The Privacy Paradox
Welcome to the 5 new friends who have joined us since last time! If you were forwarded this or read it on the website, why not make sure you get other issues delivered directly?
During a conversation with Viktor Veksei, my ODW2 fellow, and fervent privacy advocate, he mentioned in passing something that made me stop and ask for more information: “we are all in this privacy paradox”. Viktor helped me so much with information and links on this topic that I would say that he’s the main author. Thank you, Viktor!
The privacy paradox is this: people claim they care about their personal data, yet their actions do not match this claim.
The Privacy Paradox
Let me start with a story:
A story
Let's say you enter a bakery:
"A seeded sourdough, please!"
"Sure, what is your name?"
"Aaaa... Cristian"
"Excellent! What is your email address?"
"Uhm... why do you need it?"
"We want to be able to improve our bread services and also inform you when we have fresh pastries. Also, we can be sure that if you have any issues you can report them back."
"Ok... here is my email."
"Oh, brilliant! Here is a cookie sticker, which I will attach to your backpack, so that you do not need to tell us who you are in the future."
"But... wouldn't other stores look at the backpack and see the badge and report back to you when they see me? Or the doctors, the insurers, the jam makers?"
"Trust us! If you want, there is a 15 page leaflet by the door and it contains all the information on how we use your data. It is good, it was written by our lawyers... Oh, by the way, could you please share your contact list now?"
"What?! Why?"
"We have a special program to put bread lovers in contact, so that they can share how they enjoy bakery and give each other tips and advice."
"But I don't want to share that."
"Oh, if you do, there is a welcome pretzel that you get as a thank you."
"Ah, ok, here is my contact list, give me the pretzel."
"Perfect, here it is. Now I need you to share your location. Don’t worry, it only happens when you eat the bread."
"Huh?"
"Yes, the club is much more effective if you can find your friends eating bread or pastry nearby."
"I won't share my location."
"That's a bummer, there is a monthly pain-au-chocolat we send for those who are in the Doughshare club."
"OK, ok. Here it is, I just want my bread now, please!"
"Sure, sure. Can you fill in this form with your home address so that we can send you the pain-au-chocolat next month?"
"Grrr... I just want my bread, here's the form."
"Perfect! Here's your bread. Two thirty, please! Tap your card here."
Ridiculous! Ridiculous?
It’s hard to imagine a story like this happening in a bakery. No one would accept to do what my fictional me did. No one would reveal so much, for apparently ridiculous reasons. Or would we?
Fun fact: most of us would, and actually do this now. Not in a bakery, but online.
Do you have WhatsApp, Signal, Telegram, Clubhouse? They asked for your contact list, and you kind of had to share it. Do you have a Facebook, Google, Twitter or Amazon Account? They follow you when you browse the web or when you read your emails.
When you want to use any app, including news, they ask at least for your name and your email. If you want to secure your access to important websites, you need to provide your phone number so that a text message is sent with your login code.
There are multiple copies of you on the internet: copies with your likes, weaknesses, convictions, principles, behaviours. Google has a copy, Amazon has one, your bank has one, sometimes your electricity company has one.
And all these copies were created legally. Maybe not completely ethically (this is a hot topic, yes), but usually no law was broken. Fortunately, they are more or less partial copies, never full. Not yet full copies.
Is this good? Is this bad? Well, it is something in between.
For any data we reveal, there is a reason. Sometimes it is security, most of the time is just convenience. Convenience is good.
Here are some real examples:
I enable location on Google Maps. I can see where I am on the map (convenience). Google stores the history and, as a result, I can see my favourite places: I see the “Rusty Bike” cafe on the map, whenever I zoom over Uxbridge (convenience), which is pleasant and useful. They charge companies to be seen on the map and they know where I spend my days and nights, so they can show me better ads (convenience), and keep this important service free (convenience).
I sign in with Facebook (convenience), which allows Facebook to know which sites I visit, so they can recommend relevant ads (convenience) that are more targeted for my taste. In turn they can charge advertisers more and keep the service free (convenience).
I save my credit card and full postal address, along with other personal data on many e-commerce websites, so that I can checkout more easily later (convenience) and get discounts and alerts (convenience)
I share my photo, name, phone number and contacts with WhatsApp, so that I can contact and be contacted by my friends and acquaintances (convenience)
I use the Starbucks app to order my coffee and pick it up without queuing (convenience) and the money is taken automatically from the app wallet (convenience).
I record my runs with Strava and they publish my results on my profile, along with the map of my run. I can get cheers from my friends (convenience), I can see where my friends run (convenience), I can measure my performance against theirs (motivation, convenience).
I give my full name, date of birth, address to NHS Blood Donation website (security) and e-mail, so that they send me back reminders on my appointments (convenience).
I give access to health data for my life insurer. They see I have frequent outdoors and physical activity and they give me discounts on my life insurance premium (convenience), as well as a free coffee and a film every week (convenience). Because people who exercise are less likely to be sick and therefore less likely to die.
Risks/Benefits
There is always a tradeoff between risks and benefits. And not only in regards to personal data, but in general. You leave your house keys with your neighbour so that they can water your plants when you’re away or let you in if you happen to get locked outside. But let’s see which risks I took when I used the apps in the previous list:
I enable location on Google Maps. Risk:
Google saves a full history of places I went to. Fortunately, because I live in a democracy and I have a privileged existence, the only real risk I face from having my information revealed is annoyance and, maybe, embarrassment. But for others, less lucky, the problems can be extremely serious: survivors of abuse, recovering addicts, political activists, if their location is exposed, then they are in big trouble (if they are discovered to frequent rehab centers, abortion clinics, gay-friendly spaces, or other sensitive areas).I sign in with Facebook on different websites. Risk:
This allows Facebook to create a very detailed profile of my values, behaviours, beliefs, especially as they can cross-reference the data from other sources: my friends list (and their values, social and economic status, etc.), pages I like, places I’ve visited (photos do have a location in them, don’t they). Facebook sells this data to third parties (e.g. Cambridge Analytica) or leaks it because their ineptitude (e.g. 500+ million profile database published last month) and governments and other bad actors manipulate me using the information they have. Manipulation and influencing are even worse if performed at scale, because instead of convincing me to buy a different brand of razors, they can change the results of important democratic votes (see the Brexit Referendum).I save my data on many e-commerce websites. Risk:
Security is hard, hackers are smart and programmers are not always focused on security, because it doesn’t bring any direct business benefits. As a result, billions of users had their data lost or stolen (see https://haveibeenpwned.com/ for a list). And, as we reuse passwords and emails, one hack can lead to another, and another. I can end up having my identity stolen, or gmail account with all my photos.
I share my profile photo, name, phone number and contacts with WhatsApp. Risk:
Facebook will collect and potentially leak or sell information on whom I talk to more often, which groups I am active in and where I spend my time. They cannot read my messages (like for example the mobile operators read my texts), but still there is a lot of data which can be sold, leaked or cross-referenced with my already too rich Facebook profile.I use the Starbucks app to order my coffee and pick it up without queuing. Risks:
Starkbucks knows my approximate location, and coffee drinking / pastry eating habits. They.make more money on my behalf by locking an amount in the wallet, and can combine the app data with the “free” wifi browsing to create an even better virtual image of myself that they can use to influence me to buy more, leak the information, or sell to others. I can be manipulated, or get my identity stolen..I record my runs with Strava. Risk:
Not much to say here. Data leaking had seriously damaged the US Army. So it’s a matter of national security, too. Strava gave away location of secret US army bases (more on The Guardian)I give my full name, date of birth, address to NHS Blood Donation. Risk:
The site is hacked (or somebody reuses the password that was hacked from another less secure website). They book an appointment and ask for all my past medical records.I give access to health data for my insurer. Risk:
The insurance will become biased and not insure me if they think something is not all right. I do not know what they really do with my sensitive health data.
So for every benefit there is a risk. According to all the papers I read on this topic, people tend to underestimate the risk and opt for convenience. Maybe with the exception of the Germans, who see privacy as a risk not only for themselves as individuals, but as a threat for society and democracy.
This is true, especially with certain types of devices (mobile devices are the most accepted way to give personal data away, as opposed to desktop computers and paper).
This is where the Privacy Paradox comes from: because the value of desired goal (easy login, discounts, sharing with friends) outweighs risk assessment, there is little to no risk assessment, and therefore people (me, you, the majority) give away personal data even if we know it is precious and can have consequences.
I think of personal data hygiene as being very close to those non-urgent but important issues of our time, such as climate change and obesity. I do eat junk food because I get satisfaction now and the problem is potential and in the future. I order a new pair of socks instead of sewing the old ones, even if the clothing industry is polluting more than the airlines and ships combined.
What to do?
First, don’t panic. Don’t be obsessive, as it is useless, anyway. There are some things you can do, but most of them are not under your control, anyway.
There are some things you can do:
Use common sense
Try to identify bad privacy patterns. Apps, companies asking for more personal data than needed should be a red flag.
Every time you are about to give away personal data, take a moment and think about the risks involved: who gets the data, how it can be used, what happens if it is exposed tomorrow (because it will happen someday). Don’t give it if the risks are higher than the benefits (e.g. is it worth giving your name and email address to find out which Friend character are you?)
Try to avoid situations where data about you can be combined with other sources. Economically, the data on you is much more precious when different sources can be combined. This is why Facebook and Google are worth trillions. So don’t connect accounts just for the sake of it.
Keep your software up to date (do not delay those updates)
Don’t use the same password on different accounts (use a password manager and the strong password suggestions)
Search/visit delicate topics and websites using incognito windows/tabs (also known as private browsing). I never search for a disease / symptom / “downloadable” PDF using a normal window. Combine with a VPN for best results, if you are searching for something with a higher stake (abortion clinic, abuse reports). Private browsing is available in all browsers, all platforms, including mobile, and it offers some basic protection.
Check https://haveibeenpwned.com/ with your e-mail addresses and phone numbers
Optional:
Use a VPN when visiting delicate services / websites or when connected on funny WiFi-s
Use disposable email addresses (https://www.mailinator.com/) or a fake name generator (https://www.fakenamegenerator.com/) if you really want that whitepaper and they want registration
For those unknown services you want to use once, sometimes useful to check http://bugmenot.com/. Kind people share their user and passwords so that you don’t have to bother registering
Buy a separate pay as you go SIM card when publishing your phone number on classified ads websites (Craigslist, Gumtree). I used my real phone number once and I still get spam calls months and years after.
My todo list:
I used the same email address over and over again. The same gmail address of mine is known and associated with me by: the government, the gym, immigration services, life insurance, Spotify, YouTube, Slack, and hundreds of others, including of course Google. I need to find a way to have multiple addresses / aliases so that my profiles cannot be so easily combined.
I want to be less trigger happy, especially with mobile apps. I already pay attention, but I found myself being careless at least twice this year.
Closing thoughts
Privacy is a human right. And in decent countries (fewer and fewer, unfortunately), secret services and anything that is related to authorities are (or can get) controlled. Hopefully, today's big tech can be regulated, too, as it happens in the EU, under GDPR. But there are some bad actors that cannot be controlled: nasty governments and cyber-crime.
So this is why having good privacy hygiene is important. I hope that in the future new technologies (such as decentralised identity, hardware keys, etc.) will solve the “risks” side of the Privacy Paradox without too much intervention from us. And better education and awareness will solve the benefit/risk assessment side, which now is ignored by most of us.
Until then, common sense and a few tools should keep us safe and help us escape the paradox.
The End
See you soon! Meanwhile, be happy, be bright, be you!
Consider following, so that the next article lands directly in your inbox.
And don’t be shy! Reply to this message or leave a comment, even if it’s just “Hi!“
Or, if you are shy, click on the heart icon so that I know that you liked today’s issue.