Support: 01 5241350

Complimentary IT Assessment | Get a Quote

How important is it to Obfuscate your Data?

Obfuscate: the concealment of intended meaning in communication, making communication confusing, intentionally ambiguous, and more difficult to interpret.

Or to us normal people: Hide, and in this context: Hiding Data I really can’t stress enough how important this is. For any web-based service that allows the storage or presentation of information that could be misused – that web-service should be obfuscating it’s data.

Common Mistake

The single most common mistake is that those creating the presentation and access layer (eg. The Web Developers) for that data often don’t understand what that data represents – to the web-developer it’s just information, in a table, in rows and columns that needs to be queried, filtered and presented

When there’s a lot of information to be processed there is almost always a unique identifier that’s used to filter all that information down to only a single result – ideally the result that corresponds to that unique user/item/profile.

The mistake made is that often that unique identifier is used as the primary key for data access and manipulation – without it being obfuscated!

eg.

  • Your Phone Number
  • Your Mobile Number
  • Your Car License Plate

Surely this information isn’t important though?

Think about the potential once it’s possible to gather enough of this data. What if someone was able to collect all the license plates for the cars in Ireland? What if someone was able to collect all the mobile (cell) numbers for everyone in the country?

One word: Marketing

Or as it’s know to most of us: Spam

..and that’s just the best case…

Surely important information is protected?

It’s all down to context, or for want of a better description meta-data. If you don’t have the meta-data to process that information then there’s not much you can do with it.

And without the context for that information there’s no awareness that that data needs to be protected or obfuscated somehow.

It can’t be that easy – can it?

No?

  • Lets take a very well known car manufacturer – ABC. (1 click)
  • Lets have a look at their Used Cars (1 click)
  • Want the chassis number of that car? No problem (1 click)
  • What the chassis number of every used car in the UK from ABC? (one line command at a linux prompt)

We’ve contacted ABC cars to let them know about this and it will be interesting to see what they say…