You, Your Data, Our Ethics

Grey Area

Do you know what’s happening to your data? Would you like to know how you are being profiled?

If so, read on.

Like it or not but you are a commodity: Your thoughts, your habits, your place, your distance, your photos, your loves, your hates are all worth something. And you give it away freely, sometimes unwittingly.  You might be comfortable with this as you trust the recipient not to use the data for nefarious deeds and in most cases, you’d be right. But think about this:

Your data profile can be used in a way that can affect you in the real world such as insurance, mortgages, and loan decisions. Worse, it can be sold to third parties. They can then sell it on to other 3rd parties and they can sell it on to third parties and so on. You get the idea. It’s now out there and you’ve effectively lost control.

We’ve all seen the stories of poor data control where companies have lost millions of customer records, all of which can then be sold on. Here are the going prices from the Dark Web for your details according to a report by Experian*:

• Social Security number: $1
• Credit or debit card (credit cards are more popular): $5-$110
  • With CVV number: $5
  • With bank info: $15
  • Fullz info: $30. Note: Fullz info is a bundle of information that includes a “full” package for fraudsters: name, SSN, birth date, account numbers and other data that make them desirable since they can often do a lot of immediate damage.
• Online payment services login info (e.g. Paypal): $20-$200
• Loyalty accounts: $20
• Subscription services: $1-$10
• Diplomas: $100-$400
• Driver’s license: $20
• Passports (US): $1000-$2000
• Medical records: $1-$1000*

You really don’t want your data being sold there.

If it does fall into the wrong hands you can expect identity theft, hacked bank accounts, and possibly exposure of photos that you may not want seeing the light of day. Ask some of the celebrities from iCloud.

What about location data? You probably share this without even knowing it. Go and have a look at your Google map timeline. Can you remember giving anyone permission to store this? It’s enabled by default. You can ask Google to stop tracking your location history but this just stops them creating a timeline. You have to go through a convoluted set of menus to actually stop them tracking.

Dark Patterns

So, your data is really valuable to you and for companies. They can sell it or use it to better target adverts. GDPR and similar schemes have proven to be an obstacle for companies to get this data. Almost every website you’ll visit will have a nice, ‘Can we have your data?’ request since GDPR came into being.

Some sites are nice about this but others will try all sorts to get you to agree. Have you seen the tiny or hidden ‘Reject’ buttons? Or the extensive lists of Opt-Out toggles where a ‘Reject All’ option would have been lovely? Some sites will even hide their content until you share your soul.  These are all dark patterns set up to engage your apathy in order for you to give up, give in and click ‘Agree’.

If you’re an Android user, go to Settings, look for where your Location permissions are (this varies depending on phone) and check what apps might be tracking you. Do they all need to know your location? Sure, mapping apps and health maps might. But Facebook? Chrome? Games? You can go ahead and revoke those location permissions now if you don’t need those services. The app should tell you why it needs your location and what benefits it will provide you.

It’s also possible to find out who you are by using big data and finely-grained GPS co-ordinates.  All that’s needed is to find the highest number of coordinates sent by an app and this is likely to be either your place of work or your home address. Armed with this information, it’s possible to get the post code and the search for this online to see who lives there.

Into the light

Here at 21:32 we like to do things a little differently. We understand the issues. We are developers, we are users, and we also like to be treated right. We are aware of what the various technologies can do and the tricks done to get data but choose not to use them ourselves.

We treat personal data with respect. We have systems in place to not to let it fall into the wrong hands. We make it easy for customers to choose what and what not to share. We don’t collect data which can uniquely identify an individual, and if we do we explicitly state when we do, why we do it, and how it will benefit the customer. We also let our customers know how they can access or delete their data.

We give our customers control.