Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

Privacy? What Privacy?

Privacy is a huge topic. So huge I can’t really tell you exactly what steps to take, what settings to change, what apps to avoid, or what services to choose.

Not only are there infinite options, but the options keep changing.

On top of that, there are about as many opinions on the topic as there are internet users. That makes anything I say just one more voice in the crowd …

… not that that’s going to stop me. 🙂

Become a Patron of Ask Leo! and go ad-free!

Two kinds of privacy

“Privacy” is a really big term, and I want to start by putting a little structure around it. When we talk about privacy, we can be talking about several different things that I’ll lump into two buckets.

Implicit privacy. This is the privacy we assume when we use various online services, modern operating systems, applications, and programs to manage our personal information, data, and activities. Each of them has a set of rules, often codified in some kind of formal privacy policy, that controls exactly what level of access they have to your information, and what they might do with that information as a side effect of your use of their software or service.

Explicit privacy. This is the privacy we control more directly as a side effect of the choices we make. For example, choosing to share (or not share) a photo on a social media service is one form of explicit privacy, as are the settings we might use to control who is allowed to see what we might post.

The biggest difference between implicit and explicit privacy, in my mind, is the amount of control we have over it. We implicitly trust that the software and services will do as they say. We explicitly decide what to share based on what we believe may happen.

Privacy, policies, and Big Brother

Privacy? Who's Watching?The biggest topic of discussion in recent months has been the privacy – or lack thereof – assumed when using popular services or software. For example, Windows 10’s activity and tracking continues to generate a great deal of concern as the operating system becomes more widely used. Whether that concern is warranted is a topic open to debate.

Similarly, using any online service involves some amount of tracking. Visiting a simple web site – even Ask Leo! – can result in some amount of what might be considered “tracking”, typically in relation to advertising display on the site. Some people consider that tracking an invasion of privacy. The most common visible signs are advertisements that appear to follow you from site to site as you navigate the web.

In reality, all the online services and websites you visit have the ability to collect vast amounts of data derived from internet users. Similarly, any and all software you install has the ability to collect usage information.

Whether or not you believe Big Brother is watching, the bottom line is that the technology is there should he want to.

The (poor) choices we make

At the other end of the privacy spectrum are the often poor choices we make about what information we share and with whom.

I regularly hear from individuals who actually share a password with a trusted friend or significant other, only to be surprised when their privacy is violated in some way because that trust was unwarranted.

We’ve all heard stories of individuals losing jobs or job opportunities for statements made, or photos or videos posted publicly on social media. Call your boss names on Twitter, for example, and you have no one to blame but yourself when you’re shown the door the next morning. Have you posted “funny” pictures of yourself after imbibing a tad too much alcohol? That could easily be the reason you’re not hired for the next job you apply for, or don’t get the loan you applied for.

It’s sadly common that when it comes to privacy, we’re often our own worst enemy.

You’re just not that interesting

I’ve said it over and over: you and I just aren’t that interesting as individuals. That your operating system might track what you do is pretty meaningless in terms of personal privacy. That advertisers might use what you visit and things you click on to tailor what you see is similarly pretty benign.

The companies that collect this data aren’t looking at you as an individual. They’re looking for trends: they’re looking at accumulated data on thousands (if not millions) of users to determine what’s being acted on, what’s influencing people, and what they might do better.

Even I do it. For example, do I care that you, specifically, looked at my newsletter? At some personal level I do, but I’m not going to sift through information on nearly 60,000 subscribers to see who did and who didn’t. On the other hand, if the aggregate number of people who open my newsletter changes in some dramatic way, that’s a sign I want to see; that’s information I want to be able to act on. I can only do that by tracking the behavior of 60,000 individuals.

The same is true for most any company. Your privacy isn’t being violated, because nobody is looking at you, specifically. You’re just not that interesting.

But you might be interesting to someone, someday

There are two cases in which you might become “interesting”.

If you run afoul of the law. This is a non-issue for most people. But what if you live in an oppressive regime, or are subject to investigation for your activities by whatever law enforcement agencies apply to your situation? Even this falls into two sub-categories: the unduly paranoid (sadly, a larger number than one might hope), and the legitimately concerned, for both legal and illegal reasons.

It is important to realize that if you fall into this category (again, depending on where you live), law enforcement may have the right to collect information about you. This can include information we normally brush off as irrelevant – like ad or service usage information collected by your ISP, or the services and software you use. I have to say law enforcement may have the right, because laws differ dramatically depending on where you live. Of more practical import, perhaps, law enforcement capabilities also often vary dramatically based on everything from expertise to budget to prioritization of where they choose to expend their limited resources.

Future opportunities. The other case is the one I alluded to earlier: some years from now, perhaps someone will research your history as part of a job application, or something else where your record and your reputation are important. What you post publicly (and in some cases even privately) today may influence their opinion tomorrow.

It’s all so scary. What to do?

It’d be easy to read that last section, throw up your hands, and crawl into a hole thinking privacy is a thing of the past, at least when it comes to the internet.

Certainly if you’re a criminal, you should be concerned. The only thing really preventing you from being exposed is the limited resources of the various and sundry law enforcement agencies who really do care about you, specifically. There are steps you should take, but I’m not the one to help you take them.

For the rest of us living more mundane lives, my advice is actually pretty simple.

First: stop worrying about being tracked by the companies that provide the services you use. As I said, they don’t care about you as an individual. Certainly there is much room for policy debate about what kinds of information they should and should not collect, and how they should or should not use it, but in my opinion, this has extremely little chance of impacting you as an individual. (And if you’re going to worry, then be more consistent. It’s always funny to me to get rants about the alleged privacy violations of company “A”, sent via an email address provided by company “B”, whose activity is on par with “A”. Honestly, if the behaviors of the major service providers really concern you that much, I know of no solution other than to walk away from the internet entirely.)

Second: don’t post anything you wouldn’t want made public. Learn the privacy policies and settings of your social media and other applications,and change them and/or change your behavior accordingly. Public once is public forever; there’s no calling it back. Think twice about what you post privately as well, since you’re assuming your private audience won’t someday make it public without your approval. This includes not only social media, but also things you share in any form, be it email, text messaging, or other media. We’ve all seen situations where communications once thought private were made public to great embarrassment or worse.

Privacy remains your responsibility

I remain a strong believer in our wonderfully interconnected world and all the opportunities it presents.

Naturally, it brings risk as well as reward.

Ultimately, it’s our responsibility to be aware of those risks, educate ourselves about the possibilities as well as the practical realities, and make careful choices accordingly.

Podcast audio

Play

26 comments on “Privacy? What Privacy?”

  1. “I’ve said it over and over: you and I just aren’t that interesting as individuals.” – Hmmm. In some ways we aren’t; in some ways we are. A comment I made in relation to another post…..

    To take this a little further, I’ll add that most people have little understanding about the extent to which they’re tracked. You’ve got companies collecting social data and aggregating it with financial information, purchase history records obtained via customer loyalty programs as well as numerous other data points/sources (Google: data brokers). You’ve got companies tracking you across the various devices you use, irrespective of your cookie/privacy/telemetry settings (Google: probabilistic cross-device tracking). You’ve got companies tracking you in a whole bunch of other ways – some overt, some covert. And all of this happens in what is very much a legal grey area with little legislative control or oversight. You’ve got no idea which companies track you, no idea what data they hold about you, no control what they do with that data and no ability to correct inaccuracies.

    Currently, this tracking is predominantly used for the purpose of serving up targeted advertising, which probably isn’t too much of a problem in many peoples’ eyes (mine included). However, it can be used for other purposes too. Online retailers already use demographics/profiles in order to adjust prices on a per-customer basis (the price you see may not be the same as the price that I see). Target used purchase history – of things like calcium, magnesium, unscented moisturizers and charcoal-flavored ice cream – to work out which customers were pregnant (Google: Target pregnancy). How much longer before picking up a friend’s anti-cancer meds – and putting it on your CVS loyalty card – starts affecting your life insurance premiums? There have even been instances of data brokers selling information to criminals who subsequently used it to fraudulently withdraw millions of dollars from peoples’ bank accounts (Google: FTC vs LeapLab).

    As I said, privacy is something we need to start paying more attention to.

    I’ll add too that it’s not all doom and gloom. Data collection/big data has the potential to be enormously beneficial. Never before have we had access to so much data about people on such a massive scale, and that data can certainly be put to good use. For example, aggregating the data from fitness tracking devices – such as Fitbits – with social and socioeconomic data pulled from other sources could provide us with an unprecedented level of insight into how a wide range of issues affect our health and wellness.

    The bottom line is that pretty much every aspect of our lives is recorded in a database somewhere: where we shop, what we buy, how much we exercise, what our heart rates are, how many flights of stairs we climb in a day, how much money we have, how much we owe, who we’re friends with, what we read, what we search for, etc., etc., etc. And all of that data is subject to nebulous privacy policy policies – that companies can change without notice – and is subject to be sold, traded and aggregated, either in anonymized or non-anonymized form. We need to start thinking about how we want that data to be used, who we want to be able to access it and put a proper legislative framework in place to ensure that it isn’t misused.

    As Spider-Man once said, “With big data comes big responsibility” (okay, maybe that’s not exactly what he said, but it’s nonetheless true).

  2. Another thought-provoking piece from Leo. Once again his attitude to privacy boils down to accepting that we don’t have any, but that it doesn’t matter because the people with access to our information don’t find us interesting. I feel that it matters very much. It might be your own fault if you advertise everything about yourself online, or fall out with the law and suddenly become Interesting. But what if you find that you are Interesting by being falsely accused of breaking the law? Or avoiding taxes? Or holding unusual political opinions? What if someone wants to rob, defraud or blackmail you, and buys the necessary information about you? What if a data breach should put your information into criminal hands? Microsoft, for instance, might be staffed by upright and honourable people now – but will they always be so? I take the view that if it can be done, it will be done eventually, so self-protection has to be foremost in our thinking. It’s not good enough to say that we’re just not interesting; one day, you might be to someone.

    • “What if someone wants to rob, defraud or blackmail you, and buys the necessary information about you?” – See my comment above. That’s actually happened. Unfortunately, there’s not much we can actually do as individuals to protect ourselves. Like it or not, our personal information is collected, traded and sold – and there’s really nothing we can do about it.

      The bottom line is that privacy is very much a legal grey area with legislation being woolly and/or behind the times – and people need to be pushing their politicians to do something about that.

  3. What about your own behavior, Leo?

    Every time I get your newsletter and go to your website to read the more interesting articles, my screen is covered with a big advertisement asking me to subscribe to your newsletter. The same newsletter that directed me to the page, and which I have been subscribing to for years!

    At least it has a decent close [X] in the proper spot, and that works — it closes, and doesn’t come back again. Until I go on to the next story!

    I realize increasing the subscriber count is important to you, but can’t you program it to stop annoying existing subscribers by slapping that ad at them?

    • I do. It should appear only every three months. (I think… it’s been a while since I looked at that setting.) UNLESS you clear cookies. Cookies are the only way I have to “remember” that you’ve seen it. (And the website has no idea who you are, so it has no way of knowing that you’re subscribed.) More on the topic here: https://newsletter.askleo.com/why-do-i-keep-g-1/

  4. One benefit of the anti-virus software I use is the ability to cut the internet cable figuratively by a software choice. The less time you spend on the internet, the better. Of course, Microsoft and the NSA take only a fraction of a millisecond to monitor you, but at least you can avoid being exposed to the other hackers out there.

  5. Leo — and others,

    Is there any place where I could find help towards a comprehensive solution for blogging anonymously, in order to protect oneself against governments prosecuting free speech ?

    There used to be advice to that effect, here :

    {link removed}

    But it’s so obsolete that even its author warn against using it nowadays. I’ve loked and looked and found nothing.

    Does anybody know of a privacy-oriented forum where I could ask such a question ? Thanks !

      • It’s OK to post links here. If you post links, the filter will sometimes put the comment on hold for a while until we can check the links out.

  6. Sorry, Leo, but good fortune, professional celebrity, and certainly, your intense technological prowess make you naive and perhaps a little bit proud. Your “but you might be interesting to someone, someday” part suggests, if very innocently, that no one should post a photograph or make a comment under his or her own name anywhere online, at any time. If so, why be online at all? What if something you post and have no reason whatsoever to be ashamed of is used by a stranger to do things that shame you? What if your photo and name are stolen, and you’re not lucky enough to be Leo Notenboom or another technology celebrity? What if you’re just an average John or Jane Doe? There are all kinds of predators who get various sick pleasures from making people suffer for suffering’s sake. Here in America (as opposed to Europe, where wise governments are feeling the pain of the average vulnerable citizen online), it’s open season on privacy for everyone not affluent or technologically powerful. You never know when a sick mind is going to want to hurt you just for the kick of it.

    And you are SO right with your brilliant word choice: “promiscuity.” The appearance of online “promiscuity” and the reality of an internet user’s volition in it, and contribution to it, are often two entirely different things. No: I’d go so far as to say the appearance and the reality are ALWAYS two different things.

  7. How about privacy considering deep web? Does deep or dark website shows someones browsing history even if you never been to deep web and only using regular search engine? Can someone figure out all the videos i have watched on porn sites ,with my regular browser, if they use deep or dark web? Can my browsing history be accsessed on dark or deep websites?

    • There’s simply no way to answer this with any certainty. if your machine has been compromised, sure – your information could be visible or for sale on hacker websites – deep/dark web or not. Same if your provider gets hacked. But as long as you and your provider are fundamentally secure, then this is highly UNlikely.

  8. I am not sure of this question should belonge here but it has something to do with privacy. Since you guys are experts and i know lot of internet news can be fake i have a question. How likely would it be for someone to leak everyones browsing history online? Like someone just writes your name or you can write a name of anyone and see their browsing history?It was a very huge topic in year 2015. There are around 7 bilion people on earth…how likely would it be and do you think it could ever happen? Just your professional opinion.

  9. I have heard da NSA collects all database of internet users in their xkeyscore program. Can this be publically available? Can some randome avarage person own xkeyscore program and therefore see everything someone browsed?

  10. Hey Leo,
    I stumbled upon this page http://nirsoft.net which have some free utilities to be used. I was wondering if those can be used remotely without acsess to someone’s pc or is it just for manual usage only?
    Also if i use it on my phone and i am connected to my friend’s wifi will i see my own browsing history or theirs using some of these utilities?
    Thank you.

    • Those would only work if someone was logged in to you computer. They would either have to be at your computer physically or logged in remotely via remote access software.

      Question 2: No.

      • Thank you for your answer but i dont understant the answer on question no2. No i would not see my own browsing hustory or no i would not see someone elses browsing history?

        • You’d have to be logged into that computer to see the browsing history on that computer. The Nirsoft Android app only gives you publicly available information about the wireless access point. It can’t connect to any computers on that network.

  11. HeyLeo,

    I was wondering about all sites that claim they can find if someone has dating site using email address. Do you actually think they would give away such information for free? What i think is that to get such information you always have to pay…..othervise it would be kind of violation of privacy i guess

Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.