[tor-talk] Which companies/individuals can gather data while using the internet?

npdflr npdflr at zoho.com
Fri May 17 16:34:11 UTC 2019


This is a not a completely technical discussion but I think it helps to get a clear picture and ultimately one can know (or atleast try to know) which companies/individuals may gather personal data and then one can make decisions accordingly.



(I have listed a hardware or software and the next line contains the possibility of how the company/individual can get data from the internet user)

One can add their opinions and other hardware and software which is not in the list below.





Hardware list:-

1. Device manufacturer (device which one uses to connect to the internet)

Device manufacturer firmware



2. Manufacturer of specific hardware within the device such as Motherboard, BIOS, RAM, Hard Disk, CPU, GPU etc.

Hard disk firmware, BIOS firmware

Not sure: CPU firmware? GPU firmware? RAM firmware/backdoor?  or other parts such as Video card, Sound Card etc.

Motherboard is just a circuit board for connecting other hardware components. So I think it can't have a backdoor. Correct me if wrong.



3. Manufacturer of input devices such as microphone, keyboard, mouse etc.

Input device firmware



4. Manufacturer of output devices such as printer, speakers, etc.

As long as these devices can only recieve output but can't send input to the device, there should not be a backdoor.



5. Manufacturer of input and output devices such as usb drives, media card readers etc.

Removable drive firmware



6. GPS technology

Not sure?



7. The internet service provider

Based on their terms/privacy policy





Software list:-

1. Operating system

OS telemetry



2. Applications

Applications which have backdoor etc.



3. Browser and addons

Personal identification data sent to the developer of the browser and addons



4. Internet authorities such as:

   - Internet Assigned Numbers Authority (IANA) https://www.iana.org

   - Internet Corporation for Assigned Names and Numbers (ICANN) https://www.icann.org

   - Internet Architecture Board (IAB) https://www.iab.org

   - Internet Engineering Task Force (IETF) https://www.ietf.org

   - American Registry for Internet Numbers (ARIN) https://www.arin.net

  

   The above authorities are only for IP address allocation, evolution/support of internet, etc.

   They don't gather personal data as per their privacy policy.



   - TLS/SSL certificate authorities

   Not sure whether they can get any personal data.

   

   - Any other internet or internet protocol authorities?


More information about the tor-talk mailing list