In practice, what do people do when asked to provide personal or financial information, like for a credit application or a mobile phone plan, which you know (according to the privacy policy) is going to be shared far and wide?
I want to say I’ll take my business elsewhere, but there is no elsewhere that will redirect my privacy.
From the title I thought that you were referring to interception of internet data by your ISP which is a hot topic in the States at the moment for which I would say that we have reached the point where we need to take privacy into our own hands with a VPN, you can’t rely on your ISP for privacy.
But as far as other services go, there is practically little choice out there and their policies are all very similar. Sometimes the only option to protect your privacy is to go with another provider with less favourable terms or go without which could put you at a financial disadvantage or hardship.
I think that more needs to be done to limit the collection of data which primarily has marketing value as being mandatory, and to educate consumers on which information is mandatory and which information is optional on the application forms they require you to fill.
You know what, there is so much incompetence in the corporate world, that I don’t know why we ever trust them at all.
My freaking superannuation provider actually cold called me, and then on the same call, asked me to respond to a variety of identification questions.
Me: "No, not going to answer those questions."
Them: "It’s just so we can be sure who you are."
Me: "No, you have no idea how bad it is that you are doing this."
Them: "These are just standard security questions."
Me: "Yes they are, but you’ve just cold called me. I have no way to know who you are. People should never provide identifying information to a stranger who cold calls them."
Them: "I’m just following the script here. We have a process."
Me: “Yes, and that just makes it worse. I expect you are doing this to all of your customers. You are training them to provide personal identity information to strangers on the phone, and then anybody who wants to hack your customers should just call random people and pretend to be you so they too can acquire your customers identity information. Then they phone up you, identify themselves as one of your customer, and do whatever they like with your customers accounts”.
Me: “Can I speak to a supervisor please.”
It didn’t get any better from there.
Worst thing was, that it really was them.
I’d have felt better if that was actually a hacker.
I had pretty much the same thing a few years ago from Telstra, with me giving the same lecture, during a call about a preordered phone. The information they requested included my driver’s licence. I suggested we each read out alternating digits. Their response was “tell us the information now or we will cancel the preorder.”
That’s clever. I wouldn’t have thought of that!
It’s kind of my application of the 2 generals problem to verifying a shared secret, only revealing more of the secret as confidence increases that the other party also knows the same secret.