Cybersecurity - Privacy Fundamentals Flashcards
Privacy
Privacy is about protecting personal information from being seen or used by others without permission. It helps people stay in control of their data.
📌 Example: If you don’t want companies tracking your location, you can turn off GPS tracking on your phone.
Privacy Paradigms
Privacy paradigms make sure that personal data is handled safely for everyone
Privacy can mean different things depending on the context:
1️⃣ Confidentiality – Keeping data secret (e.g., encrypted messages).
2️⃣ Control – Giving users choices about their data (e.g., privacy settings).
3️⃣ Transparency – Knowing how your data is used (e.g., clear privacy policies).
📌 Example: A website should tell you how they use your data before asking for personal details.
Privacy by Design
Privacy by Design means that privacy protections are built into technology from the start, not added later. This ensures that user data stays safe through strong security, minimal data collection, and user control over their information.
Privacy in Different Jurisdictions
Different countries have different privacy laws to protect users.
GDPR (EU) – Strong rules on data protection and user consent.
FTC (USA) – Focuses on consumer rights and security.
📌 Example: Websites must ask for cookie consent in Europe (GDPR), but not always in the USA.
A Taxonomy of Privacy (Solove’s Model)
Solove’s model groups privacy problems into four types:
1️⃣ Collection 📩 – Data is taken without permission (e.g., websites tracking you).
2️⃣ Processing 🔄 – Data is stored or shared unfairly (e.g., companies selling your info).
3️⃣ Dissemination 📢 – Private data is leaked (e.g., a hacker exposing emails).
4️⃣ Invasion 🚨 – People are watched or disturbed (e.g., employers spying on workers).
✅ This model helps us understand privacy risks and improve data protection! 🚀
Data Confidentiality
Keeping data safe from unauthorized access so hackers or others can’t see it.
📌 Example: Bank websites use HTTPS to keep your login details private.
Types of Data
1️⃣ Direct Identifiers – Data that directly reveals who you are (e.g., name, ID number).
2️⃣ Quasi-Identifiers – Data that can be used to guess who you are (e.g., age, ZIP code).
3️⃣ Sensitive Data – Data that is private and personal (e.g., health records, income).
📌 Example: Your email address is a direct identifier, while your date of birth and city could help identify you indirectly.
Types of Data Disclosure
Ways private information can be exposed:
1️⃣ Identity Disclosure – Finding out who a person is.
2️⃣ Attribute Disclosure – Learning something new about a person.
3️⃣ Membership Disclosure – Finding out if someone is part of a group.
📌 Example: A hacker steals hospital data and finds out who has diabetes (attribute disclosure).
Reidentification Attacks
Even when data is anonymized, hackers can combine different datasets to identify people.
📌 Example: A Netflix user’s viewing history can be linked to their Twitter account if they post about what they watch.
Record Linkage
Connecting different data sources to uncover private information.
📌 Example: A hacker combines voter records and leaked emails to find out who donated to a political campaign.
K-Anonymity
K-Anonymity is a way to hide personal data in a dataset so that no individual can be identified.
How It Works:
✅ Groups people with similar data together so that each person blends in.
✅ “K” represents the number of people who share the same data—the higher the number, the safer the data.
✅ Prevents identity leaks while still allowing useful data analysis.
L-Diversity
An improvement of k-anonymity that makes sure each group has diverse sensitive values.
📌 Example: A dataset shouldn’t have a group where all users have cancer, as it makes reidentification easier.
Data Anonymization Methods
Data anonymization hides or changes personal information so no one can identify individuals. This can be done by removing details (suppression), grouping data (K-anonymity), replacing values (generalization), or adding random noise (differential privacy).
Open Source Intelligence (OSINT)
Collecting publicly available information from the internet for investigations.
📌 Example: Investigators use Google, social media, and leaked databases to track criminals.
Dark Web
A part of the internet that requires special software (like Tor) to access. Often used for illegal activities but also privacy protection.
📌 Example: Whistleblowers use the dark web to share information without being traced.
Privacy Threat Modeling (LINDDUN)
A way to identify privacy risks in a system:
Linkability – Can data be linked to a person?
Identifiability – Can a person be identified?
Non-repudiation – Can someone deny doing something?
📌 Example: A ride-sharing app must ensure trip data doesn’t expose where users live.
Data Breaches
When hackers steal personal data from a company’s database.
📌 Example: A Facebook data leak exposes millions of users’ phone numbers and emails.
Data Minimization
Companies should only collect the data they actually need.
📌 Example: A fitness app doesn’t need access to your contacts or microphone.
Privacy Nudges
Small reminders or warnings that help users make better privacy decisions.
📌 Example: A website asks “Are you sure you want to share your location?” before enabling GPS tracking.
Differential Privacy
A technique that adds random noise to data to prevent identifying individuals while keeping useful statistics.
📌 Example: Apple uses differential privacy to analyze user behavior without storing personal details.
Privacy Dark Patterns
Tricks that push users to share more data than they want.
📌 Example: A website makes the “Accept All Cookies” button large but hides the “Reject” option.
The Right to Be Forgotten
Under GDPR, people can request websites to delete their personal data.
📌 Example: If your old tweets contain personal info, you can ask Twitter to remove them.
Tracking and Cookies
Websites use cookies to track users’ behavior across the internet.
📌 Example: If you search for shoes on Amazon, you see shoe ads on Facebook.
Secure Data Storage
Data should be encrypted and stored safely to prevent leaks.
📌 Example: Password managers store data in an encrypted vault.