Privacy 101

Why we should care about protecting our personal data

There are some of us, who believe that privacy is important. Hyper relevant ads and an amazing personalised experience will not sway our opinion. We are seen as the crazy person standing on the street corner shouting about the end of the world.

There are valid arguments on either side of the privacy debate and it is reasonable to assume that the likes of Google and Facebook will not misuse our data as their business depends on them.

However the nature of the web is a lot more complex and there are a lot more players in this chain clamouring for your data. Unless you are an expert with computers or in the middle of cyber-security, chances are there are gaps in this chain you do not know.

Privacy these days is an all or nothing option. Even if you are not concerned about your online privacy, this asymmetry in who collects your information, what information they collect, how long do they collect, how long do they hold this information, in what context they use and how do they correlate information to get insights should make you at least a teeny bit uneasy.

Consider this:

In the last 10 minutes I visited 17 sites, most of which were news and networking websites. Though I visited just 17, there were actually 197 websites that tracked my visit, 10 times more than the actual sites I visited.
Who is tracking you? (Extracted using Light beam add-on)
There are 1000s of trackers. Ghostery classifies them as advertising, analytics, beacons and privacy related trackers.

Just one visit to a Forbes article led to 55 trackers collecting my information. 55! Do you know anything about these sites/trackers/cookies, their reputation and their ability to respect your data?

You do not know who is in control and who can access this information

There are a lot of reasons, why it is important to understand what we share and how it is used. Just to rejig your memory, think of these past incidents.

Watergate Scandal

President Nixon and his officials bugged the offices of their political opponents and harassed activist groups and political figures. Imagine how easy this is in the digital age. You just need to get someone’s Gmail and Facebook accounts to know everything about them. In this context, the Snowden archives are even scarier.


Nazi officials identified Jews residing in Germany through census records, tax returns, synagogue membership lists, parish records, routine, but mandatory police registration forms, the questioning of relatives, and from information provided by neighbours and officials. Most of this information was collected for different reasons but ended up serving another purpose. Our life history, age, gender, preferences, our opinion on complex topics like immigrants and gay marriage are indirectly interpreted and stored by 100s of websites, 1000s of times in a day.

NSA’s tentacles

A top-secret report from January 2013 states that a project called MUSCULAR acquired millions of records daily from Google and Yahoo. In one 30-day period ending in January, the NSA collected over 181 million new records from these secret sources. They hacked the private networks of Google and Yahoo to get this information. How easy would it be then to hack a start-up or a phone app that knows about your details intimately — Investment help app or Tinder perhaps!

Smileys make everything better ! — An actual slide from one of NSA’s power point decks.

The private networks from Google were not encrypted, thus making it easier to be intercepted. However even SSL information isn’t secure. In many cases SSL traffic (encrypted traffic) is produced by hardware devices like VPN routers and if you can work with the manufacturer or tamper the device, you could potentially decrypt SSL network.Even if the data owner is legitimate, there is no guarantee that they are the only ones accessing it.

Most businesses are not capable of protecting your data safely

In the old days, if you were a private person you could keep your door closed. If you were out on a vacation, you can lock your house. If you had something valuable, you could buy a safe and protect it. But when you are online your doors and windows are always open and there are no locks.

We shop everywhere with our credit cards, share our personal information online indiscriminately and upload content to the cloud like there is no tomorrow. But contrary to what you might think, 99% of these businesses are not good at keeping your data safe. If anything they are abysmal. Even some of the leading multinationals fail miserably. A look at the recent data breaches in the US reveals some big names.

Source: Forbes

The challenge is, in order to hack a system you need to just find its weakest link and whether they are big or small there will always be that one stupid employee or one un-patched system that is acting as a beacon of hope for a hacker. Even the best of intentions is sometimes insufficient. It’s a good reason why as individuals we need to take more responsibility for our data.

It is not just credit cards. Apple’s the superstar tech giant of our generation suffered a data breach in their cloud, resulting in leakage of celebrity photos. If these companies cannot protect your information, what is the guarantee that these 1000's of trackers will keep your information safely?

You may think trackers are just collecting metadata, but metadata is more revealing than actual data and in most cases it is anyway just one data point away from being linked to an individual.

Even if you have nothing to hide, you can be discriminated or your actions and opinions can be misread or misused

Our behaviours are never consistent. We as humans commit mistakes, say stupid things, react irrationally and are always not in our best behaviour. Our behaviour also varies based on the environment and situation. And research proves that our behaviours do not exhibit cross situational stability. Organisations and people who collect your data, can choose to pick data points and behaviours that they deem fit and form patterns and opinions and you have no control of it.

“… a century’s worth of experiments suggests that people’s actual behaviour is not driven by permanent traits that apply from one context to another. Students who are routinely dishonest at home are not routinely dishonest at school. People who are courageous at work can be cowardly at church. People who behave kindly on a sunny day may behave callously the next day when it is cloudy and they are feeling glum. Behaviour does not exhibit what the psychologists call “cross-situational stability.” It’s not only your data, but your kids, family and friends. — NY Times

A larger challenge is the possibility of discrimination. Let’s say you are of Indian origin. Now imagine an algorithm that tracks people who like curry and finds that there is a correlation between people who order curry online and the higher rates of default. Such details can influence the interest you pay on your loan or the premium you pay on your insurance.

The analysis is probably driven by the fact that Indians order curry, but by one degree of separation it appears like an attribute which results in most curry lovers are paying higher rates. As long as companies do not explicitly use sex, race and other restricted attributes, nobody can sue an organization that uses attributes like fans of curry or curly fries, to discriminate. Now stretch this to your social media profiles, apps, online dating profiles, spending patterns, medical records getting correlated and influencing your medical costs, buying flight tickets, getting an education etc.

Culture fit and introverts — A completely pausible story of how data can be used

With big data, companies are trying to intimately understand every customer. Attributes like culture and race can influence a lot of personal characteristics and if you are from a race that is already at a disadvantage, chances are that can influence some your preferences which can be discriminated. This is just one possible scenario ! The worst part is you will have no clue how any of this works.

In the future, a company can be valued by the data they hold. That means it will be bought and sold and you can do nothing about it.

On top of such crazy possibilities, your data is available for sale when companies are put on sale. While privacy policies state that collected data will never be shared, the promise does not stand when the company is up for sale. When companies go bankrupt, in many cases data is one of the most valuable assets. Individuals do not even have an option of recourse in such cases.

Among the top 100 sites in the Times analysis, only 17 said they would alert consumers and only 2 gave options for recourse. That’s a mere 2%.

With the development of the internet of things, companies will know how often you open your refrigerator, which two phones are always be near each other (GF?), how efficiently you manage your electricity, and how many people visit your house and more. And are there any rules around collection, storing and managing data? Zilch!

Pervasive use of digital is enabling companies to collect a myriad of extremely personal information and characteristics. Such data is much more valuable that anything we have created till date. With internet of things, you would not even be required to explicitly share information. In the name of making things as seamless as possible, companies will collect information in the background and make it discreet. You will never read the Terms of Conditions or the privacy policy and will never know. There is also no guarantee that this will remain with the company that collected this information in the first place.

If you do not care, nobody will

The digital revolution is moving at breakneck speed. Clever enthusiastic entrepreneurs will use creative ideas to “disrupt” existing businesses. Without an established brand name to worry about, data protection and security are a lower priority for these companies. They are also desperate to make a mark and will experiment with personal data. This is not fiction. It has already happened.

Uber used their “God view” once to track a journalist and got caught. This tool was able to uniquely identify individuals, their personal details and their current location. This tool was available for use to most of the Uber corporate employees. (True story !). Source: The Verge

Making software, apps and devices free enables companies to reach a wider audience and establish their solution. But in order to survive, they need revenues and the only lever they can adjust after they give their stuff for free is using your personal information in ever more creative ways. In a capitalistic market, the pressure to constantly increase revenues will only make them push harder.

Legislation and policies related to digital are way behind and cannot keep up with the speed of innovation. There are a lot of consulting firms that help organisations tackle digital challenges. They use economics, design thinking, competitive strategy etc., to find ways to make the organisations understand customers better. Personal data and privacy is almost never discussed in these scenarios, a good indication of organisational priorities. Unless users like you respect the value of your data and demand the same from companies, there is little incentive for the companies to act on it.

Remember, you are not only sharing information about yourself, but all your family and friends. For instance, your iCloud and Gmail holds photos, videos, contact details of your children, your teenage girl, your old parents and many who are vulnerable to exploitation digitally. So you have a responsibility to protect your data for their benefit.

Just caring about what you share and using tools to make it harder for companies to gather information about you and your family, will make entrepreneurs think beyond free services that come at the cost of privacy. Pressuring innovative and creative people to rethink of viable business models will help create businesses that do not need data to survive or serve us better products. But if you do nothing, the writing is on the wall. It is not a matter of if, but when.

So maybe it is time you become a little conscious about privacy, security and sharing of personal details in the digital medium.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.