Thinking about your Internet usage, do you feel you conduct more and more of your life online than ever before?
Pat Walshe (Privacy Matters) notes that we go online to: shop, make video calls, message each other, share experiences, thoughts and feelings via social media. We also book heath appointments, search for information including about health concerns for example. We also go online to find and follow travel directions – for travel by public transport, car, bicycle or by foot. We also listen to music or audio online and watch movies or TV on the Internet.
Much of our lives have become digital. But becoming digital creates and leaves digital footprints, digital data that can be harvested and used to profile us, to learn about us, to influence us in ways we may not be aware of. Every web page you visit; every click and tap you make; every call or message you make or receive; every social media post you make; the places you visit or ‘tag’; every ‘like’ you make; the songs you listen to or the movies you watch (and details of when you did, whether you paused or fast forwarded or skipped a track or movie) creates data. This is data that reveals aspects of your behaviour, aspects of YOU and often intimate aspects of YOU. For example, fertility apps that know you intimately. See this 2018 Wired magazine article, ‘Before using birth control apps, consider your privacy’: https://bit.ly/3ajCyZz
Additionally, a privacy charity reported in a 2020 Guardian article that ‘Menstruation apps store excessive information’. You can read about it here: https://bit.ly/3aj7IQH
Then there are apps that share intimate aspects of a person’s sexuality, religion or their location for example (and ‘location’ data can say suggest an awful lot – whether a location is a place of a specific type worship or a health clinic of a specific nature). See this 2020 Consumer report about such apps here: https://bit.ly/3ggUw2x
There are also apps targeted at children and teens/young adults that capture data perhaps without the knowledge of the child or teen who downloaded the app, or the knowledge of the parent(s) who might have purchased an app for their child’s use on a smart device. Yubo is a “social media app” targeted at children to help them find friends. The UK’s Sunday Times newspaper reported on the app’s safeguarding issues in its 20 February 2022 edition. You can read part of that Sunday Times Report in the image below:
We will learn later in this step 5 about free online tools that go beneath apps like Yubo to find if there are any data-privacy issues in this or other apps targeted at children.
Data reveals not just aspects of YOU but also aspects of OTHERS. Of those you communicate with and share information with, of your relationships and patterns of communications. For example, an app may ask you to upload or give access to the ‘contacts’ held on your computer or smartphone. But what is in a contact? A contact may include a person’s name, picture, mobile number, email address, postal address, social media name, anniversary date. Being digital online may require us to not only think our own privacy but also the privacy of others.
As discussed in Step 4, in the EU and the UK, the right to privacy online is protected by specific ePrivacy laws and the General Data Protection Regulation (GDPR). But laws and their enforcement can only do so much. There are things you can do to help protect your privacy online.
We learnt about how people are tracked via the web in step 3. This includes through advertising technology (ad tech) such as cookies, server side tracking. But what can you do to control it and protect your privacy online? [privacy self management is hard].
You can learn more about how people are tracked via mobile apps (software development kits- SDKs), by reading an article by Binns et al. (2018): ‘Third Party Tracking in the Mobile Ecosystem’ accessible from here: https://arxiv.org/pdf/1804.03603.pdf .
Tools to discover tracking and to control it.
Transparency tools - web:
There are number of tools available to help you understand the tracking that takes place on the websites you visit. A lot of the tracking is done to target you with advertising or to ‘personalise’ your experience. This often includes sharing data with third party advertising companies, sometimes hundreds of companies.
Some of the web transparency tools include:
Webbkoll is a tool that simulates what happens when a user visits a web page using a typical browser. It will show what first party and third party cookies may be present on the page visited and also what tracking takes place that doesn’t rely on cookies, such as requests made by servers https://webbkoll.dataskydd.net/en
Blacklight scans a website and reveals key tracking technologies on the site. https://themarkup.org/blacklight
Pagexray is an analytics tool that shows all the ads and trackers loaded on to a webpage and presents the results in the form of a tree graph. Results can be downloaded as HTTP Archive (.har.json) or detailed results (.json) https://pagexray.fouanalytics.com/
Request Map Generator helps identify what third-parties are on a website and where data is transmitted. Results can be downloaded into a CSV file. https://requestmap.webperf.tools
Cover Your Tracks is a tool to test how well your browser protects against tracking and fingerprinting https://coveryourtracks.eff.org
Transparency tools – mobile apps:
Examining mobile apps is not easy. When you use apps on your phone, O’Flaherty, a cybersecurity journalist, states that the apps “may track you across other apps and websites in order to target you with advertising. This is currently done through something called the identifier for advertisers (IDFA), which tracks without revealing your personal information”.
Some tools exist to help shed light on the existence of ‘trackers’ embedded in Android apps.
A key tool for Android is Exodus Privacy:
https://exodus-privacy.eu.org/en/
Pat Walshe (Privacy Matters) advises that there is currently no equivalent tool for Apple’s iOS apps. However, Apple has introduced new transparency rules for its store, and developers, that require them to use predefined privacy labels to disclose what data they use and why. Apple’s new iOS 14.5 also requires developers to "get the user’s permission before tracking their data across apps or websites owned by other companies for advertising, or sharing their data with data brokers.”
According to Apple, its new privacy function allows owners of Apple phones with this operating system to “tap the Privacy Report button to better understand how websites treat your privacy.” (Apple, 2021). Again according to Apple, its App Tracking Transparency function (ATT) will “require all apps to ask for explicit permission to track” and “Under Settings, users will be able to see which apps have requested permission to track, and make changes as they see fit.” (O’Flaherty, 2021).
On the Mac OS, (‘Big Sur’) Apple has provides a privacy report tool that appears as an icon in the Safari browser. This lets users see what trackers are on a web page and being blocked. Apple’s Safari browser is “giving you more ways to help protect your privacy” (Apple, 2021). Apple’s privacy drive is a “game changer” according to O’Flaherty, 2021.
And with the “third-party cookie dying” (Cyphers, 2021), citizen scientists could be the groundswell force that prevents any replacement to track us online, such as Google’s “new suite of technologies to target ads on the web”, moving us closer to privacy browsing.
Recap: What can you do to protect your privacy?
Use browsers that protect your privacy
Use Ad blockers
Use privacy settings – operating systems, browsers, apps.