But these doubts were cleared when tech-savvy users highlighted that the app uses end-to-end encryption and could not read those messages. Many users would have surely heaved a sigh of relief.
This was probably the first time that the ‘terms and conditions’ (T&C) of any online service were taken seriously in India. Many users would have overlooked the fact that many mobile phones already have social media apps, some with their own instant message service, which are collecting user details.
While the user reaction was quite disconnected from the actual implications, it showed that Indians have started taking their online privacy seriously.
Most websites and apps that provide seemingly ‘free’ sign-up services, are not really free. They typically generate revenue by using personal, behavioural or location-based data of users to display advertisements directly, or by even selling data to other companies. But this is governed by two factors:
1. The information agreed and submitted through user profiles or posted online
2. The terms and conditions governing the collection, storage and usage of data by the company.
Unfortunately, not many users read these often complicated or time-consuming T&Cs.
Additionally, no two websites or apps have the same format; and neither are they controlled by the master T&C of your computer or mobile phone. This means an average user will have to read them every time she clicks on the sign-up button. Reading this end to end could take almost a full month every year, as these T&Cs change frequently with every update of the app or website.
According to media reports, a UK-based gaming company amended its T&C for a day in 2009. It read: “By placing your order on this website, you agree to grant us a non-transferable option to claim, now and forever more, your immortal soul." This was, of course, a joke but it makes you wonder about the potentially serious consequences that might result from ignoring to read the conditions in the first place.
Another case reported in the Netherlands was about a maps company sharing vehicle speeds of its users with the local authority, which slapped them with traffic violation fines.
Imagine yourself a few years back, shopping at a grocery store. You would drive down, select the exact brand and quantity, pay the money and come home. Now when you shop for groceries online, you probably first use a search engine to find a website or app that delivers groceries to your doorstep. Then you sign-up and enter the keywords to create a shopping list. After checking out, you pay and end the transaction.
During the course of the entire process, you may notice the various advertisement-based or ‘sponsored’ links displayed on your screen at each step. These are links for items that are paying advertising money to appear on the top of the list of items you can buy.
From the next day, you also start receiving emails and text messages, with offers and discounts for specific products. Eventually, you may also get contacted by other websites and apps, with no mention whatsoever that your data from the first website is now available to multiple websites. You are now a fuel to this internet advertisement revolution.
In a nutshell, all your information shared or posted online on the ‘free’ websites and apps is not yours anymore, and it could be sold or distributed.
If any of these websites get hacked, all information could possibly be used to hack your own data.
So what can be done to mitigate these risks and threats to user privacy? There are a few simple steps that online users can take to keep their information and identity relatively safe. Here are a few:
1. Avoid divulging all personal details online such as: your real name or date of birth. Use online nick names instead.
2. Create an email address that you use only for all free websites and apps. Keep a separate personal email address that you share only with known contacts and for banking transactions.
3. As much as possible, do not reveal your mobile phone number.
4. Check the online privacy ranking of websites and apps before signing up.
5. Always select a paid service for anything important or business related.
These steps can help to guard you to a certain extent but it is important to read through the T&Cs before you sign-up. Your personal information is your online currency which you need to protect.
Amit Jaju, executive director, fraud investigation and dispute services, EY India.