How online quizzes steal your data and why you should be concerned

Most people love to talk about themselves. Even the emo edgy ones among us occasionally feel the need to inform others of their edgy state of being. Social media in its entirety is based on people’s vanity projects. And one of the largest providers of that vanity is online quizzes. Because we all like to know which brand of toilet paper we are. And there is not much wrong with that. But what if the cost of finding out your designated light-sabre at Hogwarts is your personal information turned into packets of data?

Facebook’s data breach through quizzes

We’re all familiar with the tendency of companies to use data from our internet usage into targeted marketing strategies. Whether the perceived convenience of such practices holds up against ethical code is a different issue. But the discretion with which these tactics collect information that one might not want to share is often frightening.

Just this March, news broke of stolen data collection through Facebook quizzes. While users took a quiz, a browser extension was auto-installed on their computer. This extension siphoned personal data like name, gender and profile picture. And then it resulted in targeted ads that looked like the average Facebook ad. Facebook even filed a lawsuit over this.

Read more: Understanding cybersecurity in a more connected Bangladesh

How you compromise yourself and why it matters

This goes to show just how vulnerable our security is on the internet. Seemingly harmless activities give away information you don’t even know is important. Even less discreet methods; questions on quizzes like “What is your name/gender/etc” can go a long way in compromising your personal safety. The result might seemingly be just targeted ads, which many don’t even mind.

But data like that may result in companies easily being able to categorize your personality index and even subliminal suggestive advertising to make you purchase things you don’t even want. Think about it, did you really ever think you needed those exercise equipment you bought online before you did?

Read more: How your money is at risk and what to do about it

Steps you can take

Knowing about how data is stolen can go a long way in preventing it. Always try to notice what extensions, add-ons or login information any online page asks for. Don’t give out sensitive information or even basic information about yourself. And please try to take these quizzes less often. You can do without knowing what type of onion you are today.

Pathao and the quest for customer reassurance

It is always a bit unsettling when dubious activities of leading companies are unveiled. This effect is magnified when company executives take a defensive stance instead of explaining questionable actions and policies. The privacy scandal of Pathao from last November has left its residue in the average person’s mind. The revelation that the Pathao app copies private data from customers’ phones, provoked both the inherent doubt of such technology and newfound suspicion about the company’s motives in people.

The subsequent vague responses from Pathao’s social media page and its Vice President didn’t do much to help the case they were trying to make. Customer feedback amounted to demands of boycotting the product, and it is safe to say Pathao hasn’t really come out of the event with as polished an image as they’d like.

Read more: Pathao goes global as first Bangladeshi startup to expand overseas

One oopsie to the other

The ensuing attempts by Pathao at ameliorating the damage done weren’t exactly astute. The reason the scandal happened in the first place was because Pathao couldn’t respond appropriately to the accuser. It was one person who unearthed the bones in their closet, one person swinging like a pendulum between self-interest and public wellbeing. Pathao pushed him over the edge by threatening with dubious legal action.

This resulted in the guy going public with information that was later corroborated by news portals and security experts. An update was made to the app that allegedly doesn’t steal your data anymore. But if anyone is still using the previous version of the app, we’re afraid your data are still being copied to Pathao servers.

The Bug Bounty Program

It seemed like Pathao would simply wait for the negative attention to die down, as people would resort to the service anyway. But on February 12th, they did something worth noting.

Pathao introduced a bug bounty program, challenging researchers from all over the world to attempt to discover bugs in the app and report them for unspecified rewards that are “not only monetary”, as written in the Medium PathaoEngineering article.

Such programs are always welcome. It’s reassuring to see companies being confident about the integrity of their technology. And such programs are commonplace for many other prominent companies.

What struck me is that in the very first paragraph, the case was made in the context of security breaches in prominent developers and their platforms. I just want to point out that Pathao can’t exactly claim the high ground when the context of the discussion is internet security.

Moreover, the issue we had with Pathao’s security system was never attributed to a bug, a mistake in their algorithm. Their security breach issues were seemingly very deliberate in nature. No one from Pathao stated that copying user data was a mistake or the result of a vulnerability in the system of the app. Attempts were made instead to justify the act. So, my raised eyebrow at this news might not be completely attributable to cynicism.

Not sure how to feel about this

Pathao has had its fair share of blunders. Even today, Pathao riders are more willing to deal with desperate customers directly than use the app as they should. And Pathao hasn’t really done much to mitigate situations like that.

Honestly, the bug bounty program is a good idea.

It can generate some degree of positivity regarding customer feedback, should it succeed. But with this initiative, it feels like Pathao isn’t addressing the right issues. And attention is being diverted from the more pressing complaints people have; complaints that haven’t been probably addressed yet, deliberately or not.