a bookworm who loves cyber security. a sucker for hacker and security conferences. loves reviewing conferences and has attended and spoken at the cons from Singapore, Middle East, Europe and as far as the U.S. a fan of security rock star Bruce Schneier and 50 Shades of Grey.
Wednesday, 4 December 2013
DNC Registry - Why it will be a Failure
So two days ago on the 2nd Dec 2013, the PDPC (Personal Data Protection Commission) Singapore announced the Do Not Call Registry for Singaporeans to register if one does not wished to receive nuisance calls or SMS from telemarketeers.
But will this work? Are you not going to be receiving any nuisance call from telemarketers? If one thing i learned about security and personal data protection is to NEVER give out my contacts to any public website. The reason is simple: SPAM! And worse...a potential SCAM!
5 years ago back when i was an IT support engineer, i received many 'cases' where users received many Junk or SPAM emails from external domains. My question to them is simple: Did you ever subscribe to any newsletter using your corporate email address? And alas, all of the answers were YES they did. Some even argued that those sites they subscribed using their corporate email had a fine print saying that their contacts will not be distributed... Here's a fact... Thats hardly True!
Recently, i just signed up a new line with a major telephone company here. No one knew our new house number except for ourselves yet days later someone called me and threatened me about me owing money to a loan shark. They somehow knew my address as well as my name. Now how the hell did they get my information when that information was not shared.. I asked a friend about this so called phenomena and he shared that these loan sharks have contacts in the telephone companies and these loan sharks can get these information anytime they want. There's no such thing as privacy. I thought for a second and concluded... he was right! Our information will never be safeguarded no matter how many fine prints you read.
Now back to the DNC registry. Why do i think that this wont work. While it may sound like a good initiative , i have to say that this eventually will not work and huge corporations will see this as an issue and if this affects potential businesses then be prepared to have this initiative back fire. Personally, i did not provide my email or phone numbers to the registry. Despite it being from an established organizationt, i still refuse to believe it. Call me a paranoid dude, but with the things i have experienced, that site could simply be another huge harvester to collect all my info and worse case scenario, sell/distribute them to private telemarketing companies.
So how can we protect ourselves?
For SMS advertisements, there is an option with every SMS to Unsubscribe. This is one of the rules that government enforced to telemarketers; to give the option for consumers to unsubscribe. So if we dislike the annoying SMSes, just type in the given number to Unsubscribe from the service. Its a bit irritating to do this with every sms but we have to do our part if we want to have peace.
For Emails, i recommend people not to use their personal or corporate email address when subscribing or signing up for anything online. No matter how much you think your information will not be leaked to others, it will eventually. To prevent this, create a new email address and use that email address to sign up for anything. However, you need to do your part to check your new email address for incoming emails but 95% of the time, its just more advertisements and promotions that you can find it online. Also, do not input your full email address when writing blogs, sending messages online. Whenever you do that, your email address or phone number will be guaranteed 'stolen' by online harvesters. Put your email address like this instead: name (at) organization (dot) com
This way, email harvesters will not be able to understand and will not collect this information.
For telephone calls, this is a tough one. Im pretty confident that everyone of us get/got a phone call from insurance companies or bank organizations trying to talk to you into buying their 'promotions'. Do not scold them or shout at them. What i usually do is this. When i received a call with a published number, i will listen for a few minutes until i verified that its just a call from companies trying to sell me something. I will then politely tell them that im in a meeting/lunch/in toilet/etc, and tell them to call back in 10mins or 30mins. Once acknowledged, save that number and set it to your Block List. Its easy right? You dont have to be angry or anything. But what if its a private number? Then politely tell them that you are busy and ask them for their number to call them back. Usually, they will not provide the number and usually, they will not call you back when you insist.