Tuesday, 8 June 2010

How we sell our privacy

Every time you use a supposedly free web service, the price you are paying is a hidden donation of a slice of you life. Filling in one of those forms that are absolutely typical of most websites that require a login, have you ever stopped to wonder what happens to your first name, last name, date of birth, username and password? In fact, how often is that stuff even relevant to the content the website is offering? If you're choosing to sign up for an internet forum to discuss movies or computer games or DIY carpentry, then your actual name is pretty much irrelevant. Yet still you blithely hand over facts about your private life without so much as a second glance.

But what happens to that information? Most of the time it goes into a profile of some kind which you can choose to display or not to display. Sometimes it's used elsewhere. But the key part is that it is stored. Copies of your information are on a server somewhere, bits of information about you and your private life stashed away, available to people and organisations who may not have your best interests at heart. A name can lead to a phone number and a home address, a home address and information about your private life (say, a post you make on a fitness website about how you go to the gym every thursday at 3 pm) could be used to plot a burglary. I haven't personally heard of this kind of information being abused in such a way, but frankly we're only at the tip of the iceberg here.

The next step is you buying stuff online. When you buy stuff online,y ou don't just type in your name, address and phone number, you also give away that most crucial of pieces of information, your credit card details. That is all that is needed to steal vast amounts of money from you. That information is also stored, in a form that companies can retrieve if they need to: take this document from microsoft detailing the information they can provide to the police http://file.wikileaks.org/file/microsoft-spy.pdf and in particular the section at the bottom dealing with xbox live services; now while I hope none of my readers are having any trouble with the police right now, consider this: if microsoft can retrieve that information on request, if at some point someone were to hack microsoft's servers what would stop them retrieving the same information? Presumably microsoft's servers are a tough nut to crack, but then you'd think the same about the US department of defence and that didn't stop Gary Mckinnon. Now consider that every service you've ever paid for online potentially has a copy of your credit card details.

We're not done yet.

Recently all this privacy jazz has been taking centre stage in the news, too, with the almighty backlash that confronted Facebook over their changes to their security policy. This baffles me somewhat; shouldn't it be immediately obvious to anyone signing up to a site whose purpose is to create a profile of you and share it with others be surprised to discover that this is a threat to their security? Regardless, with regards to privacy, facebook is to my mind far less insidious than google. How many people know that google stores their search histories? Everything you have searched for is stored somewhere on a google server linked to your ip address. Servers that recently had personal information stolen from them (granted, from gmail accounts rather than from search histories).

Indeed, google's business model is to use information about you to sell targeted ads; this is what makes them so successful. A company buying ads with google knows that they are likely to get a better return than with other services because of google's vast pool of data about you that it can use to target ads at you; geographical location (from your ip address), what you searched for, the content of the site you are visiting and so on. In other words, Google sells personal information about you to companies that want to sell you stuff. That thought is to me rather chilling.

Here is a quote I sourced from wikipedia (whoo journalism):

On December 2009, Google's CEO, Eric Schmidt, declared after privacy concerns: "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities."[13]"

It is often tempting to treat the internet like we treat the sea; a vast dumping ground for everything and anything, where our data will be lost in the great seething vastness of it all. But like the ocean, it all washes up somewhere. Anything you type, anything you've said, anything you have told others can and will be used against you. How long until a political scandal is broken via facebook? Remember, nothing you say or do on the internet is ever truly lost, and nor is it ever truly private.

1 comment:

  1. I've always wondered how much the availability of personal information has actually impacted the lives of those who aren't the victims of identity theft (which as far as I know is a tiny percentage of those people who regularly use the internet.) In general marketing is not a means to hoodwinking people into buying stuff they don't need but bringing people with particular wants and needs together with the people who provide those services. As such google ads doesn't bother me at all. Inso much as it being dangerous for my bank details and such being online and retrievable, unsurprisingly the most businesses and indeed the financial sector in general are amazingly tech savvy and so generally this information is better protected than any ordinary person's best ATM practices. I'm far more likely to lose my bank details over improper disposal of physical evidence than from hackers and crackers. (Although thieves going through my bins makes for a much less interesting movie than Swordfish...) (...Actually maybe it doesn't.)

    Keeping information well as well protected as posible is definitely a good idea, but I do think that the profile information theft has in the media is disproportionate to its relevence.

    P.S. Why didn't you let me know you had a blog before?

    ReplyDelete