Home > Big news > News > How to protect your privacy as more apps harvest your data
How to protect your privacy as more apps harvest your data

 

Giving up some data has become part of the trade-off of receiving compelling, personalised services. But that doesn’t mean you don’t have to protect yourself from tricky data collection.

In the real world, your personal life is a private space. But in tech, your personal data is a ripe resource for businesses to harvest in their own interests.

That was the broad takeaway from April’s New York Times profile on Uber, the car-summoning service, and its chief executive, Travis Kalanick. Among other revelations, the report illuminated that to stay competitive, Uber bought information about its main US ride-hailing competitor, Lyft, from Unroll.me, a free email digest service.

How did Unroll.me get data about Lyft? While people could use the service free of charge to unsubscribe from marketing emails, Unroll.me made money by scanning the contents of its users’ inboxes and selling anonymised data, information that did not have individuals’ names attached to it (in this case, emailed Lyft receipts), to other companies, including marketers. Many consumers found Unroll.me’s practices misleading.

In addition, Uber was involved in some deception of its own: It participated in fingerprinting, a process in which iPhones were tagged with permanent identities that were detectable even after the Uber app was erased from the devices. The practice violated Apple’s terms of service, which could have resulted in Uber’s being banned from the App Store. Uber eventually revised the app to remove the fingerprinting code.

When it comes to data collection, services like Unroll.me and Uber are small fry compared with internet giants like Google and Facebook, which have a wealth of information about people. And then there are large data brokers like Acxiom, CoreLogic, Datalogix and ID Analytics, which collect, analyse and sell billions of details about consumers’ online activities for marketing purposes.

For consumers, giving up some data has become part of the trade-off of receiving compelling, personalised services. But that doesn’t mean you have to be caught by surprise. Here are some tips from privacy experts on protecting yourself from tricky data collection.

READ PRIVACY POLICIES
It was never a secret that Unroll.me was sharing anonymised user data with third parties. Its privacy policy, which was publicly posted, says that “we may collect, use, transfer, sell and disclose non-personal information for any purpose” and that data can be used “to build anonymous market research products and services.”

That so many people were caught by surprise showed how rarely they bother to read terms of service agreements, including privacy policies, said Runa Sandvik, director of information security for The New York Times.

When you sign up for a new app or web tool, the company typically asks you to agree to its terms of service. To avoid a privacy pitfall like the one involving Unroll.me, start perusing the terms and pay particular attention to the privacy policy. If you see language that suggests your data could be shared in a way that makes you uncomfortable, opt against using the service.

Of course, you would not be alone if you felt confused or uninformed after reading a terms of service agreement, which is saddled with language written by lawyers. “People quickly run into the challenge that there’s so much legalese that it’s up to you to envision how your data may be used,” Sandvik said. Still, it’s better than reading nothing.

RESEARCH COMPANY BUSINESS MODELS
Rarely is a free product ever truly free, and a company’s business model can provide insight into how your data may eventually be shared. If you are using a product that does not charge an upfront fee or show any advertising, a for-profit company has to find some way to monetise your patronage.

For many companies, the path to monetisation is anonymised, aggregated user data. That means while your name will not be attached to the information, your age, gender, shopping activities and location will all be rolled up with other users’ data. Altogether, that becomes incredibly valuable information to many retailers looking for market research.

The good news: There are some nonprofits with no ties to the advertising industry that offer tools to protect your privacy, said Lee Tien, a lawyer at the Electronic Frontier Foundation, a digital rights group. For example, his nonprofit provides Privacy Badger, a free ad blocker, in hopes of getting people to become members and donate to the Electronic Frontier Foundation. Free open-source tools like uBlock Origin, another ad blocker, and Signal, an encrypted messaging app, also lack skin in the advertising game.

But if it’s a for-profit business offering a free product, count on it monetising your data somehow.

“Follow the money,” Tien said. “If you’re not paying for it with money, you’re paying for it with data.” So before subscribing to a free app or online tool, take a moment to do a web search for the company’s business model.

AUDIT YOUR APPS
It’s worthwhile to periodically check your primary online accounts, like Facebook, Twitter or Google, to see which apps are hooked into them. Chances are you have used those accounts to quickly sign up for a web tool or app. The ones you never use may still be leeching off your personal data, so you should disable them.

On Facebook, go to the settings page and click on the Apps tab to see which apps are connected to the account. On your Google account page, you can find a similar apps list labelled “Connected apps & sites.” And on Twitter, go to the Apps page under “Settings and privacy.”

Sandvik recommended pruning apps that you don’t recognise or have not used in the last six months. Once you have narrowed down the list, take a deeper dive on the ones that remain and read up on how they use your personal data. If their data-sharing practices sound offensive, remove the apps. Do this audit at least once a year:

The number of connected apps on your online accounts can pile up over time. On my neglected Facebook account, for example, I had 82 connected apps. After removing many unused or defunct apps, like LivingSocial, Words With Friends and Draw Something, I had 32 left.

OPT OUT FOR GOOD
Deleting your app from your phone or computer often isn’t enough. You’ll remove data from the device itself, but not from the company’s servers.

If you’ve lost trust in a company, make the cleanest break possible: Delete your account. In the case of an app like Uber, for example, you can submit a request on the company’s website to have your account deleted. Similarly, with Unroll.me, you can log in to the site and click through the settings to delete your account.

Even after doing that, you will have to reconcile with the idea that the company will probably hold on to the information you have already shared. “Data you’ve provided to the service as part of using the service is data that they can store and continue to use,” Sandvik said. “It falls under the terms of service.”

This article was originally publshed on www.channelnewsasia.com and can be viewed in full

 

(0)(0)