Regardless of where you are in the world, your government is considering how much of your data they can store and monitor. We’ve just passed our own rather controversial metadata laws down here in Australia and the same discussions are being had in governments across the globe, because creepy side of siphoning up user data aside, it’s enormously powerful for law enforcement.
Of course data collection is also extremely valuable for commercial entities as well and the more of yours they have, the better they can “tailor products to specific customer needs”. You may also interpret this as “the more money they can make by selling more stuff” and in fairness, both statements are usually true.
But the worry always remains – what are they actually going to do with this data? Could it jeopardise my own personal privacy? Who has access to it? You’ll normally see all sorts of levels of reassurance along the lines of privacy control this and encryption that and “we take security seriously yadda, yadda, yadda” but the fact remains that once someone has this data there’s a chance – even if only a small one – that they’re going to lose it.
And so it was with mSpy, the “#1 monitoring software for all your devices” who according to Brian Krebs has had somewhere in the order of several hundred gigabytes of their customer data leaked online. We’re talking 400,000 customers with IDs, passwords, physical movements, payment info, personal photos, email threads and inevitably, highly personal discussions. It’s about as bad as personal data leakage can get.
Of course collecting these classes of data is mSpy’s entire modus operandi and having the word “spy” in their name should be a good indication of how the software is actually used. People consciously using the product should have been under no illusions as to what data was actually being collected but you have to feel sorry for the “victims” who had no idea of the data collection exercise and are now rather exposed (I suspect that will be in the literal sense too given photos were leaked).
But the point of all this and the relationship to government and more ethical data collection exercises is that mSpy were adamant they had the right security practices in place to protect against this sort of incident. In fact even just this morning using their live chat feature, they told me this when I asked about how the data was stored:
All the information is stored on our server encrypted and secured
Once the app is installed all the data is transmitted to your personal Control Panel/account at mspyonline.com
All the information is secures [sic] and neither mspy staff or anybody else has access
Well I’m glad we cleared that up! “Motherhood” statements about how important your data is abound in this industry not just to reassure prospective customers that the service is safe, but frequently even after the horse has already bolted. “We take customer security seriously” is a near ubiquitous line that emerges in post-breach defence mode when clearly, it wasn’t taken seriously enough in the first place.
Whether it’s government or perfectly ethical big corporate or the shadier side of online monitoring, the fact remains that once data is collected, it can be lost. That’s why we’re worried and rightly so because the only way we can be certain the data won’t be lost, is if someone never has it to begin with.