Our team away afternoon at the start of November was a trip to The Glassroom, a ‘pop up tech store with a twist’. It was set up in a space in central London, by Mozilla and the Tactical Technology Collective, and upon entering it looks pretty similar to an Apple store. Cool white colours and ‘products’ on pedestals, even a Genius bar (though here named the Ingenius bar).
The topics of the exhibit were personal data, personal data security, and privacy. It’s purpose was to get us thinking about the kind of information that is stored about us online, who owns that data, and what they are doing with it.
We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.
— Eric Schmidt, when he was CEO of Google
what is personal data?
Personal data is data that relates to an individual, and in this context the focus was on you, yourself, what data exists out there about you? And here it was focusing in on data collected and held in some electronic format. So we’re talking about things like your search history – the things you’ve looked for online; your location history – places you’ve been; the things you’ve liked, the purchases you’ve made, etc.
When it comes to personal data, we should be thinking about what data is being collected about us; who is doing the collecting; and what are they doing with it. More often than not it’s a big company collecting the data in order to make profit, but that data could also end up elsewhere. Maybe a government is profiling you.
Even when personal data is supposedly anonymous, it can be quite easily triangulated. The AOL search data dump was a classic example of this – 20 millions searches, each linked to a user id. Very quickly people could pin point the real person behind those searches.
what’s the problem?
What’s the big deal? If you’re not doing anything wrong, does it matter if Google or Facebook knows what you’re searching for and where you’ve been? What are you hiding? The classic counterargument to that is, well if you don’t need to hide anything, how come you close your curtains at night? Because even though you’re not doing anything wrong, you still don’t want everyone to see what you’re doing. Everyone has the right to privacy.
There’s always things you choose to share with certain groups as well, friends know some things about you, family know others, and the public knows something different. You don’t want every one knowing everything.
There’s various reasons you might not want your data collected. You may be affronted by the fact that companies like Google and Facebook make money from the use of your personal data. (Though you should probably expect it – when commercial companies are involved, there’s no such thing as a free lunch.)
You might be concerned with the fact that frequently companies are breached, and data is stolen and sold and used for criminal purposes. Regardless what you think of Google wrangling your data, you definitely don’t want your personal data in the hands of criminals, right?
There’s a distintion to be made between hiding your data and being in control of it. You still might not care whether the world (or Google, or organised criminals) knows certain personal things about you. And in fact the data itself can sometimes be pretty interesting and useful – it’s cool to look back and see where you’ve been and what you were interested in. But regardless you should always know what data is being collected and is available, and you should know who has access to it, and you should be able to control who can do what with it.
Each of the products on pedestals in The Glassroom was an exhibit of some kind getting you to think about personal data. There were lots of interesting ones.
I liked the model of Mark Zuckerberg’s house (and the four surrounding houses) – he bought out the houses of his neighbours so he could have privacy. Pretty rich considering the personal data Facebook has on large swatches of the world, and that in 2010 Zuck declared that the age of privacy was over and that it was no longer a social norm. Maybe that’s just for people without money?
Also interesting was the Alphabet Empire. This shows the companies that Alphabet (the parent company of Google) has either acquired or invested in over the years (acquired 189, invested in 400). Some are pretty well know, e.g. Android, YouTube, but I didn’t know for example they had invested in 23andme, the DNA sequencing company (it was a relatively small sum early on, but even so, seems kind of outside of their remit no?) This showed really how it’s not healthy for so few companies to have so much control of your data.
There was a video highlighting the ludicrous terms and conditions that come with many digital services. An actor reads through the terms and conditions for Amazon Kindle. It’s 73,198 words long, and takes 8 hours and 59 minutes to get to the end. It’s increasingly difficult to know what we’re signing ourselves away to when we use a digital product or service.
what can you do?
Assuming you don’t want your data harvested and profited from, what can you do?
Glassroom were giving away a data detox kit, with some steps you can take to find out what data has been collected on you, and some tips on what you might do to stop it.
Simple things you can do like search for your name on google and see what’s held. See what Google knows about you, go to myactivity.google.com. I tried that and discovered a few weird short clips from a VOIP call I had been on several months back – I have no idea why they were recorded! You can see lists of what apps you’ve been using and when. There’s similar things for checking your Facebook data and privacy, and setting your browser up to combat tracking.
There’s various browser plugins you can get that attempt to provide privacy by obfuscation. They fire off random searches in between your actual searches, making it difficult to identify a pattern in your activities.
Another option is to avoid using services that track you. Easier said than done, but I closed down my Facebook account down a while ago and haven’t missed it, and I’m slowly de-googlifying myself. Easy things are for example just using a different, more privacy focused search engine.
The key takeaways for me were: personal data isn’t necessarily bad; it can be incredibly useful and interesting. But it’s vital to know what data you are putting out there, who’s collecting it, and what they’re doing with it. You may or may not actually be that bothered about who has it, but you should always know or be able to find it. The point is that it should be your choice.