How much information can be found about you?
Many years ago – decades, actually! – I used to hang around IRC-based chat rooms talking to other techies and MUD gamers. One evening we got a troll, some annoying kid who believed the anonymity of the Internet allowed him to be rude, obnoxious and basically
na-na you can’t find me, loosers. Despite him being on another continent, several timezones away, I sent him a live feed of his house shortly after. Funnily enough, he stopped being so cocky and vanished, never to be heard from again.
This was long before GPS, Facebook, Google or anything else you can probably think of. How on earth could I manage that, you may wonder. Well, people are predictable; they form habits, have tells, they leave clues without knowing it. We kept him talking while I made a list of his favourite insults, mentioning the weather and so forth. Based on this and the fact it had rained an hour ago earlier that evening in his state, I got his real name and address and found a traffic cam with an Internet feed on his street.
Fast forward to the modern day
Back then, you paid by the minute to get connected, and 9,600 bps was as good as it got. By comparison, I am now getting gigabit downloads. (Or 0.0096Mb vs 1,000Mb if you prefer). Data harvesting by spooks and big companies has increased at a similar exponential rate.
What someone like the NSA, GCHQ, Amazon, Facebook or Google can do in this age of always-on, fast broadband and the ubiquitous social sharing explosion would stop you in your tracks if you truly understood the depths of it…
If you are a fan of ‘Person of Interest’ you’d probably grasp the idea, particularly if you watched Nothing to Hide (season 3, episode 2). This one featured the head of a fictitious internet company (Life Trace), allowing people to find others through information already available on the web. (As it happens, I used a similar real company – decades ago – to find that troll I mentioned at the start). Life Trace offers a service, selling the information gathered to people who will pay for it. This episode related to those ultimately hurt by the information that was provided through the site.
It’s all about the money
As I’m updating this, I’ll start with this fact: your personal information is valuable. Companies like Google, Facebook and Apple do not give a shit about your privacy, only how much they can make by invading it. Privacy laws routinely get flaunted or completely ignored; if they get caught, that’s what their lawyers and for. They’ll pay the fine and still say, “Totally worth it.”
Apple’s efforts to protect users’ data has cost platforms like Facebook billions of dollars in revenue.
But, as it turns out, Apple has been collecting user data itself, even if their customers had explicitly changed their settings to stop the company from doing so.
Mashable (Nov 2022): Apple sued for tracking users’ activity even when turned off in settings
Meanwhile, Google and others are being sued left, right and center in the US, EU and other areas for privacy violations. Fines for General Data Protection Regulation (GDPR) violations are in terms of tens of billions of dollars, but Google now controls 93% of all searches, so it doesn’t care.
For instance, Google has been accused of “deceptive design around the account creation process that steers users into agreeing to extensive and invasive processing of their data”
Another ongoing ($5Bn) lawsuit centers around how Google execs knew ‘Incognito mode’ failed to protect privacy.
Even if they lose all the cases, it’s barely a slap on the wrist for them!
Google is worth around $1.1 TRILLION.
Or $140 for every person on the planet. It doesn’t sound like a lot, but in some countries, especially those without a national minimum wage, that can be a month’s or even a year’s wage!
In this digital age, it is said,
if you’re not paying for a product, then you are a product.
What information do they have about you?
With all that in mind :
Have you ever sat down to think about how much data is held on you, by whom, for how long and what uses it could be used for? Have you ever wondered about going ‘off the grid’ and removing all traces of yourself from the records? How hard could it be?
Consider a typical day, getting up, having breakfast and driving into town for a little shopping:
Your breakfast is again interrupted by the phone. The first, earlier, was someone trying to ‘help’ you claim money back from a mis-sold PPI (for a loan you never had!), this one is trying to sell you solar panels. Both are particularly annoying as, after registering under TPS failed to stop cold callers, you went ex-directory. Not even finished your morning cuppa, and already any number of scammers and nuisance callers already have your name and number, often with other partial or complete information, possibly including your address and even the last 4 digits on your credit card.
As it was a call, you can add the telephone company (and mobile) to the starting list of people with your name, address, bank details and purchasing habits. BT et al. will, of course, have a detailed record of all the calls you’ve made, to whom, and for how long and labelled you accordingly. Such legally obtained details (often even mandatory for service providers) can be made available to authorities on request. If you consider phones a utility, feel free to add the gas, water and electricity boards to the people with similar records.
Breakfast done, you take the rubbish out to the bin, meeting the postman with a parcel from Amazon…
Bins are under the province of the local council, and they, too, have a stack of files on you and everyone in your house. They know who is registered to live there, how long you’ve lived there and how much you are worth to them in terms of poll tax and, if they can, parking charges.
That’s before we think about what they are doing with all those (now digital) surveillance cameras which are now using increasingly sophisticated recognition software. (These can record and analyse voice, eyes, walking stride and more, though not the ones bolted around your local shopping centre – YET.)
Talking of your home, that too has a history, methodically detailed and cross-referenced, all searchable with the right permissions or even just knowing where to look. Who owns the house, how much you paid for it, what price it was on the market for, and how much is left on the mortgage. (Rightmove, for instance, records searchable past sales going back 20 years). Your title deeds, increasingly available online, can include who lived there before you – going back decades, centuries in some cases and even mentioning who died in the house and how!
This covers a long list of people and companies interested in knowing about you. Solicitors, surveyors, ground rate companies, banks, and mortgage companies. Talking of which, credit rating companies like Experian and Equifax are constantly assessing your worth – and your risk to lenders. Late with a payment, they’ll be told. Apply for another credit card, and they’ll find out. CCJs against you? They’ll know that too.
Amazon, meanwhile, is adding that completed order you took in earlier to their profile of you, one that’s kept and expanded indefinitely. Send a birthday voucher to a relative, buy a book, and order a coat… they know everything about you, from your probable intellectual, political and hobby interests to your knicker size (if you order such from them). You only have to look at your order history or the from page to see the extent:
‘Related to Items You’ve Viewed’
‘What Other Customers Are Looking At Right Now’ (based on what we know about you)
‘More Items to Consider’ (based on the last thing you looked at)
– and so forth down their recommendations.
There is nothing wrong with it in principle, and I am fine with it; I find it extremely useful. But this is where it starts to unravel because
Ah, I see you are interested in psychology, criminal thrillers and ‘How to get away with murder’, Mr Fred Smith of Anytown!. That’s not Amazon, mind you; that’s me, right now, looking at YOUR Amazon account because I can*. Legally. Up to a point at any rate. This is because if you know even a fragment about someone, the last name, an email, then Amazon lets you search for and examine Wishlists. Handy if you want to share a birthday list with relatives, but less good if you have a stalker! Of course, it depends on if you even have such a wish list, but if you do, it can be very telling.
*(Or at least could in the past, it needs permission now; it didn’t in 2015).
Before you set off, you decide to check your email and message a friend to meet up for a meal at lunch. Handy things, smartphones. You can check how many spammers got or guessed your email, how many companies passed on your email and other details to ‘partners’ because you forgot to tick or un-tick a tiny hidden box. Perhaps you noticed it but didn’t have a lawyer handy to untangle the ambiguous, nested double-negatives of the option:
Untick here if you don’t want us to not share your details with our partners.
Incidentally, while you are doing this, your phone’s GPS may well be recording precisely where you are at the moment in a hidden database, a tracking list going further back and in more detail than you may be comfortable knowing. Just a thought as you are trying to find somewhere, the little pointer saying ‘you are HERE’ and dotted around it are hints of places you might like to visit, to spend your money, that perhaps paid the mappers for prominence and want a return on their investment. GPS? Cui bono: to whose benefit.
Oh, look, a robin. Get a quick snap and upload it to Facebook (etc.).
What? You never use those? Of course, understandable. Facebook is procrastination incarnate; you wouldn’t be seen…
Hmmm? Is that you? It is! That’s you in a pink bonnet, the photo lovingly uploaded by your Aunt Mabel, seen by your mate Baz (as suggested to him by Facebook) and duly shared with a wholly embarrassing caption he kindly Photoshopped in.
That’s the thing about ubiquity, postings get everywhere, and once they do, they are grabbed, mined, copied, shared and before you know it, the most embarrassing moment of your entire life could be a viral video seen by millions.
Who else knows about you?
Well, I’ve got you suitably paranoid; I’d better not get into everything Facebook gather on you, eh? Or the rest. For instance, on that trip to town, you will encounter many of the following and never register until I kindly point them out to you.
The Tax office
DSS / benefits offices (now totally online. Making life a misery for many!)
Any reminders of the DVLC (also moved online).
Or the police, for that matter. You weren’t speeding, were you?
Add to that insurers, car and otherwise. You can bet they are doing EVERYTHING they can to be allowed total access to your profile. If you drink or smoke, if your family has a history of heart conditions, if you have a genetic marker, they want to know. They want to know in the finest possible intimate detail, and the day they do, premiums will skyrocket!
When I wrote this (in 2015), insurance companies were actively lobbying to have access to your medical files to avoid payouts if possible.
If you were paying attention when prescriptions and GP appointments were forcibly moved online (in the UK), several companies providing these services include obfuscated or even unconditional agreements that they can “share this information with partners and associates.” On one I looked at, Apple was one of those partners and was advertising biometric smartwatches on these platforms.
I (now) have many health problems, and the respective hospitals can’t access my data without my permission even if my life depended on it (which it did!). But, apparently, “partners and associates” could partially access them via my GP. My belief is that – along with privacy laws – hospitals are clinging onto data in the hope of being able to sell it one day! Doctors may need to be able to access your health records, but the bean counters and admin side may have other plans.
Your gym membership and any other members’ clubs you are in.
Anywhere you eat, drink or shop – especially if they have loyalty cards and or take credit card payments. This applies a hundredfold if you are buying online.
Your dentist, doctors, hospital, and all your medical files are increasingly being moved to computers for easier reading and sharing. Even the vets’ record of your pet’s treatment.
Your school, college etc. They’ll all have records on you, many of which they’ll have shared in ways you might not think of at first.
References, perhaps. Maybe you want them to confirm the exam certificates you claim you gained (those you can’t find the originals of anywhere).
But what about… the school play you were in? Remember when you were 6 and played a lamb, you wore your dad’s sheepskin coat inside out? Remember? No? Well, Aunt Mabel does. She found the polaroids and got your cousin to scan them for Facebook. She also found the article of the event, covered by the local paper – now digitised – and added a link to that. So kind.
Of course, your employers have access and input to many of the above. Let’s not forget them.
Perhaps the above incident made you decide to look for a new job. Suppose you get short-listed. Guess what: certainly, for higher profile jobs, it’s now a common policy to look online to see who they are hiring. And everything you ‘liked’ on Facebook, every photo you shared, every embarrassing comment on Twitter, the minutiae of your LinkedIn profile, your entire life is spread out for inspection.
I’ll leave you with a couple of quotes from Google’s CEO, Eric Schmidt:
If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
Said to CNBC’s Maria Bartiromo in an interview. (Dec 2009)
Google policy is to get right up to the creepy line and not cross it. With your permission you give us more information about you, about your friends, and we can improve the quality of our searches […]
We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.
Told to the Atlantic at the ‘Washington Ideas Forum’ (October 2010).
You might also want to read:
Ackadia: Irony is lost on cold callers
Wired (2012) : How much data did Facebook have on one man? 1,200 pages of data in 57 categories. Note that was back in 2012, they were still young then; their arsenal is now (2015) so sophisticated they have facial recognition software that can look at a photo, detect who it is (within 97.5% of a human studying it), and pull in links based on who they have found!
Wall Street Journal (2010) : The Web’s New Gold Mine: Your Secrets
The Economist (2014) : Getting to know you : Everything people do online is avidly followed by advertisers and third-party trackers
ProPublica, Journalism in the Public Interest (2014) Everything We Know About What Data Brokers Know About You
Moz (2008) : The Evil Side of Google? Exploring Google’s User Data Collection (In 2008 Google needed around one million servers to handle their search. Think they got any smaller in the past 7 years?)
Huffington Post (2010) : Google CEO Eric Schmidt’s Most Controversial Quotes About Privacy
The Guardian (2010) : How I became a Foursquare cyberstalker
The Guardian (2013) : How supermarkets get your data – and what they do with it:
It doesn’t matter if you are part of a loyalty scheme, pay by card or even cash, ‘Big Brother’ supermarkets know your every move.
The Guardian : (2015) Facebook ‘tracks all visitors, breaching EU law’. It adds that "the Opt-out mechanism actually enables tracking" i.e The very act of saying do NOT follow me creates a files to be passed around, duly flagged and monitored, to the effect, "Hey, this is Fred, he doesn’t want us to know about him. Just saying…"
The Atlantic (2012) : I’m Being Followed: How Google and 104 Other Companies Are Tracking Me on the Web
Neurotechnology : VeriLook Surveillance SDK Face identification and movement detection
Addenda 2019 forward
Notwithstanding all the issues with the Cambridge Analytica scandal, politicians want a slice – and are willing to pay well for it.
“However, Facebook’s design allowed this app not only to collect the personal information of people who agreed to take the survey, but also the personal information of all the people in those users’ Facebook social network.”
[e.g. friends, family, acquaintances, anyone on your contacts list, it happily hoovered up their personal lives too. By stealth, without permission.]
Long and short – Labour (and other parties) are buying up your personal data from Experian and others – possibly/probably breaking the law in doing so – to individually target you – us – with adverts etc. They are, essentially, buying votes from brokers via spying.
Fiction: Person of Interest: “You are being watched. The government has a secret system, a machine that spies on you every hour of every day.”
Fact: Data harvesting by Amazon, Facebook, Twitter, Instagram etc. etc. – gathered with your permission (T&C apply…) – and shared with and sold to “partners”, sometimes illegally (as with Cambridge Analytica)
Fact: GCHQ spying on us, every hour of every day.
Liverpool echo (2020): Facebook update shows how much it tracks you when you’re not online and how you can turn it off
Are you curious how Google sees YOU? If you login to Google you can check via My Ad Center
See also: Techadvisor: What does Google know about you?
No-one knows the number of surveillance cameras in the UK, but in London it put at over 600,000 (1 for every 14 people) and expected to rise to over a million. (e.g. Security sales)
Guardian (2019): Privacy campaigners warn of UK facial recognition ‘epidemic’. Investigation uncovers widespread use in museums and shopping centres