Is our information and data secure?

Do you recall the incident in mid-2022 in which public electronic data and information were leaked on the internet as a result of hackers? The public was enthralled at the time because the allegedly leaked data came from a legitimate company, which, of course, adheres to strict data management and information security standards and is supported by cutting-edge technology. But how come it can leak despite being so well secured? There are several factors in my analysis:

1. Data users are less educated about the security of their own data, particularly confidential data. Typically, users enter data carelessly on sites that are not clear or fake. In addition to websites, many mobile applications currently ask users for personal information such as phone numbers. handphone, date of birth, education, banking information, and so on. Worse, if you find an online loan application, more personal information, such as KTP numbers, KK numbers, birth mother's names, and others, is requested. So, if our personal information is leaked on the internet, we won't be surprised because we provided it. These sites or applications, though not all of them and there is already an agreement on the use of personal data, occasionally trade our data on the free market to make a profit. Have you ever received an advertisement via SMS or WhatsApp from an unknown number? That could be one of the consequences of irresponsible parties disseminating personal information.
2. Sites or online applications that are not in charge of managing their users' personal data. As I mentioned in number one, many online sites and applications have a bad reputation, but users continue to use them. In this case, the user should at least know which site or application can be trusted, particularly when it comes to managing our personal data. There are numerous methods for determining the reputation of an online site or application, including:
   1. Certified sites are generally more secure for data transmission. The https protocol is used to identify certified websites. With a https certificate, data exchange between data users to and from the data center is encrypted, making it difficult for outsiders to read. The use of the https protocol does not guarantee that the site can be trusted completely in managing personal data, because standard data security procedures may be insufficient.
   2. Sites that appear on the first page of search engines like Google and Yahoo are more trustworthy, especially when it comes to handling our data. Be cautious of sites with suspicious names, which are usually quite long and do not use a common domain such as .com,.id.
   3. We can check the Play Store or App Store respectively for online applications in devices such as Android and iOS applications. The number of times the application has been downloaded, the application'srating (1 to 5 stars), and user reviews are all criteria that can be checked. If something is missing from these criteria, we can suspect the application's reputation is poor and switch to another application with a better reputation.
3. This third factor is more of a conspiracy theory: insiders are leaking user data. This issue is no longer hidden, possibly because the person is dissatisfied with the company's current state or wishes to increase profits. In this case, the scapegoat is frequently the DBA (Database Administrator) because he is the one who deals directly with data, but this does not rule out other parties doing the same thing.

Looking at the above conditions and situations, I'm also considering a more effective way to protect our data, particularly personal data. If I dig deeper, I discover that the information I disseminated in cyberspace is spread across several locations, including:

1. E-mail. Gmail, Yahoo, and work email are all services I use. Because the data storage center is in the office, work email can be relied on in terms of data security and reliability. What about Yahoo and Gmail? Who are these two behemoth corporations that are skeptical of their technology and the dependability of data management, particularly for email processing? However, we cannot deny that emails managed by Google, Yahoo, and other email service providers leave us in the dark about where our data is and whether they can be certain that we will keep data secure from outsiders. Again, there is a Terms of Service in data handling, but we cannot be certain that our data is not being used to benefit these companies.
2. Storage in the cloud (Cloud Storage). I use Google Drive and Microsoft One Drive. Back to number one, the same issue exists for cloud-based storage in terms of the privacy of the data that we store in the data center of the service provider.
3. Social media platforms such as Facebook, Instagram, LinkedIn, and Tiktok. Date of birth, mobile number, email address, and home address are examples of personal data that we frequently write on social media. But, as time passes, is this data still classified as personal information that we must keep private? This data, in my opinion, is now classified as public data and is no longer a secret.

I finally decided to migrate my data to a storage location that I can fully control and not rely on third-party service providers after researching various issues related to data privacy, reliability, and security. Renting private hosting is one option. In the following article, I'd like to share my experience with creating a cloud-based email and storage service using private hosting. Of course, we have complete control over all aspects, including security, speed, reliability, granting access rights, and so on. I currently have a personal email with the address [email protected] and cloud storage with the address https://cloud.setyaji.com, which I manage independently and without the involvement of third parties. Keep an eye out for the next article.