Light Dark
April 19, 2017 By Douglas Bonderud 2 min read

Digital privacy is a hot topic. Contentious net neutrality discussions have been happening for years, and the American government recently empowered companies to buy consumer search histories from internet service providers (ISPs).

Add in the increasing number of device searches carried out by border security personnel — often requiring travelers to give up their passwords voluntarily — and it’s clear that users need a new strategy to keep their data safe. Computerworld suggested one solution is tossing the truth to embrace the value of little digital lies.

Is Digital Privacy Inherent or Optional?

Do citizens have an automatic right to digital privacy? Should it be an inherent part of the contract with any ISP, or are companies only obligated to offer such protections if consumers are willing to pay? Forbes noted the recent decision by Congress empowered ISPs to collect and sell browsing data made this a critical consideration for consumers.

For example, proponents of less powerful privacy legislation argued that ISPs and social giants such as Facebook — which already collects and sells consumer data — are not fundamentally different and should both be given the same opportunity to make a profit. Privacy-as-a-right supporters, meanwhile, make a double case: Shouldn’t consumers have the right to opt out of the collection and distribution of personal data, and see who’s using it if they opt in? Furthermore, if they do allow such collection, shouldn’t they get a portion of the revenue?

Privacy is also making corporate waves. More than 200 American companies are now covered by the EU/U.S. Privacy Shield legislation, which sets data collection and notification requirements while protecting companies from undue harm.

Ultimately, digital privacy is now moving into a new realm of debate: Are these concepts more accurately described as unassailable rights or legislated privileges?

The Art of Lying Well

While government mandates tilt the privacy issue to one side or the other, consumers can’t wait for the hammer to fall before protecting their data. Traditional privacy methods that rely on concealment — such as creating strong passwords, using VPNs and encrypting data — may no longer be enough. If passwords are up for grabs, ISPs are selling data and tech companies build in easy access backdoors, obfuscation is sound and fury that amounts to nothing.

Computerworld noted that one solution is polluting web browser and social site history with fake searches and queries designed to lower the value of private data. The source considered the theory of Steven Smith from MIT, who promoted a concept that polluted web traffic with arbitrary searches and site visits.

An example of this method is the browser plugin Noiszy, which produces “misleading digital footprints around the internet” by visiting random websites. Given the current privacy climate, expect a sharp rise in the number and sophistication of these tools over the next few months.

Telling the truth is always a good idea — until innocuous search data or social posts become potential threats and valuable commodities. To stay safe online, consumers may need to master the art of digital disinformation.

 |  |  |  |  |  | 
Douglas Bonderud
Freelance Writer

More from

March 18, 2025

Bypassing Windows Defender Application Control with Loki C2

10 min read - Windows Defender Application Control (WDAC) is a security solution that restricts execution to trusted software. Since it is classified as a security boundary, Microsoft offers bug bounty payouts for qualifying bypasses, making it an active and competitive field of research.Typical outcomes of a WDAC bypass bug bounty submission:Bypass is fixed; possible bounty awardedBypass is not fixed but instead "mitigated" by being added to the WDAC recommended block list. Likely no bounty awarded but honorable mention is typically givenBypass is not…

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature