We all know that being a so-called ‘netizen’ requires sacrificing a bit of privacy. The problem is knowing exactly where that line is between what you need to expose to get business done and what you should keep private even at the expense of being able to do something you want. Well … as the funny Venn diagram above shows, it isn’t easy to find that line, and often not even in our control!
Because as a recent WSJ.com article shows, our ability to find the balance between online activity and personal privacy is being greatly outpaced by the race to collect, track and monetize any and all information about who we are and what we do.
With the upcoming election, it is clear that both parties see much at stake … and are willing to spend loads of cash to get their messages to the right people.
In the weeks before the New Hampshire primary last month, Linda Twombly of Nashua says she was peppered with online ads for Republican Senate hopeful Jim Bender.
It was no accident. An online tracking company called RapLeaf Inc. had correctly identified her as a conservative who is interested in Republican politics, has an interest in the Bible and contributes to political and environmental causes. Mrs. Twombly’s profile is part of RapLeaf’s rich trove of data, garnered from a variety of sources and which both political parties have tapped.
RapLeaf knows even more about Mrs. Twombly and millions of other Americans: their real names and email addresses.
RapLeaf acknowledges collecting names. It says it doesn’t include Web-browsing behavior in its database, and it strips out names, email addresses and other personally identifiable data from profiles before selling them for online advertising.
Nevertheless, the Journal found that, in certain circumstances, RapLeaf had transmitted identifying details about Mrs. Twombly—such as a unique Facebook ID number, which can be linked back to a person’s real name—to at least 12 companies. The Journal also found RapLeaf had transmitted a unique MySpace ID number (which is sometimes linked to a person’s real name), to six companies. MySpace is owned by News Corp., which publishes the Journal.
This isn’t the first time in recent weeks we’ve seen this. While we know that when we shop certain places, use our credit cards for certain types of purchases, and so on, that we are essentially adding to the massive database constantly being pulled from to direct market to us.
The problem is when stuff that is supposed to be private – Facebook private info for example – gets transmitted publicly or sold off to marketing databases either intentionally or inadvertently. Recently there was a big issue with all of the major Facebook apps were found to be ‘leaking’ private user data. The problem also happened with MySpace apps.
I took a look and found that RapLeaf.com allows you to create a personal account to see what information they have about you and to even opt-out of them tracking information.
So what to do? Obviously all of the old recommendations stand – don’t sign up for stuff unless you really want it, beware of ‘win a free (insert gadget here) by entering here’, or worse yet ‘get a iPod/iPad/Zune/PS3/whatever for free by completing 10 things for our partners’, opt-out of everything you can, set your privacy options as tight as possible on all social networks, use basic email ‘smarts’ and remember that you should never give out private info over email or text messages, remember that texting is being used more and more for data collection … and so on.
Bottom line, though: if you bought a new Macbook Air using a Visa Signature card and got some cool accessories from high-end shops using your AmEx card … you have just provided four very convincing data points that will be sold and collated as people figure out how to best increase their sales dollars this holiday season and beyond.
Update: even as I was typing this, we have news from Geeky-Gadgets about a nifty new FireFox plugin called ‘Firesheep’:
Developer Eric Butler has created a new Firefox extension called Firesheep that allows anyone to download and start eavesdropping on any open Wi-Fi network and capture users’ cookies. Then allowing you to login to their Facebook and Twitter accounts with ease.
Butler explains in his website post:
“As soon as anyone on the network visits an insecure website known to Firesheep, their name and photo will be displayed” in the window. All you have to do is double click on their name and open sesame, you will be able to log into that user’s site with their credentials.
They quickly followed up with a post on how to address this issue:
Firesheep relies on the fact that most social sites default to the HTTP protocol because it’s quicker. The already existing Firefox extension Force-TLS attempts to circumvent this by forcing those sites to use the HTTPS protocol, therefore making user cookies invisible to Firesheep.
HTTPS encrypts user data, so if a script like Firesheep’s like tries to pull it, it can’t be read. Force-TLS forces a number of sites to make all of their requests over an SSL secured channel and while some sites, like Amazon, don’t currently have the secure option, the majors like Facebook, Twitter, Google, etc all allow a HTTPS connection.
And while this is somewhat different from what I started talking about, it is a reminder that everyone needs to exercise caution with their private data. My work IT has 15-minute auto-lock on our laptops, which seems like a hassle but makes sure private data isn’t exposed for too long. Similarly it clears all login data at startup, so you have to enter user name as well as password to login, and go through a ‘captcha’ portal to access webmail. All in the name of keeping private data … private. Many of us are very lax at home with computer privacy and security, but it only takes a quick viewing of your firewall and security software logs to remind you that there are automated systems out there trying to gather info and access all the time!
How do you keep your private data safe?
Source: FlowingData via Buzzfeed (Venn diagram), Wall Street Journal (privacy article)