'Smell of Data' device sends out an odor when your data is leaking

By Brad Jones September 1, 2017

Smell of Data

At this point, everyone should know how important it is to stay safe online — if you fall for a phishing scam or similar, you are liable to end up having your identity stolen, which can have some pretty serious consequences. That said, personal security is only one facet of a bigger problem. We have seen sites and services hit by hackers all too often.

When online criminals target an organization, they are often able to gain access to lots user accounts at once, rather than just going after individuals. Sites like Have I Been Pwned? have been set up to allow users to check out whether their accounts have been compromised in the wake of a large-scale breach. Now, a new project called the Smell of Data aims to give internet users moment-to-moment updates on whether their private information is at risk of being leaked.

“The Smell of Data is a new scent developed as an alert mechanism for a more instinctive data,” explains a video on the project’s official website. “Smell data? Beware of data leaks. They can lead to privacy violation, behavior control, and identity theft.”

To utilize the Smell of Data, a scent dispenser is charged with the specially developed fragrance, and then connected to a smartphone, tablet, or computer via Wi-Fi. The device is able to detect when a paired system attempts to access an unprotected website on an unsecured network and will emit a pungent puff of the Smell of Data as a warning signal.

The concept is inspired by odorless, flammable gases that present a major safety risk without any external indicators. In 1937, an explosion at the New London School in Texas killed 295 people, prompting authorities to add a smell to these gases in order make leaks easier to detect. The Smell of Data works on a similar principle.

This project uses an outlandish idea to get across something very important and actionable: Just like an odorless gas leak, it is easy to turn a blind eye to our digital security. Accessing unprotected sites via unsecured networks is a risk, but it is one that many of us would take without much trepidation.

Editors' Recommendations

Topics

Former Digital Trends Contributor

Brad is an English-born writer currently splitting his time between Edinburgh and Pennsylvania. You can find him on Twitter…

News

Lawsuit alleges Equifax’s stupid password made it super-easy to steal your data

cfpb investigation equifax hack headquarters

Remember that epic Equifax hack from 2017? As it turns out, the company made it pretty easy for hackers to get in. A recent filing in the United States District Court for the Northern District of Georgia, Atlanta Division points out a few of the company’s missteps that might have led to the breach.
The first of those issues comes in the form of the password the company users to protect a portal used to manage credit disputes. While you might think a major company holding personal information like people’s names, addresses, and social security numbers might use an exceptionally secure password in that instance, it actually went for something a different: It used “admin” as both the username and password for the portal.
Not exactly the most secure move.
If the shoddy password wasn’t enough, the company also stored unencrypted user information on a public-facing server. That meant that any attacker that compromised the website’s server would immediately have access to all the personal information stored on it, with no additional work required.
The website also wasn’t the only thing it left unencrypted. The company also failed to encrypt its mobile applications, so not only was it keeping sensitive data unencrypted on its own server, it was transmitting that data unencrypted over the internet.
When it did finally encrypt that data, it “left the keys to unlocking the encryption on the same public-facing servers, making it easy to remove the encryption from the data.”
The court filing suggests that the inadequacies in Equifax’s encryption protocol fell short of industry standards and data security laws, going as far to say that the company “did not know what they were doing with respect to data security.”
The hack on Equifax in 2017 reportedly impacted approximately 147 million people, exposing their personal information and social security numbers.
As part of a settlement from the incident, Equifax is paying more than $300 million toward credit monitoring services for the impacted customers. It’s also compensating customers who paid out-of-pocket expenses as a result of the breach.
If you were impacted, you can apply to receive credit monitoring services or a $125 settlement via Equifax’s site now.

Computing

Your personal data is for sale on the dark web. Here’s how much it costs

padlock on keyboard

Ever wondered how much your personal data could be sold for on the dark web? A recently published report from online privacy and cybersecurity resource VPNOverview seems to answer that question (and others) in depth.

Titled “In the Dark,” the report offers detailed price breakdowns of different kinds of stolen personal information, including financial accounts and cards, social media accounts, bank details, phone numbers, credit histories, passports, drivers licenses, and even access to breached databases. The report also mentions certain websites on the dark web that act as marketplaces for stolen personal information, such as Financial Oasis and PayPal Cent.

Computing

Apple might be sending your browsing data to China’s Tencent by default

iPhone 11 Pro Max rear angle

A safe browsing feature, intended to increase online security within Apple’s Safari app, has instead raised privacy concerns as it has been recently discovered that the app is sending user browsing data to a company headquartered in China.

According to The Next Web, the feature in question is known as “Fraudulent Website Warning” and it’s used to review the websites a user visits to see if the websites are “fraudulent and malware-infested.” The feature works by checking a website’s URL against “a blacklist service provided by safe browsing providers such as Google and Tencent.” (If the feature detects that a given website is fraudulent or contains malware, Safari will display a warning about the website to notify the user.) This particular feature is available in both the iOS and Mac versions of Safari.