HOW TO KEEP YOUR DATA PRIVATE
All said, how did Rhea and Deepika’s messages get out? Experts say there are primarily two ways of going about that.
1. If chats have not been deleted, the phone can be cloned and all its stored data extracted — a process said to bypass encryption.
2. If backup has not been deleted, backed up data on the phone or on any cloud service can be accessed.
Do apps really need to look into personal data? While setting up a phone or installing apps, including WhatsApp, Telegram or Signal, one should ensure that no app is given unwarranted permissions, even for something like the user’s location.
Disable automatic uploading
Smartphones upload user data to servers by default if cloud settings are on. Even if a smartphone is locked and app data is encrypted, the same data on a server is accessible to anyone looking for it. So, it could be a good idea to delink WhatsApp from the cloud, say from today (Sept 28)
App settings: If you decide to permit all apps to back up data on the cloud, the button area turns green (left). But if you decide not to back up chats, the buttons for chat apps stay grey (right) and no data from those apps get stored on the cloud.
To remove messages or other data saved on the cloud before Sept 28, do the following:
1. Before hitting delete on a file, one must pause and recollect every possible place the file is stored. This could be a folder in the phone or a cloud storage service.
Cloud storage | Services include Google Photos, Google Drive, iCloud, WhatsApp backups, Dropbox, OneDrive, Box, and Mega.
2. The device must then be put on airplane mode, so that files cannot be automatically backed up anymore. To find files hidden from view, on Android, one might use an app called Files from Google to help find files one didn’t know existed on the handset. Files must be looked for and deleted in cloud accounts too.
3. For complete security, one needs to use certain apps to ‘shred’ the deleted files to make them unrecoverable from the device or servers
Shredder apps | Android: Data Eraser cb, or Secure Erase with iShredder 6 iOS (iPhone): Data Shredder for iOS or iShredder iOS 4
A company spokesperson says WhatsApp protects your messages with end-to-end encryption so that only you and the person you are communicating with can read what is sent, and nobody in between can access it, not even WhatsApp. But on its security settings, WhatsApp mentions that media and message backups on any cloud services aren’t protected by end-to-end encryption.
THE CATCH: USER DATA ISN’T 100% SAFE
Even if files are deleted with caution, hackers can seek access to some data that might be retained on the service provider’s servers. Official agencies can do so with court orders. Such access is also possible into email accounts, through which a user’s cloud services can then be cracked.
If files were deleted without shredding or if a simple factory reset was carried out, forensic tools can be used to retrieve deleted data, including contacts, messages, call history, photos, videos, audio, and documents from devices, with varying degrees of success.
Thus, nothing online is 100% safe, but still one must be aware of the pitfalls and precautions.
WHAT IF PHONE IS DELINKED FROM THE CLOUD?
If you cut off your smartphone’s links with the cloud or other storage, you may not have a backup to rely on if you lose your phone or if it gets damaged.
HOW LONG IS DATA KEPT IN REMOTE SERVERS?
Google Photos and Apple iCloud, for instance, retain deleted files in a Bin for a month to allow recovery, unless a user manually clears the Bin. After that, the files could potentially exist on their servers anonymised and cannot be associated with any individual.
CAN THE CLOUD BE ACCESSED DIRECTLY?
Agencies could get warrants to force users to hand over smartphones, along with passwords of all their online accounts: email, cloud storage, social networks, etc.
DATA PRIVACY IN INDIA
It is a known fact that email and messaging aren’t safe from unwanted access. Unfortunately, there is no data protection law in India as yet, according to former SC Justice B N Srikrishna. The only recourse is under the Information Technology Act’s bailable sections 43 and 66 for hacking and data theft.