Stalking your ex? Facebook knows.

By Rob Seger

My friend Mary wrote a post about the NSA and Instagram a couple weeks ago, talking about data privacy and how awesome it is. She’s an optimist and implied that it could be possible — it’s not.

We all know that our data is out there “somewhere.” There’s so much, it’s overwhelming to even think about. So, we all just.. don’t. Sharing that your waiter dropped your friend’s lunch is fun, using Uber is convenient, and being annoyed about the new “home business” pyramid scheme your friend started hawking? This is who we are.

We share our data with Google, Uber, Facebook, and anyone who has a service we enjoy. And, you know what? Our data does make all of those services better. And so, we’ll continue to share.

Privacy of data is dead.

Correlation, bear with me here, is answering the question “if A happens, how likely is it that B does too?” If I smoke, how likely is it that I’ll have lung cancer too? Turns out, it’s much more likely for me to have lung cancer if I smoke. There’s a strong enough correlation that we’re all comfortable admitting that smoking increases your risk for lung cancer.

What you may not realize is that all symptoms are just correlations. Runny nose, headache, fever, and achy? You probably have the flu. You might also be dying of cancer but without other symptoms there’s no way your doctor would ever make that guess, err.. diagnosis. Your doctor’s brain is basically the most efficient medical big data crunching machine we humans have ever created. Google’s getting close though, very close.

And yes, that’s an amazing thing. Here, Google’s not diagnosing my sexuality, they’re diagnosing diabetes. They’re not diagnosing my phobia of birds, whether I’m pregnant, or how much I’d be willing to spend on a good mole trap. Actually, they are working on the latter. And, truth be told, we can only assume they’re not also working on the first two.

Then again, if they were, it would probably make ads more relevant. And what about just pure clickbait specifically targeted to me and my interests? It would definitely keep me on Facebook longer. So really, a more interesting question might be:

Is there anything about you that wouldn’t help Facebook better target their clickbait? It seems like the more personal the better, no? Are you polyamorous, having an affair, stalking an ex, depressed, addicted — how much are you comfortable with some random guy at Facebook knowing about you?

Not only do they have the means to diagnose insanely intimate details about you, they have a financial incentive to do it. And that knee-jerk reaction of “deny them the data!” isn’t going to help. They have the data. And you really can’t prevent them from having the data. Even if you don’t use their platforms, your friends and family do. Data about how other people interact and think about you is probably more important than the data you create anyway.

We want our apps to do some things with our data. I mean, I want to be found by my Uber driver, I appreciate it when Google doesn’t spam me with ads for fishing equipment, and I do enjoy an occasional grumpy cat in my activity feed. I don’t even think of those things as invasions of my privacy. Privacy is more nuanced than just what the data is. It includes what someone’s going to do with the data.

You can use my location to find me a ride, Uber, but not to figure out who I slept with, thanks.

As consumers, I believe we should have the right to deny purposes. I know, it sounds funny, but citizens of the EU will have exactly that right starting next year. It’s unlikely we’ll see a similar law passed in the U.S. anytime soon, sad times. But every major corporation in the world is investing in the technology to provide Europeans a new type of privacy. A privacy by purpose.

Privacy of data is dead. Long live privacy by purpose!

Rob Seger is CTO and Co-Founder of Manifold Technology. Rob has two decades of experience focusing on security, network and cryptographic exploitation. Rob began his career in the government before becoming CTO of Morta Security, later acquired by Palo Alto Networks.