Sense of security and privacy: Who’s Zoomin who?

I can hardly believe that only one company, Path in this case, were downloading user’s address book. I’m sure others are, were, or will be doing so too The reality we live in is that we often have a false sense of security and privacy. It’s not like the bad guys would be waiting to hear about some security vulnerability before attempting to discover and exploit them. Likewise, the talk is on address book download today, tomorrow another company be found using your mobile location or device’s camera for some unpublished uses.

I find it ironic that while one company gets shouted at for leaking its mobile users address book, lots of others might be routinely doing it without anybody saying a word. It doesn’t take a scientist to figure out what is going on.

Developers are tinkerers by nature, they seldom stick to written procedures – otherwise they may not be very good. From the moment a platform software development kit is made available, people will poke around to see what they can do with it. As you poke around, you are bound to find undocumented features, wholes and what-not, and depending on your inclination you may make some unconventional moves. If word gets out and people like your moves then you are a genius, if people don’t like what you did then you get named names. That’s how it goes.

I can hardly believe that only one company, Path in this case, were downloading user’s address book. I’m sure others are, were, or will be doing so too. What happens is that something pops up, a big howl ensues. Then a few words of apology are issued, the noise dies down, people go back to their businesses, some quietly continuing whatever-may-be-questionable.

This is a bit like what goes on with IT security. When a paper is published on some software vulnerability, some debates follow and drum rolls for vendor patches coming to the rescue. Once such holes are deemed patched by the software vendor, the focus shifts away from the issue and not much is said about it. But even then, a lot of people can’t actually be bothered with software updates so they remain exposed.

The reality we live in is that we often have a false sense of security and privacy. It’s not like the bad guys would be waiting to hear about some security vulnerability before attempting to discover and exploit them, it’s likely that by the time a vulnerability is public it’s already old news for serious hackers. Likewise, the talk is on unauthorised address book download today, tomorrow another company may be found using your mobile location or device’s camera for some unpublished uses.

The tittle of this post is borrowed from an Aretha Franklin’s hit song from the 80’s.

UPDATE:

Seeing the headlines and some of the blogs out there, there is apparent outrage about Apple (only them?) having allowed this to happen. I am very curious if anyone checked that this problem doesn’t exist on Android, Windows Phone, BlackBerry, or other connected systems. I guess it’s much easier to cry ‘Haro sur le baudet’.