Taking control of our digital information is often easier said than done. The sheer amount of data we generate on a daily basis can be more than 300 MB each day and sharing some of this information is a part of modern life. Attempting to control who collects, uses and shares our personal information requires technical tools and know-how and a basic understanding of what risks can ultimately emerge. But before anyone offers up a standard set of tips for how best to manage your privacy, it’s worth taking a moment to learn more about the complex data ecosystem in which we all now live – and what that means for controlling information about us.
So many modern technologies work to eliminate friction across websites, services and even devices, giving us a seamless experience when shifting from watching movies on our phones to connecting on our televisions. But these same technologies also facilitate the tracking and aggregation of ever more information about us. This is known in privacy circles as cross-device tracking. The Federal Trade Commission has explained that companies are tracking users with increasing accuracy and correlating their movements and data streams across different platforms.
Tracking across devices occurs in two general ways.
Deterministic tracking is based on login information. For example, Facebook knows what computers and phones you use because you sign in to Facebook on each of them, but deterministic tracking can also occur when companies you’ve never heard of share email addresses with partners. Probabilistic tracking is even harder to detect, relying on IP addresses and other settings, such as the fonts installed on your computer, to create digital fingerprints about individual users.
Cross-device tracking can be difficult for users to control, and it’s not always clear what the benefit to users is from this type of tracking. To limit the impact of tracking across devices, it’s important to try to break linkages among them. Divvy up services among different email addresses and use different browsers for different activities. For example, consider using one privacy-protective browser primarily to surf the web and another for staying logged in to Gmail, Twitter and LinkedIn.
Clearing cookies and limiting ad tracking on mobile devices can disrupt some of this tracking, but our digital footprints today extend far beyond browsers and smartphones. Viewing habits from our smart televisions, health information from wearable devices and data about our brick-and-mortar shopping habits are all collected and analyzed by trackers. Companies frequently stress that they do not share “personally identifiable information” and while this is technically true, customer loyalty programs track every bag of Cheetos and box of luxury cat toys we buy. Our credit cards provide detailed data trails of where and when we shop and what we buy. Sensitive information about individuals can and often is gleaned from seemingly innocuous places; when it’s not found, it might be inferred. What else can the outmatched individual user do in response?
First, recognize the value of your location. There is a reason so many apps and services either ask for or try to infer your general location. Geolocation data doesn’t just reveal where you are; it often reveals who you are, including your innermost interests, beliefs and desires. Mobile location options, private browsers like Tor and virtual private networks (VPNs) can be used to limit some access to your location data, but even the Supreme Court is currently grappling with all the many ways our location information can be acquired.
Second, to the extent you feel comfortable, obfuscate. Data brokers will tell you that much of the information they obtain is publicly volunteered from surveys we complete ourselves. Think twice before eagerly handing over your email address or phone number for a coupon. (This is where having multiple email addresses can come in handy when your hotel or grocery asks for an email to stay in touch.) Remember, the goal is to try to break the linkages that are being made about your activities online and off.
Third, cash is still legal tender. Pay with it where you can. While credit cards and mobile payment options can offer considerable convenience, we’re also giving up a tremendous amount of control over our financial information and our purchase history. Using credit cards to pay for things like counseling, lottery tickets and pornography can make you look like a credit risk. Paying with cash can protect your personal information (and you’re likely to spend less money, too).
Finally, remember that knowledge is power. Nine out of ten Americans feel like they don’t have any control over their information, but this is because most do not know how it is being collected or trust how it’s being used. Sometimes information has to be shared – to take out a loan, to rent an apartment or even to get a job and yet in the wake of the Equifax data breach last fall, it can be easy to feel like our data is already irreparably out in the open and exposed. But shrugging our shoulders or burying our heads in the sand isn’t productive. According to Equifax itself, 42 percent of Americans have never looked at their credit reports.
We face an information deficit, and unfortunately the burden is on each of us to learn more about our complex data ecosystem. That takes time and energy, and there is almost an overabundance of resources from government agencies and privacy and security advocates. One place to start is our own DIY Digital Security Quiz, and another great way to get bite-sized downloads about our data ecosystem is to tackle Note to Self’s five-day “Privacy Paradox” challenge. It may be hard to take complete control of our digital identities, but a bit more knowledge can go a long way.
About the Author
Joseph Jerome, CIPP/US, is a policy counsel for the Privacy & Data Project at the Center for Democracy & Technology (CDT). His work focuses on the legal and ethical questions posed by smart technologies and artificial intelligence, and he is interested in promoting better transparency and user control mechanisms around novel uses of information across the Internet of Things. Prior to joining CDT, Joseph was an associate in the cybersecurity and privacy practice of a major law firm and worked on a wide range of consumer privacy issues at the Future of Privacy Forum. He has written articles on the privacy implications of big data, trust challenges in the online sharing economy and emerging technologies in video games. Joseph has a J.D. from the New York University School of Law, where he was an international law and human rights student fellow, and a B.A. from Boston University.