AXEL.org

Business

Data Breaches are Here to Stay (For the Unprepared)

On August 18, T-Mobile announced that a recent data breach has affected over 40 million customers. Thankfully, it appears that no financial information was leaked. However, in a statement, T-Mobile stated “While our investigation is still underway and we continue to learn additional details, we have now been able to confirm that the data stolen from our systems did include some personal information.” Those responsible for the breach targeted T-Mobile credit applications, putting names, phone numbers and social security numbers at risk [1].

This massive data leak is just one of many that have occurred in recent years. From banks to superstores, data breaches have affected businesses in every industry, putting customers at risk. With this never-ending barrage of data breaches occurring, it’s fair to ask: When will they stop?

Well, we simply don’t know. If businesses continue to neglect cybersecurity, data breaches will remain common and catastrophic. However, there are ways to minimize this risk. Simply taking the time to protect your data is the key to preventing these massive, costly data breaches. After all, protecting your data is a lot easier than dealing with a massive data breach. Just ask Equifax.

The Equifax Data Breach

In 2017, Equifax, a consumer credit reporting agency, fell victim to a massive cyberattack and data breach. In the attack, over 160 million customers’ personal information was leaked, including names, phone numbers, social security numbers, driver’s license numbers and more [2].

In addition to the massive security breach, Equifax’s response to the attack was criticized as well. Although Equifax learned of the attack in July 2017, it was not announced publicly until September 2017. Additionally, Equifax social media directed customers to unofficial sites not owned by Equifax, putting clients further at risk of phishing attacks [3]. Put simply, the Equifax data breach showed what a business should not do in the event of a data breach. From poor communication to a lackadaisical response to the sheer scale of the breach, Equifax was largely unprepared for the breach and its consequences.

But how did the breach occur? While some data breaches can be the consequence of an honest mistake, this was anything but. Equifax was targeted because of its refusal to update its security software. In March 2017, an update for Equifax’s security software was released, but the update was not immediately installed. Quickly, cybercriminals realized there was a security hole in the older version of the software. Then, in May 2017, cybercriminals found that Equifax’s dispute portal still used the flawed security software. They gained access to documents that contained customers’ personal information, and slowly extracted the data over 76 days to avoid detection. As the attackers continued to extract the data, Equifax learned of the breach on July 29, and quickly shut off access. However, by the time Equifax cut off access to the criminals, the damage had already been done.

Why do Criminals Want Your Data?

While data breaches can be catastrophic to consumers, they can lead to big paydays for hackers. For the T-Mobile breach, the release of phone numbers can lead to increased phishing attempts among victims. And because the criminals have access to each phone number’s accompanying name, they can craft a much more convincing phishing text message. If customers fall for the trick, it puts the rest of their data, including financial information, at risk.

If cybercriminals gain access to financial information in a data breach, the consequences can be even more severe. Using this financial information, the hackers (or those who buy the data from the hackers) can open new credit lines, receive loans, or file false tax returns. And because these financial agreements are under your name, you could be on the hook for paying it back.

How do Data Breaches Happen?

While the cause of T-Mobile’s breach is not immediately apparent, Equifax’s cause certainly is clear: Negligence of cybersecurity. Treating cybersecurity as an afterthought is the main cause of many data breaches. Attackers often use phishing techniques and malware in order to gain access to valuable data. For example, when Target was the victim of a data breach in 2013, the attackers stole credentials and installed malware to Target’s software to extract names and credit card numbers [4]

In addition to outside cybercriminals, insider attacks pose a threat to businesses as well. In fact, employee error is the main cause of most data breaches [5]. While most of these breaches are small and have few negative consequences, it shows that outside actors are not the only cybersecurity risk. 47% of business leaders say that human error has caused a data breach in their organization. From losing a device to unintentionally sending confidential emails, internal data breaches certainly pose a threat. Thankfully, there are ways to minimize this risk.

How to Minimize the Risk of a Data Breach

One of the best ways for businesses to prevent a data breach is to encrypt confidential files. With strong encryption, files are unintelligible to unauthorized attackers, making your data useless to cybercriminals. So even if attackers gain access to your documents, encryption blocks the attackers from understanding the data. This ensures that your documents are usable for you, but worthless to criminals.

For individuals, there are easy strategies to minimize harm if your data is leaked. One easy technique to protect yourself is to use different passwords for different accounts. If you use the same password for all of your accounts, just one leak can make all of your accounts at risk. Therefore, it’s important to use different passwords for all your online accounts to ensure one leaked password doesn’t compromise all of your accounts. Additionally, simply checking your credit card history and credit reports can help stop identity theft after a data breach. If you catch fraud early, it can be stopped. Simply using these two techniques can help minimize the damage of a data breach if your information is compromised.

AXEL Offers Unparalleled Protection

AXEL believes that privacy is a human right. With this in mind, we created AXEL Go, a secure file-sharing and storage software. Offering industry-leading encryption and decentralized blockchain technology, AXEL Go is the best way to protect yourself or your business from unauthorized cybercriminals. Put simply, personal information deserves the best protection. If you’re ready to try the best protection, get two free weeks of AXEL Go here

[1] Schwartz, Mathew J., and Ron Ross. “T-Mobile: Attackers Stole 8.6 Million Customers’ Details.” Data Breach Today. August 18, 2021. https://www.databreachtoday.com/t-mobile-attackers-stole-86-million-customers-details-a-17314?rf=2021-08-19_ENEWS_ACQ_DBT__Slot1_ART17314&mkt_tok=MDUxLVpYSS0yMzcAAAF-_hUkPD9ryUOmFe0rRKxJ3eQA_mnHG9wpo_qAsffgZRgbqIV4FLolYFKr0A7f0CcMmHSwwy3ta4adyJhcjljmHueKFGYuyCT0ezu_kdFj7GYGdCBegA.

[2] Ng, Alfred. “How the Equifax Hack Happened, and What Still Needs to Be Done.” CNET. September 07, 2018. https://www.cnet.com/tech/services-and-software/equifaxs-hack-one-year-later-a-look-back-at-how-it-happened-and-whats-changed/.

[3] Morse, Jack. “Equifax Has Been Directing Victims to a Fake Phishing Site for Weeks.” Mashable. June 10, 2021. https://mashable.com/article/equifax-twitter-phishing-site-facepalm

[4] McCoy, Kevin. “Target to Pay $18.5M for 2013 Data Breach That Affected 41 Million Consumers.” USA Today. May 23, 2017. https://www.usatoday.com/story/money/2017/05/23/target-pay-185m-2013-data-breach-affected-consumers/102063932/.

[5] Reinicke, Carmen. “The Biggest Cybersecurity Risk to US Businesses Is Employee Negligence, Study Says.” CNBC. June 21, 2018. https://www.cnbc.com/2018/06/21/the-biggest-cybersecurity-risk-to-us-businesses-is-employee-negligence-study-says.html.

What the New Infrastructure Bill Means for Tech

On Tuesday, the United States Senate passed a USD $1 trillion infrastructure bill, sending it to the House of Representatives for further debate. While the details and amount of money are subject to change, it is likely that some kind of bill to expand and rebuild the country’s infrastructure will be passed and signed in the coming months. And while most of the bill’s funding will focus on fixing America’s roads, bridges, and other transportation infrastructure, tech is far from being ignored.

Infrastructure spending has long been a goal of many Presidential administrations. And while many bills fall victim to partisan battles, the general idea of infrastructure spending enjoys bipartisan support. Of course, certain tenets of the infrastructure bill will still face fierce debate, particularly the portions that pertain to technology. However, because there is bipartisan agreement that America’s infrastructure needs updates, a bill is likely to pass. And while the numbers may change, the country is still set to spend billions to update, modernize, and regulate technology infrastructure.

Crypto Tax Changes

One of the most important (and controversial) tenets of the bill is creating tax-reporting mandates for cryptocurrency brokers. In practice, this would make reporting cryptocurrency income similar to traditional stock income, where brokers already report their clients’ sales to the IRS. Congressional accountants estimate that this update to crypto tax laws would raise USD $28 billion over ten years [1]. And while this money doesn’t cover the entire cost of the bill, it would pay for the USD $25 billion to repair America’s structurally deficient bridges.

The reason for its controversy is cryptocurrency’s unique nature. Opponents say that the language of the bill regarding cryptocurrency is too broad, leading to software developers and crypto miners facing tax requirements. Additionally, some fully oppose taxes on cryptocurrencies, due to their purposefully decentralized nature. However, supporters of this tax claim that cryptocurrencies are like any other property, and therefore should be subject to capital-gains taxes. Supporters want cryptocurrency gains to be taxed the same as other properties, such as gold and stocks. So while cryptocurrency will still be largely decentralized and international, it will likely become subject to national taxes in the future.

Broadband Access

Another large portion of the infrastructure bill is dedicated to broadband affordability. While those living in urban or suburban communities typically have easy access to the Internet, those living in rural communities aren’t afforded that same accessibility. Many rural areas don’t have consistent access to the Internet, and if they do, the costs can be immense. To combat this Internet inequality, the infrastructure bill offers billions in grants to low-income households. The new program offers monthly USD $30 subsidies toward purchasing high-speed Internet [2]

As millions of Americans have spent the past year working and studying from home, reliable Internet access has become a necessity, especially for low-income college students. The new bill also provides USD $1 billion for colleges and universities to provide additional direct grants to students in need. Overall, expanding broadband access will help ensure more Americans have affordable access to the Internet. After all, access to online services has proven itself to almost be a necessity in nearly every facet of life.

Electric Vehicle Expansion

One of the largest physical infrastructure plans included in the bill is a USD $7.5 billion investment in electric vehicle (EV) charging stations [3]. While EVs have been available to Americans for years, adoption has been slow, partially due to the lack of EV chargers available across the country. This investment hopes to encourage Americans to switch to more environmentally-friendly EVs, as opposed to traditional gasoline-powered cars. In addition to EV charging stations, the bill also sets aside USD $7.5 billion to help cities adopt zero-emission public transportation vehicles. 

Cybersecurity Updates

The bill also offers USD $1.9 billion for cybersecurity updates. USD $1 billion of that fund is slated to be given as grants to state and local governments [4]. Following increased numbers of cyberattacks and ransomware incidents, this money will be useful for updating aging technology. State and local governments often rely on older tech, making it easier for cybercriminals to stage a successful attack.

In addition, these grants will greatly help local governments, who are particularly susceptible to ransomware attacks [5]. Local governments often oversee critical infrastructure, such as water, sewage, schools, and airports. Because all of these are necessities for the community, cybercriminals often target them, knowing that local governments will be desperate enough to pay the ransom. Thankfully, the infrastructure bill’s investment in modernizing cybersecurity for local governments can help protect these communities from the rising threat of cybercrime.

Why Tech is Infrastructure

While the infrastructure bill receives broad support from Americans, some have objected to the bill’s spending outside of traditional infrastructure. After all, “infrastructure” has always meant roads and bridges, rather than tech. But because technology is becoming so present in our lives, it’s important to ensure our tech consistently works. Think about it: If your employer’s Internet went out on a workday, it would be more than an inconvenience. It would likely cause nearly everyone’s work to pause. Simply put, we are incredibly reliant on technology, so it makes sense to ensure that technology works properly and consistently.

When people hear the word “infrastructure,” many think of physical infrastructure, such as roads, bridges, pipes and buildings. Naturally, most of the infrastructure bill is slated to fund these physical infrastructure projects. However, with the Internet truly becoming a necessity in recent years, technology needs to be included in infrastructure as well. To a certain extent, it’s just as important as water or sewage. When our country’s technology works as intended, it can lead to incredible efficiency and convenience. And even in a pandemic, technology allowed us to continue to get work done, ensuring that businesses and governments could continue to serve their communities. But when technology doesn’t work, it can lead to chaos and frustration. Just a loss of Internet can cause entire businesses to temporarily shut down. So because technology and the Internet are so vital to individuals, businesses, and governments, it simply makes sense to consider technology as infrastructure. After all, the Internet isn’t just a luxury anymore; it’s a vital necessity for all.

[1] Gordon, Marcy. “EXPLAINER: How Cryptocurrency Fits into Infrastructure Bill.” AP NEWS. August 10, 2021. https://apnews.com/article/technology-joe-biden-business-bills-cryptocurrency-92628a41124230448f65fdeb89ffad7d.

[2] Gravely, Alexis. “Infrastructure Bill Expands Broadband Affordability for Students.” Infrastructure Bill Expands Broadband Affordability for Students. August 10, 2021. https://www.insidehighered.com/news/2021/08/10/infrastructure-bill-expands-broadband-affordability-students.

[3] Szymkowski, Sean. “Bipartisan Infrastructure Bill Passes US Senate with Billions for EV Charging Network.” Roadshow. August 10, 2021. https://www.cnet.com/roadshow/news/biden-bipartisan-infrastructure-bill-ev-charging-network-senate/.

[4] Miller, Maggie. “Senate Includes over $1.9 Billion for Cybersecurity in Infrastructure Bill.” TheHill. August 10, 2021. https://thehill.com/policy/cybersecurity/567204-over-1-billion-in-cybersecurity-funds-included-in-senate-passed.

[5] Garcia, Michael. “The Underbelly of Ransomware Attacks: Local Governments.” Council on Foreign Relations. May 10, 2021. https://www.cfr.org/blog/underbelly-ransomware-attacks-local-governments.

For Here or To Go? Remote Work, Hybrid Offices and the Future of the Workplace

In March 2020, traditional offices were shaken by the beginning of the COVID-19 pandemic. Employees were forced to work from home, forced to learn new software and techniques just as the stress and worry of the pandemic reached an apex. For the first few months of remote work, employees learned how to do their jobs remotely, while offices remained ghost towns. Both employers and employees were stressed not only about the pandemic, but about when offices could finally reunite.

While the pandemic is waning in the United States, remote work has stayed, at least for traditional office jobs.  And while some offices are transitioning back to physical workplaces, many companies are doing away with mandatory in-person work. Now, employees know efficient strategies for working remotely. And many have realized the conveniences of working from home: No more commutes, more time to watch children, and a healthier work-life balance. With both employers and employees singing the praises of remote work, it’s fair to ask: What is the future of the workplace?

Opinions on Remote Work

Generally, employees like hybrid work more than employers. 55% of employees prefer working at home at least three days per week, while 68% of executives believe workers should be in the office at least three days per week [1]. This disconnect highlights the murky future of work in the United States. Employers want to maintain a strong company culture, while employees want to keep the massive benefits that come with at-home work.

And even though the United States is on the back-end of the pandemic, executives still aren’t sure what the future holds. 60% of respondents to a McKinsey survey stated that their employer’s workplace plans for after the pandemic were either vague or nonexistent [2]. Some executives have shown a willingness to continue remote work indefinitely, while some want in-person work to return soon. In fact, Goldman Sachs CEO David Solomon called at-home work ​​“an aberration that we are going to correct as quickly as possible [3].” 

However, it is simply too early to know what the future of office work is. Of course, not every workplace has the option to work remotely. Food service workers, healthcare workers, and others simply don’t have the option to work from home. McKinsey’s study notes that a shift to remote work could further inequality, as remote work is likely only to be offered to highly educated, well-paid employees [4]. So while traditional offices may continue the transition to remote work, the debate around in-person versus at-home work simply doesn’t apply to all workers.

Is Hybrid the Future?

But for those occupations that have shifted to remote work during the pandemic, could a compromise between employers and employees be the future of office work? A hybrid model combines remote and in-person work at a workplace. Some (or all) employees have the choice to work at home, at the office, or a combination of the two. This flexibility was necessary during the height of the pandemic, but as the country returns to normalcy, employees have gotten used to the convenience of at-home work. And the benefits extend to employers as well, as remote work means fewer costs for physical workplace expenses, including rent and office supplies.

So if there are so many benefits to remote models, why are many executives wary of this potential change? Fear of change, productivity concerns, and protecting company culture are just a few of these anxieties. However, recent studies have found that productivity has either been stable or actually increased during the transition to at-home work, in spite of technical challenges, family responsibilities, and pandemic-related anxieties. A Forbes study found that most workers thought that their per-hour productivity increased while working remotely versus in-person work [5].

Challenges of Hybrid Work

While there are benefits that come with a hybrid model, there are undoubtedly downsides as well. One well-known detriment of remote work is the social isolation that comes along with it. While staying at home can be convenient, it can also prevent workers from forming personal relationships. It could lead to fewer opportunities to learn skills that are necessary for career advancement [6]

In addition, there is a generational divide on opinions of at-home work as well. Although some may assume younger generations are more comfortable with remote work, the opposite is true. Members of Gen Z have more concerns about remote work than older generations. They list the lack of networking opportunities, few genuine connections, and general isolation as the downsides of at-home work [7].

However, hybrid models try to mitigate these drawbacks as much as possible. After all, a hybrid model offers both in-person and at-home work. So while these downsides could still exist, they could be minimized in a hybrid workplace.

Tips to be a Successful Remote Worker

Although the pandemic is winding down, it’s important to know some tips and tricks to ensure you stay productive and happy during your shift.

  • Communicate: Without in-person meetings and checkups, everyone has to know their responsibilities. While it can be tedious, this means emailing superiors, asking questions, and being in contact with other coworkers. Clearly communicating with everyone helps ensure that tasks don’t slip through the cracks.
  • Structure: Make a schedule to follow every workday. Plan specific hours to work on a project, and stick to the plan! Structuring your workday helps ensure you remain focused on specific projects, and also helps keep your work life and home life separated.
  • Visit: Whether it be a trip to the office for a short meeting, or a couple hours at a local coffee shop, getting out of the house is important. Not only does working from a different location prevent feelings of burnout, but a new location can boost productivity as well. Do work tasks at different places to see where you feel most efficient.

Overall, becoming a successful hybrid worker is about finding what makes you most comfortable. If you love talking with coworkers at the water cooler and enjoy the structure of a physical workplace, then in-person work may be for you. But if you feel more comfortable and productive at home, remote work may keep you at top efficiency. Either way, hybrid workplaces offer workers that choice, ensuring that every worker can be both comfortable and efficient at their job.

[1] Gurchiek, Kathy. “Hybrid Work Model Likely to Be New Norm in 2021.” SHRM. July 06, 2021. https://www.shrm.org/hr-today/news/hr-news/pages/hybrid-work-model-likely-to-be-new-norm-in-2021.aspx.

[2] Alexander, Andrea, Aaron De Smet, Meredith Langstaff, and Dan Ravid. “What Employees Are Saying about the Future of Remote Work.” McKinsey & Company. July 15, 2021. https://www.mckinsey.com/business-functions/organization/our-insights/what-employees-are-saying-about-the-future-of-remote-work.

[3] Blenford, Adam. “Remote Work Won’t Be Going Away Once Offices Are Open Again.” Bloomberg.com. March 5, 2021. https://www.bloomberg.com/news/articles/2021-03-05/work-from-home-workplaces-will-let-employees-mix-home-and-remote-work.

[4] Lund, Susan, Anu Madgavkar, James Manyika, and Sven Smit. “What’s next for Remote Work: An Analysis of 2,000 Tasks, 800 Jobs, and Nine Countries.” McKinsey & Company. March 03, 2021. https://www.mckinsey.com/featured-insights/future-of-work/whats-next-for-remote-work-an-analysis-of-2000-tasks-800-jobs-and-nine-countries.

[5] Gaskell, Adi. “How Productive Have Remote Workers Been During Covid?” Forbes. May 31, 2021. https://www.forbes.com/sites/adigaskell/2021/05/31/how-productive-have-remote-workers-been-during-covid/.

[6] “Practice Innovations: Building the Hybrid Work Environment.” Thomson Reuters Institute. June 10, 2021. https://www.thomsonreuters.com/en-us/posts/legal/practice-innovations-hybrid-work-environment/.

[7] Sherr, Ian. “Gen Z Is Getting Screwed by Remote Work, Microsoft Survey Finds.” CNET. March 22, 2021. https://www.cnet.com/news/gen-z-is-getting-screwed-by-remote-work-new-microsoft-survey-says/.

Why the Data Localization Movement is Misguided

Data localization, or data residency, is the concept of storing certain data collected on a nation’s citizens within the country of origin at all times. It gained steam after whistleblower Edward Snowden revealed the scope of government mass surveillance in 2013[1]. Governments worldwide enacted data localization legislation to protect state secrets and their citizens’ personal information from the watchful eyes of perceived competitors.

Governments expected and hoped these regulations would bring a host of benefits, including domestic IT job growth, more-hardened national cybersecurity, and increased data privacy. The truth is a bit murky, however, as the desired advantages haven’t materialized.

Countries and regions with data localization laws

First, let’s look into some examples of countries with data residency laws on the books. It is not a comprehensive list but illustrates how many nations are concerned about their data security.

The European Union

The EU’s sweeping data privacy law, the GDPR, sets many expectations for handling sensitive information, such as:

  • Profile data
  • Employment data
  • Financial data
  • Medical and health information
  • Payment data

The GDPR specifies that the above data types stay secured within the EU.  If any transfers are required out of the European Union, the countries receiving the information must have similar privacy regulations.

China

Unsurprisingly, China wants to keep a tight grip on its data. Basically, domestic network operators must store all data within China. They can transfer info across borders, but anything deemed “important” by the government must undergo a security clearance beforehand. What the CCP considers important is fairly broad. It includes:

  • Anything related to national security
  • Information that could identify Chinese citizens

As the country embraces Big Data collection on its citizens[2], you can expect the CCP to strengthen these laws.

Russia

The Russian Federation requires any personal identifying information about its citizens to be stored locally. This could mean:

  • Profile data
  • Financial information
  • Medical and health records

Interestingly, as long as companies initially stored the data in a Russian database, they can send it out of the country for further processing.

Their regulations don’t only apply to domestic organizations. Anyone doing business in the country is subject to the law, so multinational corporations there must have Russia-specific data centers.

These three regions alone account for over a quarter of the world’s population, and there are many more countries with data localization laws.  So, it’s pretty widespread. But what’s the United States’ opinion on the matter?

The United States viewpoint

The United States’ general belief is that data residency laws unduly stifle commerce and don’t offer the expected benefits. Analysts estimate half of the services trade depends on cross-border data flows[3]. With the United States being a service-dominant economy, it makes sense the government would oppose such regulation.

And oppose it, they have! In fact, it has been a point of contention in nearly all of its recent trade deal negotiations, though the EU and Korea have pushed back on outright bans. The USMCA, the North American trade agreement replacing NAFTA, formally prohibits the practice as a condition of doing business[4]. There are similar provisions in the U.S.-Japan Digital Trade Agreement[5] and the U.S.-Kenya Trade Agreement of 2020[6].

So, what are the downsides of data localization that countries like the United States want to avoid?

Technical issues

There is a multitude of technical headaches accompanying data localization. For instance, what if tech personnel in other countries access it regularly for debugging or maintenance purposes? Or, a company uses foreign backup databases for redundancy?

It’s challenging to build separate data centers in all applicable territories, even for large companies with sizable revenues. That makes it downright impossible for even the pluckiest startup to consider. But that should open up markets for smaller, domestic companies, right?

Lack of domestic stimulus

Unfortunately, significant job growth does not occur due to data localization. There are short-term construction jobs available if the data center requires a new building. After that, however, jobs are scarce. This is because the modern data center is mostly automated. The CBRE’s Data Center Solutions Group estimates that the average data center results in between 5-30 permanent, full-time positions[7]. Given the investment required for implementing data residency, it hardly seems worth it based on employment opportunities.

Privacy and security

Well, it has to be more secure and offer more data protection, though! That’s the biggest piece of the benefit pie. Not so fast.

In reality, the exact opposite appears to be true. Regarding privacy, you’d hope that housing data in the country of origin would benefit the citizens. But think back to some of the countries passing data localization laws. Is a full data set of personal information housed in a single jurisdiction good for the people in China? Or Russia? Very debatable. These nations are already surveillance states. Any data housed within their borders is at the control of their totalitarian governments.

Cybersecurity is another issue where expectations don’t match up with the real-world. Consider that these implementations aren’t in a vacuum and that they’ll inevitably cost a significant amount of money. That’s money the company will need to divert from other areas of the business. Cybersecurity could be one of those areas.

Additionally, data residency results in server centralization. This provides a larger attack surface for malicious agents and could ultimately mean more data breaches, not less.

So, paradoxically, data localization could make it easier for state-sponsored threat actors to carry out successful attacks. Combined with the economic inefficiencies, privacy concerns, and technical problems, it becomes plain to see that decentralization is a better path forward. Companies can employ other, less-expensive methods such as end-to-end encryption to protect sensitive information.

The AXEL Network

The AXEL Network is a decentralized, distributed system of servers backed by blockchain technology and the InterPlanetary File System. It gives users a secure, private way to share and store files on the internet. With server nodes located throughout the world, the AXEL Network offers both resiliency and performance. AXEL Go a the next-generation file-sharing platform using the AXEL Network. It combines all of the advantages listed above with optional AES 256-bit encryption to provide exceptional privacy and security. Download it today for Windows, Mac, Android, or iOS and receive a free 14-day trial of our unrestricted Premium service. Enjoy the power of a decentralized, distributed network.

 

[1] Jonah Force Hill, “The Growth of Data Localization Post-Snowden: Analysis and Recommendations for U.S. Policymakers and Business Leaders”, ResearchGate, Jan. 2014, https://www.researchgate.net/publication/272306764_The_Growth_of_Data_Localization_Post-Snowden_Analysis_and_Recommendations_for_US_Policymakers_and_Business_Leaders#:~:text=Abstract,geographies%2C%20jurisdictions%2C%20and%20companies.

[2] Grady McGregor, “The world’s largest surveillance system is growing- and so is the backlash”, Fortune, Nov. 3, 2020, https://fortune.com/2020/11/03/china-surveillance-system-backlash-worlds-largest/

[3] United States International Trade Commission, “Global Digital Trade 1: Market Opportunities and Key Foreign Trade Restrictions”, usitc.gov, Aug. 2017, https://www.usitc.gov/publications/332/pub4716_0.pdf

[4] Agam Shah, Jared Council, “USMCA Formalizes Free Flow of Data, Other Tech Issues”, The Wall Street Journal, Jan. 29, 2020, https://www.wsj.com/articles/cios-businesses-to-benefit-from-new-trade-deal-11580340128

[5] “FACT SHEET ON U.S.-Japan Digital Trade Agreement”, Office of the United States Trade Representative, Oct. 2019, https://ustr.gov/about-us/policy-offices/press-office/fact-sheets/2019/october/fact-sheet-us-japan-digital-trade-agreement

[6] ITI, “ITI: U.S.-Kenya Trade Agreement Can Set New Global Benchmark for Digital Trade”, itic.org, Apr. 28, 2020, https://www.itic.org/news-events/news-releases/iti-u-s-kenya-trade-agreement-can-set-new-global-benchmark-for-digital-trade

[7] John Lenio, “The Mystery Impact of Data Centers on Local Economies Revealed”, areadevelopment.com, 2015, https://www.areadevelopment.com/data-centers/Data-Centers-Q1-2015/impact-of-data-center-development-locally-2262766.shtml

Here’s Why Free Software Can Be a Poison Pill

There was a time when consumer expectations did not demand software be free. Sure, there has always been freeware, but it wasn’t the norm. If someone in the 1980s wanted a word processor, they expected to pay for it!

Today, these expectations have flipped. Why would someone pay for software or web services? Social media platforms are free. Big Tech companies like Google offer free alternatives to traditionally-paid programs such as word processors, spreadsheets, and visual presentation software. What’s the harm? The services are high-quality and users aren’t out a dime. It’s a win-win, right? Well, much like your relationship status during college, it’s complicated.

A costly endeavor

The truth is, software development is expensive. It’s always been expensive. And, even with the proliferation of outsourcing, it remains so today. It is a highly specialized skill requiring considerable knowledge and continued education. The median pay for a developer in the United States was over $107,000 in 2019[1]. Prices for outsourced developers vary by country but expect to pay around $30,000 a year for quality work[2]. Many development teams employ a mixture of domestic and foreign help.

Unlike the 80s, where a small team could complete programs in a basement, now larger units are necessary to deal with the complexities of modern computing. Big Tech’s full-featured products certainly require these sizeable teams of high-cost developers. Their offerings also typically need massive investments in physical infrastructure to keep the services running for millions of potential users. Knowing all this, how do they provide the end products for free? Out of the goodness of the shareholders’ hearts?

The tradeoff

Unsurprisingly, no. Big Tech companies are some of the largest businesses in the world, with billions in yearly revenue. The “free” apps and services they provide do require a form of payment. Your personal data. As the saying goes,” If you aren’t paying for the product, you are the product.”

Today, tech megacorporations collect an absurd amount of data on their users (and in Facebook’s case, even non-users[3].)  The data they find most useful usually falls into the following categories:

  • Email receipts. Who people email consistently can be a wealth of information for data miners.
  • Web activity. Big Tech wants to know which sites everyone visits, how long they stay there, and a host of other browsing metrics. They track across websites, analyze likes and dislikes, and even assess mouse cursor movement.
  • Geolocation. When tracking internet activity isn’t invasive enough, many companies evaluate where people go in the real world. Most don’t understand that their phones’ GPS sensors aren’t strictly used for directions to their Aunt’s new house.
  • Credit card transactions. Purchase records outline a person’s spending habits. Since the entire point of collecting all of this data is to squeeze money out of the user in other ways, this info is extremely valuable.

Imagine the models companies can create of their users, given all of that information. They use these models to personalize advertisements across their platforms. Advertisements more likely to result in sales mean more revenue, so they have an incentive to collect as much data as possible. But that’s not the only way they monetize personal information. Many sell it to third-parties too. Are you creeped out yet?

Alternative data providers

Organizations called ‘alternative data providers’ buy up all of this information, repackage it, and sell it off to whoever wants it (usually financial institutions looking to gain broad insights about the direction of a given market.)

As of 2020, there are over 450 alternative data providers[4], and what happens to your information after they get their hands on it is about as opaque as it gets. This is especially the case in the United States, as there are no federal privacy laws that set clear expectations regarding personal data sales and stewardship. However, there is hope with the passing of California’s new privacy law that Congress will finally tackle the subject.

Privacy policies

One way consumers can stay informed about an organization’s data collection guidelines is to read through its privacy policy and terms of service agreement. There, they can find general information about their practices. Unfortunately, organizations seldom list the specifics (i.e., which companies do they share with or sell the data to, etc.) These documents also tend to be excessively long and filled with confusing legalese. It makes it difficult to extract even basic information and leads to a frustrating user experience.

It’s no wonder that according to a Pew Research survey, only 22% of Americans read privacy policies “always” or “often” before agreeing to them[5]. Most just hit accept without a second thought. We recommend always looking into a company’s privacy policy and terms of service before using their products. If you don’t want to slog through the jargon, try out ToS;dr, a website that breaks down these documents into readable summaries. They also give Big Tech companies “privacy grades” based on what they find. A few examples include: (note: “E” is the lowest grade)

  • Facebook – E. Big surprise here. The company that stores data, whether the person has an account or not, did not score well.
  • Amazon – E. Although online retail is their bread and butter, Amazon also dabbles in providing free apps and services such as the Kindle App. They track people across websites and sell consumer data to third parties, among other egregious tactics.
  • Google – E. Google collects biometric data, shares info with third parties, retains data after erasure requests, and much more.

Search for your favorite social media platform or Big Tech service and see how it stacks up. Spoiler alert: probably not very well.

Another consideration

Open source projects have a poor reputation for cybersecurity since the developers are unpaid and less motivated to provide reliable support. Conversely, free Big Tech products typically get a pass on those risks. After all, their software is well-funded and receives developer support throughout its entire lifespan. This minimizes a few crucial points, though.

First, large tech corporations benefit immensely from a built-in following and the integrated marketing apparatuses at their disposal. This attracts a significantly higher baseline of users for any given service than a startup’s equivalent solution.  These massive user bases attract cybercriminals.

This leads to the second point; while these companies support their products and offer cybersecurity patches regularly, there will always be vulnerabilities. The services almost always run on centralized server farms, making for an enormous attack surface. And the products with the most users will always be the primary targets for phishing scams. So, it’s kind of a paradox. More marketing, support, and users lead to more attacks.

File sharing app examples

There are countless examples of vulnerabilities found in Big Tech apps and services, but here are a few examples in the file-sharing sector:

Google Drive: In the Fall of 2020, threat actors exploited a flaw in Google Drive to send push notifications and emails to users[6]. The messages contained malicious links containing dangerous malware. The situation affected hundreds of thousands of users.

Microsoft OneDrive: Although not officially breached, in April 2020, Microsoft announced a critical vulnerability in their OneDrive cloud app[7]. They quickly released a security fix, but it is unknown if hackers knew about the vulnerability beforehand or if they breached unpatched systems after Microsoft disclosed it.

Dropbox. In 2012, a hacker stole login credentials to over 68 million Dropbox users and sold them on the Dark Web. As if this weren’t bad enough, it took Dropbox three years to disclose the breach! So, during that time, nearly 70 million users were in danger.

ShareIt. This platform may be lesser-known in the United States, but it has 1.8 billion users worldwide and is very popular throughout Asia and Russia. A recent security audit found crucial exploits that could result in hackers stealing sensitive data[8]. Its website doesn’t even default to HTTPS, meaning security doesn’t seem to be a priority for the development team.

In conclusion, free platforms from multibillion-dollar corporations can be dangerous from both data collection and cybersecurity standpoints. Consumers should do their research and consider paying a small fee for privacy and security-focused competitors.

AXEL Go

AXEL is dedicated to giving data custody back to the user. We never sell personal information to third parties or mine accounts. Our file-sharing application, AXEL Go, utilizes blockchain technology, the InterPlanetary File System, and AES 256-bit encryption to provide the most secure cloud-sharing experience in the industry.

Sign up for AXEL Go and receive a free 14-day trial of our Premium service. Premium accounts receive five times more online storage than the Basic account, along with more security options and no restrictions on file sizes. After the trial, users pay $9.99/month to continue the Premium service or downgrade to the Basic account. So, stop worrying and share your documents securely with AXEL Go.

 

 

 

[1] “Occupational Outlook Handbook: Software Developers”, U.S. Bureau of Labor Statistics, 2019, https://www.bls.gov/ooh/computer-and-information-technology/software-developers.htm

[2] Julia Kravchenko, “How Much Does It Cost to Hire Developers: Software Developer Salary Guide 2018”, Hackernoon.com, March 12, 2018, https://hackernoon.com/how-much-does-it-cost-to-hire-developer-software-developer-salary-guide-2018-590fb9e1af2d

[3] Kurt Wagner, “This is how Facebook collects data on you even if you don’t have an account”, Vox, April 20, 2018, https://www.vox.com/2018/4/20/17254312/facebook-shadow-profiles-data-collection-non-users-mark-zuckerberg

[4] Rani Molla, “Why your free software is never free”, Vox, Jan. 29, 2020, https://www.vox.com/recode/2020/1/29/21111848/free-software-privacy-alternative-data

[5] Brooke Auxier, Lee Rainie, Monica Anderson, Andrew Perrin, Madhu Kumar, Erica Turner, “Americans and Privacy: Concerned, Confused And Feeling Lack Of Control Over Their Personal Information”, Pew Research Center, Nov. 15, 2019, https://www.pewresearch.org/internet/2019/11/15/americans-attitudes-and-experiences-with-privacy-policies-and-laws/

[6] Lindsey O’Donnell, “Scammers Abuse Google Drive to Send Malicious Links”, threatpost, Nov. 2, 2020, https://threatpost.com/scammers-google-drive-malicious-links/160832/

[7] Davey Winder, “Windows OneDrive Security Vulnerability Confirmed: All You Need To Know”, Apr. 15, 2020, https://www.forbes.com/sites/daveywinder/2020/04/15/windows-onedrive-security-vulnerability-confirmed-all-you-need-to-know/?sh=517e144b6fa3

[8] Ron Amadeo, “’ShareIt’ Android app with over a billion downloads is a security nightmare”, ars Technica, Feb. 16, 2021, https://arstechnica.com/gadgets/2021/02/shareit-android-app-with-over-a-billion-downloads-is-a-security-nightmare/

Centralization kills the internet star

CCN, also known as CCN Markets, one of the world’s largest purveyors of blockchain and crypto related news closed their doors today.
What killed them though wasn’t a hack, it wasn’t a scandal, it wasn’t even, and pardon the pun, newsworthy. It was a little algorithm update. Or so they say. One little algorithm shot their viewership down by 50% in the blink of an eye. It probably took longer to read this sentence than it did to kill one of the most respected names in blockchain and crypto journalism.
Either way, the canary is dead and it’s time to get out of the coal mine.
That’s what centralization can do, it’s not just your information they can look at, it’s the information they can keep you from seeing. Did CCN do something to get themselves axed? An article some CEO didn’t like? Are the tech giants planning to launch their own tokens and they don’t want criticism?

Or sadly, and almost more sinister, could it just be unintentional? Is it right for some tech conglomerate to have the power to kill a business, much less a news agency, with the unintentional flip of a switch? To make almost 60 people jobless, without even knowing?
No.
That’s the price of centralization, and it’s too high a price to pay.
No one organization should have the ability to control what you can and can’t see online.
No one organization should be able to delete your online presence because they didn’t like what you said.
So, let’s get out of this mine, and start thinking about the internet of tomorrow, one that’s decentralized and truly free.