I hardly hesitate before agreeing to a product’s terms and conditions anymore. I can barely keep up with the reading in my own classes, let alone spare the time and energy to read a 6,500-word essay written in legalese.
But I’m trying to understand what it means to have good privacy hygiene — to know where my data is going and how it is being put to use. The amount of information that sites legally collect from you on a daily basis may come as a surprise.
For the most part, these collection processes are automated and done discreetly. Sites and mobile apps are said to be “harvesting” your data — in other words, fetching personal information from your browser or phone and using that information to tailor their services to you.
If you use Facebook, Twitter or nearly any Google product, you can be sure that data harvesting applies to you. We use these sites and their products for free and we pay the price by offering information about ourselves. But is it worth it?
Last Thursday, Twitter wrote a blog post about a new “experiment” they are conducting, which slyly hints at the very practice of data harvesting without ever explicitly explaining it. When you visit a site with a “Tweet This” button, Twitter not only knows you visited that site, but also how frequently you visit that site. Considering the ubiquity of the Twitter share button, Twitter essentially sees your browsing history and uses it to better suggest the kind of Twitter users you might like to follow. Influential tech blogger, Dustin Curtis called it “wrong” and “a violation of privacy and trust,” which is true, but also begs the question — just how valuable is your web browsing history?
The average Joe probably cares about his fantasy baseball team a little too much and checks his Yahoo stats four, five, maybe forty-five times a day. So Twitter suggests he follow @YahooSports. Not too bad, right? But what if your web browsing history wasn’t used to better social media connections? What if it was sold to, say, advertisers? How would you feel then?
Twitter points out that LinkedIn, Facebook and YouTube already engage in this practice, which is hardly reassuring. What’s even more disturbing is that data harvesting isn’t just limited to our computers — our phones are vulnerable as well.
Path, a mobile-based social networking app for smartphones, came under fire when a hacker discovered that the application was uploading their users’ address books to the company’s servers and recommending those users to add as contacts to their Path networks — all without their consent. The outrage revealed the lack of protections iPhones have over address books — an all-too-common loophole iOS developers use to mine data. Location and camera roll have far stronger security settings in iOS, while address book had virtually none. Both Apple and Path eventually changed their policy on the issue, but still left users unnerved about the security of the personal information they store on their phones.
Android users are not excluded, unfortunately, which was recently proven by security researcher Paul Brodeur who designed an app just to see how much data it could extract without permission from the Android phone’s owner. As it turns out, quite a bit. Brodeur’s app was able to procure photos stored on external SD cards and launch the phone’s browser to upload those photos to a server. And yes, the app did it all without consent.
It’s important, then, to reconcile how much your privacy means to you — and modify settings on all of your devices and social media accounts to reflect those concerns. It also stresses the significance of hackers in revealing such security breaches, and scaring companies away from data harvesting. Anybody can become a hacker by learning computer programming language – knowledge that I think is increasingly important in understanding this digitized world — but I’ll save that debate for another Monday.
NICOLE NGUYEN is wondering whether or not you people got a piece of the $14 billion Facebook pie. If you sold your soul and bought shares, e-mail niknguyen@ucdavis.edu.
