Written by Guest | Last Updated March 27th, 2020Our goal here at BestCompany.com is to provide you with the honest, reliable information you need to find companies you can trust.
Guest Post by Will Ellis
I had a slightly depressing revelation today. 2019 has been a watershed year when it comes to consumer privacy. Not because Big Tech has chosen this year to start spying on us — that happened years ago — but because of the sheer number of articles arguing that privacy doesn’t exist anymore.
The depressing part is that we’ve started having this argument long after we’ve already lost it. Without us noticing, we’ve managed to cede our privacy rights to tech companies, and there might be no way back.
But it gets worse. The amount of information that companies collect on us, and the poorly understood consent issues that underpin this are certainly worrying. But once these datasets start to be linked together — as they are now — there really will be no way back.
In other words, privacy might be dead, but it’s about to be deader.
The scale of data collection
To see why, it’s worth looking at the scale of the data collection already in progress. For now, let’s ignore government programs like PRISM and the kind of illegal tracking that is one of the dangers of public Wi-Fi and just focus on the legal forms of data collection that we have already given our consent for.
As the EFF notes, Facebook's claim that is doesn't listen to phone conversations is not really that reassuring, because they have plenty of other ways of spying on their users. Websites like Facebook use 'cookies' to track the people who use their sites, though they have other ways of doing this as well.
The reason they do this is simple enough: Big Tech makes big money from selling users to advertisers, a reality that has given rise to an entire industry of identity theft and consumer online privacy products known as virtual private networks or VPNs.
VPNs ostensibly exist to protect users from data vandals but (incredibly) have been known to play loose themselves when it comes to protecting user data, just like Big Tech. Best practices for anyone who goes online and wants this protection is to compare well-reviewed VPNs, paying close attention to what their logging policies allow them to do with your information.
With Big Tech, though, the unquestioned purpose of sites like Facebook is to collect data that can be sold. The problem — or one of the problems — is that these tracking systems are not limited to the sites of the companies than run them. In addition, these trackers run on almost every site you visit. Google Analytics, one of the most prolific trackers, was found to be operating on 61 percent of a sample of one million websites conducted by Princeton University.
In the vast majority of cases, users have given their consent to be tracked in this way, and even given consent for their data to be shared (and sold) to third parties. Though companies are occasionally caught violating a customer’s privacy, in reality, the majority of the data available has been collected and shared legally.
That’s because most of us don’t have the time or inclination to read the privacy notices that greet us every time we use an online service. Even worse, sometimes our consent is ‘implied’ by the fact that we are using these services in the first place.
Linking the datasets
All of these issues have been well covered in plenty of articles over the past decade, although it is encouraging that many mainstream media outlets are now paying attention as well. Here, though, I want to go a little further than those articles, and look at what the future might hold.
At the moment, the data collected by tracking systems is largely confined within them, and it is difficult to cross-reference information on the same user across different data sets. That might be about to change. For a start, of the ten biggest tracker sites on the web, seven are now owned by Google, and the other three by Facebook.
The holy grail for advertisers has always been the ability to use multiple datasets to build more detailed profiles on individual users. Tech firms have noticed (with dollar signs in their eyes) that more people relying on password managers means there is an exponentially increasing number of systems online users want to protect from prying eyes. Behind each password-protected portal lies a goldmine of data that is worth a lot to advertisers.
At the moment, when this data is sold (or released publicly) it is normally anonymised, in the belief that this will protect user data from being cross-referenced. But recent research suggests that any complex dataset can never be truly anonymous; instead, individual data points can be ‘reverse-engineered’ in order to reveal the identities of the people behind them.
Research like this points to a truly dystopian future. If the information that Facebook collects can be cross-referenced against banking or health records, for instance, then our ability to do anything anonymously will disappear.
What’s the solution?
In some ways, this future has already been anticipated by the kind of government surveillance programs that were detailed in the Snowden leaks. PRISM, for instance, relies on the ability to identify individuals from their habits, rather than using their phone number or email address. The Chinese surveillance programs that Huawei is suspected of aiding work in much the same way.
Unfortunately, these programs might be just the beginning of a new era of widespread surveillance by governments and companies alike. Avoiding this future will be difficult, and at the moment there appears to be no consensus about how to do so.
Some have suggested, for instance, that a U.S. department of cybersecurity would be able to protect consumers’ rights. Others have put their faith in some kind of consumer revolution, in which we all start to take our privacy more seriously and stop using services that spy on us. Neither seems to be a feasible way of limiting the scope of the tracking systems already in place.
The bottom line
Realistically, change will need to come from tech firms themselves. The increased consciousness of the average user when it comes to privacy issues is welcome, thanks to a never-ending stream of high-profile breaches, and it is to be hoped that this will — eventually, finally — get tech firms to listen.
Instead of putting up with data collection as a necessary evil of using online services, it could be that in the coming years companies start selling their services on the basis that they protect your data. Though corporations may have to sacrifice some short-term profit to protect consumer privacy, the long-term benefits of improved reputation, trust, and consumer relationships may ultimately make this worthwhile.
Will Ellis is an IT Security Consultant and the founder of Privacy Australia. He develops the guts beneath beautiful websites and can't wait to see what the blockchain world will look like once the technology fully emerges. He invests in cryptocurrencies and studies history.