Is privacy dead?

Big Tech is gathering our data 24/7. If you don’t find that creepy, it’s because you don’t know what they’re doing.

By Dr Richard Wolman and Dr Chris Merritt

Try this thought experiment:

Imagine returning home from work to find a group of strangers in your house. They’re going through all your stuff: your bills, your receipts, your photos, your calendar. One is on your laptop, reading your emails.

When you ask what the hell they’re doing, they shrug and answer: ‘You gave us permission to come in here.’ ‘No, I didn’t,’ you reply. They pause. One checks his records. ‘Ah, you’re right,’ he says. ‘You didn’t. The guy who cleaned your windows last year let us in.’

How do you feel — angry? Anxious? Incredulous? Furious with the window cleaner? And — once you’ve kicked out these unwanted visitors and calmed down — would you be determined to stop them coming back?

All of these would be very normal responses to such a massive violation of your privacy. This thought experiment may sound absurd, but is it unrealistic? No.

This level of intrusion is happening to you digitally, every day. And we’re not talking about hackers or cyber-criminals. We’re talking about some of the biggest technology companies in the world. The ones people say they trust.

Hand in the cookie jar

When you visit most websites, you’ll be presented with a notification about something called cookies and, like most people, will probably unquestioningly click ‘Accept’. After all, you want to visit the website and see stuff — that’s why you’re there.

But, by consenting to cookies, you’re allowing not just the website you visit, but others — called third party sites — to track you around the internet. Cookies are small traces of data left on your hard drive that allow websites to know where you’ve been.

Sometimes, cookies are very useful. When you bank online or want to return to an account or shopping basket you left, they let the site know it’s you who’s back. Most of the time, however, they are put there by third parties. Often numbering in the tens per site, these trackers gather information about everything you do online.

It shouldn’t come as much of a surprise: Big Tech makes big money from selling users to advertisers, who want targeted messages delivered to potential customers. The real surprise is who’s behind the trackers.

Of the ten biggest tracker sites on the web, seven are owned by Google, the other three by Facebook. Google Analytics, one of the most prolific trackers, was found to be operating on 61% of a sample of one million websites conducted by Princeton University.

In the uncanny valley

Though there is almost no empirical evidence for the persuasive power of targeted advertising, people often say they ‘like’ it. Or, more accurately, they ‘prefer’ it to random advertising. That makes sense: we want to know about things we’re interested in.

The ‘uncanny valley’: if robots look too similar to us, we get creeped out

But the benefit for companies advertising in this way is lost when their messages are so closely targeted that customers actually report feeling creeped out by them. This is the ‘uncanny valley’ of targeted advertising — named after the principle that as robots look more like humans, we like them more, until they really look like humans, at which point we are repulsed.

Have you ever been talking about something, only to go online and find an advert for it on your Facebook, Twitter or YouTube account?

Whether the companies have used voice recognition on your device (to which you’ve ‘consented’) or are using an algorithm to piece together data on your activities and interests, the result is the same: an unpleasant shiver down your spine. From a business point of view, that means damaged consumer trust and negative evaluation.

Whose consent?

Did we consent to trackers taking all that data from us? Usually, yes — although most people would not be aware of exactly what they’d consented to. Pop-ups, vague, long or technically-worded Terms & Conditions, or limits to site functionality all prompt us to press ‘Accept’ without thinking. Sometimes, our consent is taken as given, just because we’re using the site, and we have to actively ‘opt-out’ to avoid cookies and their associated trackers. A few sites even hide the ‘opt-out’ button.

The Ghostery add-on found 30 third-party trackers gathering data from us when we visited nba.com

Tracking blockers like Ghostery or Privacy Badger go some way towards reducing these intrusions and shoring up personal data and activity privacy. But that’s just the tip of the iceberg.

Big Tech firms like Facebook are also storing data about you that they’ve collected from other people. If the window cleaner from our thought experiment got your number because you called him once, and he lets Facebook messenger access his contacts, then Facebook has your number too.

Do I know you?

This algorithm-led linking of individuals is why we often get strange suggestions in the ‘People You May Know’ feature on Facebook. This feature — which cannot be switched off — aims to get you making more connections so that you stay online longer (and see more ads).

More creepily, People You May Know suggestions are the product of data stored about you by Facebook which has been harvested not just from your devices, but from other people’s pages and contacts — data to which you don’t have access, because it was uploaded by someone else.

This is the ‘shadow profile’ which Facebook keeps for all of us. And in some cases, it is a real threat to safety. Victims of domestic abuse, other vulnerable individuals, and professionals working with risky people have all been identified and contacted by those they want to avoid, through the People You May Know feature.

Facebook stores ‘shadow profiles’ on users, containing data harvested from other users

Such unwanted violations are part of what sociologist Danah Boyd calls ‘networked privacy’: the concept that your privacy no longer depends on your digital choices — it depends on everyone else’s too.

We must question the trust we place in Big Tech and demand greater responsibility and accountability for the data they store on us. This rarely happens because the majority of us just accept it. Trust therefore becomes ‘normal’: if everyone else trusts Google, so should I. If everyone uses Facebook, it must be OK, right? Wrong.

As a recent New York Times investigation showed, Facebook has been giving your data to over 150 companies since 2011, most notably Amazon, Netflix and Spotify. This includes your contact information, friends, posts and even private messages. Did you consent to that?

No. Because there was never an option to consent to this particular privacy breach by Facebook. Washington D.C.’s Attorney General is now considering whether to add these revelations to the lawsuit it has already brought against Facebook for unlawful data scraping around the Cambridge Analytica scandal.

We need to do something about these unwanted intruders. Most of the time, we’re not even aware they’re harvesting data from us. (This is the thought-experiment equivalent of them tidying up and leaving your home before you get in from work.) Generating awareness is therefore crucial — the more we know, the more motivated we are to act.

So, what can be changed? Our next article sets out the options….

Digital Humanist and behavioural psychologist. Here to debate how we make sure humanity is the central consideration for any new technology