By agreeing to terms of service without reading them, users unknowingly trade away their information and legal rights to businesses in a binding contract, according to Dan Villanti, senior security engineer of Cornell’s IT Security Office, in a talk about cybersecurity Thursday afternoon in Mann Library.
A major consequence of ignoring these contracts is that companies can users’ personal information through ads, trading access to personal data and files to use web services, Villanti said.
“If a service is free, the product is you,” he said. “In the Information Age, data is a commodity. Money and information are power. Therefore, data is money.”
Villanti used the example of WeChat, the dominant social media platform in China that allows people to do a lot more than just message. Users can also find dates, call cabs and transfer money through the application, which allows the company to collect even more data beyond contact information — such as locations, movement and purchasing habits.
“You can’t really blame [the companies], but I think that they’re expecting you not to read the terms of service,” Villanti said.
In addition to social media, smart devices are also causing more privacy concerns as their popularity increases. Amazon’s Echo, for example, was suspected of recording users’ conversations after Amazon refused to release information from an Echo device found present during a murder scene, Villanti said.
Villanti ended by encouraging the audience to use password encryption, two-step login and LastPass, an application that helps people create stronger passwords on social media sites.
“Don’t put passwords in your notes,” Villanti said. “That’s analogous to putting passwords on a sticky note and putting it on the side of your computer.”