Late last year I woke up to an email warning me that my bank account had been locked due to too many incorrect login attempts. I quickly found that my email and password had been compromised and that all of my online accounts were at risk to hackers. Luckily, my bank account passwords were different than my other personal accounts, but that did not give me much peace of mind. I was forced to change all my passwords for any account that I cared about and have been hesitant to use that email for anything since. This example is a very clear picture of me losing something valuable to me online. My security was at risk, and I had to take extra measures to protect myself. However, not every risk that we encounter online is so apparent. Some dangers hide below the surface. We all need to take our privacy and security online more seriously because our data is a risk, our privacy is non-existent, and our actions online are being tracked.
Continuing from my personal example, I lost my email and password to hackers online. How exactly does something like this happen? I gave my email and password to a company that I trusted, and their systems were breached thus exposing my sensitive data to anyone on the internet who knows how to find it. This is not an uncommon occurrence. In 2014, Sony was hit with a data breach that leaked emails, social security numbers, credit card numbers, and even leaked upcoming and unannounced films (Lending 414). Losing an email is one thing, but losing a social security number is another. We should all be very careful with what data we are putting online and who it is being given to. Over the period of 2004 to 2012, there were 271 documented data breaches (Lending 415). These breaches are not uncommon and can be very damaging to individuals and companies. Unfortunately for consumers, it is often more damaging for them than the companies. Companies don’t always learn their lesson and put their customers further at risk after already being breached. 90 of the firms in the study had been breached multiple times (Lending 448). This means that proper preventative actions were not taken after the companies’ vulnerabilities were exposed. It shows their lack of care for consumers and helps to show why we need to be careful who we trust our data with.
This could potentially happen to any company that we use every day. In many cases, like online banking, you can’t use services without providing sensitive information about yourself. What can we do then to protect ourselves from events like data breaches? We cannot stop companies from getting compromised, and we cannot stop hackers from hacking, but we can be informed as best we can. My recommendation is to use a service such as Firefox Monitor to see if your information has been exposed in a data breach. I would also recommend using a password manager that generates random passwords for each website that you use. This will keep your other accounts safe if one is exposed to hackers. Many people do not take passwords seriously. It is recommended that passwords should be 10 to 12 characters long without any identifiable words or phrases (Sipes 52). Of course, if your password is this long and random, the only hope you have for remembering it is to use a password manager. That way, the only password you need to remember is the one to your password manager. I also use two-factor authentication whenever possible to provide an extra layer of protection on top of my login information.
The problems do not stop at the data that you hand out freely. There is a multitude of data that companies keep on people that is harder to see and even more difficult to stop. Going online at all makes everyone a target for data mining, trackers, and profiling. How does anyone then protect their privacy? Why should anyone care if they don’t have anything they wish to hide? How can companies use our data? Let’s start by first defining privacy. In 2001, Supreme Court Justice Louis Brandeis said that privacy is the right to be left alone (Dean 484). With this definition, I would argue that privacy is impossible when using the internet. By default, we are tracked across the web. Unless you know how to utilize virtual machines, onion routing, and VPNs, then you can’t escape the tracking. I will assume that most readers have not even heard of some of these things, and even these are not perfect solutions. If one must go through such great lengths to cover themselves, I would not call that being “left alone”.
I would also like to make an important distinction between privacy and security. Some people may confuse the two, but there is a distinct difference that is essential to understanding the following argument. Good security can keep your data out of prying hands. For example, Google may keep your files stored safely away from hackers on secured servers. I would give Google credit for having good security. However, that does not mean that you have privacy. According to Google’s privacy policy, they have access to all of your data. This means that while your data is mostly safe from outside forces, it is not hidden from the eyes of Google. Good security without privacy is like a bullet-proof glass house. You are not going to get shot, but everyone can still see what you are doing.
There is a lot of value in the data that you have, whether you are aware of this or not. Companies fight for it and will pay for it. In the arena of data mining, there are many ways that data can be used. Uses of personal consumer data include national security, anti-fraud efforts, crime prevention, product tracking, healthcare, research, promotional offers, and targeted ads (Dean 485). There are ways in which harvesting data can be harmless or even beneficial to consumers. I have argued in the past for the benefits of targeted advertisements as they provide people with more useful products. Healthcare research is an obvious benefit and product research can help improve the quality of products that we all use every day. However, the data mining does not stop there. Crime prevention and national security sound like a great thing, but let’s consider the implications of this. Companies based in the United States are required to hand over data to the government whenever requested. That means that your private notes, photos, and files are not so private after all. You might say that you have nothing to hide from the government, and that’s great, but the government can change. I would not feel the same level of safety if I lived in other more oppressive countries. Besides, even if have nothing to hide, that does not mean that I want people looking through my things. Having purely private spaces online for all of us also includes those who would use it for crime, a major reason why it is fought against by the government. This leads to a more political argument that I don’t want to go down due to the scope of this essay, but the main point remains. Your information is open to the eyes of the government while using standard services.
This is not purely a speculative argument. There is research to back up these claims. Google is a major business that most everyone uses very often. This can include searching the web, storing files, sending emails, and many more. There was a study done in 2017 on how Google has been handling data in communist countries. The research has uncovered government censorship leveraging Google services (Meserve 249). Modern-day Turkey has altered media content, imprisoned journalists, and used Google to regulate internet content. There are specific examples of Google taking down content from opposing political parties and freedom advocates. Google has reported content takedown events from 58 different governments (Meserve 250). Google not only can but also will interfere with what you are doing online as long as they can keep their business up and running in as many places as possible. This should be a concern for all people that use the internet daily for searching the internet, viewing news, or writing things online.
As mentioned briefly above, there are several ways that you can circumvent censorship and try to find a safe space online. I do recommend using a VPN whenever accessing public WiFi because it helps to hide your data from others on the same network. A VPN routes your data first to their servers in an encrypted format before sending the request to the website you are trying to access. This helps to hide the computer where the request is coming from and also the data that is being sent. VPNs can be used to look like a request is coming from a different country to help get around government blocks. For more serious circumvention efforts, it is recommended to use a Tor browser. This is more advanced, but it essentially routes your data through a series of different machines to hide your identity (Owens 52). Together, these tools can be used to help hide one’s identity or spoof one’s location. Some services offer encrypted cloud storage as opposed to a service like Google Drive. With encrypted storage, only you have the key. That means that even if the government took your data from that service provider, they would still need your key to unscramble it. There is an endless discussion that could be done on what software is best for privacy; however, the goal of this writing is just to bring awareness to the fact that such software does indeed exist.
For most people, the government having access to their data or censoring content is not scary enough to make them take their privacy more seriously online. I understand this as it can be hard to imagine anyone actually caring about what you are doing. However, the government is not the only thing that you have to worry about online. You are being tracked everywhere you go. Most websites you visit know who you are, what you like, buy, read, and watch every single day. How is this possible? There are ways to track people from service to service through the use of web trackers. It has been found that 46% of the top 10,000 most popular websites have at least one third party tracker, most of which are from Google (Bujlow 1476). This means they are taking your information and are sending it off to other companies. This is usually included in the privacy policy of the website and you must agree to it in order to use the service.
Websites use cookies to identify users. Cookies are created when a user first visits a site. They are stored on the computer and a user ID is attached to that file and stored in a server. When a user comes back to the site later, it pulls the identifier and loads the data from the cookie. These can be used across websites to track users and their behavior (Bujlow 1477). Now, you might be thinking that clearing cookies is easy. It can be easy, but most people are not thinking about these things. Based on my definition of privacy, this is not being left alone. This is being forced to take action against tracking that happens by default. Regardless of this, cookies are not the only form of tracking. A more serious form of tracking is called fingerprinting. According to Tomaz Bujlow, “a fingerprint is a unique identifier of a device, operating system, browser version, or instance that can be read by the web service when the user browses its website” (1477). This means that the device identifier is not being stored on your machine, but instead, the device identifier is everything about the machine that you are using. It is very difficult to combat fingerprints which makes them very dangerous.
Studies have been done as to what companies can do with the information that they gather about us. Unfortunately for consumers, it is not always with our best interest in mind. It has been proven that websites have shown different prices to different users based on geographical location. Depending on where they connected to the website from, they found different prices with up to a 50% increase for certain areas (Bujlow 1494). This shows your private data being used against you monetarily, and I would argue that everyone should care about this. In 2010, it was found that Capital One differentiated their car loan interest rate based on the browser that their customers were using (Bujlow 1495). Do you want to pay more for your car because you use Firefox instead of Chrome? I don’t think so. It was also found that Chase used user data to offer certain credit cards to certain people. They used extensive online tracking based on where people lived and how old they were to estimate how much money they were likely to have. They used this information to give credit card offers for their Chase Sapphire Reserve to only some people. (Bujlow 1494). This is extremely unfair to everyone is a negative form of profiling that is used to simply increase Chase’s profits. It was also found that some websites would charge more money for hotels based on the device you were using. Orbitz Worldwide Inc. found that Mac users were willing to spend around 30% more than PC users, so they charged them more money just for using an Apple computer (Bujlow 1495). As a Mac user myself, I find this to be very offensive. Just because I enjoy using Apple products does not mean that I want to spend more money on hotels.
These examples should be very disturbing. From this, we can easily see that the data that is known about us is not harmless. The cited cases that I used here are by no means an exhaustive list, and there are more examples that I have found from my research alone. It would not be unreasonable to assume that there are many more cases similar to these across the web that could be impacting our lives every day. It should be clear now that tracking goes far beyond just getting personalized advertisements. It can also impact how much you have to spend on products and what content you see online. I recommend using Firefox over Chrome because they provide better tools for blocking trackers and get you out of Google’s sight as well. There are several extensions that can be useful for blocking more trackers, adding password managers, blocking cookies and fingerprinting, and many more. Finding effective extensions would be a good first step down the road to online privacy, and while I won’t go over these in this writing, it is good practice to research services on your own. Alternative search engines such as DuckDuckGo or Brave Search can provide search results absent from tracking or bias compared to more well known search engines such as Google or Bing (Bujlow 1500). Websites are privacy risk for all of us, but they are not the only threat to our privacy. We need to look a little bit deeper to understand all of the threats around us.
The majority of the people that I know use computers running either Mac OS or Windows. Windows 10 dominates the market for many reasons including application support, gaming, and hardware availability. I use Mac OS and Windows 10 both on my MacBook. However, while Windows 10 does a lot of things very well, it is not great at respecting consumer privacy. Microsoft uses its massive fleet of Windows 10 based machines all around us to collect a lot of data about the people using it. The first issue with Windows 10 is Cortana, the Microsoft voice assistant. Cortana has a lot of privileges by default that are not good for its users. Cortana can collect data such as the words that you speak and the keys that you are pressing (Gralla 6). This may seem a bit obvious considering that it is a voice assistant. Of course, they need your voice to allow you to use this service. The problem is that these things are not easily disabled. Microsoft is adamant that its users don’t need to worry about it and that they can trust them. As we have seen before, trust should not be handed out freely. Users should have complete control over what they are giving out to whoever is taking it. Microsoft does not give a clear description of how they use this data either. If their intent was so pure, then why not disclose it?
The second issue with Windows 10 is not exclusive to the platform. It is called telemetry. Telemetry is essentially data taken from users as they use a service that is anonymized and sent back to developers to fix bugs and gather usage data. In many cases, this is something that users must opt in to. Apple does a great job of this, but Microsoft does not. As in the case of Cortana, telemetry is not easily disabled. Consumers should have control over every aspect of their data. Telemetry is not necessarily harmless either. Especially when Microsoft does not disclose everything that it includes under telemetry, there is a reason for suspicion. Just a small amount of data is needed about a person to track them. It was found that 87% of the United States population can be identified using only their date of birth, gender, and ZIP code (Bujlow 1942). This fact is quite remarkable. It does not take very much information about a person to find out who they are. It can be more difficult to escape the grip of Windows 10 because it captures so much of the market place and is often required for school or work. Mac OS and GNU/Linux are much better privacy-oriented operating systems that I would always recommend over Windows 10 if all the apps you need are there. Linux is the best option of the three because its code is all open source, meaning that anyone can view exactly what is going on under the hood. Mac OS is much more secretive, but Apple still has a better track record than Microsoft.
In today’s world, a computer is often used, but a smartphone is nearly always used. I have my iPhone on me at all times, and I would assume that nearly everyone is about the same. This puts our phones in a unique position to provide massive amounts of value to us but also to be a source of danger. The majority of phones use either iOS from Apple or Android from Google. The issue that I would like to present here is the vast difference between these two companies in their approach to consumer privacy. When developing apps for the iOS App Store, developers must follow strict privacy guidelines that are regulated and defined by Apple. Every app that is published must first be reviewed by Apple to ensure that it meets all of these requirements. As a developer myself, I have seen these restrictions first hand, and while nothing is perfect, Apple has done a good job of keeping things under control. Google takes a completely different approach to privacy. It is by no means required on Android, and instead, it is treated more like feature that developers can provide (Greene 1642). This means that users of Android phones need to be more cautious with the apps that they use, and how those apps use their data.
On both mobile platforms, there is a massive amount of data that is being collected. It was found that on Android 73% of apps shared personally identifiable information with third-party domains compared to only 16% of iOS apps (Green 1643). This is data taken from the app and sent to other places not directly under the control of the app that you are using. These statistics do not include the data that the apps themselves are using. It should always be assumed that apps are taking your data, and it is important to refer to privacy policies for more specific information. I do recommend using iOS over Android in terms of privacy. As we have seen here, Apple enforces privacy much better than Google does. The last topic that I would like to cover in this paper is smart home connected devices. I find this to be important because the amount of these devices is growing rapidly. In my own home growing up, my family went from nothing to four Google Home Minis across the house. My sister has a smart doorbell with a camera and a camera in the home that she can view from her phone. If you’ve been following along this far, you probably know what I would like to say about these devices before I begin. One should always assume they are stealing your data until proven otherwise. A smart speaker is a key right into your home that can listen to everything that you say. This could be a very dangerous thing. Sometimes convenience is not worth the risk, and I would argue that this is one of those times.
A survey was done on a group of people who owned smart speakers and why they feel comfortable having them in the home. It was shown that this group labeled themselves as “having nothing to hide”. One participant said, “I would like to think that we have privacy and things like that, but I know we don’t. I wish we did, but I guess I’ve come to understand that it’s just going to be a part of life” (Lau 15). This kind of attitude is what will hurt all of us. If we willingly hand over what is valuable to us simply because it is difficult to fight, then companies will continue to push the boundary further as to what is acceptable. This is not uncommon speech, and I have heard people say this as well. Hearing words such as these was one of the reasons that I wanted to write about this topic. Our loss of privacy will only get more drastic the longer we let ourselves get walked all over by companies that do not care. We all need to assess our needs and wants carefully. A smart speaker is definitely a want kind of item. It was deemed by this study that the biggest reason why people want smart speakers was because they offered convenience (Lau 19). Consumers are willing to put their privacy aside for a small increase in convenience. This is a frightening trend that puts the power out of our hands.
It seems obvious that there is a risk when using smart devices, but how often is that risk ever taken advantage of? Another unfortunate reality for consumers is that these devices can, will, and have been taken advantage of. Hackers could eavesdrop wirelessly on devices allowing them to see when you are asleep or in the shower. They could see when you are not home to stage a break-in. Such attacks have been performed successfully on off the shelf products (Bugeja 172). These attacks are not just hypothetical. In 2014, it was found that over 73,000 video cameras were streaming surveillance footage on the web (Bugeja 172). It is important for anyone using these devices to be aware of these risks. I would argue that the convenience is not worth the risk for many of these devices. I don’t want anyone looking or listening in on my home.
Throughout this paper, there have been many topics covered from data breaches to smart speakers. There is a lot of information to take in, and it can seem overwhelming with the amount of risk there is with even touching the internet. My goal is not to sound cynical. As a computer science major, I love all of the productivity, convenience, and other groundbreaking features that technology has to offer. But, as with everything else in life, there must be constraints as to how far we can let things go. There are few companies truly fighting for the consumer, and the money is on the opposing team. Our data is sought after and fought for, and we must take action against these advances.
My goal with this paper is to bring awareness to a topic that is often set aside. It is easy to forget about the tradeoffs of technology when it is something we use so often. We have become numb to the negative impact that technology has and the danger that it puts us in. As consumers, we need to take a stand for our privacy by using software that respects it and paying for products that have our best interest in mind. I believe that everyone should form their own opinions and do their own research. I would encourage everyone to look into the safety of the products they use and the alternatives that give the security that we need. I have made changes in my own digital life that have moved me away from many mainstream applications, but I have found myself to be just as productive as I was before. Sometimes there are convenience trade-offs when opting for privacy-oriented software and devices, but that is where we all need to draw our own lines. Let us all understand the risk we take when using the internet and steps that we can take to minimize the damage.
Works Cited
Bugeja, Joseph, et al. “On Privacy and Security Challenges in Smart Connected Homes.” Proceedings: 2016 European Intelligence and Security Informatics Conference; 2017, pp. 172–175.
Bujlow, T, et al. “A Survey on Web Tracking: Mechanisms, Implications, and Defenses.” Proceedings of the IEEE, vol. 105, no. 8, 2017, pp. 1476–1510.
Dean, Matthew D., Dinah M. Payne, and Brett J. L. Landry. “Data Mining: An Ethical Baseline for Online Privacy Policies.” Journal of Enterprise Information Management, vol. 29, no. 4, 2016, pp. 482-504. ProQuest, https://ezproxy.library.pfw.edu/login?url=https://search.proquest.com/docview/2123741674?accountid=11649, doi:http://dx.doi.org/10.1108/JEIM-04-2014-0040.
Gralla, Preston. “Microsoft’s Tin Ear for Privacy.” Computerworld Digital Magazine, vol. 3, no. 3, 2016, pp. 6–7.
Greene, Daniel, and Katie Shilton. “Platform Privacies: Governance, Collaboration, and the Different Meanings of ‘Privacy’ in IOS and Android Development.” New Media & Society, vol. 20, no. 4, 2018, pp. 1640–1657.
Lau, Josephine, et al. “Alexa, Are You Listening?:Privacy Perceptions, Concerns and Privacy-Seeking Behaviors with Smart Speakers.” Proceedings of the ACM on Human-Computer Interaction, vol. 2, no. CSCW, 2018, pp. 1–31.
Lending, Claire, et al. “Corporate Governance, Social Responsibility, and Data Breaches.” Financial Review, vol. 53, no. 2, 2018, pp. 413–455.
Meserve, Stephen, and Daniel Pemstein. “Google Politics: The Political Determinants of Internet Censorshipin Democracies.” Political Science Research and Methods, vol. 6, no. 2, 2018, pp. 245–263.
Owen, Gareth, et al. THE TOR DARK NET. Centre for International Governance Innovation, 2017, pp. 51–62, Cyber Security in a Volatile World, www.jstor.org/stable/resrep05239.9. Accessed 18 Apr. 2020.
Sipes, James L. “Security on the Web.” Landscape Architecture, vol. 92, no. 2, 2002, pp. 44–49. JSTOR, www.jstor.org/stable/44673333. Accessed 18 Apr. 2020.