Who has my personal data? It turns out everyone. Read on to see why this is not cool, and steps you can take to protect yourself.
This morning, I was reading the Daily Upside, and the first story was:
Good morning.
The phone companies were sharing our data?! Get outta town.
On Monday, the Federal Communications Commission fined Verizon, AT&T, T-Mobile, and Sprint — which is owned by T-Mobile — a combined $200 million for illegally sharing access to customers’ location information. The highly sensitive information was sold to data miners and then “wound up in the hands of bail-bond companies, bounty hunters, and other shady actors,” FCC Chair Jessica Rosenworcel said in a statement. The phone carriers plan to challenge the fine. They argue the main reason they share the data is to aid in roadside assistance and medical emergencies, and that they’re not responsible for violations made by data miners. The internet is like the Hotel California – you can check out any time, but you can never leave.
Read the story here.
Data Brokers
In a recent post on Phone Scams, we talked about data brokers. When people talk about evil corporations that are scouring the web for information and selling it, it sounds like a conspiracy theory. Even while writing about this, I was thinking that no one will take me seriously. Maybe it’s because of my tinfoil hat?
I share this article because we need to know that as crazy as it sounds, there are legitimate and not so legitimate corporations that are tracking us, assembling the data they find and selling it. These corporations fall into the general category of data brokers. For more about data brokers, read here.
It all Started With Google
This may not be entirely fair, but they are the 800 lb. gorilla. Google has made a very lucrative business for itself in selling information about us. Go to google and search for something. An hour later, you’re reading the news and an ad pops up for the exact thing you were searching for. Creepy.
Google knows everything we search for. Every website leaves a cookie on our computer to improve our experience. It has info about who we are, what we did on the site so that next time we visit, we have a more streamlined experience. Google started putting this together to understand more about us so that they could provide a new and differentiated service to advertisers. Stop the annoying ads and only show us stuff we’re interested in. Genius.
Why should Google have all the fun? Data brokers got involved so that the little guys, who didn’t have the resources of Google could track us as well.
Who Wants our Info?
It’s interesting to think about this from the other side. To us, it may seem silly to worry about what we put on facebook or what privacy we might be giving away every time we click accept when installing an app. I’m not doing anything that interesting.
Employers
When I was a kid… I know, no one wants to hear, but bear with me. When I graduated from college, I had to go to a printer to have my resume printed. I mailed these to various companies and if I was lucky I got an in-person interview. If the employer was particularly diligent, they might ask for a reference or 2 and call them. This is all they knew before hiring me.
Apply for a job today, and the employer may not even look at our resume. There is a wealth of info available just by typing our name into the google search bar. This is fine if they pull up my linkedin profile, but do I want the employer to see what I have on facebook, instagram and youtube?
But Wait, There’s More
Now extend this to data brokers. The data brokers are out gathering our bank and credit card transactions, the locations we visited (thanks AT&T, Verizon & T-Mobile) and other info that is either available on the web, or which can be purchased legitimately from the companies we deal with.
Our potential employer now knows where we hang out, how much time we spend there, what we bought…
Why Would The Company Care?
A company may not, but we’re being interviewed and hired by people. If I’m a hunter and I spend a few nights a week at the local rod and gun club, we may feel like that’s our own business, but a hiring manager may have a different perspective on guns and this could be held against us.
Let your imagination run. Think of all the things you could do, places you could go, items you could buy, that you may not want a hiring manager, or your boss to know about.
Who Else Has This Data?
The simple answer is anyone who is willing to look. There is a ton of info available for free. Type your name into google search. I did this a few years ago and was astounded at the info. Some was wrong and ridiculous, but some was right on. And while I may know it is wrong, someone who is looking into me won’t. They may assume it’s true.
Beyond this, anyone who is willing to pay a few bucks can go to a legitimate data broker and buy info. It’s safe to assume that when we interview for a job, rent a home or apartment, request a loan, buy a car, the person on the other side of the transaction has a treasure trove of information about us.
Is This Legal?
Yellowbook.com shows up when I search my name on google. It contains the disclaimer:
Disclaimer: People search is provided by BeenVerified, Inc., our third party partner. BeenVerified does not provide private investigator services or consumer reports, and is not a consumer reporting agency per the Fair Credit Reporting Act. You may not use this site or service or the information provided to make decisions about employment, admission, consumer credit, insurance, tenant screening or any other purpose that would require FCRA compliance. For more information governing permitted and prohibited uses, please review BeenVerified’s “Do’s & Don’ts” and Terms & Conditions. Remove My Info.
Sounds like a grey area. May not be legal but on the other hand, if someone finds this info, it’s hard to un-see it.
What Can We Do?
I spent a weekend or 2 several years ago removing myself from the web. It’s a little bit time consuming, but if you look at the disclaimer above, there is a remove my info link. Most sites have this. Since I found myself on yellowbook, I clicked the link. It asks me for my email, I enter it and at some point in the future I should be gone from the site. This worked with MyLife and a bunch of others when I did this years ago.
There are paid services that will do this for you, but it is not that hard to do it on your own. Plus, I don’t want them in control of my info.
Hide My Email
A few years ago, Apple sort of quietly introduced a fantastic new privacy feature called hide my email. If you have an apple id and icloud email, this service allows you to create an unlimited number of throw-away email addresses that link back to your icloud id.
Hide My Email Example
My iphone, ipad and macs nicely offer to prefill my email address any time a website or app presents an opportunity to enter my email. Once I subscribe to hide my email (which costs 99 cents per month and comes with some additional icloud storage, and a VPN-like product called private relay) I now see an option to use hide my email. My phone, ipad, mac enters a funky email address like [email protected]. Any emails to this address are forwarded to my inbox.
The website doesn’t know my real email so they can only access me through the hide my email address. I can remove the hide my email address at any time, or I can keep it and reply to emails. The website still never sees my real address. See a more coherent explanation from Apple here.
Hide Myself
OK, not a real service, but we need to monitor what we voluntarily share with the world. I’m a bit of a nut here. I’ve never used facebook, instagram or whats app. I have a linkedin profile only because I was told I had to have one when I was out of work and looking for a job.
I posted a video to youtube to help others assemble a greenhouse with horrible instructions. I created a youtube account in my dog Rosco’s name for this. You can watch it here.
My team in China used wechat. All the US team members installed the app so that we could share info. I did not.
I assume that regardless of privacy settings, anything I release to the internet will be consumed, transformed and linked up with other stuff to be used against me.
Duck Duck Go
Duck Duck Go is a free privacy focused search engine. The results aren’t always as good as google, but it claims to protect privacy. Read more here. You can use it from your browser or make it the default, instead of google, on your phone, tablet or desktop.
VPN
A Virtual Private Network or VPN, protects our privacy by encrypting web traffic and putting a proxy server between us and the site we’re browsing. With a VPN enabled, I type cnbc.com into my browser. My request goes to one of the VPN’s servers. The VPN server then sends my request to cnbc.com. When cnbc.com responds, it responds to the server. The server then sends the response to me.
In this transaction, cnbc.com thinks it is dealing with the VPNs server. It does not know me or my location. I’m now using a server in New York, so any site I visit thinks I’m in New York.
The transmission between me and the VPN server is highly encrypted. It’s often referred to as a tunnel between the user and the VPN, where no one outside of the tunnel can see the info.
More about VPNs here.
Final note on VPNs. I would be concerned about any VPN that is free. Things like gmail and other services that are offered for free are often financed by selling our data. We don’t want a VPN selling our data (that’s why we use one in the first place!). I love free, but this seems like an area where we shouldn’t skimp.
Private Relay
I mentioned apple has a product called private relay that is bundled with hide my email and extra storage for 99 cents per month. Apple doesn’t advertise this as a VPN, but it provides very similar protection. More here.
Wrap Up
Yes, we should be concerned about our info on the internet. The disclosure about location information being sold is terrifying. I will be restricting my location settings on all my devices and my car later today. I’ll post updates after I experiment with this.
Try the tips above. Maybe we can’t remove ourselves from the internet entirely, but we need to manage what’s out there.
Let us know if you’ve got experiences or tips to share.