Why These Terms Are Mixed Together
Security and privacy are often talked about as though they are the same thing. This confusion is often because of the internal associations we make with the companies that provide us with online services. For example, we assume that a company with highly secure servers can guarantee our privacy. If a software developer says that they’re using ultra-uber-safe encryption, we consider that the information we share will be kept private because hackers can’t access it. While making the association between privacy and security is not necessarily flawed, it’s dangerous to assume that your information is private just because it sits behind a wall of encryption. After all, hackers aren’t the only people who view your information as something valuable.
Making The Differences More Obvious
To emphasize the difference between privacy and security, we will need to build a few scenarios. Let’s start with a scenario that emphasizes high security but a lack of privacy In this scenario a software developer provides you with a highly-encrypted database that allows you to store your information. When you do so, however, the company will share this information with third parties (advertisers, affiliates, etc.) who may not have as strong a security infrastructure in place as the people who you entrusted your data with. You decide to do this nonetheless because you didn’t read the small print in their terms of service and therefore are oblivious to what is done with your data. In this scenario your data is (somewhat) safe from hackers, but it’s not private by any stretch of the imagination. Just as easily, I could provide you with a scenario with low security but very high privacy: Here you’re sharing very personal data with a company that uses weak end-to-end encryption (or none) in its database. The thing is that the data is used only for a very short amount of time (seconds or minutes) and doesn’t provide enough time for hackers to even be aware that it exists. Once you’re finished, the data is deleted immediately. This guarantees that no one will be able to view it, thereby making the data private even though it may not have been very secure. With these two scenarios, it’s easy to notice how security and privacy are actually two completely different concepts. Privacy is something personal, something related to the trust you can have with the company storing your information. Security, on the other hand, has more to do with how much an entity protects the data it stores from intruders. The takeaway here is: not every company that protects your data can guarantee its privacy.
Why This Is Important
When you have a company offering you a “super-duper-ultra encrypted” service, it doesn’t necessarily mean that the data you provide will be kept private. Be aware of this. The only thing that security prevents is intrusion from hackers (on that particular database). Sometimes the third parties that these companies share your information with could have weaker security, still offering hackers a way in regardless of how secure your data is on the server you chose to share it with. These kinds of variables should have a strong impact on whether you choose to use an online service or not and what data you choose to share. It should factor into your cost-benefit analysis. What services do you think offer you both privacy and security? And why? Tell us in a comment!