NYC Digital Safety

No doubt our data is already out in the world. But how can we use the internet safely in light of this?

 

Transcript

Davis: Hello, Dan and hello, everyone watching. I think it is a safe bet that most of us have been on the receiving end of spam calls and spam emails and spam text messages, so it’s pretty much a given that our information is already out there. But Dan, what steps can I take to keep my information from spreading any further?

Dan: Well I mentioned data brokers briefly in episode two. Let’s talk about them a little more now.

In the US, there’s a really bustling industry in gathering and selling access to data about residents. This information includes things you’d expect, like name and address, but it also includes product and lifestyle preferences, and purchases you’ve made as part of a dossier of on you and your life. This data is purchased by advertisers and other third parties interested in targeting specific demographics of people.

Most data brokers have an opt-out process, which can be manual and time consuming, and there are a lot of them in the US. So asking each one one by one to have your data removed from sale is the way to go, but keep in mind that even if you do opt out, the data about you that they’ve already sold to others isn’t pulled back, so it can and will continue to be used by those third parties.

Davis: Ah yes, the data broker industry. We talked about that at length in our second series of episodes with David Huerta. But Dan, you and I talk a lot about how web pages and apps are often designed to trip people up. Can you share more about that?

Keep a close eye out for what you’re clicking. Don’t be impatient and just click “I agree” and carefully read the things you’re agreeing to.

Dan: There’s these really interesting things called dark patterns, which rely on human psychology to encourage you to choose one option over another. Think about the last time you were asked to agree to something. The “agree” button was probably a big cheerful colored “agree!” but maybe the decline didn’t even say the word “decline.” It likely said “not now” and maybe it was even buried under a small word link entitled “customize.” You might even had trouble finding it. Regardless, it’s using look and feel and your desire to just keep on moving forward to try to get you to agree to the terms or some kind of consent at hand.

Dark patterns have become so prevalent that laws are passed to prevent them, including in Europe and California, amongst others. So keep a close eye out for what you’re clicking, don’t be impatient and just click “I agree” and carefully read the things you’re agreeing to.

Davis: You’re right, and the scary thing about this is that as users we often opt into all manner tracking simply by signing, but not actually reading, terms of service documents. And I don’t think that’s our fault, necessarily. I honestly once tried my very best to read a terms of service agreement. I spent like several hours on it, literally, and was only a tenth of the way done by the time I cried uncle. So what’s to be done about this? Are there any shortcuts that we can take as users on the internet?

Dan: I’m a bit strange in that I do try to read most of the terms and conditions I come across, but my career is in security and privacy, so I guess it’s inevitable that I read them cover to cover. I think the ones I find with sections asserting some ownership or license over content you create or upload into their system being particularly nefarious, but that’s a whole different topic.

It’s difficult to control the flow of your data, but you do still have one lever: your wallet. The power we have is to make our buying decisions with data and use in mind.

From a data perspective, the wiggle words that are used in many t’s and c’s or privacy policies that allow for the use of data in flexible ways, or the assertion that we do not sell your data even though they make agreements and partnerships to share it with others that may not include money. And since that sale isn’t fiscal, they aren’t necessarily violating that assertion. California’s privacy law, the California Consumer Privacy Act — CCCPA — has expanded the definition of “sale” to include more of these types of activities, so this is getting better slowly.

The other thing I see more and more, especially from companies focused on advertising, is a very manual process to opt out of sharing with specific providers one by one. You have to decide if you want them to have access to your data. And with different methods for each one, some are a slider and some other are cookies, you have to install the “block cookies” — yes, the irony on that is definitely not lost on me — or other manual methods. The goal is to make you just give up and let the data flow.

Davis: I think you are 100% correct about that, and thank you for saying so. Thank you so much for being part of this, Dan. Any last words of advice before we sign off for this episode?

Dan: At the end of the day, it’s difficult to control the flow of your data, but you do still have one lever: your wallet. There’s been a sharp increase in what I call “the values buyer:” one who makes purchasing decisions based on the ethics values and practices of the company they’re buying from. The power we have is to make our buying decisions with data and use in mind, and when we decide that the practices aren’t acceptable, it’s okay to walk away from that company or product and to let them know why. We live in a consumer society, and our power on this topic is in our respective wallets.

Davis: I think that’s so true. We vote with our money in the end. So thank you so much, Dan, for joining me and we’ll see you in episode 5 of this series.