emails, but also our heart rate, respiration rate, location, what we eat and even how we sleep. We are left with no more personal spaces since we give service providers the permission to sell our data while accepting the Terms & Conditions for free services. The privacy and attention we’re trading for our “free” services and content is now much more personal. Particularly where sensitive data is concerned, IoT can put the privacy of individuals at risk.

Implications of Identity Management and Data Ownership with IoT 

The issue with this deluge of data leads to the problems of identity management and data ownership. Is the collected data really anonymous? Who owns the data being collected by connected devices to make these devices smart? The footprint our devices leaves on the Internet tells a story. How much of our personal narrative are we willing to trade off for the sake of convenience? The biggest issue while dealing devices like personal assistants that are always listening, is the concern around controlling the narrative around this story.

Even though it might seem counter intuitive, data privacy does not necessarily mean keeping our data private. Rather it focuses upon taking charge of what we choose to divulge about ourselves. With every smart device that we acquire, we leave an ever increasing trail of data. With an increase in the number of smaller and smarter devices, service providers can paint highly detailed portraits of almost everything we do. As such, connected devices deserve a healthy dose of skepticism when it comes to information security and data privacy. 

The GDPR – A ray of hope?

For over three decades we have debated over privacy in the internet, with not much success. The internet of things is however still in its infancy. Since regulation moves at a snail’s pace, it’s still mostly up to CEOs, executives, and employees to reject projects that put profit over privacy. 

IoT devices do provide many benefits, from convenience in the home, to tracking health and well-being. However, consumers are often blind to the risks associated with the sharing of personal data, until a big breach of that data occurs. IoT and connectivity are growing rapidly, so more and more potential vulnerabilities may be introduced if no security strategy was applied during the design phase. 

It is thus the responsibility of technology organisations and governments to come together to educate society about the value of their personal data and be more transparent about the way in which they process the data. 

The European Union’s General Data Protection Regulation (GDPR) is a step in the right direction; however, other nations need to adopt similar rules to ensure the privacy of individuals is protected.

Enterprise responsibilities for data privacy

Managing the risks associated with data collection begins with making the gathered data more secure. It’s high time to look into what privacy truly requires. 

  • Accountability and Transparency: Service providers handling consumer data need to be accountable for its privacy and security. Inclusion of IoT-specific language in data privacy agreements with clear, concise and transparent policies around data handling and protection is of utmost importance. 
  • Privacy focussed Lifecycle design: Objects need to be designed for privacy by default and manufacturers need to look at the implications of the data that they want to collect. There’s a need for an effort to look at the whole lifecycle of a smart device and go beyond the GDPR. From design to manufacture to eventual disposal, there’s a need for an effort to make more ethical design choices. Manufacturers should ensure that security keys and IoT device provisioning procedures comply with security and privacy data management guidelines. Architecture and data storage should be designed in such a way that enables GDPR compliance.
  • Inclusion of new levels of security and privacy provisions: To make IoT solutions secure and enable privacy, manufacturers need to include security features for data protection at early phases of architecture design. Integration with third-party services have the potential to introduce new concerns, so it is crucial to check that all components comply with stringent policies and guidelines to provide interfaces that are secure. Inclusion of security and privacy monitoring components into the IoT ecosystem would be highly beneficial from a service provider as well as consumer point of view. 

Wrapping up

Privacy is something that comes from within us. Whether we realize it or not, we are responsible for posting a lot of our own private data. We need to be conscious about privacy, and if we are not then we pay the price one way or the other. It’s high time for us to take our privacy seriously. Irrespective of whether we are a developer or a consumer we need to be aware about our choices and make conscious decisions around our personal privacy rather than just focussing on convenience.

References:

  1. https://en.wikipedia.org/wiki/Internet_of_things
  2. https://en.wikipedia.org/wiki/Digital_privacy
  3. https://kromtech.com/blog/security-center/what-is-privacy
  4. https://iapp.org/about/what-is-privacy/
  5. https://www.researchgate.net/publication/333305381_Privacy_in_the_New_Age_of_IoT
  6. https://www.brighttalk.com/webcast/17125/333169/privacy-security-in-the-age-of-iot
  7. https://medium.com/@aallan/has-the-death-of-privacy-been-greatly-exaggerated-f2c4f2423b5
  8. https://medium.com/pcmag-access/facial-recognition-technology-doesnt-have-to-destroy-privacy-65c8ed953645
  9. https://blog.trendmicro.com/data-privacy-age-iot/
  10. https://www.csoonline.com/article/3434079/data-privacy-in-the-iot-age-4-steps-for-reducing-risk.html

Using Vim to generate HTML output of code


This is an interesting bit that I learnt about from an email in a mailing list by James Pryor.

To generate html output for code within a shell script you can use:

vim myscript.sh '+syntax on' '+ set nu' '+set background=light' +TOhtml '+w myscript.html' '+qall!'
If you don’t want numbers and need a dark background you can use:
vim myscript.sh '+syntax on' '+ set nonu' '+set background=dark' +TOhtml '+w myscript.html' '+qall!'

Installing EditorConfig on Sublime Text


To install Editor Config on Sublime Text all you need to do is to follow the following steps:-
  1. Go the Preferences tab -> Package Control.
  2. Select Install Package from the drop down menu.
  3. Wait for the list to load, once it loads it will show you a list of packages.
  4. Now, type in EditorConfig and select the highlighted option.

To confirm that Editor Config is installed correctly on your Sublime Text instance you can go to Preferences -> Browse Packages. If installed correctly you should be able to see an EditorConfig directory present in the Packages directory.

That’s it! Enjoy! 🙂

Installing Sublime Text 3 on RHEL / Fedora


Here’s another three step guide to installing Sublime Text 3 on RHEL 6,7 / Fedora 18, 19, 20:-

  1. Download the installation script from the following gist.
    https://gist.github.com/sayak-sarkar/11b039f398ddcae88139
  2. Extract it to your home directory [or anywhere you like].
    $tar -xvf gist11b039f398ddcae88139-e339084ef22e956ea6ef8d04f8279ca70772f534.tar.gz
  3. Open your terminal (preferably as super user), navigate to your home directory and execute the shell script.
     #./sublime-text-3.sh

Voila!! You now have Sublime Text 3 installed on your machine. You may run it from the terminal or via the alt+f2 shortcut by simply typing in “sublime”.

Based upon my previous post on How to install Sublime Text 3 on Fedora. 😉

Enjoy!! 🙂

Installing Firefox Nightly with Australis on Fedora 18 / 19 / 20


Australis Sceenshot

Screenshot of Firefox Nightly with Australis on Fedora 19

Are you a Fedora user who wants to check out the new Australis Theme for Firefox scheduled for release with Firefox 28? However, you are a bit apprehensive of letting go that stable release of Firefox in bundled within your Fedora installation by default, just in case something goes wrong with the nightly beta release.

If this is what defines your current dilemma, fear not. You can have both the stable as well as the nightly beta versions installed simultaneously in your computer in a few simple steps without any trouble at all! Here’s how to do it in case of Firefox Nightly version 28 [the latest release at the time of writing this post]:-

Step 1: Login as Super User:-

$su

Step 2: Get the nightly package:-

Go to http://nightly.mozilla.org to get the latest available nightly build for your system.

Screenshot of Firefox Nightly Webpage

Firefox Nightly Webpage

Alternatively, you can use the command line tool wget to directly download it via the command line as follows:-

#wget http://ftp.mozilla.org/pub/mozilla.org/firefox/nightly/latest-trunk/firefox-28.0a1.en-US.linux-x86_64.tar.bz2

Step 3: Extract the contents of the tar ball as follows:-

#tar -xvf firefox-28.0a1.en-US.linux-x86_64.tar.bz2

Step 4: Rename the extracted directory to “nightly”:-

#mv firefox nightly

Step 4: Create an installation directory:-

#mkdir /opt/firefox

Step 5: Move the contents of the “nightly” directory to the installation directory:-

#mv /nightly /opt/firefox/nightly

Step 6: Create a Symbolic link for the Nightly installation:-

#ln -s /opt/firefox/nightly/firefox /usr/local/bin/nightly

Step 7:Run Firefox Nightly by typing the following within the command line or the alt+f2 launcher:-

For command line: $nightly

For alt+f2: nightly

Step 8: Relax and enjoy the Australis awesomeness! 🙂

Installing Sublime Text 2 on Fedora 18 / 19 / 20


Here’s another three step guide to installing Sublime Text 2 on Fedora 19 – Schrodinger’s Cat:-

  1. Download the installation script from the following gist.
    https://gist.github.com/sayak-sarkar/5810101
  2. Extract it to your home directory [or anywhere you like].
    $tar -xvf gist5810101-3b0e9bb3ef5128760df9e3e06877fa4f7e5689ec.tar.gz
  3. Open your terminal (preferably as super user), navigate to your home directory and execute the shell script.
     #./sublime-text-2.sh

Voila!! You now have Sublime Text 2 installed on your machine. You may run it from the terminal or via the alt+f2 shortcut by simply typing in “sublime-text”.

Credits to Henrique Moody for the original script gist!!
I’ve simply added a symbolic link at /usr/bin to enable terminal execution. 😉

Enjoy!! 🙂

Installing VLC player on Fedora 18 / 19 / 20


Here’s a simple three step guide to installing VLC media player on Fedora 19 [Schrodinger’s Cat]:-

  1. Login as Super User:
    • $su
  2. Setup rpmfusion:
  3. Install vlc using the default yum package manager:
    • #yum install vlc mozilla-vlc

Voila! You now have VLC media player installed on you computer! 🙂

Installing Steam for Linux Beta | Counter Strike for Fedora 17 / 18 / 19 / 20


Here’s the link to a really interesting article by Russel Bryant that I found on the web. Especially helpful for all my geeky gamer friends who keep on complaining about how they are not able to play Counter Strike or Team Fortress 2 on their Linux based systems. Enjoy!

If however you are a counter strike freak and this link doesn’t completely satiate your needs, you may try referring to this blog for Chris Daniel’s take on installing Counter Strike on Fedora 18.

%d bloggers like this: