A friend of mine called me the other day to share an unsettling experience she had, one that has been happening for quite some time to all of us, but until recently few of us have been conscious that it's been happening. She explained to me that she recently bought medicine online and within days she was being targeted on Facebook with ads for the very same medications she had just bought.
For many of us, when we're faced with this situation, we may just pass this off as annoying, we might think if we thought about it at all, "who cares if the company wants to waste money by advertising to me for something I've already bought." However, in my friend's case, what has happened is that her medical situation was being disclosed to Facebook, without her permission, by the pharmaceutical company. The company appears to have used monitoring scripts to try to engage her on Facebook for future business. This is a common practice referred to as targeting or retargeting. But a real issue is that Facebook now knows about her medical condition, and the Facebook algorithm can now use this information to "sell" her to other advertisers or filter what she sees. While this practice is legal, it opens up a host of moral, ethical, cultural, and yes, legal questions. You can read more about her story here.
Melissa and I have been talking extensively about the role personal data plays in society, both the pros and cons. In the pro column, the effective application of personal data increases efficiency throughout the industry, increases engagement, revenue, and convenience; it can also reduce costs, and has countless other benefits throughout various layers of society. In the con column, as has been argued by countless pundits, including Sir Tim Berners-Lee, the technical visionary behind the Internet, we're experiencing a loss of our privacy, our digital sovereignty, value accumulation, and are facing a host of other risks and externalities we've never explicitly agreed to. In fact, these risks could lead to financial loss, identity theft, reputation loss, and in some cases criminal charges, divorce, and death.
We can talk about these, and other, pros and cons at length; in fact, we've already been talking about them for decades throughout industry, academic, legal, governmental, and social circles. What's new about today's conversation, however, is that individuals are gaining awareness of these pros and cons and are starting to rise and take back their power, take back control of their personal information.
The genie is out of the bottle. Pandora's box is open. We're faced with the Privacy Paradox. We're apathetic. It is going to take many years for us to get control of our identity and personal data, but there are some actions that we each can take now to start the process of clawing back control of our digital sovereignty.
One thing we can immediately do is to start changing our physical and online behaviors. We can,
Engage in a good username and password management,
- Create unique usernames when registering on websites and within apps (see password manager recommendation below to make this easier); Refrain from re-using the same usernames and passwords across sites, or, if you can't refrain from doing this, at least user unique username and passwords for your sensitive accounts, like your bank or doctors office.
- Create unique and strong passwords, passwords that include capitals and special characters
- Stop writing passwords down on paper
- Never share passwords with family members or friends
Think about what you're doing on specific sites, in apps, or email
- Consider the trustworthiness of the site or mobile app you’re engaging with before sharing personal data. If you don’t think you can trust the company, don’t give them your data; pay special attention to the permissions they ask for within their app
- Don’t complete a transaction on a site if you “feel” like the site is not secure or you don’t trust them, either call them or go to a different site to buy what you want to buy
- Think before clicking on links in emails from senders you don't know. An email could contain a phishing attack (hint - don’t just look at the email sender label or link label, rather look at the actual email address or link behind the label)
- Try to read privacy policies and terms of service, if you can
Take an active role in managing your personal information,
- Think before you post social media content
- Ask people to delete social media content related to you if you don’t agree with it
- Enact your rights; you can request sites/companies to delete data they may have on you, share with you what data they have
Engage your family,
- Actively teach your kids and family members to be aware of online security risks
- Be aware!
You can also start using a variety of hardware and software tools to protect yourself, including
- Password managers, like LastPass or 1Password (WARNING: don’t rely on the password manager within your browser, as this feature in your browser is not necessarily secure)
- Enable two-factor authentication (either SMS or application) on all the accounts, e.g., banking, retailer sites, that support it
- Install adblocker or tracker manager software in your browser, like Ghostery, AdPlus, Privacy Badger, etc., as these services will block ads, malware and the monitoring of most of your Internet activity
- Install virus protection software on your home computer and on your mobile devices, use something like Bitdefender, or McAfee
- Password protect your home WiFi router
- Buy and install a cybersecurity hub for your home router, like Bitdefender Box, Fing, Cujo, as these devices will monitor and block any suspicious traffic on the Internet traffice coming from any of your connected devices (Note: these devices often come with a virus protection software package)
- Use a secure browser like Duck Duck Go, Tor Browser, or Brave Browser, as these browsers do not track your activity and come with other features, like adblockers (you can also think about using incognito mode on your browsers, but this still does not thoroughly protect you)
- Disable cookies on your browser
- Regularly clear your browser cookies
- Periodically review the apps you've installed on your phone, delete them if you don’t use them anymore, check your security permissions and modify or disable permissions you’ve given apps that don't need access to your data
- Encrypt the files on your computer (on Macs you can use the FileVault features)
- Consider using an encrypted messaging solution, like Signal
- Use a VPN when you’re connecting to a public WiFi networks
- Occasionally visit aboutthedata.com or the Bluekai Registry to understand the types of data that might be attributed to you by players on the Internet.
- Visit the four major credit bureaus (Trans Union, Equifax, Experian, and Innovis) and freeze your credit
- Regularly check your credit score, use companies like Credit Karma or Credit Sesame
- Consider getting cyber/identity insurance and darknet monitoring services from companies like LifeLock
- Consider using an online reputation service, like Reputation Defender or iProtoge, as these services can help you with managing negative content and enacting your data rights
- Keep an eye out for an emerging class of software and services, personal information management solutions, which will help you own and control your identity and personal information (I'll be talking more about these services in future posts)
Good luck! Keep in mind, your digital self may very well have more economic value than your physical self in today's economy. It's time, take back control of your digital sovereignty.
No Comments.