Advertisers

The web is powered by advertising as much as it’s powered by servers and routers. Many websites devote far more space and resources to ads than to their actual content. As you know, it’s difficult to read the news, watch a video, check your email, or even search for pictures of cute cats without being bombarded by ads.

Websites sell advertising space because that’s the only way most of them can make any money. However irritating or even slimy you may consider online advertising, it is the mechanism that has kept most websites and other internet services free.

The companies that purchase advertising want to get their money’s worth, and that happens only if the ads result in sales. So advertisers expend a tremendous amount of effort to ensure the ads each person sees are likely to be interesting and thus lead to purchases. When advertisers make money, they’re able to keep buying ads and the sites that display the ads can stay in business.

Years of experimentation have shown that the most effective ads are those that target individual needs and preferences (including things you didn’t even think you needed!), not those that are merely relevant to a site’s content or the perceived needs of a broad demographic group. For example, if an advertiser knows I’m in the market for an air conditioner and shows me an ad for one—even on a completely unrelated site—the chances of making a sale go way up.

How might an advertiser know I’m in the market for an air conditioner if I’m not on a site that sells air conditioners? There are a number of techniques, including tracking cookies (see Manage Local Storage of Private Data), but most involve storing hidden data on my device when I visit one site (say, a search at Amazon.com) and then checking that same data when I go to another site (say, weather.com) that displays an ad from the same provider or advertising network. Although the server may store the details of my visit, the data stored locally on my device enables me to be identified across sites.

As you search the web, browse various sites, follow links, and use ad-supported apps, advertisers can build up elaborate profiles of your perceived interests and tastes. And, because your IP address (or profile information you’ve entered into a service like WhatsApp or Facebook) tells them roughly where you are, they can even display ads for local businesses selling the products you’ve shown interest in.

Unless you regularly search for things that someone else might regard as suspicious, none of this should be a concern. After all, if I truly do want to buy an air conditioner, I’d rather see an ad for an air conditioner than an ad for weight-loss products or cars. Targeted ads should, in principle, be more helpful to me than random ads.

But…

Individually targeted advertising isn’t always to your benefit. The same bits of data that advertisers can piece together to determine your interests and location can be used for things like showing higher prices on furniture to people who live in wealthy neighborhoods—or higher prices on electronics to people using Macs rather than PCs. They could also be used to determine that you are a registered voter in the “wrong” party, resulting in a phone call or text message sending you to the wrong polling place.

In fact, the privacy concerns get even worse. Imagine this scenario, only slightly fictionalized from real life. A retailer tracks your online purchases and, noticing that you’re buying larger clothes, folic acid, and unscented lotions, guesses that you might be pregnant. Then, in an effort to be “helpful,” they display ads for baby clothes and cribs—or maybe they even send such ads by mail. Now family members, coworkers, or other people who might see those ads also suspect that you’re pregnant. Oops. (It gets even worse if a pregnancy goes wrong.)

The variations on this theme are endless, but the point is that advertising can never be targeted with perfect precision. An advertiser may think it’s showing ads only to you, but your spouse, parents, kids, or anyone else who might use the same accounts or electronic devices can also infer private information about you by seeing on your screens the ads that were targeted at you.

When targeting becomes unfair or misleading, when it gives away personal information to others, or when it benefits only the advertiser and not the consumer, you may feel that your private data has been misused. Unfortunately, there’s no master switch you can throw that says, “Sure, you can know who I am and what I search for, but only if you use that information responsibly.” If advertising becomes intrusive or creepy rather than helpful, you may want to take steps to prevent any advertiser from collecting your private data, not just objectionable advertisers. As you’ll see throughout this book, the number of ways in which you give away personal data (voluntarily or otherwise) extends far beyond the websites you visit, so this isn’t a problem with a perfect solution—but you can certainly reduce your risk.

Data Brokers

You may have the impression that each advertiser or ad network is trying to profit directly from your data, but that isn’t necessarily the case. Sometimes tracking data is used primarily to display ads on the spot, but it can also be used to build up personal profiles (including people’s interests, location information, habits, medical conditions, and anything else of interest) that can be sold for a profit.

A data broker is a company that tracks your information in order to sell it—to advertisers, government agencies, or pretty much anyone who’s willing to pay (including Doxxers). Some advertisers are also data brokers: they use your information themselves and also profit by selling it to others.

To learn more about data brokers and the astonishing amount of information they have, see:

• The Data Brokers: Selling your personal information at 60 Minutes

• Brokers use ‘billions’ of data points to profile Americans by Craig Timberg at The Washington Post

I talk about removing your personal data from such companies later, in Purge Your Info from Data Brokers.

Local Villains

Another category of people who might be out to get the digital goods on you is what I’ll call “local villains.” Let me give you some examples:

• Ex-spouses or former partners who want to make your life miserable or even find evidence to use against you in court

• Neighbors with whom you have a dispute or disagreement

• Your current employer, who may want to make sure you’re not violating company policies or misusing proprietary information

• A prospective employer who’s trying to judge your appropriateness for a position

• Stalkers, thieves, and other criminals looking for evidence of when you’re home or not, where your kids are, and other information

• Friends and relatives who like to snoop and gossip

As a group, local villains tend to be less technologically sophisticated than advertisers, hackers, and others who seek your personal information. On the other hand, they may be more motivated, and they’re far more likely to be focused on you personally rather than on a sales demographic you represent. And, let’s face it, most of us have tons of personal information online that’s readily accessible by the general public—Facebook, Twitter, Flickr, personal blogs, and so on.

Doxxers

Doxxing (derived from the word “documents” and sometimes spelled doxing) is the act of discovering and publishing private information about someone else—for example, the real-life identity of someone who uses an alias on the internet, or a person’s home address or private phone number. Although doxxing can sometimes be used for good (say, unmasking a criminal), it’s most commonly used as a tool to harass and threaten someone the doxxer dislikes.

Although anyone could be doxxed, those at greatest risk include celebrities, activists, and anyone who supports, promotes, or comes to be identified with a controversial cause. And, sorry to say, women—especially those who work in the tech industry—are at much greater risk for doxxing than men.

Because many doxxers rely on information compiled by Data Brokers, you can decrease your risk by removing your data from brokers that allow you to do so—some do, some don’t. I say more about this in Purge Your Info from Data Brokers.

Hackers

Some of them do it for fun. Some do it for notoriety. Some do it to make money. But one way or another, thousands of intelligent but misguided people around the world spend most of their waking hours trying to break into computer systems to steal information and money, to trick you into buying something, or simply to cause mischief.

I shouldn’t call them “hackers,” because hacking is a noble art and only a small subset of hackers use their powers for evil. But you know what I mean: black hats. People—mostly young men—who write and distribute viruses, keyloggers, Trojan horses, ransomware, and other malware. People who send spam and use phishing messages to con you into handing over your passwords. People who take over computers by the millions to turn them into botnets. Bad guys.

Hackers rarely target specific individuals—in most cases, it’s nothing personal. The two pieces of private information most of these bad guys would be happiest to have are your credit card number (for obvious reasons) and any password that protects financial information (for the same reasons) or provides access to large amounts of your data, such as your email account. Although it’s difficult to protect your privacy from a truly determined hacker, you can take steps (as discussed elsewhere in this book) to make their work harder and less rewarding.

Big Media

The RIAA (Recording Industry Association of America) and MPAA (Motion Picture Association of America)—along with record labels, movie studios, publishers, game developers, and other major copyright holders—are keen to know who has been pirating their media. Apart from monitoring BitTorrent traffic and file sharing sites, these firms work closely with ISPs to identify people who illegally share movies, television shows, music, games, software, and other copyrighted materials. Depending on your location and provider, this could lead to serious consequences including civil lawsuits and termination of your internet service.

I don’t blame copyright holders for protecting their property; I’ve had my own work pirated and lost money because of it, and it’s no fun. (You did pay for this book, right? Just checking. If not, I should mention in passing that I can see you right now.)

The problem is, sometimes big media companies make mistakes. They’ve sued little old grandmothers who don’t even own computers and made other egregious blunders. Even if you’d never consider stealing media (I did tell you I’m watching, right?), you might prefer that your file sharing activities be kept private.

Big Money

Banks, credit unions, credit card providers, and other financial institutions may want evidence of your thriftiness or trustworthiness in considering whether to offer you a mortgage or other loan. Insurers may want to see whether you engage in risky behavior or have medical conditions that might influence your rates or disqualify you. When lots of money is at stake, it’s only prudent to collect as much information as possible to make a good decision. That’s as true for large corporations as it is for you.

You should not be at all surprised if a potential lender or insurer checks out your Facebook page or searches for your name on Google. Your health-food blog and tweets about your jogging regimen might score you a better life-insurance premium; Facebook posts about late-night drinking binges could raise your car insurance rates. You may never learn why these things happened, either—companies generally aren’t required to reveal how they go about researching you.

Big Data

I’ve mentioned Google (and will do so again)—it is one of the largest non-governmental data collection entities in the world. But it’s certainly not the only one. Facebook, Twitter, Microsoft, Amazon, and other companies with users numbering in the hundreds of millions (or more) collect massive amounts of data on users’ tastes, preferences, opinions, geographical whereabouts, and other details. Although this data is mostly used for targeting advertising (see Advertisers), it can also be put to many other uses, from the virtuous (helping you find a parking space) to the creepy (profiling you as a potential criminal).

Big Brother

Unless you’ve been protecting your privacy by living in a remote cave without electronics or human contact, you’re probably aware of the string of revelations starting in mid-2013 about ways in which government agencies, including the NSA (National Security Agency) in the United States and Britain’s GCHQ (Government Communications Headquarters), have been secretly collecting phone records, email, text messages, recordings of Skype conversations, and other data most of us thought was private—on the authority of secret courts and accompanied by gag orders that prevented those who knew about the data collection from revealing it. In fact, this sort of thing has been going on for a long time, and there’s no end in sight. The public might never know the full nature or extent of government data monitoring.

All this is being done, of course, in the name of preventing terrorism and other crimes. You may or may not believe that. You may trust your government and feel that a reduction of privacy is justified by an increase in security, or you may feel the whole thing is an appalling abuse of power. Whatever your opinions, I believe the following facts are uncontroversial:

• Massive data collection has happened and continues to happen. There are apparently no technological barriers preventing the government from monitoring most email, phone calls, and other online data.

• The laws governing data collection may eventually change, but if the monitoring by the U.S., UK, and other governments was performed for years without the public’s knowledge that the law permitted it, the same thing can happen again. (And in any case, making something illegal doesn’t mean it won’t occur.)

• Although we now know something about data collection by the NSA, FBI, and other U.S. law enforcement agencies, and comparable efforts in certain other countries, the full extent of global monitoring is unknown. It’s plausible that other governments have the capability to capture at least some of your personal data, even if you access internet services only in your own country.

• Other than lobbying for changes in laws you may disagree with and voting for people whose privacy positions you trust, there’s little that average citizens can do about this sort of data collection.

Going back to the “I have nothing to hide” argument (see Learn What You Have to Hide), the difficulty with all this from a privacy point of view is that even if you are the most harmless and trustworthy person in the world, something you say or do online could be misconstrued or misrepresented. Just as spam filters incorrectly flag some legitimate messages as junk mail, government computers could incorrectly flag you as a potential threat, and that could have consequences ranging from inconvenient (such as being put on a no-fly list) to devastating (being charged with a crime you didn’t commit). Computer programs have been known to make mistakes—and so have the people using them.

In fairness, government agencies also collect massive amounts of data for much more mundane reasons—think of the Centers for Disease Control, the Census Bureau, the Social Security Administration, and the Internal Revenue Service, for example—making them another variety of “big data.” Even so, the problem remains that you have no idea who might access or use your information, or for what purpose.

I should also mention in passing that it’s not just the current government that wants to know all about you. Political parties—and candidates running for future office—are also keen to know everything they can, in order to target ads and perhaps sway your vote. And guess who else has an interest in how your country’s elections turn out?

Foreign Governments

Assuming you’ve at least glanced at the news once or twice in the past two years, you’re surely aware that several nations’ governments—most notably those of Russia, Iran, China, and North Korea—have been implicated in using the internet (especially Facebook and Twitter) to influence elections in other countries, sow discontent and discord, and distract people from human rights abuses. Much of this activity has been precisely targeted using exactly the same private data and unscrupulous methods as online advertisers, often in combination with sophisticated fraud, hacking, and captured/fake accounts set up to deliberately spread misinformation.