Anything you write, chat, talk, email, upload or download files on the internet is not private. Anything and everything you do on the internet is stored somewhere in the form of logs including the actual files and attachments like images, videos, text, voice and all other data formats.
Before I continue, lets me briefly explain something. The so-called ‘End-To-End Encryption’ means two parties chatting, talking, sending emails, uploading or downloading files with each other that cannot be read by any third party. The third-party could be anybody from your local cable internet service provider, City level Internet service provider or It could be the national internet gateway which is controlled by your government, from whom the retailers buy internet in your country, which is then sold to you through monthly/yearly packages.
But in reality, ‘End-To-End Encryption’ is not true. It is just a fake assurance for the general public, to make them feel confident so that they continue using services of various websites and apps. They continue registering, adding their details, saving their data on the internet.
We often come across news saying some Xyz company’s website or server was hacked and thousands of user data may have been leaked. Now, this could be a food ordering app or website, or a social media, travel tickets booking website or it could be a cab booking or a subscription website.
Now to save their reputation and stop losing customers, they will start an advertising campaign about how secured their website or server is. They will use all kind of technical jargons which a common man doesn’t understand. One example is “We are using 256-bit ‘End-To-End Encryption'” which is nothing but ‘End-To-End Deception’. Some get their website/app certified from a security auditing company and place the ‘Secured’ label/sticker at the bottom of their website. All money-making scams with no serious intentions to return value to their customers.
So who actually does access to your internet activities and your internet life?
1) Government officials from the security department or secret agencies working against Internal and external threats.
2) Private setups that provide data services to both individuals and organisations (Government and Non-Government).
3) An individual with skills, who works as a freelancer for agencies, organisations or businesses.
So, how do they access your data?
As I mentioned above, every data is stored somewhere, either temporary for a specific period or permanently. First, they find the location of the server where the data is stored, once they find it, all they have to do is access it and download it. If it’s encrypted, it has to be decrypted to make it readable. Having said that, it is not that easy, but it is not impossible. Those who know things doesn’t take much to do it.
Let’s say you are texting or video calling right now or maybe sending an email or uploading a file. Capturing this transmission of the data live as it happens is called interception. Again, this is not a hot piece of cake, it is difficult but not impossible. Anything and everything transmitted digitally can be intercepted. It is used when somebody is put on surveillance. One either learns the skills over the years, or one buys the interception software made by the experts which are either sold to anybody who pays for it or sold only to the government agencies (excluding enemy countries). But sooner or later you can get anything from dark sources. But they are super expensive.
Many times when an individual is a suspect, they will take your device, clone it in a few minutes and return it back to you. And then they go through the data. If in doubt, they will then recover all the deleted data from your device, I mean the clone of that device. If required, they will confiscate your device, which could be your phone, hard disk, and memory drives. Many international airports are doing this with suspected travellers. They clone your phone before you leave the airport.
A software or a hardware bug is installed in your communication devices which could be a phone, computer, router, and USB peripherals like keyboard and mouse. This way all your logs are uploaded to a place on the internet, from where the data can be accessed. Alternatively, it can be monitored live as it happens.
MALICIOUS APP OR WEBSITE
You install one app or visit a website, which looks good and polished, but in the background, it also installs something more in your phone or pc that captures everything you do, write, watch, or speak from that device and send the data secretly to the hacker. They then sell your data on underground websites. This is where scammers get your data to scam you. One example is a fake transaction using your credit card details to gain your trust for sharing the OTP.
Companies change their policies and all of a sudden your data is out in open.
Let me give you 3 examples
1) Let’s say, you added your school or college details on the social media platforms as private, which means it can only be seen by your friends or to a custom list of friends or audience or members. You feel safe about your privacy right? Well, any day the company can change its policy and make your private data public without even informing you.
Yes, many social media company does this, and it takes months sometimes years for you to discover that your data is now public. Which means it can be seen by everyone. Remember, nothing is free, if you are using social media for free, then you are the product, your data is the product, on which they earn through either selling it or either inviting views in your content and placing ads around it.
2) Similarly when you write in a private social media group. And if someone searches your name on that social media website, the results may also show the posts you did on that private group.
3) You create an employees list in the Aexcel file with a file name as ‘Andhera Card Numbers’, and you stored the file on the server. And somehow the search engine has now indexed that file. Now let’s says someone searches as ‘Andhera Card Numbers’ on the search engine, which may display the results including this Aexcel file of the employees. That’s it, somebody downloaded it and now it is in open.
So anything you write, share, communicate on the internet including voice call or video calls think twice because it is stored somewhere and can be accessed by someone.
Even if your phone is shut off, still it can record audio, take pictures, videos and your location secretly. This is one of the reasons why the battery is no more removable from your smartphone. It can capture lat/long and upload it to the server at regular intervals and your location can be accessed. Even if your phone gets shut down forcefully because of 0% battery, please note that it still has some juice left to operate for an hour at least which can be used secretly for limited services. Yes, the phone can be turned on remotely and secretly while keeping your screen off.
On the internet nothing is safe, nothing is private, nothing is secured. But if you are not doing anything bad or anything illegal then you should not worry. But you can take some steps to stop the camera from being used secretly. Here is what I do. I took a black colour electrician tape, cut a small round piece and stick it on the camera of my laptop and my smartphone.
So whenever I have to do a video conference or a video call I just slide the tape, pushing it with my thumb shifting its location, and then slide back again to its original position after its use. Similarly, when I have to take pictures from my smartphone, I slide the tape, take pictures and then slide it back on the camera.