Ben Parker / Sun Staff Photographer

Dan Villanti gave a talk about cybersecurity Thursday in Mann Library.

October 18, 2018

Agreeing to Privacy Policies Without Reading Them Could Have Severe Consequences, Expert Says

Print More

By agreeing to terms of service without reading them, users unknowingly trade away their information and legal rights to businesses in a binding contract, according to Dan Villanti, senior security engineer of Cornell’s IT Security Office, in a talk about cybersecurity Thursday afternoon in Mann Library.

A major consequence of ignoring these contracts is that companies can users’ personal information through ads, trading access to personal data and files to use web services, Villanti said.

“If a service is free, the product is you,” he said. “In the Information Age, data is a commodity. Money and information are power. Therefore, data is money.”

Villanti used the example of WeChat, the dominant social media platform in China that allows people to do a lot more than just message. Users can also find dates, call cabs and transfer money through the application, which allows the company to collect even more data beyond contact information — such as locations, movement and purchasing habits.

In addition to losing data, users might also find their photos used in an unexpected occasion. According to Villanti, a man found that his picture — which he posted on his social media account — ended up on a billboard in London. He never bothered to read the site’s privacy policy and therefore lost his property rights to the photo under the social media company’s privacy policy.

So why do users skip over these important policies? The answer is they are “just so long.” Villanti, citing research by Carnegie Mellon University, said that it would take an average adult 25 days to read every privacy policy they ignored in a year.

“You can’t really blame [the companies], but I think that they’re expecting you not to read the terms of service,” Villanti said.

In addition to social media, smart devices are also causing more privacy concerns as their popularity increases. Amazon’s Echo, for example, was suspected of recording users’ conversations after Amazon refused to release information from an Echo device found present during a murder scene, Villanti said.

Villanti ended by encouraging the audience to use password encryption, two-step login and LastPass, an application that helps people create stronger passwords on social media sites.

“Don’t put passwords in your notes,” Villanti said. “That’s analogous to putting passwords on a sticky note and putting it on the side of your computer.”