With increased smartphone penetration, falling mobile data costs and improved Internet speeds, 72 per cent of Kenya’s 46.8 million population now troop online every day for various reasons, including networking, news consumption and shopping, according to a 2016 Google backed report.
However unknown to most of them, for every click on a picture, post or profile on the Internet, large amounts of personal data on their preferences and personality are collected by social media companies, and even worse, there are few effective controls on how it is used or secured.
“The danger levels of sharing your data on the Internet vary depending on how much is shared,” says Allan Lwalla cyber security expert at Vigilant Systems.
“A simple password is able to tell a lot about how one thinks, thus it is easy for people to manipulate this and get hold of a little more than they should,” Mr Lwalla said.
According to Internet security experts, while many Internet users do not think much about sharing their information online, there is a huge risk in users surrendering their privacy rights without due concern to future consequences.
A spot check by The EastAfrican on computer software and mobile apps installation by users revealed that about eight in 10 respondents said they do not bother to check the terms and conditions when installing original or even third party applications.
Further, a study released last year by Crashlytics revealed that about 70 per cent of smartphone apps sell personal data including a user’s location to third party services which use them for different purposes including advertising.
Late last year, American digital taxi firm Uber was sued after it admitted that it paid off $100,000 to hackers who had stolen data belonging to 57 million Uber users and drivers across the world in order to conceal the data breach.
“The data that we voluntarily input into these applications make their way into parties’ hands that use this data to benefit themselves and even sell it to third parties.
“Why would a simple torch applications, for instance, which only needs to light the device’s torch ask to access your gallery and even contacts?” Mr Lwalla told The EastAfrican.
Ordinarily, most social media companies recommend different products and services from business partners through advertisements that are tailored to them based on their online profiles developed from mining their daily data, but in recent years, cases of data breach involving large companies, have raised questions on just how they manage their clients’ personal information.
Social media giant Facebook which also owns Instagram and WhatsApp is currently being investigated by US Federal Trade Commission for failure to protect users’ personal information after it emerged that the firm allowed controversial British data analytics company Cambridge Analytica to breach data belonging to about 87 million Facebook users.
According to the whistleblower Christopher Wylie, Cambridge Analytica which has already confessed its involvement in Kenya’s 2013 and 2017 elections, allegedly used data of more than 87 million users which was illegally obtained using a quiz application, in an attempt to influence political outcomes.
“That was a big mistake. It was my mistake and I am sorry,” Facebook founder CEO Mark Zuckerberg told US lawmakers during his two-day grilling by Congress on how his firm manages users’ data.
Other than personal data uploaded by users on their profiles, Facebook has admitted that it has been collecting users’ data including contacts, telephone numbers, call lengths, and text messages for several years and worse still, even if you do not have a Facebook account.
“When you visit a site or an app that uses our services, we receive information even if you are not logged onto Facebook or don’t have a Facebook account,” Facebook’s product management director David Baser said in a post.
The new evidence comes a few months after Facebook admitted that it sold about 3,000 advertisements which mainly focused on divisive issues including immigration to a shadowy Russian firm ahead of the 2016 US presidential election.
“It is always a question of how much of your life are you willing to give away. In cyber security, nothing is for free, and if it is, then you are the commodity” Mr Lwalla added.
According to Harish Chib, the Middle East and Africa vice president of network and endpoint security solutions vendor Sophos, social networking attacks is now a lucrative business as hackers target users through spam, phishing and malware to steal money or sell their data.
“By their nature, social networking sites want to encourage sharing and openness, and this is reflected in the default settings. However, from a security perspective, this is a dangerous approach and opens up a huge security hole,” Harish said.
Kenya’s ICT Cabinet Secretary Joe Mucheru describes the relationship between technology firms and users is a direct one, where users are offered more benefits in exchange for more data.
“Every day, users relinquish more personal data in order to get more quality services, a trend firms and other new opportunists in the field have discovered and are looking to pound more flesh from,” Mucheru said adding that users should not accept the terms and conditions of apps or websites they are not ready to share their data with.