By way of a simple explainer for those unfamiliar with the concept, Google, Apple, Facebook, and all the rest provide you with a free service by data-mining everything you do with it, and then selling to advertisers the ability to target you with ads for things you’re more likely to buy. It’s like the internet-enabled version of putting ads for expensive watches and jewellery in the in-flight glossies in planes.
The amount of data these companies have on you might surprise you. Their ultimate goal (at least Google and Apple) is to be able to predict what you’re going to search for before you even do it. This sort of analysis of “big data” is trying to distinguish itself from the rest of statistics with its own trendy label – “data science” – which you can even do a free online course in (hosted by Coursera – who big data their learners, learning about big data).
Now this is not to say you should never use any of these services. But the important thing to recognise is that your favourite free service does have a pricetag. Whether you are comfortable paying that price is a personal decision. The convenience of Siri and Google Now (or less obviously, using Gmail or Apple Mail with their seamless integration with your phone) are a powerful hook to keep you providing your data to these companies.
I saw a series of tweets from twitter user @_clair_bear_ (reproduced with Clair’s permission) this morning:
[nb: the original storify vanished when Storify shut up shop. Wakelet - a replacement, doesn't seem to embed the series of complete tweets properly, but the link should work fine now]
I suspect this sort of thing is pretty common. People are aware that some apps are potential privacy risks and take some steps to try and minimise their digital footprint (selective posting on Facebook, for example). It’s much more complex than that, however, and much of the information is buried in the Terms & Conditions for all those apps that nobody ever reads without clicking through. Facebook and Facebook Messenger, for example – track your movements, even when the app is not in the foreground. WhatsApp also collects the same data – and it’s available to anyone with your phone number via a free download.
Most people click “yes” when asked if they want to enable location settings in their Google account – assuming you have, your Android mobile phone does this even without having any other apps installed:
There are other, even less obvious ways for these companies to collect your data. As Clair’s experience show, people often consider SMS to be “more private” than the other internet messenger services (we will ignore for a moment that your telco will soon be collecting your SMS (and other) telecommunication data). Consider for a moment though, how you enter them into your phone. Third-party keyboards, for example Swiftkey are generally much better than the stock keyboards on your device, and are relatively inexpensive.
We may share your information (including but not limited to, information from cookies, log files, device identifiers, learned language data/Language Modeling Data and statistics) with third-party organizations that help us provide our Products ('Service Providers') such as providers of hosting services or analytics tools. Our Service Providers will only be given access to your information as is reasonably necessary and under appropriate confidentiality terms.
Swiftkey also “allows you” to give it access to your Gmail, Facebook and Twitter accounts, so it can “better predict” what you’re going to type. Which of course means that – for the purposes of the T&Cs that you just agreed to giving your “learned language data” to Facebook, as long as they have “appropriate confidentiality terms” (which means T&Cs like these that let them do whatever they want).
On top of what you type in, lots of websites now allow you to “log in with Facebook” (or twitter, or Google) – the data on which websites you visit, and what you look at on them them and all your other metrics are all fed back to the mothership to add to their profile of you.
What can you do?
Well, it’s certainly a good idea to check the excellent guide from the Pirate Party of Australia here. Consider subscribing to a VPN, make sure you enable https everywhere, block tracking cookies with a tool like Privacy Badger, and consider using private browsing.
For your SMS app, Open Whisper Systems have the excellent product Signal, which offers encrypted SMS and voice calling, and I encourage you all to install it, use it and encourage your friends and family to use it as well.
It’s very important to realise though, that while these techniques may enhance your privacy, they will not prevent the sort of data mining that is discussed here. Some services track you based on cookies, which a cookie blocker may prevent. Others use browser fingerprinting to track you without cookies – you can check whether this is the case for you here.
Review the privacy settings of your applications and accounts (and remember that Facebook changes its privacy settings even more than it changes the layout of your News Feed) and if you can possibly avoid it, don’t just click through the terms and conditions. Consider the apps that you may be using (like a third party keyboard) and whether this might just be bypassing all your other efforts.
Above all, you need to remember that operational secrecy is hard. Don’t be lulled into a false sense of security because you’ve installed a couple of off-the-shelf privacy tools and that this means you’re free to discuss whatever you like and nobody will know.
It’s always safe to assume that if you really need it to be secret, it’s probably better to take it offline.
We’d love to hear your thoughts on how realistic (or not) all this advice is over on our forum, and what you do and what you suggest your family do – especially if you’re a “regular user” and not a privacy wonk or IT type.
Thanks to @_clair_bear_ again for permission for use of her tweets.