data harvesting

Concerns about data harvesting

As a penetration tester, you know more about vulnerabilities, not just for companies but personally. You know how easy it is for cyber attackers to access and collect personal information, a process known as data harvesting.

What is data harvesting?

Data harvesting, also known as data mining or web scraping, is when companies collect your data to build a picture of who you are. Most of the time, it is harmless and is used to serve you more relevant ads. However, cybercriminals can use the same approach and potentially use this information manipulatively, and it is scarily easy to do.

How is data harvested?

Data is harvested using a small piece of malicious script/code, known as a bot. The bot can steal data from websites, particularly those that use databases.

Why don’t people protect their data?

People are not aware of what they should be doing, and even those who are aware simply choose not to. Sometimes it’s for convenience, sometimes laziness, or sometimes it’s just because they aren’t worried.

People who do take the security of their data seriously are labelled paranoid. People just don’t see it as a threat. Sharing personal data has many benefits in terms of user experience, and if you refuse to share your data, you pretty much can’t use anything online.

Some people don’t care what companies know about them. Many companies will share your data freely or find opportunities to sell it on to a third party.

The only things most people care about is ID theft and fraud. However, data harvesting can be just as damaging, if not more so, because it applies to a much wider group of people.

How do companies get our data?

Companies might offer money for you to complete surveys or test products. Sometimes people give it willingly in exchange for access to products and tools. These actions are recorded to build a picture of who we are and our online behaviour. This information can then be sold to other companies. 

Is data harvesting legal?

GDPR guidelines regulate data collection. It is legal to store and use data as long as the company is compliant with GDPR protection laws. You can learn more about GDPR here and discover what they aren’t allowed to collect and store & usage rules/guidelines. 

The abuse of data harvesting

Data harvesting can be abused to:

  • Manipulate our behaviour online by serving only content that supports our perspective, which can be seen as either good or bad. This causes us to become polarised as a nation and can lead to tensions, hatred, and intolerance. It can influence political opinions, using fake news to convince groups of people to vote for a party that does not support them.
  • The gamification of social media and advertising creates a release of endorphins when we post and get likes, much the same way as gambling, creating an urge to get that feeling again. However, this causes us to become more depressed, and suicide rates have increased on the back of this.

How to control and protect my data

You can start by reading the terms and conditions that almost all trustworthy sites will have in their website’s policy statement. They will state what information they keep about you and how it is stored and used. It is their responsibility to keep this information safe for you and their company. However, if you agree to let them share your data in exchange for a product or service, you have instantly lost control, and there is no way to get it back.

Anything posted publicly on social media is instantly out of your control, and while there are privacy settings and tips for staying anonymous, there is always a risk. Unfortunately, if you were to refuse these policies/terms and conditions, your life probably wouldn’t be as convenient as it is now.

Contact us..

Related Articles

How To Get ISO 27001 Certified

ISO 27001 is an internationally recognised standard for information security management systems (ISMS). It provides a systematic approach for organisations to manage and protect their

Find Out More