In the real world, your personal life is a private space. But in tech, your personal data is a ripe resource for businesses to harvest in their own interests.
That was the broad takeaway from last week’s New York Times profile on Uber, the car-summoning service, and its chief executive, Travis Kalanick. Among other revelations, the report illuminated that to stay competitive, Uber bought information about its main American ride-hailing competitor, Lyft, from Unroll.me, a free email digest service.
How did Unroll.me get data about Lyft? While people could use the service free of charge to unsubscribe from marketing emails, Unroll.me made money by scanning the contents of its users’ inboxes and selling anonymized data, information that did not have individuals’ names attached to it (in this case, emailed Lyft receipts), to other companies, including marketers. Many consumers found Unroll.me’s practices misleading.
In addition, Uber was involved in some deception of its own: It participated in fingerprinting, a process in which iPhones were tagged with permanent identities that were detectable even after the Uber app was erased from the devices. The practice violated Apple’s terms of service, which could have resulted in Uber’s being banned from the App Store. Uber eventually revised the app to remove the fingerprinting code.
When it comes to data collection, services like Unroll.me and Uber are small fry compared with internet giants like Google and Facebook, which have a wealth of information about people. And then there are large data brokers like Acxiom, CoreLogic, Datalogix and ID Analytics, which collect, analyze and sell billions of details about consumers’ online activities for marketing purposes.
For consumers, giving up some data has become part of the trade-off of receiving compelling, personalized services. But that doesn’t mean you have to be caught by surprise. Here are some tips from privacy experts on protecting yourself from tricky data collection.
Read privacy policies
That so many people were caught by surprise showed how rarely they bother to read terms of service agreements, including privacy policies, said Runa Sandvik, director of information security for The New York Times.
Of course, you would not be alone if you felt confused or uninformed after reading a terms of service agreement, which is saddled with language written by lawyers.
“People quickly run into the challenge that there’s so much legalese that it’s up to you to envision how your data may be used,” Ms. Sandvik said.
Still, it’s better than reading nothing.
Research company business models
Rarely is a free product ever truly free, and a company’s business model can provide insight into how your data may eventually be shared. If you are using a product that does not charge an upfront fee or show any advertising, a for-profit company has to find some way to monetize your patronage.
For many companies, the path to monetization is anonymized, aggregated user data. That means while your name will not be attached to the information, your age, gender, shopping activities and location will all be rolled up with other users’ data. Altogether, that becomes incredibly valuable information to many retailers looking for market research.
The good news: There are some nonprofits with no ties to the advertising industry that offer tools to protect your privacy, said Lee Tien, a lawyer at the Electronic Frontier Foundation, a digital rights group. For example, his nonprofit provides Privacy Badger, a free ad blocker, in hopes of getting people to become members and donate to the Electronic Frontier Foundation. Free open-source tools like uBlock Origin, another ad blocker, and Signal, an encrypted messaging app, also lack skin in the advertising game.
But if it’s a for-profit business offering a free product, count on it monetizing your data somehow.
“Follow the money,” Mr. Tien said. “If you’re not paying for it with money, you’re paying for it with data.”
So before subscribing to a free app or online tool, take a moment to do a web search for the company’s business model.
Audit your apps
It’s worthwhile to periodically check your primary online accounts, like Facebook, Twitter or Google, to see which apps are hooked into them. Chances are you have used those accounts to quickly sign up for a web tool or app. The ones you never use may still be leeching off your personal data, so you should disable them.
On Facebook, go to the settings page and click on the Apps tab to see which apps are connected to the account. On your Google account page, you can find a similar apps list labeled “Connected apps & sites.” And on Twitter, go to the Apps page under “Settings and privacy.”
Ms. Sandvik recommended pruning apps that you don’t recognize or have not used in the last six months. Once you have narrowed down the list, take a deeper dive on the ones that remain and read up on how they use your personal data. If their data-sharing practices sound offensive, remove the apps.
Do this audit at least once a year: The number of connected apps on your online accounts can pile up over time. On my neglected Facebook account, for example, I had 82 connected apps. After removing many unused or defunct apps, like LivingSocial, Words With Friends and Draw Something, I had 32 left.
Opt out for good
Deleting your app from your phone or computer often isn’t enough. You’ll remove data from the device itself, but not from the company’s servers.
If you’ve lost trust in a company, make the cleanest break possible: Delete your account. In the case of an app like Uber, for example, you can submit a request on the company’s website to have your account deleted. Similarly, with Unroll.me, you can log in to the site and click through the settings to delete your account.
Even after doing that, you will have to reconcile with the idea that the company will probably hold on to the information you have already shared.
(The New York TImes)