How private is your Web-based service?

As I have said many times before, the two major components of security are privacy and control over your resources. Each of these plays a part in the other.

Remote Web-based service providers are generally concerned about controlling their resources. Using such a Web-based service means that even if there is a failure to maintain such control, it does not directly affect you unless the loss of control gets so bad that it actually interferes with your service or increases your prices -- and the latter effect does not even matter in the case of free services. For instance, if some malicious security cracker compromises a server at Hotmail and starts running an FTP server there without authorization, it probably will not affect your service, but if the Hotmail interface is replaced by a "h4xx0rz3d! pwn3d!" page, it obviously makes it difficult to make use of the Hotmail service. Privacy, however, is another matter.

Speaking strictly in terms of security, employing a Web-based service such as a Webmail provider can offer some benefits in that it offloads maintaining control of resources to the service provider. It can also create some problems for privacy, however.

  • Many Web-based service providers make users' information available to third parties -- usually referred to as "partners," in the terminology used in privacy policy statements.
  • It is often the case that what law enforcement personnel could acquire from a personal computer only with a search warrant, they could acquire from a Web-based service provider with nothing more than a subpoena.
  • Even when a Web-based service provider has a good privacy policy, that does not necessarily guarantee that some disgruntled or unethical employee of the provider cannot violate the terms of that policy.
  • Encrypted content, such as encrypted e-mails, must still be accessible. If that access is gained by way of a simple Web interface, that means decryption is happening on the server -- which, in turn, means that your decrypted content exists on a system outside of your direct control. This is one of the downsides of letting someone else worry about maintaining control of resources, and it's part of the reason the Hushmail incident discussed below was possible.
  • Because these service providers typically rely on their reputation for providing privacy to their customers to make a profit, their first priority is to protect that reputation. This is not always synonymous with protecting privacy.

Even (previously) well-regarded security-focused service providers are sometimes discovered to be more susceptible to customer privacy violations than people think. For example, in 2007 the Canada-based Hushmail encrypted e-mail service gave unencrypted copies of customers' private e-mails to United States law enforcement agencies -- something Hushmail's online documentation might lead one to believe wasn't even possible.

This does not mean you should never use a Web-based service, of course. There are many cases where the privacy of a particular bit of data is not of critical importance. Just be sure you know what information you should and should not trust to a Web-based service provider.

As a general rule of thumb, trust nothing to any Web-based service provider that you would not trust to TechRepublic. When setting up your account at TR, you have to provide an e-mail address, a username, and a password -- which means you should not have to worry about these things being used in a similar manner at Gmail, Yahoo! Mail, or even Hotmail -- though there are those who suggest one should not use some Webmail services at all because they allegedly provide user data to spammers. This general approach to trusting Webmail providers with your e-mail address, username, and password is especially appropriate since you should not be reusing important passwords for these Web-based service provider accounts anyway.

On the other hand, you should not be putting your usernames, passwords, and e-mail addresses into your forum posts here at TechRepublic, let alone any credit card or social security numbers. For the same reasons, avoid sending that information in e-mails through Gmail, Hotmail, Yahoo! Mail, or any similar services. Do not put such sensitive information into documents composed with Google Docs, either.

That does not mean you cannot use Google Docs to compose your grocery list, though, or that you cannot trust Yahoo! Mail enough to send an e-mail mentioning a public event. Part of security awareness is being aware when security policy is getting too paranoid to be useful.