Hate messages, threats and intimate data circulate unfiltered and unprotected on the Internet: Here, any person can become an unintentional victim. Even what you once uploaded to the Internet can catch up with you a year later when it is republished by others. So-called data leaks (i.e. the publication of data that is not actually intended for the general public) do not always have to be the result of hacker attacks. Info can also be gathered from multiple public sources such as websites or social media profiles.
Scraping: mining publicly available data
Scraping is the term for this, which is linked to "mining" can be translated as. Data is systematically collected and stored with the help of programming code. In this way z.B. from the career network LinkedIn the data of 500 million members "sucked" and have been offered for sale online by the beginning of April 2021. Also 1.3 million user data from the controversial app Clubhouse are said to have been copied and offered for sale. A good week earlier, information on 533 million Facebook users had already been published on the Internet.
Every user has the right to have old information about him/herself removed from sites and search engines. But it’s even better if all the information doesn’t reach the Internet in the first place. A few tips on this:
Do not put everything online
Data thrift is the magic word: what once sees the light of day on the Internet usually stays there permanently and does not disappear by itself. Published photos, videos, and texts can not only be viewed, but also saved, forwarded, or republished under a different name and title. Even if this does not always happen with right things. Photos, movies and posts on social networks, which are actually only meant for selected friends, can fall into hacker hands. Facebook, for example, had to admit at the end of 2018 that programs for the social network were able to gain unauthorized access to several million private user photos. If possible, users who log in to online services should not disclose all the data they are asked for. It’s easy to steal someone’s identity with their date of birth, and others can deduce their income and purchasing power by knowing their job. So whenever you publish something, think about whether you would also shout the info out loud through a bus.
Regularly check what has been published
It makes sense to check personal data by entering one’s own name from time to time. Anyone who discovers unwelcome claims on other websites during their search can request the site operators and search engine providers to delete this data immediately. These must be removed if the interest in deleting the data of those affected is to be rated higher than, for example, the public’s need for information. Our sample letters help with the correct formulation of such requests.
Delete outdated information
A team photo from the local soccer club from 2006 – even with old publications, the question is appropriate as to how long the visibility of past occasions and events on the Internet is justified. Because this way, personal data (photos, names and possibly private contact address) always remain available. Anyone with dubious intentions can use personal data found online for anonymous and exposing publication even years later.
Report hate postings on social networks
Anyone who uses social networks such as Facebook, Twitter, YouTube and Co. is bullied or persecuted with hate messages, should report such posts to the operators of the respective network. These must report the "shit-Follow up on reports and remove obviously illegal postings within 24 hours as a matter of principle. Instructions for reporting comments on Facebook, Instagram, Twitter and Google+ are available on checked4you.de, the online youth magazine of the NRW consumer advice center.
Secure personal access
Hard-to-crack passwords are indispensable for protecting your own data. Just as every door lock has its own key, every access to Internet services should have its own password. If your head is spinning with too many passwords, you can entrust your access codes to a digital password manager. These programs store different passwords, the user only has to remember one main password. This is safer than always using the same access code for all services. The more characters a password has, the more secure it is. At least ten characters, upper and lower case letters, numbers and special characters increase protection. Names, dates of birth, telephone numbers or similar should not be used.
Putting apps in their place
The useful or playful applications on smartphones and tablets sometimes want to access things that are none of their business. Thus, users should determine before launching whether an app is really allowed to read out the stored contacts. With a flashlight app, for example, there’s no reason to do so. However, developers could use a program with appropriate access to contact data to collect the stored data, sell it or publish it illegally. The operating systems iOS from Apple and Android (from version 6.0) offer the possibility to lock permissions for each app individually even after installation.
Apps are also available on the social network Facebook. You can also collect user data. We explain details and protection options in this article.
Data protection and data security are the guarantors of success
Data misuse by companies, rampant surveillance on the Internet, lack of IT security: these were the buzzwords of the past year. The Federation of German Consumer Organizations (vzbv) calls for consistent enforcement of the DSGVO requirements. Consumer associations’ right to sue in data protection must not be restricted, and the federal government must push for consumer-friendly regulations in the ePrivacy Regulation.