Happy Data Protection Day 2022!
I was invited by Santander Work Café to give a talk today (thank you for the invitation!) on Data Protection Day.
My talk was initially inspired by two main events;
1. A recent hack and compromise of an account (twice!) despite having 2FA on (also known as two factor, two-step or multi-factor authentication). An exciting account of sophisticated Nigerian hackers!
2. The Covid-19 pandemic that continues to present risks to our privacy
I was intending to talk about the dystopian future we all face. Cautionary tales of sorts and tips to protect yourself.
However, in responding to some of the questions I was asked, it was evident that we are already living in “Data Dystopia”!
Judging from the gasps and surprise to the answers to the questions (and impromptu demonstrations) I think it is important to share the issues we face today, on Data Protection Day!
Q1: Why Brave? (instead of Chrome)?
A fair question.
Exhibit A:
The above shows Brave’s “Shields UP” report; the default protection against trackers & ads when visiting the Daily Mail website (for demonstration purposes only!).
59 items blocked on loading the Daily Mail homepage. FIFTY NINE?
Astounding!
Q2: Why does this matter and where are they sending the data?
Trackers and cross-site cookies monitor your online behaviour across sites so that Big Tech can benefit by profiling you.
This could be used for advertising, or in some cases… even preventing access to finance (the EU advises against but does not prohibit use of social media as a source of evidence for creditworthiness; this definitely happens!).
This is such a big problem in general that both the Austrian and Norwegian authorities are banning Google Analytics (tools for developers to easily track user behaviour and activity; Brave blocks by default).
To give a better insight into what websites and apps are doing with your online activity, a great example is “Off Facebook Activity”.
Q3: What is Off Facebook Activity?
What many people don’t realise is that Facebook (Meta) and Google (and to a lesser extent, Amazon) track your online activities as much as possible. Even if you’re not on Facebook or Google (or Chrome), they are tracking you.
In the case of the Daily Mail example, the searches and types of articles I read could be shared with Facebook, adding to my existing profile (not just that I could be a Daily Mail reader! But my interests, as inferred from the content I consume).
This may seem innocuous… “So what?”… even though Facebook/Meta has no business knowing what I’m reading… I certainly don’t think that’s appropriate!
On checking my Off Facebook Activity as I did during the talk, to demonstrate the extent of this problem…
Exhibit B:
Uh-oh… 457 different apps & websites are sending Facebook details about my activity… Wow! Let’s take a closer look!
What does Facebook say they do with this information?
· Show you ads that you might be interested in, which introduce you to new products and services. For example, you may see ads for hotel deals if you visit travel websites.
· Create a more personalised experience for you by suggesting things that you might be interested in, such as events that you may want to go to. For example, you may see events for fitness classes if you’ve recently bought athletic clothing.
I really don’t really want all my online activity to be known by Facebook! They already know enough about me!
According to Facebook businesses can also use these tools to:
· Understand and measure how their website, app or ads are performing and whether they’re reaching the right people.
· Connect to new customers who might be interested in their products and services.
So further profiling me based on ALL my online activity? No thank you!
I love music. I listen to a lot of music. Maybe the fact that Spotify has sent 402 activities to Facebook is nothing to worry about…
Exhibit C:
What are the activities that Spotify is sharing? Should I care?
Actually, having downloaded this data from Facebook, it is allegedly just basic information about me using the Spotify app (yes, apps share just as much data, if not more than websites, with Big Tech!).
Perhaps the fact I use Spotify several times a day isn’t a secret and I don’t care if Facebook knows about it.
But what if it isn’t Spotify? What if it is a controversial website or something sensitive?
Facebook states:
· We prohibit businesses or organisations from sharing sensitive information with us, such as health and financial information, your date of birth and passwords. If we determine that a business or an organisation is violating our terms, we’ll take action against that business or organisation.
Ok, great. Although it’s a bit subjective. The way that Facebook typically tracks “Off Facebook Activity” is using a Facebook pixel (just ONE of the trackers Brave blocks!).
Perusing the Facebook pixel documentation for developers does cause some concern;
What pages did I visit on a website? Could be very sensitive! Not just which website, but what I was browsing?
Oh… just SEARCH??? If app or website developers implement this Facebook Pixel functionality… all your searches on their app or website would be shared with Facebook! Your search history can be one of the most sensitive data sets! Just think back to a time you searched for something sensitive (hopefully using DuckDuckGo, not Google!). Maybe a health-related query… are you happy with this being shared?
Facebook states that health information is prohibited from being shared. But what about an app that blatantly divulges your sexual orientation? Would you be happy with this?
The scariest thing about this is that it has been going on for years and it is default behaviour from apps, websites and Big Tech, all trying to monetise your online activity.
Q4: What is DuckDuckGo?
DuckDuckGo is a privacy-centric search engine, as simple as that!
Instead of giving up your searches to Google or storing them to monetise, give it a try, it does work!
Thanks for reading about the Data Dystopia we live in today.. relevant to everybody on the internet (including you!) 😊
After all that, the main topics of my original agenda will have to wait for another post next week!
Thank you for reading. I hope that you are prompted to take action if you don’t already do the following:
· Use Brave
· Use DuckDuckGo
· Check (clear!) your Off Facebook Activity
· Use Revoke (it’s free!)
Leave a Reply