How the Internet is Keeping Tabs on Your Every Move

from The Washington Post, wirecutter, The New York Times, the verge, BuzzFeed News, USA Today, and Bloomberg ­BusinessWeek­

You are being stalked everywhere you go. In your car. On your morning walk. Even in your own home—by your own TV.

In our hyperconnected world, where your phone is always with you, information is being collected—and shared—every nanosecond.

“So what?” you say. “I have nothing to hide.” Don’t be so sure. As privacy expert Bennett Cyphers told a reporter for the New York Times’s Privacy Project, “The only people I’ve heard say ‘Who cares?’ are people who don’t understand the scope of the problem.

The problem is that while corporations and data brokers are hoovering up all the information they can get their sticky mitts on, there are no laws governing what they can do with that information—or whom they can sell it to. That includes things you thought were private, such as health and financial data, as well as your beliefs and daily habits. Someone knowing that you ordered three extra-large pizzas with the works for dinner last Friday night may seem harmless enough, but there’s a deeper principle at play. As cyber expert Bruce Schneier puts it, privacy is not just about freedom from embarrassment. “Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect,” he says.

Yet we do little to block the spies. We click “I Agree” without reading the user agreements. We say we’ll do one of those privacy checkups one day, but we never quite get around to it.

And that means your personal information could be used against you in the future in ways you can’t imagine today. So what do you have to worry about, and what can you do to protect yourself? Read on—and take notes.

Getty Images (2)

At home: Televisions

By Geoffrey A. Fowler
From The Washington Post

Wrapped in a Snuggie, I like to binge on reruns of The Golden Girls all by myself. Except I’m not really alone. Once every few minutes, my TV beams out a report about what’s on my screen to Samsung, the company that made it. Chances are, your TV is watching you too.

Ever wonder why TVs are getting so cheap? Manufacturing efficiency plays a role. But it’s also because TVs have joined the ranks of websites, apps, and credit cards in the lucrative business of sharing your information. Americans spend an average of three and a half hours in front of a TV each day, according to ­eMarketer. Your TV records may not contain sensitive financial data, but that history is a window to your interests, joys, and embarrassments. And marketers are grabbing it because, legally speaking, we gave our permission when we set up our Internet-connected smart TVs.

The TV makers sell this information to data brokers, who in turn sell it to advertisers and media companies, who are now able to link up what you watch with what you do on your phone, tablet, and laptop—even with what you buy in stores. Marketers can then retarget ads you see on TV to your computer and phone. They can measure how many people bought their product after seeing their ad.

I ran an experiment on my own Samsung TV as well as new models from Samsung, TCL Roku TV, Vizio, and LG. I set up each as most people do: by tapping “OK” with the remote to each on-screen prompt. Then, using special software from Princeton University, I watched how each model transmitted data. What I found: Some TVs record and send out everything that crosses the pixels on your screen. It’s not always “you” they’re after, but your behaviors help create aggregated statistical models of people who act or watch TV the way you do. Still, you might find it unnerving. When I set up my TV, I didn’t realize I could say no to any of this. You can change your settings after the fact, if you’re prepared to hunt around in out-of-the-way menus, such as “Terms and Policies.” But it may be worth the hunt.

At home: Smart speakers

By Grant Clauser
Adapted From thewirecutter.com

Alexa is always eavesdropping. (So are Siri, Google Assistant, and any other virtual assistant you invite into your home.) This is and isn’t as creepy as it sounds. Although it’s true that the device can hear everything you say within range of its microphones, it is listening for its wake word before it starts recording. Once it hears that—“Alexa” is the default, but there are other options—­everything in the following few seconds is perceived to be a command or a request and is sent to (and stored on) servers in the cloud, where the correct response is triggered. Think of a smart speaker like a dog: It’s always listening, but it understands only “cookie,” “walk,” or “Buddy.” Every­thing else goes right over its head.

Every time Alexa hears a command, Amazon—its parent company—has just learned something about you. (Same with Apple and Google, if you use their speakers.) Maybe the company learned only that you like to listen to the Police, or that you like fart jokes, or that you turn your lights off at 11 p.m. every night. If you were to say “Alexa, where should I bury the body?” you’re not going to have the police showing up at your door. (I know because I’ve tried it.)

Alexa does make mistakes. Sometimes this can be funny, such as when Alexa hears its wake word in a TV show. Other times it’s more serious, including an instance in 2018 when Alexa mistakenly sent an entire private conversation to a random person’s Echo device.

Occasionally there are even humans listening to your request for weather reports or trying to figure out what you meant when you added “mangosteens” to your shopping list. Sound intrusive? You likely already agreed to it in the app’s terms of use when you installed the device.

What bits of privacy are you willing to sacrifice for the convenience provided by a smart speaker? If you trust that Amazon’s intentions are no more nefarious than getting a better idea of what you want to buy on Prime Day, then you have your answer. If you worry about your private information falling into the hands of the wrong people, then you have another answer.

Getty Images, Courtesy Tesla

Out in the World: Cars

By Bill Hanvey
Adapted From The New York Times

Today’s cars are equipped with “telematics,” monitoring technology that constantly sends vehicle performance and maintenance data—and much more—to the manufacturer via a wireless transmitter. Cars not only know how much we weigh, but also track how much weight we gain. Connect a phone to a car, and it knows whom we call and text.

But who owns and, ultimately, controls the data? Drivers usually sign away their rights in a small-print clause buried in the purchase or lease agreement. What carmakers are doing with the collected information isn’t clear. We know they use it to improve car performance and safety, and we know they have the ability to sell it to third parties. And unfortunately, there is no opt-out feature.

Carmakers use data to alert us when something needs to be repaired or when our vehicles need service. What they don’t tell us is that by controlling our data, they can limit where we get that repair or service done. And they are more likely to share our data exclusively with their branded dealerships than with independent repair shops.

Imagine visiting a medical specialist and learning he or she can’t access the medical history your doctor maintains. It’s easy to imagine carmakers charging fees to independent repair shops that need your data to service your vehicle, leading to higher repair prices.

Because of the data’s estimated value—as high as $750 billion by 2030—carmakers have no incentive to release their control. Policymakers, however, have the opportunity to give drivers control. This will let car owners maintain what they’ve had for a century: the right to decide who fixes their car.

Getty Images (2)

Out in the World: Fitness Trackers

By Curtis Franklin
From theverge.com

With all the data these devices ­collect—steps taken, hours slept, and more—how can you be sure your privacy won’t go flying out the window? Health privacy laws were designed to keep sensitive information private, but they don’t apply to these trackers.

While your heart rate probably wouldn’t mean a lot to someone who managed to see it, a wearable that tracks your running routes could provide information of great interest to stalkers or attackers. The menstrual cycle tracking offered on some devices could allow for a significant breach of very private information.

All too often, apps and devices collect far more data than necessary. If possible, you should let them collect and store only the data required to give you the feedback you want. For example, if you want to count your steps and heartbeat but have no real interest in your sleeping habits, then turn the sleep tracker off. If you want pace, cadence, and speed information, it’s unlikely that any of that will come from your phone’s microphone, so if an app asks for access, just say no.

Out in the World: Schools

By Caroline Haskins
From buzzfeednews.com

For high school students, participating in school life means producing a digital trail—homework assignments, essays, e-mails, pictures, creative writing, chats with classmates. For many, it is all monitored by the student-­surveillance service Gaggle.

Using artificial intelligence and human content moderators paid about $10 an hour, Gaggle polices schools for suspicious or harmful content. The goal is to help prevent gun violence and suicides. It plugs into two of the biggest software suites, Google’s G Suite and Microsoft 365, and tracks everything. This includes notifications from Twitter, Facebook, and Instagram accounts linked to school e-mail addresses. Gaggle claims to have saved hundreds of lives during the 2018–19 school year.

But in the process, Gaggle is subjecting young lives to relentless ­inspection and charging schools upward of $60,000 per year. It’s not at all clear whether Gaggle is as effective as it claims, or that its relentless surveillance is without long-term consequences for the students it promises to protect. And there’s really no way to stop it. Gaggle “recommends” that schools get permission from parents and students. But, a spokesperson says, “If a student opts out of Gaggle, then they would not be able to use the school-provided technology.”

Everywhere: Facebook

By Jefferson Graham
From USA Today

My editor, Michelle, was at a birthday party for her son’s friend when another mom mentioned a company she liked, Joymode. Minutes later, an ad for Joymode appeared on Michelle’s Facebook news feed. You may already know that every time you like a post, leave a comment, or tag a friend, that gives Facebook even more ammunition to serve up targeted ads. But is Facebook listening to our conversations too?

“We don’t look at your messages; we don’t listen in on your microphone. Doing so would be super problematic for a lot of reasons,” said Adam Mosseri, CEO of Instagram, which is owned by Facebook, in a CBS interview.

The truth is, Facebook tracks us in ways we don’t even realize and is so good at it that we think it’s monitoring our conversations. Instead, it uses sophisticated demographic and location data to serve up ads. If you use Facebook to sign into other websites, that gives them even more data about you. So that’s one easy habit to stop right away.

Getty Images, via google.com

Everywhere: Google

By Max Chafkin
From Bloomberg BusinessWeek

Gmail has been more important to me than any product I’ve ever owned. It’s where my wife and I first started flirting and where, 14 years and two kids later, we send jokes and Gchat-length love notes. It was the center of my professional life for years. It contains the contact information of pretty much everyone I’ve ever known, plus a decade and a half of credit card bills, tax returns, embarrassing pictures, bad jokes, and apologies for those jokes.

But stories about tech companies’ violations of privacy got me thinking about a scenario that once seemed unimaginable: life without Gmail. Google, after all, has been repeatedly accused of improperly collecting user data. Last year, it paid $13 million to settle a class action lawsuit about its Street View program’s scooping up personal information from people’s home Wi-Fi networks. (It denied any wrongdoing.) And yet, I was still giving it the entirety of my inbox.

This spring I started telling friends, family, and coworkers to send e-mail to a new address, hosted by my own personal server. For searches, I started using DuckDuckGo, a Google competitor that doesn’t collect user data. I realized I’d been self-censoring my e-mails for years, keeping certain thoughts out of even personal correspondence due to a fear that they might wind up in a hack, or a lawsuit, or some advertiser’s data dump. The experience of having my data sitting only in a little box on my desk was weirdly thrilling.

Everywhere: Online Retailers

By Kashmir Hill
Adapted From The New York Times

We all have secret “consumer scores,” hidden ratings that determine how long we wait on hold when calling a business, whether we can return items at a store, and what type of service we receive. A low score sends you to the back of the queue; a high score gets you elite treatment. Little is known about these scores. Most people have no inkling they even exist, and companies are mum about how they come up with them, or that they exist at all.

A watchdog group called the Consumer Education Foundation wants the Federal Trade Commission to investigate secret surveillance scores “generated by a shadowy group of ­privacy-busting firms that operate in the dark recesses of the American marketplace.” The report named 11 firms that rate shoppers, potential renters, and prospective employees.

I got my file from one of these firms; others gave the runaround. The company that cooperated, called Sift, says its “proprietary scoring system tracks consumer behavior with hundreds of companies.” My report was shocking: More than 400 pages long, it contained all the messages I’d ever sent to hosts on Airbnb; years of Yelp delivery orders; a log of every time I’d opened the Coinbase app on my iPhone.

Sift knew that I’d ordered chicken tikka masala on a Saturday night in April three years ago. It knew about a nightmare Thanksgiving I had in California’s wine country, as captured in my messages to the Airbnb host of a rental called “Cloud 9.”

The companies gathering the data say they find it valuable for rooting out fraud and increasing the revenue they can collect from big spenders. But the process is far from transparent.

You can’t necessarily stop companies from gathering information, but if you’re curious about what’s in your Sift file, you can request it by e-­mailing [email protected]. Just be aware that after this article was published in the New York Times, the company was overrun with requests, so it might not get to yours quickly.

Getty Images (2)

How to Protect Yourself

You can’t prevent all Internet spying, and you may not want to—for example, when you start tapping a web address into your phone’s browser and it automatically fills in the rest, or when a shopping site saves what’s in your cart. But you can minimize some unwanted spying by taking these steps.

If you’re worried about your personal information getting lifted …

Don’t hand over your name, address, phone number, or e-mail address unless the recipient really needs it. If pressed, you can always make something up. Opt for a paper receipt or no receipt rather than getting one via text or e‑mail, which requires sharing your information and exposes you to possible data breaches, such as those at Hobby Lobby and Target.

If you want companies to stop trying to sell you things …

Stop ads from tracking you by opting out of information collecting. The website simpleoptout.com is a good place to start. Add your phone ­numbers to the National Do Not Call Registry at 888-382-1222 or donotcall.gov.

If you prefer that your Internet searches stay private …

Browse with Firefox. Its privacy controls are stronger than other big-name browsers. Or use ­DuckDuckGo, an alternate service you can easily set as your default search partner at duckduckgo.com.

If you’re worried about your phone acting as a tracker …

Turn off Location Services for all apps except maps and others that expressly need to know where you are. You can do this in Settings, under Privacy and Location.

If you’re worried about in-home devices listening to or watching you …

Hunt around in the device’s menu or mobile app for privacy settings so you can opt-out. Mute smart speakers when you’re not using them.

If you’re worried about your car knowing too much about you …

Unfortunately, you can’t opt-out of your car’s built-in computers collecting data. But you can minimize how often you pair your smartphone with your vehicle’s infotainment system.

If you’re worried about being tagged in photos on social media …

Tell friends you don’t want to be tagged, and opt-out of being automatically tagged in other people’s Facebook photos by going to Settings, then Face Recognition. (Instagram doesn’t use facial recognition.)

If you’re worried about tech giants tracking everything you do …

Sign out once in a while. For example, make sure you’re logged out of Gmail before you watch YouTube; otherwise Google will know your viewing habits. And don’t use Facebook to sign in to other websites.

If you’re worried that the government isn’t doing enough to protect your privacy …

Europe has a law that gives people the right to know who shares their personal information and the ability to opt-out. A new California law is this country’s first step in that direction. So if you’ve noticed a link lately that says “Don’t sell my personal information” or something similar, that’s why. (The law affects all Americans.) A national proposal, the Consumer Online Privacy Rights Act (COPRA), is in the Senate, awaiting review.