Cybersecurity - Privacy Fundamentals Flashcards

1
Q

Privacy

A

Privacy is about protecting personal information from being seen or used by others without permission. It helps people stay in control of their data.
📌 Example: If you don’t want companies tracking your location, you can turn off GPS tracking on your phone.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Privacy Paradigms

A

Privacy paradigms make sure that personal data is handled safely for everyone

Privacy can mean different things depending on the context:
1️⃣ Confidentiality – Keeping data secret (e.g., encrypted messages).
2️⃣ Control – Giving users choices about their data (e.g., privacy settings).
3️⃣ Transparency – Knowing how your data is used (e.g., clear privacy policies).

📌 Example: A website should tell you how they use your data before asking for personal details.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Privacy by Design

A

Privacy by Design means that privacy protections are built into technology from the start, not added later. This ensures that user data stays safe through strong security, minimal data collection, and user control over their information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Privacy in Different Jurisdictions

A

Different countries have different privacy laws to protect users.

GDPR (EU) – Strong rules on data protection and user consent.
FTC (USA) – Focuses on consumer rights and security.
📌 Example: Websites must ask for cookie consent in Europe (GDPR), but not always in the USA.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A Taxonomy of Privacy (Solove’s Model)

A

Solove’s model groups privacy problems into four types:

1️⃣ Collection 📩 – Data is taken without permission (e.g., websites tracking you).
2️⃣ Processing 🔄 – Data is stored or shared unfairly (e.g., companies selling your info).
3️⃣ Dissemination 📢 – Private data is leaked (e.g., a hacker exposing emails).
4️⃣ Invasion 🚨 – People are watched or disturbed (e.g., employers spying on workers).

✅ This model helps us understand privacy risks and improve data protection! 🚀

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Data Confidentiality

A

Keeping data safe from unauthorized access so hackers or others can’t see it.
📌 Example: Bank websites use HTTPS to keep your login details private.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Types of Data

A

1️⃣ Direct Identifiers – Data that directly reveals who you are (e.g., name, ID number).
2️⃣ Quasi-Identifiers – Data that can be used to guess who you are (e.g., age, ZIP code).
3️⃣ Sensitive Data – Data that is private and personal (e.g., health records, income).
📌 Example: Your email address is a direct identifier, while your date of birth and city could help identify you indirectly.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Types of Data Disclosure

A

Ways private information can be exposed:
1️⃣ Identity Disclosure – Finding out who a person is.
2️⃣ Attribute Disclosure – Learning something new about a person.
3️⃣ Membership Disclosure – Finding out if someone is part of a group.
📌 Example: A hacker steals hospital data and finds out who has diabetes (attribute disclosure).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Reidentification Attacks

A

Even when data is anonymized, hackers can combine different datasets to identify people.
📌 Example: A Netflix user’s viewing history can be linked to their Twitter account if they post about what they watch.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Record Linkage

A

Connecting different data sources to uncover private information.
📌 Example: A hacker combines voter records and leaked emails to find out who donated to a political campaign.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

K-Anonymity

A

K-Anonymity is a way to hide personal data in a dataset so that no individual can be identified.

How It Works:
✅ Groups people with similar data together so that each person blends in.
✅ “K” represents the number of people who share the same data—the higher the number, the safer the data.
✅ Prevents identity leaks while still allowing useful data analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

L-Diversity

A

An improvement of k-anonymity that makes sure each group has diverse sensitive values.
📌 Example: A dataset shouldn’t have a group where all users have cancer, as it makes reidentification easier.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Data Anonymization Methods

A

Data anonymization hides or changes personal information so no one can identify individuals. This can be done by removing details (suppression), grouping data (K-anonymity), replacing values (generalization), or adding random noise (differential privacy).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Open Source Intelligence (OSINT)

A

Collecting publicly available information from the internet for investigations.
📌 Example: Investigators use Google, social media, and leaked databases to track criminals.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Dark Web

A

A part of the internet that requires special software (like Tor) to access. Often used for illegal activities but also privacy protection.
📌 Example: Whistleblowers use the dark web to share information without being traced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Privacy Threat Modeling (LINDDUN)

A

A way to identify privacy risks in a system:

Linkability – Can data be linked to a person?
Identifiability – Can a person be identified?
Non-repudiation – Can someone deny doing something?
📌 Example: A ride-sharing app must ensure trip data doesn’t expose where users live.

17
Q

Data Breaches

A

When hackers steal personal data from a company’s database.
📌 Example: A Facebook data leak exposes millions of users’ phone numbers and emails.

18
Q

Data Minimization

A

Companies should only collect the data they actually need.
📌 Example: A fitness app doesn’t need access to your contacts or microphone.

19
Q

Privacy Nudges

A

Small reminders or warnings that help users make better privacy decisions.
📌 Example: A website asks “Are you sure you want to share your location?” before enabling GPS tracking.

20
Q

Differential Privacy

A

A technique that adds random noise to data to prevent identifying individuals while keeping useful statistics.
📌 Example: Apple uses differential privacy to analyze user behavior without storing personal details.

21
Q

Privacy Dark Patterns

A

Tricks that push users to share more data than they want.
📌 Example: A website makes the “Accept All Cookies” button large but hides the “Reject” option.

22
Q

The Right to Be Forgotten

A

Under GDPR, people can request websites to delete their personal data.
📌 Example: If your old tweets contain personal info, you can ask Twitter to remove them.

23
Q

Tracking and Cookies

A

Websites use cookies to track users’ behavior across the internet.
📌 Example: If you search for shoes on Amazon, you see shoe ads on Facebook.

24
Q

Secure Data Storage

A

Data should be encrypted and stored safely to prevent leaks.
📌 Example: Password managers store data in an encrypted vault.

25
End-to-End Encryption (E2EE)
A method where only the sender and receiver can read messages, preventing spying. 📌 Example: WhatsApp messages are end-to-end encrypted, so even WhatsApp can’t read them.