Have you ever enabled personal info alerts?
Google has this service where you can input some basic information — your name, email address, birthday, etc. — and they will send you updates every time that information pops up in someone’s Google search. I did this a few months back, and the other day I opened one of the scariest emails I’ve ever seen.
The subject line was already alarming, it read “Your personal info was found on Search.” I clicked the link to review the result, and to my horror, the name, address, and political party of every member of my entire family flashed on my screen. The title read, “Voter records related to Samuel Knight.”
I was so scared. I’m from a state that’s home to violent and powerful far-right extremists like Joe Biggs, where LGBTQ+ people face physical violence and legal persecution. My full name and address, as well as links to those of my family members, were all freely and publicly available within one Google search. For a queer individual in Florida, that’s a disaster waiting to happen.
If my story makes you nervous, I want you to know that details of your private life may also be public on the internet right now. The best time to start protecting your online life and identity is as soon as possible. You can’t know when a malicious coworker, neighbor, or ex-friend may come looking for your details next. It only takes one leak, and the consequences can be severe.
Part I: Papers, Please!
Key takeaways:
- Get notified when something leaks
- Privacy policies are long, but important (read a summary)
- Protect your face like it’s your driver’s license
Some of the most sensitive personal information published online comes directly from the government. That’s how my voter data was published, and how over 250 million American’s names and addresses are found online (according to WhitePages.com’s very own marketing copy), from voter registrations, court documents, motor vehicle records, and other public information.
Not all of the information online comes from the government, though — some of the largest data brokers, who buy and sell your data in an online black market, work with insurance companies, credit bureaus, and retailers to collect hundreds of data points on your life.
For example, Arity, a data broker owned by the Allstate insurance company, partners with SiriusXM radio, Life360, and possibly even car manufacturers to buy and sell precise location data from drivers everywhere.
If you use some of these apps and have never heard about this, that’s intentional. Data brokers don’t want you to know that they track your every step, and with no real transparency requirements or regulations, they know far more about us than we do about them. In his book Data and Goliath, security technologist Bruce Schneier writes, “they all collect and use our data to increase their market dominance and profitability.” In other words, the less you know about data brokers, the more data they collect, and the more data they collect, the more profitable they become.
If you’re unsure about a company sharing data, it’s always worth checking their privacy policy. Focus on phrases like “data shared with third parties” or “data used to operate services”. If you can’t find or don’t want to read an app or website’s privacy policy, tools like ToS;DR (Terms of Service; didn’t read) can provide you with an executive summary of what data is collected, how it is processed, and where it is shared.
For identifying when this type of information goes public, Google’s personal info alerts are a great start. There’s also “have I been pwned”, a website that can alert you when your data appears on the dark web. It’s also worthwhile to check some of the most popular data brokers, and ask to “opt-out” of collection — YourDigitalRights.org offers a newsletter with monthly updates regarding some of the biggest offenders.
It’s also important to check for other avenues of personal information leakage. Photos of your face may contain more data than you think: Kashmir Hill, author of Your Face Belongs to Us and tech columnist for the New York Times, explains that “too many people currently on the internet do not realize what is possible … [they] are hiding their names but exposing their faces, not realizing the risk in doing so.” In her book, she recounts a story of a peeping landlord finding nude photos of a past tenant using the free face search engine PimEyes.
After running a search of my face (which I was able to do for free with no verification that my face is my own, yikes) I uncovered pictures of my high school graduation which were attached to an article including my name and age. Technology like this is one among many reasons to keep your social media posts (especially selfies) private.
Part II: An Ocean of Blank Pixels
Key takeaways:
- Not all data collection is obvious
- Apps and extensions can make trackers visible
- Tracking links: Check before you share!
On top of the data broker market, tech companies and ad agencies have devised faster and more direct ways of collecting your private information. Most of us have some of this stored in different social media accounts, news websites, or even online office tools. Schneier explains how this tracking is central to the internet economy where users, “are tenant farmers for these [tech] companies, working on their land by producing data that they, in turn, sell for profit.”
As you traverse the World Wide Web, you sow a few seedlings with every mouse movement, every click, every scroll, and every tap. Invisible tracking “pixels” lurk everywhere, and social media and online advertising companies like Google inject pieces of code into up to 49.6% of all websites, according to one survey by W3Techs, a consulting firm that analyzes popular websites.
This tracking is both invasive and invisible — consider how much you’ve done on the internet, what you’ve said, and to whom throughout your entire life. Now imagine if a stranger had access to your data from nearly half of all of these websites. It’s a scary thought.
Luckily, there are a few easy ways to stop this kind of tracking, too. Digital rights watchdog EFF.org has created a browser extension called Privacy Badger, which intelligently identifies and stops tracking across the web. It’s like a tracker for the trackers: the more information it identifies going to one website, the more it is likely to block that website. Schneier confirms that Privacy Badger can stop even some of the most advanced fingerprinting scripts (these nasty tools attempt to “follow” you around the web, even after you restart your computer).
You can do your part to stop hitchhiking pixels from following your friends, too. If you share links from an app, copy them as text first and visit them in a web browser. You’ll notice that most links you share contain additional tracking data that subtly disappears when clicked: they stealthily transform into a different, less conspicuous link. If you follow these tracking links with a protection tool like Privacy Badger, you can stop trackers from snooping on your friends, too.
(For Android users, consider checking out Tracker Control, an app that works similarly to Privacy Badger but prevents tracking across your device in some of the most popular apps.)
Part III: There’s No “Easy” in “Privacy” (Most of the Time)
Key takeaways:
- Try a quick search to find FLOSS alternative apps
- FLOSS is a nerdy way of saying “privacy friendly”
- For a fee, some services will delete data for you
Much like a grocery store, it’s silly to always download the first app you hear of. With just a few seconds of research, it’s easy to find privacy-focused alternatives or settings for almost any app.
An example of some good places to start would be “____ FLOSS alternative” or “how to disable tracking in ____”. FLOSS stands for “free/libre open source software,” which is a nerdy way of saying apps that respect your privacy (“libre” is French for freedom) and are auditable by professionals who review them to make sure they keep their promises (“open source” makes this possible).
If I were to complete the above exercise for an app like Microsoft Word, the results would include LibreOffice, a FLOSS app that supports the same formats, and what I’m writing this article on right now. Or, if learning a new app is too much for you, the second search leads to a help guide with instructions on how to navigate the Word privacy settings.
Some of my personal favorite alternative apps include Firefox, a private non-profit alternative to Google Chrome and other browsers, Organic Maps, which has detailed walking and driving directions à la Apple Maps (I find it’s actually better for walking directions if you’re trying to find something in the Commons). My final and most beloved app is Signal, a private and secure messaging app created by a WhatsApp co-founder that works for Androids and iPhones. I’ve personally reviewed all of these apps: they contain minimal tracking and are trusted by top security and privacy experts to deliver on their promises.
If all of the above steps seem a little tedious, there are also a few companies that you can pay to find and remove your data across the internet. All of the recommendations I’ve made so far are tools that I personally use, and they are all free and not-for-profit, but if you have coin to spare and don’t want to think about privacy, companies like DeleteMe offer services to find and delete personal data on your behalf. (There are others, but DeleteMe has been around for a long time, and they seem to be generally reputable. I wouldn’t trust the companies you may have seen sponsorships from social media and podcasts.)
At the end of the day, staying private in our world today is hard work. But, like many other issues in our modern dystopia, every small step counts. If you read this article, I urge you to use at least one new piece of advice, take just one step to protecting a piece of your digital persona. If we all did that, the invasive digital stalking of the internet age would be a lot less profitable.
When there’s no money in our data, our data will finally be set free.
Sam is a first-year computer science major who wants you to know that Big Brother may be more real than we thought…They can be reached at [email protected]