The websites you visit – This is the Big Tech that people are usually concerned about. Whether Facebook.com or Google.com or Amazon.com, incognito mode protects you somewhat here as long as you don’t log in, but even then trakcers now use digital ‘fingerprinting’ that combines several signals to uniquely identify you between visits. Those trackers often send data to other trackers that consolidate this sort of data.
The apps you use – Also includes Big Tech, but goes well beyond them. As we have seen in the article about whether or not to use Whatsap, apps use ‘SDK’s or software packages from a number of tracking companies that record your activity in the app in great detail. This activtiy data is a lot creepier and a lot more valuable than we usually suspect. Consider Netflix’s analytics for modeling your preferences. It tracks
- Times when you stop, pause, rewind or fast forward the content.
- Days and times when you watch certain content such as rom-coms on Saturday night at 7pm, and Family Guy on Tuesdays at 10pm.
- The specific dates you watch (e.g. what movies are popular on Valentines’ day)
- Your location when you watch such as your home or at work.
- What device you use to watch content. (e.g. TV for movies, Laptop for binge watching shows in bed)
- At what points during the show you stop watching and move on. In addition, they also track whether you resume watching later.
- What rating you assign a piece of content.
- Your search history.
And also
- How you browse and scroll through selections. I.e. Do you pause and read descriptions, or just skim through until you see a title/cover you like?
- The types of trailers, promotional posters, words, colours and sounds you respond best to i.e. most likely to click on, and follow through.
Similarly, for an ecommerce app, your activity in its app – when you browse, how long you browse, what categories you spend time in, what items you tap preview images for – all this stuff collectively is as valuable as the stuff you actually buy. Same for chat apps. Even if your chat data cannot be decrypted by the company, your behaviour in the app including who you chat with, when, how long, what profiles you tap – all of this builds a picture of you. This The amount of data you can collect on an app – phone make, precise location, contacts – is deeper than websites.
Your DNS provider – DNS is the Internet’s way of translating the internet requests your browser makes and translating them to IP addresses to locate websites, images, CSS stylesheets, fonts and so on. In most cases, your DNS is provided by your ISP. That gives your ISP direct visibility to the sites you visit. If you use another, secure, DNS provider, perhaps one set by your router, or your smart device, or if you change it on your computer/phone/tablet to, say Google or Cloudflare or OpenDNS or some of the others, they now have access to that list. And using a third party DNS provider doesn’t totally hide your web traffic from your ISP either. They may not see the precise DNS request, but they’ll see the reply. You can hide this from your ISP by using a VPN service, but now your VPN provider has access to your traffic [1]
The point of all this is to show that we usually think of privacy in the context of the Big Tech USA companies: Google, Amazon, Facebook and similar. That concern is justified. If anything, it’s under-discussed and poorly understood. But the scope of online surveillance is a lot wider and a lot deeper. And significantly more creepy.
Now that you have some idea of what is watching you online, we can get into how you can protect yourself. We’ll discuss that in the coming days.
(Part 3 – a comment on data custody and open source)
Footnotes
[1] Unless you host your own VPN, but that requires technical capability, and if you’re hosting it in the cloud so you can use it both at home and outside, then you’re paying the cloud provider for all the traffic routed through the VPN.
(Featured Image Photo Credit: Anastasiia Krutota/Unsplash)