One of the toughest parts of my job is explaining the difference between security and privacy. I find that the confusion between the two often leads people to a feeling of Learned Helplessness. Learned Helplessness is the feeling that regardless of your efforts, what happens to you is beyond your control. Just sit back because you are along for the ride.
This is not totally the case. The fact is that everyday consumers are largely in charge of the fate of the information and the resulting data breaches. You have control over which companies you support, and your money speaks volumes about what you demand from the company. Every company has a multitude of surveys, user feedback, and customer service departments where you can call and complain. Lastly, if all else fails, there are always independent review sites like Yelp to provide your feedback.
Refusing to register for an account with a company who limits their passwords to 16 characters for example is one of my guidelines. Any company still enforcing this ancient practice has not updated their systems and is the same company that would not know if they were breached. How could I in good faith entrust them with my information?
But where is the line between security and privacy and how does it affect everyday consumers? Security is the act of protecting something from unauthorized access. Privacy is the protection of something from public access. For something to be secure it does not necessarily have to be private. For example, there is certain information about you which needs to be public, your name, social media profiles, perhaps even your email address. The fact that the information is publicly accessible does not make it insecure. The information described above does not need to be protected from being viewed but it still needs to be protected from tampering. If someone found your CV on the web and tampered with it for example it may not appeal to the hiring managers you are targeting.
So why this new obsession with privacy? My take is that the world tends to operate in bubbles, for a while we were in this social media bubble, people would share what they had for lunch, not considering that this may give stalkers a way to track their behavior. Post pictures of their whole family on vacation in Mexico, not considering that this gives would-be thieves a heads up of when you're not home. Probably my favorite example is posting racist rants not considering that your employer may not appreciate the public embarrassment.
So, what happened? Clearly one too many people lost their jobs for a racist rant, too many Zoom meetings were bombed, too many houses were broken into. It would seem the world finally wised up. You could be forgiven for thinking this, but you'd be wrong. Like a teenager on their first driving lesson rather than correct the course of our drifting vehicle, we have simply over-corrected into a raven. We blame Zoom for non-existent security flaws which allow Zoom bombing, though they have been offering passwords on meetings as an option for years. We blamed them for the lack of end-to-end encryption, though few of the people tossing blame know the difference between encryption and we blame Facebook for our houses being broken into, and we blame social media at large for people losing their jobs for racist rants.
Isn't it time to accept that information you put out there is secure but not private?