Locked Red Door

Security and privacy have been heavily on my mind lately. From buying a safe for storing anything with my private data printed on it to taking a course on cryptography, I've been taking action to understand what security means to me and how to feel more secure.

You could say I've been conducting a personal security audit. And while physical safety and security are important, I've found myself most exposed by technology.

There's a high probability that you're even more exposed than me. I say this because I happen to program computers, so for the most part, I tend to be more comfortable and aware of the technical aspects of computer use than the average user.

(Programming may sometimes suck, but at least it helps you know why a kid in Russia could have your social security number five minutes after you open a web browser for the first time.)

So what are some ways that you and I are exposed?

Facebook has data about me. At first I didn't realize how much because I fall way short of the average Facebook user's time spent on the site.

So if you're a member of Facebook at all, you might want to download your Facebook data archive to check out some of what this company has on you. Investigate your activity log too. You might be shocked when you actually see the stuff in there. You should probably know by now that they're tracking everything, but this fact may not feel real until you see (some of) the data with your own eyes.

Personally, I didn't expect my archive to have the phone numbers and email addresses of every single contact from my phone. I did click accept on the phone app permissions when I installed it, but I somehow didn't think of exactly how those permissions could be used. Every event I've ever been invited to was in there, even if I didn't attend or ever acknowledge the invite. Every name I've ever searched for. Every message. And much more. You get the idea.

One thing I didn't expect was for all the stuff I've "liked" to be organized under a category titled "ads." This is a perspective shift: Facebook views your likes as advertisements. I shouldn't have been surprised. It makes sense that what you're really doing every time you click a like button is participating in advertising; advertising a movie, book, or business to your friends. Advertising to all future people who see the growing number next to that thing/person/business's "Likes." Telling Facebook exactly what you like enough to make you click on an ad...

That's exactly why companies everywhere are gathering data about our behavior; they hope to sell you, and people their algorithms judge to be like you, more shit.

I consider myself to be very resistant to the typical manipulation techniques used by most ads. I'm not their target audience. So it could be tempting for me to say, "Collect whatever you want about me. I'm doing nothing wrong, so why should I worry? Privacy is dead anyway."

And I did adopt this attitude for a bit. That's why Facebook has as much on me as they do. But I felt strange and uneasy whenever I reflected on the state of things. A web of information about us is generated and stored by every digital action we take. Assuming you trust the collecting companies themselves (I don't), do you trust every single employee who can access your data? (The leading cause of data breaches is employees.)

Can you say you trust any criminal who may ever break their security?

You go about your life unaware of the Digital Shadow you cast. You are not a person to these companies. You are a data cluster. You are $$$.

Who else is tracking the daylights out of you online? Well, Google.

A lot of people treat Google like a friend or therapist, searching for revealing things about themselves because...they want advice? I don't know. A webmaster of any moderate sized site gets a tiny window into the collective crazy being entered in Google search-boxes. Google, obviously, gets it all. And reads your email too.

And since Google's policy is to hand over user records requested by the government, you maybe shouldn't ask Google to help plan your criminal activities.

"Google already knows everything about you." - a coworker

Using Google's Web History page, you can see every single Google search you've run while signed into your Google account. Dating back years.

Here's what I was searching for in 2010:

Google Knows Your Past

My current total Google searches to date: 15436

I would say almost no one knows me as well as Google does. It knows what kind of person is doing this on a Friday night:

Google Knows You

It's true that you won't be able to see this aggregated data if you don't activate Web History. But they're still collecting it. They just aren't showing you. The other search engines are collecting too.

But enough about Google for now.

One day, I found an online marketing list that gave the location of the building I work in. The only place online where I've ever listed my workplace is LinkedIn.

Surprise, surprise, another social network exposes information about me. Well it turns out there is no way to make your LinkedIn profile information private. Your LinkedIn profile provides a location based network of the individuals and companies you've professionally interacted with.

You could delete your profile, but that could also be a link (get it? LinkedIn?) to career opportunities that you're flushing. It was LinkedIn that gave me a way of contacting a former boss who I wanted to ask to be a reference for me. It was a recruiter contacting me on LinkedIn that led to my current job. In fact the site is crawling with tech recruiters I could use to find a new job at a moment's notice. Recruiters love programmers.

Even outside of the internet, you're still being tracked. Every store loyalty card tracks what you purchase. Credit card companies know a lot about you.

You can try to "hide," but trying to hide from Big Data makes you feel like a criminal, even if you're just trying to hide a pregnancy. You'll be buying everything in cash and using the same technology as drug dealers who sell online.

It takes serious, inconvenient effort to avoid being tracked. You can block ads, block trackers, surf anonymously, replace email, and hide your browsing behind encryption. You can even stop using Google search. But "opting-out" is far from the simple, easy act that companies pretend it is.

For example, if you want to watch Emma Stone lip sync on Wired you'll have 24 trackers watching what you do. How long you stay. What you click. Your OS. Your browser. Your physical location. What social networks you're logged into. Where you came from. Where you go. Where they've seen you before online. All without you logging in or being given the chance to opt-out of anything.

24 trackers! That's more eyeballs than I want watching my 2 am internet browsing.

I'm not really comfortable with surveillance being normal.

It's my opinion that internal NSA documents bragging about hunting system administrators to gain access to more networks should concern people.

NSA talks about System Admins

Potato? Potato.

"We haven’t seen yet what a truly bad government is capable of doing with modern information technology. What the good ones get up to is terrifying enough."
Maciej Cegłowski

You know what's scary? I haven't even mentioned what someone with bad intentions could do with some of this data you're leaving all over the place.

I don't know how far I'll need to go to feel secure again. I'm still figuring it out. But this deep dive into my own personal exposure has left me reconsidering and cleaning up from my past blasé attitude towards being digitally tracked.

You might want to start taking this stuff seriously too.

Photo credit: locked door by rohit gowaikar