Your Data is a Commodity: Why the line between privacy and security is blurry
Written by Emma Flickinger
We all know online security is important, and we all know why: if we don’t take certain precautions, our online activities can have nasty consequences in our offline lives. Anyone who’s fallen for a fake “Download” button and lost a computer to a virus can tell you that.
Online security gets a lot of publicity — but online privacy is just as important, and there’s a bigger overlap between the categories than most people might suspect.
We’ve all heard someone say, “I’ve got nothing to hide.” The truth, though, is that we all have things to keep private. I might not want to “hide” the fact that I like to play Dungeons and Dragons, but that doesn’t mean I want colleagues, clients, and potential employers to know that I spend a significant amount of my free time pretending to be a wizard.
But you’d only need to look at the ads on my Facebook feed to find that out. Even though I don’t post about fantasy role-playing on social media, I constantly get ads and “suggested posts” related to it.
Every time you search a phrase, click a link, share a post, watch a video, or do anything else online, someone’s taking note and saving that information for later. If I read an article online about some D&D news, and that article has a “Share to Facebook” button at the bottom, that means that site is connected to Facebook, even if I don’t share the article. Facebook decides that this article is a topic I’m interested in, and adds it to my digital file.
But you don’t have to visit certain websites, or be doing anything at all, to be digitally tracked. Depending on the permissions apps receive from you or take by default, you can be tracked at any time, not just when you’re using the app. Google archives the each place you travel, how long it takes you to get there, and how much time you spend in each place. Dating apps collect all kinds of highly personal information, on everything from sexual orientation to HIV status. All kinds of apps could be switching on your microphone and listening in, or even taking photos without your knowledge.
Basically, new information about you is constantly being created. And as soon as your information passes into someone else’s hands, the line between privacy and security becomes blurred.
Many people don’t worry about privacy because of the conception that companies only use your data only when it’s anonymized, in aggregate. In reality, though, private information is often attached to your name and your email, and maybe even your face.
Companies who want to market to a certain demographic go to data brokers, middlemen who buy and sell your personal information, sometimes in aggregate, sometimes not. Many of these data brokers sell marketers lists of names with contact details. Your name could be on a list of people in your zip code, or people with a certain health condition — all available for sale, probably without your knowledge or consent. (Google and Facebook don’t sell your information to data brokers, but plenty of other companies do.)
In addition to being sold, your data could easily be stolen. Data brokers usually claim that their channels are secure, but informal probing seems to indicate that only about half of the biggest data broker sites are actually encrypted.
Big companies like Facebook and Google are starting to rebrand themselves as more transparent by letting you download all the data they’ve compiled on you so you can find out what they know. If someone somehow gets access to your Gmail, they’ll not only be able to read your emails and all your Google Drive files (even ones you’ve deleted!), they’ll also have access to a list of everywhere you’ve ever been, everything you’ve ever Googled, and (depending on your use of Google’s services) every picture you’ve taken with your phone.
So what we consider privacy starts to become a security issue. Your online data can reveal your bad habits, or embarrassing hobbies. But they can also reveal much more sensitive information about you, information that you might not be comfortable being bought and sold.
It’s frustrating and dangerous that corporations buy your data, but they’re not the only ones after your personal information — just the ones doing it legally. Hackers and other malicious actors can, and do, take advantage of lax privacy on every platform to steal your data. Think the risk of getting hacked is exaggerated? If anything, it’s probably the opposite. In 2014, 110 million Americans — half of all American adults — had personal information stolen online. More recently, a study found that almost a quarter of a million login credentials (usernames and passwords) are stolen every week.
Here’s an example: Remember those permission-hungry, data-thirsty, suspiciously free apps? While they’re most often collecting your data to sell, they also might be a vehicle for hackers to steal your credentials outright. Many malicious apps freely interact with legitimate apps in dangerous ways. Usually, this means overlaying a fake login screen on top of a real one in, say, a banking app, so they can collect your credentials. You can guess what comes next: identity theft, ransomware, or straight up stealing your money, directly from your bank account.
You don’t have to be on the run from the government, or to have an archive of what’s often tastefully described as “compromising photos,” to be serious about your online privacy. All it takes is an Internet connection. If you’re reading this online, you’ve put information about yourself out there, and that information deserves to be protected.
The best thing you can do for your online privacy, and the first step, is to educate yourself. Find out what information is being collected and what’s happening to it, and what consumer technology is out there to help you keep your privacy intact. Once you know, you’ll be able to make informed decisions about how you want to regulate your online presence.
