ID Monitoring: who are stored my data on f-secure server
when I use ID Monitoring, I tell f-secure service sensitive data (e-mail, phone number, credit card number, …).
If I’m right, f-secure will match my data with what is in the darknet.
But how f-secure protect my sensitive data? Are the stored as hashed data?
How can I be sure that this data will not be stolen by other.
Thanks for your answers
Accepted Answer
-
Hello,
Just a bit of generic discussion from me, sorry for this. I am also only an F-Secure user and not really into ID Monitoring part. Good if someone very experienced will reply too; or even some official response.
But how f-secure protect my sensitive data? Are the stored as hashed data? How can I be sure that this data will not be stolen by other.
Since purely technically it's difficult to verify all this on your own, unless you made the entire system yourself, then it is better to look at their Privacy Terms, Terms of Service, and so on before choosing such a service. I think, a good company will try to highlight and touch upon the main topics that will provide answers. If there are no answers, then most likely the company is deliberately leaving something out in its documents. If they have some kind of partnership with people entrusted to them, then it also makes sense to familiarize yourself with their policies and terms.
For example, Privacy Policy for already discontinued F-Secure ID Protection is available there: F‑Secure ID Protection privacy policy | F‑Secure
You can check it out just as general information. Since, most likely, the current version of F-Secure TOTAL's ID Monitoring is probably similar in its design. You can also look at the corresponding documents (privacy policies, terms) for other packages. Including F-Secure TOTAL, which would reflect any changes made to the product (continuously being developed further). And they may differ from version to version, for example.
I think that when you add an item to test for leakage, F-Secure would use various resources and sources to determine if there is any problem with the "monitored" item. Also I think it will most likely be a hash (rather than an actual password or address) that will be used for checking or matching against known breached data. While stored data is likely to be encrypted or other relatively safe measures (if explicitly stored at all).
The main challenge here (on their part) would be to determine if the monitored item is known or involved in any of the known leaks or is somehow unexpectedly accessible.
It's not just someone who found out your address or credit card number, but this data was involved in some kind of incident. And it was discovered in some way (can be either automated or manual), used in a service like ID Monitoring.
So I can't really imagine what exactly the scenario for stealing "monitored" items from F-Secure should be. Directly from their information systems? During checks? Partners? Which would also mean something like a leak or breach.
They are probably responsible for the safety of your data under the law that applies to the company. And also taking into account the procedures described in the Terms/Policies. Which may also be dictated by law.
My opinion is that they will try to minimize the risks by any available means. As best as possible to maintain the ability to provide the service. This could be the use of hash while matching monitored and leaked data, or some temporary restrictions on use (that is, not storing data permanently, but only for verification) and other more commonplace things.
Thanks!
Answers
🚩 What Do You Think?
We’d love your thoughts on our fresh look! Quick survey, big impact!