I learned a new word yesterday: “Data Shadow”. It’s the footprint your activity data makes on the infosphere- your credit, cell phone and banking records, and your tracks on the Internet. I’ve been online for over 15 years, so my Internet ‘data shadow’ is quite long, I’m afraid. There isn’t much I can do to make it go away, as a lot of that information is stuff I can’t get my mitts on, as it’s squirreled away in databases of credit companies and banks. It should stay there. It should not escape, or be ‘mined’ by people who want to ‘profile’ me. We exist in a delusion that we have privacy. We do not. The Quechup debacle that is making its rounds on the web is a prime example of spamming and privacy violation going nuclear. Quechup asks you to provide your email address and password (!) to find your friends online.
Woops. You should never ever give some marketing firm the keys to your contact book. They’ll raid it every time. That information is gold to them. (It’s too bad we can’t make them pay dearly for it. Instead, they steal it from us.)
A few months ago on my personal blog, I recommended the company “Rapleaf” as a means to build your reputation if you’re selling stuff online. The lure was to provide your basic information for them to post, and then your friends could find you there, and build your online reputation. Hey, that was cool- while I do not sell stuff online, it couldn’t hurt to have good feedback from friends.
If it had just been that, I would have been fine with it. But imagine my horror when I discovered that it had linked to my Amazon wish list and my Flickr account- two things that I did not provide to it, and had no way (at the time I signed up) to block from its prying eyes. So, for a while, my private address was visible for the world to see. I went to Amazon and made all my wish lists private, and I also wrote to Rapleaf and told them to take me out of their database. Happily, they did so quickly. (I had to write to them, as they did not have any online means to remove your data from their files.) And they now have means of hiding those social networks you belong to from public view, but again, they’d ‘improved’ their site to include them without warning me that they would do this.
I’m a fairly private person. It isn’t because I have anything to hide- it’s just that I am not willing to put my whole life online- just the parts of that I choose to. And therein lies the rub: I am not permitted this choice by these busy-body data-miners who want to ‘profile’ me and Sell Me More Stuff. I don’t want to be ‘profiled’. I don’t want people peddling Yet More Stuff to me. But that is their ultimate goal:
Privacy advocates, of course, have complained about aggregation of personal content like this for years. Put this information in the wrong hands–of say, a stalker–and you could have a problem. In the hands of a government, it’s a means to spy; in the hands of a hacker, it’s an opportunity for identify theft; and in the hands of a marketer, it’s a potentially lucrative business.
That’s particularly true because this coalesced data could be personally identifiable–tied to names, e-mail, physical and IP addresses and other details on the person’s habits. At a time when the heat is on search engines like Google and Microsoft to regularly purge personally identifiable and search history data on users, sites like Rapleaf are amassing detailed profiles from publicly available data.
“There’s no question we’ve entered an era where people are simultaneously living their lives online. But there’s a naive quality here that these sites have set up. The sites appear to be cool, but what lurks underneath is a powerful force designed to stealthily observe and collect data about you, and develop a marketing campaign to get you to behave the way they want,” [emphasis mine] said Jeff Chester, director of the Center for Digital Democracy, a Washington-based consumer advocacy group.
I went to a private meeting a couple of weeks ago that had a lot of high-level information about identity theft, and what compromises ‘personally identifiable data” (PID) and discovered that our laws are a mess where this is concerned. It shouldn’t be this bad: Europe and other countries have much tighter privacy laws, and the mining and use of PID is much more closely monitored and regulated.
Not in the US. Sites like Amazon keep information about us hanging out in the clear by default, for people like Rapleaf and its kin to sweep up and consolidate in a single place for anyone to use. We really need to start putting pressure on both the government and private industry to put the brakes on this sort of thing. It should be an escalating action: investigations by the FTC, demands for data to be held private and no PID of any sort permitted, and even class-action lawsuits. These are tools that citizens can use to take back our privacy. Identity theft is rampant, and sites like these are ripe for the picking.
Is there a solution- besides nagging and suing and being a thorn in their sides? Maybe. Here’s one: These companies should pay for this information. And I don’t mean pay other companies- I mean pay us for permission to use our information. If we hit them in the pocketbook, they might think twice about data-scraping (more like data-raping) us. It could be a ‘reverse subscription’: they could pay us monthly for the privilege of following us around and learning our habits so they can Sell us More Stuff. That would permit people who like being followed to get their share of the ‘gold’ and let folks like me be left alone.
So consumer, beware. You’re being watched and monitored- both online and off. Don’t think that even anonymous surfing will protect you: it won’t. In fact, it’ll make people suspicious. Just watch where you go, and carefully investigate anything you decide to join. Some things are not what they seem.