IT services for free – the business of personal data

15. April, 2020

In the home office, the use of software solutions such as VPN services, anti-virus programs and AdBlockers is increasing. Those who carelessly use free services can make unpleasant discoveries: payment is often made with personal data.[1]

Not only already exposed services use their customers’ data for various purposes, the additional monetization of user data is also an important business process for navigation services and search engines, wearables like fitness trackers, social media sites or online shopping services. Personal data is valuable and in high demand to gain specific knowledge advantages.

Paid or free – the users always pay

If you put yourself in the provider’s shoes, it becomes clear, that somehow the companies have to cover their costs and earn money. Since there is no obvious income from users for (supposedly) free services, the software must be kept profitable on the market by other means. This usually works at the expense of the consumers. Even services that are actually supposed to make IT services more secure become a risk factor through data transfer.

Cybersecurity services – different ways, one goal

There is nothing easier than installing new software on your PC or smartphone: click download, follow the installation, and agree to the terms and conditions and privacy policy – done! However, many programs require additional authorizations or information that hardly anyone checks or analyses in detail. With various identification options, locations and other data, users reveal a great deal about their interests and personal circumstances – especially when the data is stored, enriched and linked in the background. The scope and purpose of this data collection cannot be predicted at first glance.

Unserious apps with additional security risks

Some free apps have been found to have other questionable features when analysed by security researchers. Some ad blockers place and prefer their own advertisements, VPN services sell detailed data on user behaviour instead of anonymizing it, and apps for data minimization install their own root certificates that can infiltrate data security and encryption. These business practices have now also attracted the attention of app store operators. Applications that have attracted attention through such functional implementations have been removed from the Apple App Store and the Google Play Store. Suspicious providers who appear to be acting systematically are being investigated more closely. [2]

Safety recommendations for end users

Pay attention to the services you install and use on both your PC and smartphone. Often it takes too long until dubious applications are uncovered. Security experts generally advise against installing apps that demand more rights than necessary or require other in-depth access to the system. This also includes the additional installation of, for example, system optimizers, virus scanners or other additional tools, as they often appear with PC applications. A good example are flashlight apps that require access to contacts, ID and network. Any such requests should prompt the user to cancel the installation in order not to unnecessarily compromise the security of his system.[3]

When selecting and using free services, always ask yourself which use cases you as a user want and need to cover. Check your instincts: Is it realistic to operate such a secure service for free? Do not save money the wrong way. Only use and install applications whose providers you trust and who can also prove a good reputation in independent evaluations and tests.

Links:

Working safely from home

Underestimated threat: Mobile malware

Security tips to protect your data and devices


[1] https://techcrunch.com/2020/03/10/your-vpn-or-ad-blocker-app-could-be-collecting-your-data/

[2] https://www.techadvisor.co.uk/news/security/vpn-apps-stealing-data-3783792/

[3] https://www.zdnet.com/article/most-android-flashlight-apps-request-an-absurd-number-of-permissions/

Red Teams, Blue Teams, Purple Teaming

Living Off the Land attacks

MSSP of the Year 2024

SIEM

What is a SIEM?

Nozomi Guardian Air
HarfangLab Guard
MITRE ATT&CK Framework
v.l.n.r.: Joe Pichlmayr (CEO IKARUS) – Anouck Teiller (CSO HarfangLab) –Alexander van der Bellen (Bundespräsident Österreich) - Frédéric Joureau (Erster Botschaftsrat der französischen Botschaft in Wien) – Christian Fritz (COO IKARUS)
EDR
Cyber Kill Chain
Business Email Compromise
Prognosen für die zehn größten Cybersecurity-Bedrohungen für 2030
E-Mail Verschlüsselung
Schritt für Schritt zum Notfallplan für IT-Security-Incidents
Account Management
Bedrohung

WE ARE LOOKING FORWARD TO HEARING FROM YOU!

IKARUS Security Software GmbH Blechturmgasse 11
1050 Vienna

Phone: +43 1 58995-0
Sales Hotline:
+43 1 58995-500
sales@ikarus.at

SUPPORT HOTLINE

Support hotline:
+43 1 58995-400
support@ikarus.at

Support hours:
Mon – Thu: 8am – 5pm
Fri: 8am – 3pm
24/7 support by arrangement

Remote maintenance software:
AnyDesk Download