20% of Internet users encounter personal information leakage. How to rectify the "hardest hit area" of data security? The report on the development trend of China's information consumption released by the China Institute of information and communication shows that in terms of consumer groups, the scale of China's Internet users has continued to expand, exceeding one billion. The report also warns against risks such as data security and personal information disclosure. Since the implementation of the personal information protection law, public security organs in Gansu, Jiangsu and other places have cracked a number of cases of crimes against citizens' personal information. The Public Security Bureau of Lingtai County, Gansu Province has just smashed a criminal gang that purchases and sells citizens' personal information online. The suspect, Yan Moumou and Hu Moumou, used the shop to cheat users' identity information and mobile phone numbers, and illegally registered all kinds of network accounts. All of these Internet accounts eventually fell into the hands of the gang of "online traders". The police found a criminal gang hidden behind the two suspects. From February to March this year, the task force moved to Chongqing, Sichuan and Yunnan and arrested seven members of criminal gangs infringing on citizens' personal information. The gang has set up a wechat group since 2019 to illegally buy and sell citizens' personal information. They use the identity of communication business agents and use gifts, phone bills and other methods as bait to cheat users' personal information, register various network accounts and sell them at the price of 3 yuan to 20 yuan per account, making an illegal profit of nearly 100000 yuan. Jiangsu police also cracked a criminal gang selling citizens' personal information recently. The gang mainly sells the information of investors and students. They call personal information "material". "Investor information" includes the name, mobile phone number, exchange and other information of stock speculators; "Student material" includes the name, telephone number and School of the parent. "Material" also separates dial material and AI material. The authenticity and reliability of manually dialed materials have been confirmed through manual dialing. AI material is the telephone number randomly generated by the suspect through the software, without other identity information. After review, since 2018, the gang has sold more than 200000 pieces of citizens' personal information and made a profit of more than 200000 yuan. According to the 49th statistical report on China's Internet development issued by China Internet Network Information Center, as of December 2021, 22.1% of Internet users had suffered personal information disclosure. The public security organ reminds the masses not to click and use links, websites and mobile apps of unknown origin, and not to provide SMS verification codes to others to strictly prevent information disclosure. Some mobile app background monitoring users With the implementation of the personal information protection law, there are laws to strengthen the protection of personal information and refuse personal privacy to "run naked" on the Internet. However, many users still feel that they are under the monitoring of mobile app. Many netizens have had this experience. After reading an item or entering a keyword on the Internet, they will soon receive relevant advertisements or information pushed by mobile app. What's going on? In a network security organization, technicians used detection tools to test the user information collection behavior of two mobile browsers. The technician copied a simulated bank account password. Although the browser was not used at this time, the detection tool found the bank account password in a program called by the browser. LV Shikui, network security engineer: this app reads the bank card number and password we copied. The process of taking it away is actually taking it away in plaintext without relevant encryption processing. The technician then selected the phone number and SMS for the test on the mobile phone, and transferred the browser to the background. The contents of these two operations were also read by the browser, including the commodity information browsed on the e-commerce platform, which was also fully recorded by the two tested browsers. One browser can still record user behavior when the process is closed. Establish a "double list" to protect citizens' personal information In order to let users clearly grasp the activities of mobile app calling and requesting personal information, the Ministry of industry and information technology has previously proposed to establish a "double list" of personal information protection. Experts pointed out that during the normal use of mobile apps, there will be activities of calling personal information and asking for permission. Different mobile apps sometimes need to share sensitive information such as location and address book, which increases the difficulty of supervision of personal information protection. In order to let users clearly grasp the sharing of personal information between mobile app and third parties, the Ministry of industry and information technology proposed to establish a "double list" of personal information protection, requiring relevant enterprises to establish a list of collected personal information and a list of personal information shared with third parties. NING Hua, director of Information Security Department of Theil terminal Laboratory of China Academy of information and communication: enterprises are required to list the "list of personal information shared by third parties" concisely and clearly in the "secondary menu", including the type, purpose, scenario and sharing method of personal information shared with third parties. Take multiple measures to rectify the illegal collection and use of personal information In order to solve the problems of illegal collection and use of personal information by app and deception to induce users to provide personal information, the Ministry of industry and information technology entrusted China information and Communication Research Institute to establish a working group on app user rights and interests protection standards in conjunction with all links of the Internet, mobile terminals, telecom operators and other industrial chains, In accordance with the principles of "informed consent" and "minimum necessity", the organization has formulated standards such as the minimum necessity evaluation specification for the collection and use of personal information by app and the evaluation specification for the protection of the rights and interests of APP users, defined the testing requirements and methods, and provided a clearer regulatory basis for supervision. The reporter learned from the Ministry of industry and information technology that the first batch of major Internet enterprises have basically completed the setting of "double list" of personal information protection by the end of last year. On a mobile app, users can click the menu to view the user's personal information types, use purposes, use scenarios, personal information and sharing methods shared with third parties that the app has collected. Mobile terminal enterprises have also developed app permission minimization recommendation and other functions in accordance with the requirements of the Ministry of industry and information technology, and take the initiative to standardize and restrict the excessive permission seeking behavior of apps on mobile phones. Telecom operators track and prevent the risk of personal information disclosure through the anti tampering feature of blockchain technology. The person in charge of the information security center of the telecom operator warm: we will put the data characteristics of the operation log on the blockchain to ensure that it cannot be tampered with, and then verify it regularly. If the log is tampered with, it indicates that there is a problem. We will check specific events in a risk-based manner. It is understood that through the formulation of standards, technical inspection, special rectification, industry self-discipline and other measures, the Ministry of industry and information technology has vigorously rectified the illegal collection and use of personal information and other violations of users' rights and interests. Last year, a total of 2.08 million apps were detected, 1549 illegal apps were notified, and 514 apps that refused to be rectified were removed from the shelves. (Xinhua News Agency)