Is anything private in Web 2.0?

The answer to this question is simple: no. With the developments in social media and two-way communication channels such as Twitter, Facebook and YouTube, it has made social privacy somewhat non-existent.

With regards to corporate/organisation privacy, the most complex computer system in the world is now capable of being breached. With sensitive information out of a business’s complete control there is a much greater risk for error, negligence or cybercrime. Another big problem is the rogue employees that may defame the business via blogs or use of social networking that can publish at will.

According to the Ponemon Institute, a leading organisation dedicated to independent research and education, stated:

  • 85 per cent of businesses have experienced a data security breach
  • 46 per cent of businesses fail to implement encryption solutions even after suffering a data breach.
  • 82 per cent do not seek legal counsel prior to responding to the incident despite not having a prior response plan in place
  • 95 per cent of businesses suffering a data breach were required to notify data subjects whose information was lost or stolen.

To understand the reasons for this, it’s important to establish the make-up of Web 2.0. Since the crash of the dot com era in 2001, fear broke out that the Web would crash. Instead new applications and websites began to grow, develop and expand across the Web. Since then an advance in computer software and the push for a better user experience has evolved across the Web. The transition from Web 1.0 to Web 2.0 was complete almost overnight; this was the start of the technological age and the beginning of the end of privacy as we know it.

Almost any information can be attained if it is in high enough demand or is deemed valuable to the public. Take the WikiLeaks scandal, for example. Information about equipment expenditures, holdings in the Afghanistan war and corruption among other highly controversial, political and private issues were released across the Web. Founder, Julian Assange published submissions and news leaks from anonymous news sources and whistle blowers.

The Wikileaks scandal highlights the ease at how information can be exposed. It’s important to understand how information is released and private documents are breached as this is just one extreme example, but computer systems are breached on a daily basis.

Web 2.0

Web 2.0 is made up of three main components: Rich Internet Application (RIA), Service Orientated Architectures (SOA) and the social Web. It’s important to add cloud computing, social networking and virtualisation as they are also bringing about new exposure to privacy issues to the fore.

The first part of Web 2.0 is RIA, some buzz words that come to mind are Flash and Ajax. Flash is a multimedia platform, providing vivid animation and interactivity to animations. It is commonly used for videos, games and other interactive Web page content. Ajax is used for creating interactive Web applications; it combines HTML, JavaScript and CSS to build the layout and page content, to obtain the business data from the server.

RIA is how the experience from the desktop into the browser, whether it’s from a graphical or usability perspective, is established. A good example of this is the drag and drop that everybody is used to from the desktop.

SOA is another key part of Web 2.0. This includes buzz words such as feeds, RSS, Web services and mashups. What SOA is all about is how Web 2.0 applications expose their functionality so that other applications can leverage and integrate their functionality providing much richer applications including the infamous mashups. This integration process has led to numerous privacy breaches in the past. When taking information from other sources it’s important to be vigilant and ensure privacy rights are protected.

The area of most controversy when it comes to privacy is the social Web. Web 2.0 applications tend to interact much more with the end user. The end user is not only a user of the application but he or she is a participant. Whether by tagging the content, contributing to the wiki or doing podcasts or blogging, as part of the social nature of these applications the end user is an integral part of the data of the application providing feedback, allowing the application to leverage the users that are using it. Therefore, the power of privacy is down to the person who has last been given the information as it is that person’s decision as to what he or she will do with the information.

This is simply bad news. More than likely that last person is in fact last persons, meaning more people have this information, and as there are an infinite number of sharing tools available; the temptation to share information has become increasingly difficult to resist. The combination of the social Web and human nature leaves privacy a difficult concept to grasp for the vast majority of people and the only question left to ask is how long can an issue stay private? Examples have shown: not long.

With regards to business privacy, a good way to gauge the level of trust organisations have in Web 2.0 is to look at a stereotypical business cyber policy. In this rapidly changing world of technology there is increased exposure and liability. Unauthorised access or use of a computer system is usually the first coverage in a cyber-insurance policy this can include theft or destruction of data, hacker attacks or denial of service attacks and malicious code. Liability exposure can grow even more from using outsourced service providers such as Web hosting, document storage, call centres and credit card processing. Other growing threats include data breaches, especially in the areas of sensitive health care and financial data. For example, in April Visa had to remove Global Payments from a list of credit-card processors as 1.5 million credit card numbers and other important information were stolen.

Web 2.0 is a dream world for hackers, law breakers and social parasites looking to exploit and take advantage of the privacy of individuals and organisations for their personal benefit. Take note: An FBI crime and security survey found that 71 per cent of American companies are endangering their financial stability by not having insurance that will cover Internet liability.

Olan Ahern has a keen interest in social media and online issues. He works on behalf of ASOS an online e-commerce based fashion retailer.

Join the CSO newsletter!

Error: Please check your email address.

Tags internet securityWeb 2.0

More about FacebookFBIVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Olan Ahern

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts