We all know that data harvesting practices are widespread, but we can’t know all the details. When businesses are collecting data, they’re not subject to requirements for transparency. In fact, quite the opposite — methods of gathering and selling user data are considered trade secrets and are closely guarded. Private companies often “get away” with gathering more data than the government can.
(By the way, not all internet companies gather and sell your data. Cruzio does not.)
Despite the secrecy, public attention has recently encouraged reporters to dig in to the details. There’s so much to talk about that we’re separating it into several newsletters.
Here’s What We’ve Found, Part 1:
What, exactly, are online companies gathering from us?
A little background, to start. Most apps on your computer, phone, or other device have two purposes: one is the obvious one, the weather app that displays the weather, the social app that lets you see what your friends are doing.
The second purpose every app serves is much less obvious: to gather information incidental to the primary purpose, and sell it. You give the weather app your location. You give the social network your age, gender, and much more.
You might think, that’s not so valuable. What does any one app know? But the data doesn’t stay with that single company.
After gathering information, companies sell their caches to central data brokerages so that data from many different apps is gathered together in one place to form an ever-more-complete picture of you: where you hang out, what you spend, who you know, what you think. Data gatherers even brag that they can tell what stores you enter — and where you go inside the store.
What Are They Vacuuming Up?
It all starts with the gathering of information. Gizmodo has an excellent summary of what apps, browsers, and web pages gather from the moment you click on them. They gather inconsequential bits of information that a browser uses to display your web page properly into what’s called a “fingerprint” — an identifier. Your name might not be gathered, but no one else on the internet, or very few people, are in the same part of town as you, with the same size and version computer, running the same version of a browser. You’re not known necessarily by name, but a name is easily attached when other information is added.
You Can See Tons of Data Collected by Google and Facebook
You can see a lot of the information that’s been gathered about you. Cruzio’s dauntless reporter Brian Bishop did a deep dive into the information cached in his blog post What Do Tech Companies Know About Me, Turns Out a Lot. The Guardian found even more.
The data gathered is often only tangentially related to what the app seems to be doing. Tech Crunch reports:
“A great example of that is Facebook’s Nearby Friends. The feature lets you share your position with your friends so — and here’s that shiny promise — you can more easily hang out with them. But do you know anyone who is actively using this feature? Yet millions of people started sharing their exact location with Facebook for a feature that’s now buried and mostly unused. Meanwhile Facebook is actively using your location to track your offline habits so it can make money targeting you with adverts.”
And did you know that Amazon keeps recordings of all your interactions with Alexa?
Can You Really Delete Information?
Many apps allow you to remove your information. But that often means they remove it from your sight, while keeping it in their data caches. And they may have already sold it to another company anyway. Even if data has been gathered or shared illicitly or illegally, the horse is out of the barn.
For example, Cambridge Analytica sold data in the 2016 election. Facebook had shared the data from tens of millions of users without their permission, but with the condition that it be deleted/returned afterward and used for limited purposes. But Cambridge Analytica never deleted the information. And they used it for their own, uncontracted, purposes, sold their findings to political campaigns, and there’s no way to walk that back — the company is gone but the personal profiles have been disseminated . Who else has data that’s left the barn?
And Then There’s the Data Collected by Hackers
You’ve certainly seen headlines about gigantic data thefts, where personal information is gathered by criminals who hack into the computers of large corporations, like Target, or banks, or even government bodies, like the Veterans Administration. We’ve written before about where your data goes after it’s been hacked. This information is less detailed than that gathered by apps and websites, but it’s much more devastatingly personal and can be used for dentity theft. It includes names, addresses, passwords, social security numbers, and more. You can check whether your information is out there by seeing if you have been “pwned.”
Do You Want to be Tracked?
Before we go further, let’s get down to a big question.
Gizmodo has published tools to help you block some of the tracking. But remember: most of the data is gathered by an app you’re using for a reason, and blocking data may hurt the app’s performance. Do you want an online vendor to forget your shopping cart contents next time you go to the site? Do you want your weather app to lose track of locations you check frequently?
You might want to be selective about what tracking you prevent. Many of us go to a “stop tracking me” form and hesitate, mouse hovering over the choice. Do we want to lose the functionality that goes with the data? In a way it’s not really giving us a reasonable choice: it’s either everything or nothing
And we often hear, “I don’t care. I have nothing to hide.” Interesting, isn’t it, that people are more willing to let a corporation have access to their movements and activities at levels they’d never let the government see.
At the least, we can know more about what is tracked and how it’s used.
One More Time: Here are all the links from this blog post
Facebook’s Nearby Friends