Cyber Security Awareness Month is over, and the results are in from our #datadilemma experiment. Over the past four weeks we asked you a series of hypothetical questions about which types of data you want to keep private. Our goal was twofold: First, we were curious about what information people find most sensitive. And second, we wanted to make the issue of data privacy feel more immediate and personal.
Now that we have your responses, we want to take a closer look at the patterns we noticed and give you some tips on how to best mitigate your risk.
Spotify playlists vs. YouTube viewing history
It seems as though people are decisively less concerned about sharing their music preferences than their YouTube viewing habits. However, both of these leaks could have wider ramifications thanks to both services’ reliance on linked accounts.
Spotify offers the option to link its account to your Facebook account, which was problematic from a cyber-security point of a view even before the news of Facebook’s exposure of user access tokens. While it is certainly convenient, linking accounts this way means that if an account is compromised, the amount of data put at risk is much greater. If you use your Facebook account to set up your Airbnb, Instagram, Spotify, and Tinder accounts, then these other accounts could be compromised if your Facebook account gets compromised.
Our advice: Do not use Facebook or Google to connect to other platforms. It is no different than repeating the same password across different accounts.
As a Google subsidiary, YouTube pushes you to sign in with your Google account. Not signing in with Google, and viewing Youtube on private browsing mode, along with using a VPN, is one way to keep your Youtube viewing history from being stored and tied to you personally.
Google search history vs. Amazon purchase history
Over two-thirds of respondents preferred to have their Amazon purchase history leaked before their Google search histories, reflecting just how ubiquitous Google is in everyday online activity. However, both Amazon and Google have troves of data on their users and numerous ways of gathering personal data, including mobile and/or Alexa-enabled devices.
Google search history:
As we mentioned previously, Google collects an immense amount of user data and uses it to build profiles on you. Your search history is a good proxy for your browsing history in general. It can easily expose your location, your interests, political leanings, and relative wealth.
Our advice: Use the DuckDuckGo search engine, which does not keep a record of your Internet searches.
Amazon purchase history:
As Amazon takes over a larger and larger share of retail, it encompasses more and more of an individual’s total purchases. This data alone can tell you a lot about someone, such as their relative wealth and buying habits. The ubiquity of Amazon also makes Amazon accounts more sensitive. Amazon accounts also include access to your Amazon devices, such as an Echo. Intruders would have access to all the voice recordings and requests made to Alexa which would give them further insight into your daily routines.
Our advice: Make sure your Amazon account is protected with a strong, unique password, activate Amazon’s two-factor authentication feature, and regularly check your account for strange or unauthorized activity. If you are using devices/services such as Echo or Alexa, carefully manage your privacy settings.
Phone call history vs. Phone location history
While less decisive than the previous weeks’ results, far more respondents said that they would rather share their phone call history than their phone location history. This may be a reflection of the fact that phone call records have long been kept by phone companies while having a device that is constantly at our side logging our locations is a relatively recent development.
Phone call history:
As some users pointed out, phone companies keep a detailed list of every phone call that is made. This is what allowed the metadata tracking done by the NSA to be so vast. It very well could be that in the wake of the Snowden leaks, there is not as much of an expectation that your phone call history — who you called when and how long the call was — will remain private.
Phone location history:
Given that each phone is a GPS-enabled device and that so many services, like Uber, Threadless, and fitness apps, rely on your phone (or a linked device) tracking your location, your phone’s whereabouts are almost always accounted for. Data leaks from similar services have already exposed the location of secret military bases, so there is no question that your phone’s location history could contain very revealing data.
Browsing history vs Emails
In what was the most far-reaching question of our Data Dilemma campaign, a large majority of respondents chose to have their browsing history exposed rather than their emails. Both offer an unparalleled view into the thoughts and dispositions of individuals but emails can also contain much more personal touches.
Your browsing history is a treasure trove of data. Back in 2012, much was made of how Target could predict whether someone was pregnant based on their recent purchases. This is dwarfed by the predictive capacity someone would have if they had access to your browsing history.
Our advice: We have an entire guide dedicated to protecting your online browsing activity but there are three things you can do to reduce the vulnerability of your browsing history. Use the Brave web browser, which does not track your activity. Use a VPN to keep your ISP from keeping a record of your browsing history. And, to keep your browsing as anonymous as possible, use Tor.
Email presaged modern life’s shift to the digital domain. It has almost completely replaced letters and other forms of correspondence. An email leak in today’s world could expose sensitive business information if it is your work email or deeply private conversations if it is your personal email account.
Our advice: Use ProtonMail or other end-to-end encrypted messaging services to handle your communications.
Breaches can and do happen — one only has to look at the headlines to have that driven home. We have posed these questions in an attempt to make you think about which organizations have what data. As long as you are online, you will need to share data. The question is who you trust with it and what they do to protect it. Making a few adjustments to your normal online routine and using privacy-focused services will go a long way to ensuring that none of these leaks ever affect you.
We thank everyone that responded to these questions and shared their thoughts and suggestions for questions of their own.