• United States




5 most common data privacy misconceptions

Dec 19, 20165 mins
Application SecurityInternet SecuritySecurity

Simple and actionable tips to keep your information secure—and why it is important

Average internet users are starting to realize they should be protecting their personal information better. But do they understand why?

Protecting private data is more important than many people realize, and also quite simple. I’d like to unpack the top five most common misconceptions of cybersecurity to demonstrate why you should learn how to protect yourself and your data. 

1. I have nothing to hide. Why do I need my data to be encrypted?

No skeletons in your closet? No searches you’d prefer didn’t surface? That’s fine, but what about your credit card information, passwords and Social Security number? Just because you don’t have dirty laundry to air doesn’t mean your personal data isn’t worth protecting.

Remember that even though you don’t think it’s sensitive information at face value, in the wrong hands, your data has the potential to do serious damage to your life. Consider that many people have their identity stolen through the simple process of someone looking through their trash for personal information; now think what someone could do if they could see all of your emails. 

2. Encryption gives wrong-doers/terrorists an invisibility cloak. 

Well, not really. This argument is outdated. We’re stuck in a Catch-22 where there will always be a threat. Either your right to privacy is protected (and potentially so are wrongdoers) OR your data is vulnerable (but we’ve made it more difficult for terrorists to communicate).

+ Also on Network World: 10 biggest hacks of user data in 2016 +

The truth is that there’s no such thing as an encryption backdoor that somehow protects “the good guys” and not the “bad guys.” For encryption to be effective, it has to work for everyone. Who would you trust with a key to all your data: not only trusting that they wouldn’t use it for purposes you don’t approve of, but also trusting that they won’t lose it and that they will keep it safe from those who want to steal it. There are many ways to track terrorists even if the contents of their communications are encrypted. 

3. Why should I care about how big companies use my data? It doesn’t matter to me. 

It should matter to you. Many, if not most, of the services we use on the internet today are based on a simple “bargain,” which goes something like this: “You get to use our service for ‘free’ (personally, I think it’s better to say you don’t pay an upfront/regular fee), and in return you agree that we can use your personal data to target the advertising that actually funds our business.”

Most people understand the “free” part, but they don’t necessarily understand the implications of the second part. It’s worth thinking about how a company that offers a free service can make tens of billions of dollars in revenue each year. That money has to be generated from somewhere, and ultimately it’s you, the consumer, who pays by sacrificing privacy to a greater or lesser degree.

The upside to companies using your data includes more accurate searches and suggestions—essentially convenience. But when does companies’ use of your personal data begin to have diminishing returns? Chances are you don’t even know exactly how much access you’re giving to free sites such as Google and Facebook that monetize your data. Did you really read that privacy policy? 

4. Protecting myself on every device feels impossible.

It’s not. Easy solutions include using services such as or DuckDuckGo, which are non-tracking search engines. Non-tracking search engines do not record your every click, swipe and purchase, keeping your data safe from exploitation.

Additionally, almost all browsers support a Private/Incognito mode to stop sites from storing cookies and other tracking data in your browser. There are also password management systems such as LastPass that centralize and protect your passwords so that no one but you can gain access to them. 

Services such as ownCloud and are easy ways to be in charge of and decentralize your data. Users should seriously consider services that charge a monthly/yearly fee, especially when that fee includes a promise not to monetize your private data. 

5. Isn’t it the government’s job to protect my privacy?

One of the most shocking revelations that came from Edward Snowden was the extent to which western governments had been secretly and pervasively monitoring the internet traffic of their citizens. Despite the public outcry associated with these revelations, governments continue with these efforts, although now generally through legal means, for example, the “Snoopers Charter” bill recently passed by the U.K. government.

While it can be legitimately argued that forcing service providers to store our browsing and email traffic records is helpful in preventing and detecting terrorism and child pornography, it doesn’t prevent the fact that this data is being stored and is thus potentially available not just to the government, but also anyone who is capable of stealing it.

If you are at all concerned about that, you should think about steps you can take as a consumer to protect yourself and consider joining or supporting organizations that work with industry and governments to create legal and regulatory safeguards to protect your privacy.


Neil Cook brings over 20 years of experience in the cyber security industry to his role as Chief Security Architect at Open-Xchange. He is responsible for the security, privacy and encryption features across all products in the OX group, which includes Open-Xchange, Dovevot and PowerDNS.

Prior to joining Open-Xchange, Cook held a variety of executive and leadership positions with service providers including Cloudmark, Openwave and, building secure, scalable messaging solutions. His aim is to broaden the OX group with particular attention on cross-product, security-enhancing features and services such as anti-abuse and anti-spam services.

The opinions expressed in this blog are those of Neil Cook and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.