5 Online Privacy Intrusions You Don't Know About, and Should

Governments, retailers, wireless carriers, and others collect and use your personal data in ways you may not be aware of.

These days, you need a healthy dose of naiveté to think that your personal data isn't routinely bought, sold or tracked online. Tracking cookies are the norm on popular websites, and tech giants such as Google and Facebook have a reputation for mishandling and/or overcollecting users' personal data.

But while those issues receive lots of attention, corporations and governments may keep an eye on you in other, lesser-known ways. Here are five online privacy intrusions that you might not know about.

The Government Might Be Building a File on You

The idea that government agents are reading your email messages and listening to your phone calls sounds like the stuff of conspiracy theorists, but saner minds claim that it's possible. According to several former National Security Agency employees-turned-whistleblowers, the government is building a dossier on practically every U.S. citizen, drawing on information from e-mails and phone calls. And as Wired has reported, the NSA is building a massive spy center to sift through all the data and figure out who's a threat.

But good luck getting the government to be at all transparent on the issue. The NSA denies that it has the ability to spy on people's email, but also says it would violate people's privacy to say whether they've been spied on. The agency's verbal contortions are vaguely amusing, but mostly just frightening.

What You Can Do: Of course, you can't opt out of this type of data collection, but you can hope that Congress doesn't renew the FISA Amendments Act, which would renew a Bush administration law that allows the government to collect large amounts of information from the "international communications" of American citizens. The Electronic Freedom Foundation is imploring citizens to write their members of Congress about the issue.

Ebooks Know What Kind of Reader You Are

In the digital age, your reading habits are an open book to companies like Amazon, Barnes & Noble, and Apple. As The Wall Street Journal reports, ebook sellers can easily track reading data--data such as how long you spend reading, how far you get in a book, what text you search for, and what you read next. Not all companies are open about what they collect, but Barnes & Noble's vice president of ebooks, Jim Hilt, confirmed to the Journal that the bookseller is "in the earliest stages of deep analytics," and uses the data to determine which books to sell on its Nook ebook reader products.

There's no evidence that booksellers use reading data for nefarious purposes, such as sharing your habits with marketers or government agencies. The bigger concern, for the moment, is that authors and publishers may tailor the content they create or publish to sync with the reading tastes of the mainstream, which would discourage creative risk-taking and diminish the variety of available content.

What You Can Do: If you're uncomfortable having your reading habits collected, your only option is to shut off your device's Internet connection whenever you're about to open an ebook.

Offline Retailers May Know What You're Doing Online

For retailers, learning as much as possible about customers' buying habits doesn't stop when you leave the store. Last February, The New York Times reported that Target assigns every shopper a "Guest ID" number when possible. This code links the shopper's offline purchases to their online activity, which according to the Times includes Web history and the shopper's responses to promotional emails. Target uses this data to predict what customers want and figure out how and when best to pitch to them.

Although targeted marketing isn't the most evil offense, it can occasionally create some messy situations. The Times relates a story where a Target store inadvertently revealed a teenage girl's pregnancy to her father by mailing coupons for baby-related products, based on the retailer's prediction algorithms. (It's unclear whether the girl's Web history played a role in this case.)

What You Can Do: Installing a Do Not Track add-on for your Web browser will reduce your chances of being followed around the Web by marketers. This prevents many data collection firms, who provide users' browsing habits to retailers, from following you. My colleague Ian Paul has rounded up some third-party options, though many browsers now have a Do Not Track preference built in.

Wireless Carriers Sell User Info for Big Bucks

The wireless carriers have a knack for extracting more and more money out of their subscribers--or, it turns out, from their subscribers' data. One lucrative gig involves retrieving users' locations on behalf of law enforcement, in many cases without warrants. AT&T, just one of the participating carriers, reportedly received $8.2 million in 2011 for providing this service, so it works out pretty well for all involved--except those users who don't want to be followed, that is.

That's not the only example of wireless carriers profiting from user data. As CNN reported last year, all four of the major wireless carriers use aggregated, anonymous customer data to target ads. Verizon even sells that data to third parties. The amount of data each carrier collects varies, but Sprint is the worst offender, using mobile Web browsing and app download history to help its clients target ads.

What You Can Do: To opt out of targeted marketing from wireless carriers, you must visit their websites (AT&T, Sprint, T-Mobile, and Verizon). Unfortunately, the only way to prevent law enforcement from finding you is to stop using location-based services on your phone.

Debt Collectors Turn to Facebook to Stalk Debtors

Debt collectors on Facebook aren't a new trend, but reports on the phenomenon keep popping up, so this creepy invasion of privacy is obviously still news to some people. We've heard horror stories of debt collectors who not only stalk the debtor, but harass friends and family as well. In the physical world, the Fair Debt Collection Practices Act places restrictions on how collectors can contact debtors, but online, the rules aren't as clearly defined.

What You Can Do: The first priority is to adjust your Facebook privacy settings, so strangers can't contact you. Facebook also doesn't take kindly to debt collection on its network, and recommends that users report such behavior to the company, the Federal Trade Commission, and the user's state attorney general.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place