When the story about the Trump campaign paying Cambridge Analytica $85 million dollars in 2016 to exploit data from millions of American Facebook users in order to develop targeted election campaigns to sway their opinions (and votes) to his favor, no one seems to listen, not even the US news media. It took over half a year for news outlets and lawmakers to notice.
Canary In The Coal Mine
— Timothy Castantine???? (@Castantine) August 15, 2017
But what’s more disappointing about all this is, it took this long for the issue of online privacy and user exploitation to even be “heard,” discussed and gain traction… from… well, everyone. Granting that whenever we go online we leave a digital footprint, like our IP addresses – a unique string of numbers separated by periods that identifies each computer using the Internet Protocol to communicate over a network – or cookies – a small piece of data sent from a website and stored on the user’s device by the application while the user is browsing – or server sessions – a transient record that resides in the server host while the user is accessing or using the site or application – and server logs that records every website visit (or query), most of these are essential for the technology to work.
A private company that is only providing a social and self-publishing platform, who exploits user-produced content to drive traffic, has no business asking for too much personal user information. Lately, these companies use the guise of “security” and “authenticity” to amass personally identifiable information on top of e-mails, such as; real legal name, telephone numbers, location, date of birth and even government issued IDs and birth certificates. Notice mobile apps now require a phone number to authenticate, why’s that? E-mail is enough.
And it doesn’t stop there. These companies, like Facebook, encourage users to divulge more information by constantly nagging for background information, employment history, residential history, relations, interests, … you name it. They even constantly remind users to encourage their peers to do the same. It encourages a boastful culture, a never ending desire to show off and get attention. Human experience is devalued into a single button … a Like.
Ego Is Complicit
Users are too caught up in the game of narcissism that they’re willing to surrender their identity and privacy for the sake of a few seconds of gratifying attention. One too many times I’ve seen friends post highly sensitive documents like birth certificates, professional license, passport information, airline tickets and Driver’s License. Users share intimate family photos from birth to the grave, not to mention very private photos, for the world to see.
It is ironic that some people cry for privacy in restrooms but you see their public social media page riddled with nude photos for the world to see. It is ironic that people cover legal forms while writing personal information, but their social media, which happens to be more comprehensive, is open to the world. It is ironic that some people get offended when being asked about what they do for a living but their resume is on LinkedIn and work history is on Facebook … for the world to see. It is ironic that some people are annoyed when others use their work without consent but their Instagram is public and full of content without any watermark.
Follow The Money Trail
When cloud storage became big buzzwords, my immediate concern was privacy and subscription. Why would anyone have to pay to access personal data they already own? Storage these days are cheap, keep it offline. Net Neutrality was repealed, and the corporate ducks all falling into place in a row. Since these private companies already know so much about you, why not have easy access your digital assets too and make you pay to access it (more at some point – you’re already paying through your internet connection)? Sure, why not.
When Google decided to unify its’ online products, I immediately saw the intent – the ability to share user data across application, cross promote and consolidate user data collected across applications. At one point, Google wanted to make email searchable, that falls in line with user profiling. Luckily, that didn’t come to fruition. But I was ready to host my own e-mail privately, had it happened. When Google Plus was launched, at first it seemed a bit sophisticated for socializing but it was a neat concept, but then Google decided to link YouTube accounts with it, and the rest of their online apps. It became mandatory to post comments, write reviews or rate content. I decided to pass on it, and never posted a comment nor gave any rating to YouTube video and online reviews that requires it. I deleted my Google Plus accounts, and that was the end of that. Only recently Google relaxed this requirement, at least in YouTube, now you can rate a video even if you’re not a Google Plus user. Google already knows so much about it’s users, thanks to Android and its many applications, but why collect even more?
Big tech companies like Google and Facebook know about you more than your government or employer. And that is a scary thought. These companies has no oversight, has very little or no regulation as to what data they are allowed to collect, how they’re going to use it and retain for how long. Their privacy statements are lip service. If the argument is security, better user experience or better service then they’re already asking for too much. There’s only one reason for this, increase the bottom line. There was a time when consumers where outraged about targeted marketing, but in the past five years targeted marketing had a major resurgence and it’s even worse and no one seems to care. What happened? Social media. It’s a Laissez-faire of user data. Scammers and identity thieves are having a ball. Forget your security questions, people know everything about you. Forget about privacy, the locations attached to your posts mean your followers know where you’ve been, and the photos you took at home – or the 360 degrees video of your living room – give strangers all they need to know about what stuff you have and where you keep them. Armed with massive amounts of user information, companies like Google and Facebook can tailor advertisements for each particular user, anticipate when and where (location-based marketing) to push an ad to basically influence and sell anything.
“Facebook doesn’t just track your behavior there – it also buys offline data gathered by marketers or gathered from other sources.”-Barbara Ortutay/AP
“Facebook Admits to Collecting Call and Text Message History From Some Users”-Janko Roettgers/AP
Does Not Apply
Of course these things aren’t so bad if you’re a business or a brand trying to promote your products or services. You need the visibility, you want your target demographics to pay attention to you, know where you are, what you have and where to get them. But this doesn’t concern them. This is about ordinary people who were duped into disclosing sensitive personal information to a corporation, some likely overseas with a sketchy background, for what? For a company to say, “yes, you’re a real person” or worse… provide fleeting attention from strangers. This is not to say that social media is the devil, I’m saying, your email address should be enough to setup an account. There needs to be some form of comprehensive regulation, to limit companies such as Google, Facebook and all of technology companies for that matter, as to what data they can collect from its’ users.
Users: Use Common Sense
In the mean time, what can users do? Use common sense. Users themselves are the first and best line of defense when it comes to privacy. There are a few simple things people can do when using social media, or mobile apps, to help protect their privacy. The following pointers don’t apply to business and brands – like individuals offering professional services.
1. Avoid sharing personal information
- Don’t share everything! There’s no reason for you to disclose unsolicited personal historical information. In the real world, no one goes around parading where they previously live or work. Keep that private unless it comes up in a conversation. Use your interests as conversation starters, this kind of information is generic and not sensitive.
- App account verification is overrated. Twitter started this, Facebook, Instagram and others followed suit. It’s purpose is to ensure the account is legitimate, but it has turned into a virtual class system. Giving celebrities, prominent individuals, people in government, corporations, businesses and even products and films an elevated status where they can use to look down on the rest of ordinary mortals. The process requires disclosure of personal information such as government issued ID or many some solid insider connection or a good press relations officer. It is really unnecessary, your peers know who you are. A well written bio with an appropriate profile photo and a link to your official site are enough. Your online behaviour will serve as your secondary verification. You don’t need a company to tell you or your peers if you’re real or not.
- It’s unnecessary to tell people where you are every time you share something. Use captions to mention a location as part of a post, it’s data that is generic as opposed to location meta data.
- Boasting works against your favor, so be mindful of what you share, especially when you’re in the heat of the moment. Also be aware that social media posts are treated as official statements by news outlets and authorities.
2. Obscurify information
- There’s no reason for you to share your legal name to an app or social media profile, use an alias. Celebrities use stage names, do the same. Use your nickname or invent one. Be creative.
- You don’t have to share your real birth date, use an approximate date. You should only do that when dealing with your finances, taxes, heath care provider, the government or any legal transaction … never for social media.
3. Install only essential apps and mind the privacy
- Uninstall apps you hardly use.
- Avoid using apps that asks too much personal information. If an app requires you to upload a photograph, rest assure that that photo will reside on their server. Learn where the company is based and if they’re reputable before you continue.
- Avoid “unified apps,” especially those with links to social media. It may seem convenient or fashionable, but what you’re doing is you’re enabling a company to collect and consolidate more information about you. Disable search, if you’re using Google Docs otherwise your documents will end up in Google search results.
- Disable location features in your apps, only enable it where it’s really necessary, like navigation apps.
- Opt out of performance feedback. When you opt it, your app or device will send data to the vendor. Sure you want to be helpful, but think, they already have teams and professionals who work on developing, tuning and testing their product. There’s no need for you to send data that will tell them how you used their product. Your device identification, your IP and other network data goes with your transmission, it’s not fully anonymous. Your data can be traced to the source who submitted it, you.
4. Keep your personal digital assets close
- Data storage is cheap, buy portable external drives and use it as backup instead of cloud. If you travel, internet is not available everywhere, and when you’re flying or outside your data coverage, it’s expensive. Just because your data is in the cloud, it doesn’t mean it’s safer or easily accessible. You will need bandwidth to access it, and with Net Neutrality repealed, if you’re living in the USA, accessing it may cost you extra, if you’re not already paying for subscription fees. As well, your digital assets is in some company’s drives, which, by the way, are required by law, particularly in the USA, to turn over such data to the authorities if they deem it as important, for whatever case.
- Concerned about backup? Backup nightly at home when your devices are charging or not in use. What reason would you have to schedule backups while you’re active, frankly, that’s overkill.
5. Avoid using one email for everything
- Using one email for everything is not only precarious, it’s lazy. You’re positioning yourself for exploitation.
- Have at least three e-mails:
- Primary e-email – this is your official e-mail, which you’ll use for official correspondence such as work, legal, finance, banking, health care services, family and friends, etc. This e-mail will contain sensitive information, and the one you’ll be using the most.
- Secondary e-mail – this is your device and app e-mail. This semi-official e-mail will be linked to your devices when you activate them, and consequentially, to apps installed in your device. This is the only purpose of this e-mail.Miscellaneous e-mail – this e-mail is intended for everything else, such as: social media, forums, cloud accounts, online subscriptions, dating, etc. E-mails you receive from this e-mail can be easily discarded.
- Forward your secondary e-mail and miscellaneous e-mail to your Primary e-mail, and enable the option to delete the e-mail after forwarding.
- If you’re using Google gmail, the Forward option can be accessed by going to Settings / Fowarding and POP/IMAP / Add a forwarding address. Provide the primary e-mail when prompted and follow the instructions.
- If you’re using Yahoo, it’s under Options / POP & Forwarding / Forward Yahoo Mail to another email address. Provide the primary e-mail and select the option to delete after forwarding.
- If you’re using Outlook it’s under Settings (cog icon) / Mail / Accounts / Forwarding / Start forwarding. Provide the primary e-mail and select the option to delete after forwarding.
- Create two Filters in your primary e-mail, one each for secondary e-mail and miscellaneous e-mail, to automatically label appropriately emails received from either one upon receipt so they’re collated.
- You could create additional e-mails for what other endeavors you may have, and you could forward them to the Primary e-mail, if you wish to manage all your e-mails in one account.
- Once you’ve setup your e-mail this way, activities and transactions collected by apps, websites and/or devices will be confined to the email accounts associated with it. It will be easier to manage spam, as most of it will likely come from the miscellaneous email, and you can delete it at once without having to bother sift through each of them. This setup adds a layer of privacy to your personal information and will ensure that only legitimate entities, with tougher privacy rules and oversight, poses it. That is peace of mind you cannot replace with a hundred Likes.
And finally, if data collection doesn’t bother you, maybe have a look at this. And if you’re still not bothered, then that’s fine too. Follow this Twitter thread and see for yourself what Google and Facebook typically collects from a user.
If you would like to find out what data Google and Facebook are keeping about you and how to get rid of them, go to this post!
Want to freak yourself out? I’m gonna show just how much of your information the likes of Facebook and Google store about you without you even realising it
— Dylan Curran (@iamdylancurran) March 24, 2018
So, how many Likes is your privacy worth?