One problem with safeguarding privacy when utilizing networked technology is that some users do not know much about what processes are used in the technology that they utilize. Most of us have probably heard the old analogy comparing the privacy of an email to that of a postcard. In this article I want to explain some of the underlying behavior in technology that most of us probably use daily, starting with a couple of the reasons why the privacy in an email message is so low.
Example 1 — Email Systems
An employee at some company emails some “lewd” picture to his wife. After the employee had clicked “Send”, the email is first transferred to an email server located somewhere else at the company. At the email server it is then placed into some folder connected to the employees account. After the email server has completed sending out the email, it may or may not be deleted from that folder.
This same issue is also present on the receiving side, in that a received email is stored in some folder accessed by the receiving email server.
Besides this, the personnel that is responsible for administering the email server typically have full access to the folders processed by the email server. Depending on how the emails are stored, this access may be through the file system on the operating system that the email server runs on. Depending on the security measures that the mail service provider has in place, access through the file system may not be tracked.
For example, the customer service people at the mail service provider may only be able to access the emails through some client which could well track the access in the hopes of keeping the personnel from access customers’ records without reason. Even in a situation where this is the case, the personnel administering the operating system that runs the email server may have a more direct access that is not being tracked. Note that here I use the term “email server” to refer to the email server software such as Microsoft Exchange, not to the operating system or hardware that such an email server would run on.
Example 2 — SMS Messaging
Some person sends a questionable image to his significant other through SMS. The scenario is similar to that of the emails, in that the SMS message is transmitted through the telephone service providers system and will be stored on a database there.
If the recipient has a different carrier than the sender, the message would end up stored in a database system at the receiving carrier as well. After the message has been transmitted to the recipient, it may or may not be deleted from the databases and meanwhile will be accessible by at least the database administrators.
Example 3 — Online File Transfers
A user of an online file transfer service reads from the instructions that the service is “secure” and that “the user can choose who should have access to files uploaded to the service”. User then uploads some file with personal information without realizing that at least the database administrators at such a company would typically have full access to the contents.
Granted, in some cases the contents are encrypted in the database, but some part of the web application must be able to decrypt the contents. The reason is that, if the contents were only encrypted with no possibility of decrypting them, they would become instantly useless after the upload. If the contents then can be decrypted by the web application, it is likely that some personnel at the file transfer service has access to execute that functionality manually.
Example 4 — Web Search Engines
A search engine “indexes” a website that contains multiple pages. This type of indexing always first involves that the search engine downloads a copy of the web pages and stores them on its own server before indexing. For some web pages, the search engine may then make a copy of the cached page available on the search results screen, while for some others it may not make the copies available.
In all cases, however, the search engine has a copy of the contents of the web pages stored in their servers. This is because when users search the “web”, they are actually searching the search engine database.
For instance, if you look for coupons from takethecoupon.com, you will notice that some of your social media accounts will be flooded with advertisement about products related or have something to do with coupons. Surely, little did we know, our privacy and personal information might be at risk by just searching online.
The implication from this is, from a privacy point of view, that after a picture or video has been removed from a website, it may linger in the search engine database for a “while”. How long this “while” is depends on what actual removal processes the particular search engine follows. This determines, for example, whether the picture is actually deleted from the search engine database, or just flagged as no longer visible, after the search engine web crawler finds that the web page has changed and no longer contains the picture.
Example 5 — Image Sharing and Social Networking
After regretting that they uploaded an image to some website, a user selects to “remove” or “delete” the image that they have posted. This does not mean that the image actually gets removed from the database. It may just be tagged so that it is no longer visible to that user. Note that I am not saying that this actually happens, merely that it is a possibility that the user should take into consideration before uploading pictures.
Admittedly, these issues would probably be more of a concern for you if you are both famous and want to try to control your privacy. We less famous people might tend to think that nobody would care about our personal details, and this could well be correct when it comes to compromising images. Nevertheless we should remember that the media does not need to be interested about something we have sent or uploaded; it is sufficient that some person with access to it is interested.
Hopefully this information helps you make a decision on what to send or upload with your eyes more open.