Sense of security and privacy: Who’s Zoomin who?

I find it ironic that while one company gets shouted at for leaking its mobile users address book, lots of others might be routinely doing it without anybody saying a word. It doesn’t take a scientist to figure out what is going on.

Developers are tinkerers by nature, they seldom stick to written procedures – otherwise they may not be very good. From the moment a platform software development kit is made available, people will poke around to see what they can do with it. As you poke around, you are bound to find undocumented features, wholes and what-not, and depending on your inclination you may make some unconventional moves. If word gets out and people like your moves then you are a genius, if people don’t like what you did then you get named names. That’s how it goes.

I can hardly believe that only one company, Path in this case, were downloading user’s address book. I’m sure others are, were, or will be doing so too. What happens is that something pops up, a big howl ensues. Then a few words of apology are issued, the noise dies down, people go back to their businesses, some quietly continuing whatever-may-be-questionable.

This is a bit like what goes on with IT security. When a paper is published on some software vulnerability, some debates follow and drum rolls for vendor patches coming to the rescue. Once such holes are deemed patched by the software vendor, the focus shifts away from the issue and not much is said about it. But even then, a lot of people can’t actually be bothered with software updates so they remain exposed.

The reality we live in is that we often have a false sense of security and privacy. It’s not like the bad guys would be waiting to hear about some security vulnerability before attempting to discover and exploit them, it’s likely that by the time a vulnerability is public it’s already old news for serious hackers. Likewise, the talk is on unauthorised address book download today, tomorrow another company may be found using your mobile location or device’s camera for some unpublished uses.

The tittle of this post is borrowed from an Aretha Franklin’s hit song from the 80’s.

UPDATE:

Seeing the headlines and some of the blogs out there, there is apparent outrage about Apple (only them?) having allowed this to happen. I am very curious if anyone checked that this problem doesn’t exist on Android, Windows Phone, BlackBerry, or other connected systems. I guess it’s much easier to cry ‘Haro sur le baudet’.

2 comments

  1. And what about the sense of security with the folks in NL that are supposed to be protecting the nations critical infrastructure. Water has been public enemy #1 in Holland for centuries. It is just shocking to see how badly secures aome of the major waterworks are….

    1. That is a good point, and a difficult one too because lives and livelihood are prominently at stake. I was having a narrow view of the issue here, but the same observations may apply to public safety too.

      I think it is a good thing that public opinion can sway the course of action, the downside is when the fixation is more on the public opinion barometer itself rather than the actual issues at hand. When you follow debates here in NL, you do get the feeling that people are quite proactive on the water protection measures. But that may be more a feeling than the reality of it.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.