Use A Mobile Phone? You’ll Need To Verify All Over Again

If you use a mobile phone in India, chances are that you’ll receive a similar text message as above in the next few weeks. It took me by surprise, I must admit. This will be the third or the fourth time I’ll be ‘verifying’ my credentials again.

Telecom companies have been forced to re-verify users at regular intervals of time. While this makes sense, it’s highly inconvenient for subscribers. The pain of visiting a mobile phone service provider’s local outlet, submitting all documents again, waiting for things to go smoothly, it’s just too painful. Thankfully this time it’s just eKYC (electronic Know Your Customer) process.

But don’t expect eKYC to run smoothly either.

eKYC depends on a working data connection, electricity, fingerprints, OTPs, and a few other parameters. It’ll be a walk in the park for most urban locations. I can’t even imagine how the rural population will handle all this, unless telecom companies go the extra mile and offer re-verification services at their doorstep.

Telecom companies have been asked to get all subscribers re-verified, with eKYC linked to Aadhaar, latest by February 2018. In case any subscriber is left after that, their mobile connection is likely to be deemed ‘illegal’. That’s hardly a surprise considering the amount of BS we’ve seen from the government when it comes to Aadhaar linkage.

“I am unclear about the benefit that will arise out of the exercise where we will have to re-evaluate all the subscribers,” said Arpita Pal Agarwal, partner and leader—telecom industry practice—at consultancy PricewaterhouseCoopers India Pvt. Ltd. “It will add additional costs to the (telecom) sector, which it at the moment cannot afford.”

It’s not surprising the telecom companies aren’t going to like this. All this at a time when they’ve had to bring down data charges for LTE access in the country. Consumers aren’t going to love this move either. But have we ever had a real choice?

To New Beginnings

By now you’re probably aware how things look slightly odd around here. Everything is gone, for now.

GoDaddy managed to piss me off in the most unexpected manner. If you are using GoDaddy’s managed WordPress hosting plans, I’d warn you that in case you don’t keep backups manually or if something goes wrong with your database, GoDaddy cannot do anything. They won’t even inform you when your database goes bust, and they can’t use auto backups.

Anyways what’s done is done. I’m in the process of getting my database back by switching together sets of old backups and whatever I could get from the archives. In the mean time I have moved to Vultr for my web hosting needs. I guess I’ll stay here for the time being.

Our Privacy is Shit And You Know It

Privacy is one of those things we don’t talk about a lot in India. Every now and then there’s a small debate in some corner of the social web, where concerned citizens get together and discuss how our privacy is shit. It’s clear by now that we don’t have any major privacy laws in the country.

Things will only get worse from here. More people are signing up for internet access, the government itself wants to promote the vision of a digital India, and more internet connectivity is exploding thanks to the current 4G LTE wave. You’d imagine by now we would have a serious discussion regarding our privacy. But no.

All of us are up for sale on the internet. If you have ever purchased anything online, chances are you are very likely to be on some sort of database that’s up for grabs. These databases sell for anywhere between Rs.5,000-Rs.15,000 depending on the weight. The details include names, addresses, primary cell phone numbers, preferred mode of payment, and even mode of transaction with amount.

That’s a lot of sensitive information. Sometimes that’s all you need to break into someone’s account using basic social engineering skills. Now the question is who is leaking all these details? It could be the e-commerce companies, logistics partners, or third-party service providers to e-commerce companies. The points of leaks can be endless.

Local e-commerce companies treat your personal data like it doesn’t matter. Someone I knew in the industry, who worked in marketing, was regularly given dumps of customer data for manual segmentation. There was nothing in place to prevent him to take home all this sensitive information, and sell outside. Then there are logistics partners which ask for customer details like phone numbers during delivery.

Last year a market research firm reached out to me, saying they were doing a survey for Paytm. On being asked if Paytm shared my personal details with them, the person on the other end politely declined. I don’t even know what’s going on anymore.

The offline world isn’t any better. Most offline retail stores now ask for a phone number while checking out. They do this to send you text messages every now and then. Then there are loyalty programs at retail stores, petrol pumps, and all across. All this data finds its way into databases that are up for grabs.

Once the spamming begins there’s no DND (do not disturb) in the world to make it stop. These spammers find loopholes there too. Another area where this information gets misused is to steal users’ identity. Getting personal information makes it super easy for just about anyone to break into your personal accounts, be it a social networking website or a financial entity.

With the government expanding its coverage of Aadhaar, it’s only obvious for them to come up with privacy laws. Apart from protecting the rights of its citizens, it can also help instil a level of confidence amongst everyone for government projects like UID.

The same problems exist with privacy regarding Aadhaar. The ways in which both government and non-government entities are collecting Aadhaar numbers and putting them up on the web makes it a nightmare for everyone. Some educational institutions also go to the extent of uploading highly sensitive information like phone numbers, bank account numbers, Aadhaar number, etc. It’s only a matter of time before Aadhaar based databases go up on sale.

Privacy is shit, no doubt. What can one do about it? Not much. You can ensure you don’t buy online on shady websites. You could give out fake numbers at retail stores. But all this isn’t really bulletproof. One way or the other you’re likely to fall into their trap because nothing is keeping these guys scared from doing what they do.