We Value Your Privacy

(Jan 2020) Surveillance Capitalism vs Privacy

What if you followed a link to read an article on a news website and just by going there, intimate data about you (and more) went to nearly 500 companies? And what if the news website you are visiting also received data that those other 500 companies knew about you? Meet the “behavioral economy” and the “digital commercial surveillance state.” What do those terms mean in day-to-day layman’s language?

When you see/hear “We Value Your Privacy,” it means the person saying it respects your privacy, and they want to treat it with care. But you might also read it to mean that they place a value on (using / trading in) your private data. Indeed, they buy and sell that private data.

To help illustrate I will present one case example of how a simple visit to a single webpage results in key information about you reaching 480 other companies. And from them, thousands more. This is a very limited treatment of this topic, but enough I hope to raise general awareness.

This article does not intend to cast aspersions on the publication it names. The approach this website takes is one of the most transparent I’ve seen. Most are not as transparent or accommodating.

Recently, I followed a link to a news article on www.Express.co.uk and found the following message:

A “We value your privacy” notice on webpage

This informs me that Express.co.uk might share information about me with their digital partners. I can click the prominent white “I Accept” button, the less prominent “More Options” button, the much smaller “Manage” or “See Vendors” links. Like you, I typically choose the “I Accept” button because, it is a condition of seeing the “free” content for which I’m looking. How often do you or I consider what information is being collected, with whom it is being shared, and for what purpose? And, that is exactly what these organizations are counting on.

Instead of “I Accept,” I chose to click the “See Vendors” link where I am presented a list of companies with which Express.co.uk works (full list included at the end of this article). For any vendor, I can click to allow them access to whatever information they are collecting about me, or I can choose to deny that. I can also expand each to see what information they are collecting and for what purpose. In the screen capture below, you can see one such company expanded.

This interface from Express.co.uk is more transparent and informative than most. It is easy to navigate and offers me the “Accept All” or “Reject All” buttons (a rarity). Express.co.uk might be more transparent because they are in the EU which passed GDPR (General Data Protection Regulation) in 2016. GDPR is more stringent about these matters. The USA has yet to follow suit although the CCPA (California Consumer Privacy Act) which provides protection for California residents signals a change. CCPA goes in effect January 1st, 2020.

The point I am driving to that has nothing to do with this user experience from Express.co.uk — and everything to do with their business model. But the user experience is useful in illuminating the point. First, the graphic:

In this example, you can see what “1plusX AG” is collecting “Matching Data to Offline Sources,” “Linking Devices” and “Precise Geographic Location Data.” But what do these terms mean? These are a few of the “Features” in which various websites engage.

Again, right from their website you can read the definitions for these terms.

Let me expand these definitions a little more completely.

Matching Data to Offline Sources” is defined as “Combining data from offline sources that were initially collected in other contexts.” What would you guess that to mean? What offline sources? And what other contexts?

An “offline source” means data that is NOT on the Internet (online) — and that can mean only one thing, it is on your device. Whether you are visiting that webpage with your smartphone, your tablet or your laptop or desktop computer, this company has some level of access to something stored on your device. At the very least — it’s a “cookie” that was saved when you visited another website or other Internet resource. And, this explains the “other contexts” statement as well.

When you visited your favorite pro-football team website last week, it saved information about your travels through that website. But it also saved where you were physically on the planet at the time and when you did so. Because when it saved said information to your device (the cookie) and because when you click “I Accept” you are permitting Express.co.uk to access that information, they know what sports team you like. Perhaps that isn’t the biggest deal because you let everyone know what sports team you like every time you drive your car with that sticker on the back or wear that team jersey. But what if you are browsing a blog about something you wouldn’t want someone else to know like a physical or mental health condition about which you are concerned.

Then there is the “Linking Devices” thing. They define that as: “Allow processing of a user’s data to connect such user across multiple devices.” This means that through certain common elements like cookies or Internet addresses combined with other device attributes, they can construct a picture of all the devices you own, i.e. where, how and when you use them. That means not just smartphones you own, but computers, cars (if Internet enabled), refrigerators, Alexa/Google Home/whatever voice assistants, fitness trackers, etc. By looking only at geographic and or temporal data, they can also cross identify “associated devices” meaning devices your devices are frequently around. In other words, they know who you spend time with, where you spend it, and what you are doing when you are together.

Finally, the “Precise Geographic Location Data” says “Allow processing of a users’ precise geographic location data in support of a purpose for which that certain third party has consent.” You might wonder what “precise” means in front of “geographic location data”? Most would think this just means GPS location tracking. And, in part, that is true. But GPS has location precision limits.

The US Government regulates GPS for civilian vs. military applications. For civilian, location accuracy is limited to about 3–4 meters. Pretty good huh? It can be a little less when you are inside a building, but still pretty good. But in recent years, with the ubiquity of WiFi (both public and private) — networks WANT you to keep your smartphone WiFi antenna turned on all the time because they can actually use the proximity of nearby WiFi routers to help triangulate your position, even if you aren’t actually connected to that WiFi router. With this kind of additional triangulation, “precise” means they can know your position to within 1 meter (3 feet) of accuracy. That means they know where you are (assuming your phone is in your pocket) 24 hours a day, within 3 feet! Per “Linking Devices,” they could know who is right next to you, i.e. when, where, how often and for how long. Oh, and if they cross reference your location with building layouts, yes, such databases exist too, they can literally know every time you go to the bathroom.

So, if you were at that football game with your friend from the University a month ago, they know it. Or, gasp, if you had an illicit liaison (God forbid!) with your co-worker while on a business trip last week, they know it. Or if you are making monthly visits to an oncologist for chemotherapy, they know it. If you visit the same ATM the same day every week to deposit your paycheck, and/or withdraw cash, they know it.

So, when you went to visit Express.co.uk to read that article about whatever trivia captured your attention and you clicked “I Accept” — you were granting access to all that information to “1plusX AG” and to over 480 other such companies listed by Express.co.uk.

The complete list of over 480 companies for which Express.co.uk exchanges data about you is appended to the end of this article. These are taken right from their website.

Now, again, I’m not picking on Express.co.uk in any way other than a fine example of transparency to illustrate the problem. The reality is that virtually every Internet website or other resource you use engages in the same practice with less or more partners.

Here are two other case examples just to illustrate how different each website can be in terms of transparency and user control.

Here is the entirety of what iHeartRadio offers visitors to www.iHeart.com (only on the very first visit).

No transparency and no choices for the visitor to who wants to limit access to their data.

Between the no-transparency iHeartRadio example and the very transparent example of Express.co.uk might be the popular chain of Panera Bread. Visitors to their website are greeted by:

Panera Bread website “Accept All Cookies”

If I choose “Do Not Sell Preferences” the adjoining image testifies to what it means to “Not Sell My Personal Information.” The only choice it offers me is to allow or restrict the “Sale of Personal Data”. You’ll note that the “Strictly Necessary Cookies” is “Always Active”.

Think of yourself as a walking emitter of personal data. Every time you say “I Accept” you are granting access to your entire history of such emitted data — to thousands of companies.

There is truly so much more to this than this article is exposing, but I hope this limited treatment raises awareness. The buying and selling of your data, is a practice and science, commonly called “behavioral economics.” One academic, Dr. Anthony Nadler, published his research titled: “An impulse to exploit: the behavioral turn in data-driven marketing” He writes in his abstract: “…some digital marketers conceptualize their own practices as forms of social control, appropriating concepts from behavioral economics to identify consumers’ cognitive and affective biases and target their vulnerabilities. Behavioral economics recognizes that economic decisions are not simply dictated by rational self-interest; rather, such choices depend on cognitive heuristics and habits, and can be manipulated through the design of ‘choice architecture.’” This is just one of hundreds of published works that speak to “behavioral economics,” “choice architecture,” “cognitive scheduling and manipulation,” and more — all made possible only by having this kind of deep and broad data about you. These “digital dossiers” are the foundation that makes manipulating you possible.

I’ve had lots of conversations with friends, family and colleagues that all, sooner or later boil down to these two questions:

  • Why do I care? (Often adjoined by: “I’m not doing anything of interest” and/or “I’m not doing anything wrong”)
  • What can I do about it?

I could tell you all the reasons why I think you should care about your privacy — but that isn’t for me to decide. Sometimes I use the following to illustrate my answer to that question. If you don’t care about your privacy, even while doing nothing of interest or nothing wrong, then please just leave your bathroom room door open (with guests visiting) the next time you go in there to do your business. You are doing nothing of interest or wrong, but I’m betting you don’t think that whatever you are doing in there should be observed, recorded, then bought and sold by people you don’t know… particularly if you are not given the choice.

There are some questions you might ask yourself:

  • If these companies are paying Express.co.uk for information about me such as what articles I read, how long I stayed on that page, where I was standing or sitting when I did so, how do those companies profit? Why do they want that information?
  • Conversely, why does Express.co.uk want access to the same information gathered from “other contexts?”
  • How are these companies protecting this intimate dossier about me?
  • What happens if some hacker breaches that database?
  • What risk does that present to me?
  • If a sovereign government, like my own, had this level of data about my every move, with whom I associate, where, how, when and for what purpose, would I be comfortable with that?
  • If not, why am I comfortable with a for-profit entity having it?

As for what can be done about it — there are many things you can do to limit the volume, velocity and value of data collected, bought and sold about you. Some easy. Some not easy at all. Here are just a few easy steps you can take to minimize your digital dossier:

  • Unless you are at home or work — turn off the WiFi antenna on your smartphone (not just ‘airplane mode’ — but OFF). It will not only help preserve some privacy; it will save your battery. 😊
  • When visiting various Internet websites, particularly news sites, when given the choice to “Accept” or “Deny” their use of cookies, simply choose to deny access. There is some limited risk that this will in some way limit access to the content on that website — but in many cases that may mean that what is limited is merely the advertising. In other cases, it may be actual content for which you have some interest. Start with “Deny” and move toward “Accept” — not the other way around.
  • You might also consider activating the “delete all cookies upon exit” for whatever Internet browser you use: Edge, IE, Chrome, Firefox, Opera, Safari… they all have this option buried deep in the settings. But if you dig, you can find it. This way, the browser will allow cookies for that session, but when you close your browser — the cookies are deleted from your computer. That way, they are not there the next time you visit a different site. This action provides a little benefit — but it is not a foolproof solution.
  • There are also tools for browsers like the Electronic Frontier Foundation’s (EFF) Privacy Badger (https://www.eff.org/privacybadger) which blocks various data collection efforts.
  • Don’t give your phone number out to websites unless absolutely necessary.
  • “Loyalty Cards” are another means by which companies can digitally surveil you. Those companies sell your buying habits to other companies to pay for the discounts they give you. Be sure you really want the “benefits” that come with those loyalty cards before you get one.

Bottom line, if you don’t value your privacy — others will value it for you. Perhaps not right away, but eventually, you’ll be glad you took your privacy back.

Appendix: The 480+ companies with whom Express.co.uk exchanges private data about you:

1020, Inc. dba Placecast and Ericsson Emodo
1plusX AG
2KDirect, Inc. (dba iPromote)
33Across
7Hops.com Inc. (ZergNet)
A.Mob
Accelerize Inc.
Accorp Sp. z o.o.
Active Agent AG
Acuityads Inc.
ad6media
Adacado Technologies Inc. (DBA Adacado)
ADARA MEDIA UNLIMITED
AdClear GmbH
AdColony, Inc.
AddApptr GmbH
AdDefend GmbH
AdElement Media Solutions Pvt Ltd
Adelphic LLC
Adevinta Spain S.L.U.
Adform A/S
Adhese
adhood.com
Adikteev / Emoteev
ADITION technologies AG
Adkernel LLC
Adledge
Adloox SA
Adludio Ltd
ADMAN — Phaistos Networks, S.A.
ADman Interactive SL
Admedo Ltd
admetrics GmbH
Admixer EU GmbH
Adnami Aps
Adobe Advertising Cloud
Adobe Audience Manager
Adprime Media Inc.
adrule mobile GmbH
Adserve.zone / Artworx AS
Adsolutions BV
AdSpirit GmbH
adsquare GmbH
Adssets AB
AdsWizz Inc.
Adtelligent Inc.
AdTheorent, Inc
AdTiming Technology Company Limited
ADUX
advanced store GmbH
ADventori SAS
Adverline
ADYOULIKE SA
Aerserv LLC
Affectv Ltd
Affle International
Alive & Kicking Global Limited
Alliance Gravity Data Media
Amobee, Inc.
AntVoice
Apester Ltd
AppNexus Inc.
Arcspire Limited
ARMIS SAS
Arrivalist Co.
ATG Ad Tech Group GmbH
Audience Trading Platform Ltd.
AudienceProject Aps
Audiens S.r.l.
audio content & control GmbH
Automattic Inc.
Avazu Inc.
Avid Media Ltd
Avocet Systems Limited
Axel Springer Teaser Ad GmbH
Azerion Holding B.V.
Bandsintown Amplified LLC
Bannerflow AB
Beachfront Media LLC
Beemray Oy
BeeswaxIO Corporation
BEINTOO SPA
BeOp
Better Banners A/S
Bidmanagement GmbH
Bidstack Limited
BIDSWITCH GmbH
Bidtellect, Inc
BidTheatre AB
Bigabid Media Ltd
BILENDI SA
Bit Q Holdings Limited
BLIINK SAS
Blis Media Limited
Blue
Bmind a Sales Maker Company, S.L.
Bombora Inc.
Bounce Exchange, Inc
Brand Metrics Sweden AB
Browsi Mobile Ltd
Bucksense Inc
Capitaldata
Captify Technologies Limited
Celtra, Inc.
Centro, Inc.
ChannelSight
Chargeads
CHEQ AI TECHNOLOGIES LTD.
Clicksco Digital Limited
Clipcentric, Inc.
Cloud Technologies S.A.
Codewise Sp. z o.o. Sp. k
Collective Europe Ltd.
Colpirio.com
Comcast International France SAS
Commanders Act
communicationAds GmbH & Co. KG
comScore, Inc.
Confiant Inc.
Connatix Native Exchange Inc.
ConnectAd Realtime GmbH
Consumable, Inc.
Contact Impact GmbH
Converge-Digital
Conversant Europe Ltd.
Crimtan Holdings Limited
Criteo SA
Cxense ASA
Cybba, Inc.
Cydersoft
Czech Publisher Exchange z.s.p.o.
D-Edge
Dailymotion SA
Dataxu, Inc.
DeepIntent, Inc.
DEFINE MEDIA GMBH
Delta Projects AB
Demandbase, Inc.
Densou Trading Desk ApS
Digilant Spain, SLU
Digital Control GmbH & Co. KG
Digital East GmbH
digitalAudience
DIGITEKA Technologies
Digitize New Media Ltd
DigiTrust / IAB Tech Lab
district m inc.
DoubleVerify Inc.?
Dr. Banner
Drawbridge, Inc.
dunnhumby Germany GmbH
Duplo Media AS
DynAdmic
Dynamic 1001 GmbH
EASYmedia GmbH
Effiliation
Emerse Sverige AB
emetriq GmbH
EMX Digital LLC
Etarget SE
Eulerian Technologies
Exactag GmbH
Exponential Interactive, Inc
Eyeota Ptd Ltd
Ezoic Inc.
Fidelity Media
Fifty Technology Limited
Flashtalking, Inc.
Forensiq LLC
Free Stream Media Corp. dba Samba TV
Fusio by S4M
Fyber
Gamned
Gamoshi LTD
GDMServices, Inc. d/b/a FiksuDSP
Gemius SA
Genius Sports Media Limited
Getintent USA, inc.
GlobalWebIndex
Goldbach Group AG
Golden Bees
Goodway Group, Inc.
GP One GmbH
GRAPHINIUM
GroupM UK Limited
GumGum, Inc.
Haensel AMS GmbH
Happydemics
hbfsTech
HIRO Media Ltd
Hivestack Inc.
Hottraffic BV (DMA Institute)
Hybrid Adtech GmbH
ID5 Technology SAS
IgnitionAi Ltd
IgnitionOne
Impactify
Improve Digital International BV
Index Exchange, Inc.
INFINIA MOBILE S.L.
InMobi Pte Ltd
INNITY
Innovid Inc.
Inskin Media LTD
Instinctive, Inc.
InsurAds Technologies SA.
Integral Ad Science, Inc.
Intent Media, Inc.
Internet BillBoard a.s.
INVIBES GROUP
iotec global Ltd.
IPONWEB GmbH
Jaduda GmbH
Jampp LTD
Jivox Corporation
Join
Jointag S.r.l.
Justpremium BV
Kairos Fire
Kayzen
Keymantics
Knorex Pte Ltd
Kochava Inc.
KUPONA GmbH
LBC France
Leadplace — Temelio
LeftsnRight, Inc. dba LIQWID
Leiki Ltd.
Liftoff Mobile, Inc.
Ligatus GmbH
Linicom
LiquidM Technology GmbH
Little Big Data sp.z.o.o.
Liveintent Inc.
LiveRamp, Inc.
Localsensor B.V.
Location Sciences AI Ltd
LoopMe Ltd
Lotame Solutions, Inc.
Lucid Holdings, LLC
M32 Connect Inc
Madington
Madison Logic, Inc.
MADVERTISE MEDIA
mainADV Srl
MAIRDUMONT NETLETIX GmbH&Co. KG
Marfeel Solutions S.L
Market Resource Partners LLC
Maximus Live LLC
mbr targeting GmbH
McCann Discipline LTD
Media.net Advertising FZ-LLC
MediaMath, Inc.
mediarithmics SAS
Mediasmart Mobile S.L.
Meetrics GmbH
MGID Inc.
Mindlytix SAS
MiQ
Mirando GmbH & Co KG
Mobfox US LLC
Mobile Professionals BV
Mobilewalla, Inc.
Mobsuccess
Mobusi Mobile Advertising S.L.
My6sense Inc.
Myntelligence Limited
N Technologies Inc.
Nano Interactive GmbH
Nativo, Inc.
Near Pte Ltd
Neodata Group srl
NEORY GmbH
Netsprint SA
NetSuccess, s.r.o.
netzeffekt GmbH
NEURAL.ONE
Neustar on behalf of The Procter & Gamble Company
Neustar, Inc.
News and Media Holding, a.s.
NEXD
NextRoll, Inc.
Nielsen Marketing Cloud
Norstat Danmark A/S
Noster Finance S.L.
Notify
numberly
Oath (EMEA) Limited
Ogury Ltd.
On Device Research Limited
OneTag Ltd
Onfocus (Adagio)
Online Solution Int Limited
Onnetwork Sp. z o.o.
OpenX
Optomaton UG
Oracle
Oracle AddThis
Orion Semantics
ORTEC B.V.
Otto (GmbH & Co KG)
Outbrain UK Ltd
PaperG, Inc. dba Thunder Industries
Passendo ApS
Perform Media Services Ltd
Permodo GmbH
Permutive Ltd.
Permutive Technologies, Inc.
Pexi B.V.
pilotx.tv
PIXIMEDIA SAS
Platform161
Playbuzz Ltd.
PLAYGROUND XYZ EMEA LTD
plista GmbH
Pocketmath Pte Ltd
Polar Mobile Group Inc.
PowerLinks Media Limited
Predicio
PREX Programmatic Exchange GmbH&Co KG
Programatica de publicidad S.L.
Proxi.cloud Sp. z o.o.
PROXISTORE
Publicis Media GmbH
PubMatic, Inc.
PubNative GmbH
PulsePoint, Inc.
Qriously
Quantcast International Limited
Rakuten Marketing LLC
Readpeak Oy
Realeyes OÜ
ReigNN Platform Ltd.
Relay42 Netherlands B.V.
remerge GmbH
Research and Analysis of Media in Sweden AB
Revcontent, LLC
Reveal Mobile, Inc
Rezonence Limited
RhythmOne, LLC
Rich Audience
RMSi Radio Marketing Service interactive GmbH
Rockabox Media Ltd
Rockerbox, Inc
Roq.ad GmbH
RTB House S.A.
RTK.IO, Inc
RUN, Inc.
salesforce.com, inc.
Samba TV UK Limited
Scene Stealer Limited
Seeding Alliance GmbH
Seedtag Advertising S.L
Seenthis AB
Semasio GmbH
Seznam.cz, a.s.
ShareThis, Inc.
Sharethrough, Inc
SheMedia, LLC
Shopalyst Inc
ShowHeroes GmbH
Sift Media, Inc
Signal Digital Inc.
Signals
Simplifi Holdings Inc.
SINGLESPOT SAS
Sirdata
Sizmek
Skaze
Skimbit Ltd
SlimCut Media SAS
Smaato, Inc.
Smadex SL
Smart Adserver
Smart Traffik
smartclip Europe GmbH
Smartclip Hispania SL
Smartme Analytics
Smartology Limited
SMARTSTREAM.TV GmbH
SmartyAds Inc.
Smile Wanted Group
Snapsort Inc., operating as Sortable
Sojern, Inc.
Solocal
Somo Audience Corp
Sonobi, Inc
Soundcast
Sourcepoint Technologies, Inc.
Sovrn Holdings Inc
Spolecznosci Sp. z o.o. Sp. k.
Sportradar AG
Spotad
SpotX
StackAdapt
StartApp Inc.
Steel House, Inc.
Ströer Mobile Performance GmbH
Ströer SSP GmbH
Sub2 Technologies Ltd
Sublime
SunMedia
TabMo SAS
Taboola Europe Limited
TACTIC™ Real-Time Marketing AS
Tapad, Inc.
Tapjoy, Inc.
TAPTAP Networks SL
Targetspot Belgium SPRL
Teads
Tealium Inc
Teemo SA
Telaria, Inc
Telecoming S.A.
Telefonica Investigación y Desarrollo S.A.U
Teroa S.A.
The ADEX GmbH
The Kantar Group Limited
The Ozone Project Limited
The Reach Group GmbH
The Rubicon Project, Inc.
The Trade Desk
Think Clever Media
Timehop, Inc.
TimeOne
Totaljobs Group Ltd
Tradelab, SAS
travel audience GmbH
TreSensa, Inc.
Triapodi Ltd.
Triboo Data Analytics
TripleLift, Inc.
Triton Digital Canada Inc.
TrueData Solutions, Inc.
Tunnl BV
twiago GmbH
UberMedia, Inc.
ucfunnel Co., Ltd.
Underdog Media LLC
Unruly Group Ltd
Uprival LLC
usemax advertisement (Emego GmbH)
Ve Global
VECTAURY
Venatus Media Limited
Vibrant Media Limited
video intelligence AG
Video Reach
Vidoomy Media SL
ViewPay
Viralize SRL
Visarity Technologies GmbH
WebAds B.V
Webedia
WebMediaRM
WEBORAMA
Welect GmbH
WhatRocks Inc.
White Ops, Inc.
Widespace AB
Wizaly
X-Mode Social, Inc.
xAd, Inc. dba GroundTruth
Yieldlab AG
Yieldlove GmbH
Yieldmo, Inc.
Yieldr UK
YOC AG
ZBO Media
Zemanta, Inc.
zeotap GmbH
Zeta Global
Ziff Davis LLC
ZighZag

Non-IAB Vendors
Amazon
Facebook
Imonomy
Instagram
IRIS.TV
Pinterest
torfx
Twitter
WhatsApp

--

--

--

Joe thinks about things & cares about people. He is a polymath, autodidact, entrepreneur, citizen, friend, technologist, artist, writer, and follower of Jesus.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Why Huawei and Chinese Technology Companies Are A Problem

Who let the Dogs Out — Active Directory Domain Enumeration & Exploitation using BloodHound

Tryhackme OWASP Top 10 Challenge

Smart Camera Driver Download

How To Eliminate Costly Tech Disruptions In Your Company

What Role Should Trust Play in Privacy?

Announcing DSLA Maxima “Oasis Edition”

black Friday and cyber monday Godaddy hosting offers sale

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joe Chiarella

Joe Chiarella

Joe thinks about things & cares about people. He is a polymath, autodidact, entrepreneur, citizen, friend, technologist, artist, writer, and follower of Jesus.

More from Medium

Sea Shadow (IX-529) — The Final Viewing

IF IT’S GOOD FOR CARS, WHY NOT GUNS?

Celebrating Tolkien and Zeppelin Along “The Coast”

Luchtreiniging — Air purification — HEPA