Posted 12 июля 2023, 07:17
Published 12 июля 2023, 07:17
Modified 12 июля 2023, 07:39
Updated 12 июля 2023, 07:39
Julia Suntsova
Mail.ru added the ability to log in, log in to your mailbox through an existing account on Public Services.
To do this, the user is asked to link the mail to the Public Services account.
However, with the virtual consent of the user, or rather, when you click the «Log in through Public Services» button, an interesting condition floats: «To create an account through Public Services, allow the access to data» (?).
What kind of data? Probably no one will give an honest answer to this question, but… preparing for the worst, we should probably assume that we allow access to ALL DATA.
Public services, as you know, are not just closely connected with all government departments, for example, with the Ministry of Internal Affairs, military enlistment offices, tax, Rosreestr, bailiffs, housing and communal services… In principle, they were conceived as the embodiment of e-government, that is, they are the official representation of all these government departments to provide services to citizens in a remote format.
I remember that in order to get a confirmed account on Public Services — and only it gives the most complete access to remote receipt of public services — it was necessary to download a copy of the passport, etc. documents and request confirmation of their authenticity in the Ministry of Internal Affairs.
Also, in an effort to get full access to remote services, you tick the boxes in the right places and thereby transfer the right of access to the following types of personal data to Public Services:
— passport number,
— SNILS,
— registration address — at the same time, if the registration address matches the actual address of residence, you need to tick it, and if it does not match, you must register it,
— MHI policy,
— INN,
— the series and number of the driver's license,
— a reader's ticket,
— subscription to fines for VU and hot water shutdown (!)
And also:
On the one hand, it seems like it's time to accept that in the digital age you live like in a transparent aquarium, where everyone knows everything about everyone.
But the eternal problems with the security of personal data are still half the trouble. It's one thing when you enter the websites of government agencies through the portal of Public Services, which already partially have your personal data. It is quite another thing when a private company voluntarily comes to mind to integrate with the main state electronic platform.
So far, according to information from the State Services themselves, only a few companies, and those — semi-private—semi-public — have agreed to this: Russian Railways, Russian Post and Work of Russia.
Mail.ru (owned by VK, until 2021 — Mail.ru Group) in this sense is a pioneer, and it is not just a private company, it is a service to which people have entrusted the storage of their private correspondence!
According to data from December 2022, the post office Mail.ru it remains the leader in the number of Russian users, with a large margin ahead of competitors. Monthly Mail audience Mail.ru — 51 million people.
By integrating these people's personal email services with e-government, how ready will the company be to fight for the secrecy of correspondence? Which, by the way, is still protected by law. Article 138 of the Criminal Code of the Russian Federation provides for punishment for violating the secrecy of correspondence, telephone conversations, postal, telegraphic and other messages up to imprisonment.
Do I need to remember that sensitive personal data of Russian citizens somehow leak by themselves almost every year?
The last such messages appeared quite recently: in October 2022. About 5 thousand records of users of Public Services have been made publicly available: user names, email addresses, phone numbers, passport data, SNILS, and so on.
In the Ministry of Finance, later justifying themselves for this drain, they swore: the data leaked not from the Public Services themselves, but «from one of the external services that uses simplified user identification through „Public Services“…
Mail Mail.ru — exactly the same external service that simply provides its users with another authorization option — through Public Services. To make life easier for users, as they say.
We asked VK representatives what guarantees they are ready to provide for the protection of users' personal correspondence today?
At the time of publication, the response from VK has not been received. The company did not allow the contents of the oral conversation of the special correspondent with a representative of the press service to be made public.
By the way, in April of this year, the Megafon expert strongly advised Russians not to give their real e-mail to Public Services under any pretext.
Sergey Khrenov, Director of fraud prevention and revenue loss of the mobile operator company, clarified: «it is worth creating a separate mailbox for this kind of services.» Only this way, only by sharing your real mail and Public services, according to the expert, it is possible to protect data from criminal attacks by fraudsters.
Well, courage Mail.ru one can only envy. Apparently, their specialists are absolutely sure that the clients' mail is in safe hands…