Last year, my "compadre" (Emad Heydari Beni) and I decided to run a small survey to see the status of Internet users: do they feel secure when browsing? Do they think their privacy is respected when using their devices, their apps or when visiting a website?
We prepared 14 small simple questions and ran the survey for a month or so. About 120 persons answered (anonymously, of course!). The full LibreOffice Calc document is available on the original (extended) blog post, if you want the data. But today I want to give you a short glimpse of what we deduced from these results... We found that some of them are quite surprising!
Well, there aren't many who feel very secure when browsing (1%). While most feel secure enough (60%), about 39% of participants do not feel at ease. It is quite astonishing when you stop and ponder for how long the Internet has been available in the mainstream, and yet we still feel insecure!
The main threats seem to be viruses (62%), closely followed by malware (49%), spyware (22%) and phishing (17%). One interesting bit, besides a number of phishing attacks perceived, is the quantity of participants that have no idea (11%) whether they have been the victims of an attack. I suspect they have no tool installed to tell them whether an attack was prevented...
And indeed, it seems 15% have not installed any kind of tool for protection... Maybe tablet or smartphone users are under the impression their devices are safe? Maybe they are Linux users?
They might change their mind, knowing that 10% of participants had their device hacked, and 11% were victims of ransomware!
About the Privacy of Their Data
So what about privacy? Do we, as connected citizens, still have one?
When asked which messaging/emailing service or application most respects their privacy, 52% participants responded "None of them". That sound like pessimism, realism or simple resignation! Funnily enough, Google still appears as a trusted, privacy-respecting company (23%), even, after all, we know about the company's business model and the various incidents related to privacy (Street View, the broken "don't be evil" promise, etc).
As for giving an email address in order to access a service or an app, only 13% are not worried at all, while 42% don't like it at all. Possibly endless years of spam and phishing emails made users understand the risk of sharing an email address. The email has replaced the anonymous username a while ago, so sharing it has become inevitable. Some participants described in their comments that they used disposable or separate email addresses to subscribe to services, which works but is still an annoyance to manage.
The latest trend now is to provide your phone number to subscribe to a service, or to the benefit of an eventual 2-step authentication process. That's more problematic: only 6% are not worried while 62% don't like sharing their phone number at all... and they have good reasons!
It becomes clear to see why Facebook bought WhatsApp:
Privacy and the Meaning of "Free"
Of course, many people now understand what "free" means on the Internet: "no money down, but you pay for your data." Obviously, all these services and apps must pay their bills!
87% of participants think that showing ads in the application (or website) covers the expenses while 68% are certain the company gathers their data and sells it to third parties. Services such as Telegram and Signal are backed up by benefactors (21% of participants rely on it, at least partially). Interestingly-enough, 9% believe their messaging app or social network is financed by their government...
The surprise came when we asked how much participants are willing to pay for a messaging service: about a third is willing to pay around €9.15 per month for that! I knew Mikko Hyppönen was willing to pay Twitter with money instead of having to give up his data, but I was not sure the standard user would be ready for that too!
Well obviously these deductions are our own, however, we can't help but feeling that a majority of participants is painfully aware of how insecure and "un-private" their Internet experience is.
I would, therefore, wrap up this post with these:
As privacy-aware persons, we should keep users informed of the risks of the "online universe" and on the solutions available to counter those threats.
As developers, we should emphasize the security aspects of our work and keep ourselves updated on the latest exploits and security issues.
As companies... well maybe it's time to change your business model?
The survey's full data, as well as a long list of links and references, are available on the original blog post.
Until next time,