You probably know that your online activity creates a data trail. But technology is creeping into the offline world, making it difficult to go anywhere without leaving a trace.
March 28, 2018 8 min read
The Facebook data breach scandal involving Cambridge Analytica has heightened the public’s awareness of the potential costs of using so-called free online services. Governments are beginning to investigate Facebook for allowing developers to distribute consumer data without proper disclosure, while some individuals (including WhatsApp co-founder Brian Acton) are deleting their Facebook accounts and encouraging others to follow their example.
Such privacy concerns aren’t new to on the web, of course. In 2013, when Edward Snowden leaked information about the National Security Agency’s (NSA) PRISM surveillance program, the revelation that the U.S. was tapping undersea cables to collect data cemented conspiracy theories that Big Brother was watching.
While some people strive to avoid being tracked online, from opting out of social media to encrypting their messages to placing a piece of tape over their webcam, it’s difficult to thwart all parties’ efforts to keep tabs on you and your location, your preferences, your purchases and more. That’s because, regardless of whether you have a robust online presence, if you’re alive in the 21st century, one way or another, you’re leaving a trail.
Conscious online activity is only one way to create a record. Merely carrying around a smartphone, using a virtual assistant such as Amazon Alexa, driving a car or walking around in public all might make you susceptible to being tracked. Read on for a list of ways people are already being tracked in the real world — or may be in the future.
License plate databases
The U.S. Immigration and Customs Enforcement (ICE) agency has access to a private company’s database of license plate records and location-tagged photos, The Verge reported in late January.
The data may have been collected from vehicle repossession agencies and cameras on police cars and highway infrastructure, among other sources. A network designed to collect this information has the potential to report 100 million vehicle sightings each month, with date, time and location attached to each record.
The potential result is a searchable database, from which ICE could search for a list of every place a given license plate has been spotted over a five-year period — or set up real-time alerts for when records of certain plates surface in the database.
Credit reporting agencies
Individuals don’t submit their information to credit bureaus such as Equifax. Credit bureaus collect sensitive personal information and sell it to banks, insurers, retailers and more to help them confirm your identity when you apply for credit. However, there’s always the risk of identity theft if breaches occur.
This example might be obvious, considering the events of last year. From May through July 2017, Equifax, one of three major U.S. credit reporting agencies, experienced a massive data breach that exposed the personal information of a whopping 143 million Americans.
“Hackers accessed people’s names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers,” according to the FTC website. “They also stole credit card numbers for about 209,000 people and dispute documents with personal identifying information for about 182,000 people.”
Smartphone location tracking
Sometimes, when your phone is in your pocket or bag, powered on but not in use, it’s passively helping companies collect data about you.
For example, if you spend some time in a retail chain store, within the next few days (or sometimes hours), you might see an Instagram ad for that store in your feed. Because of increasingly precise location tracking, your phone can collect records of where you go, and the services you use can apply that data to help companies target you with ads.
That’s also why, when you Google a restaurant, Google surfaces an hour-by-hour bar graph to show you how busy the restaurant is in that moment, compared to the typical, say, Saturday at 6 p.m. Google gets real-time feedback about the number of smartphones with Google-powered location-tracking apps in that precise location, and the number of Google searches for that particular place, then automatically produces that graph. Google users only have access to others’ locations in aggregate.
In the past, companies have misled users about whether they were engaging in location tracking. The FTC charged Singapore-based mobile advertising company InMobi with tracking consumers’ locations in cases when consumers had denied location-tracking permission to the apps using InMobi’s software.
Similarly, Google recently got caught tracking locations of Android users who had opted out. The company was able to match Android phones with various cell towers to triangulate a phone’s location, according to a Quartz investigation. Google told Quartz that it would end the practice.
Connections between digital ads and purchases
If a company buys online advertising from a platform such as Google, it’ll want to make sure it’s getting its money’s worth. That’s why Google has developed a method of linking credit card purchases with a Google user’s profile.
Just being able to show advertisers that Google users were visiting their stores in person, thanks to location tracking via Google Maps, was not enough to convince those advertisers that they were getting a decent ROI, because Google previously couldn’t prove that those store visitors actually bought anything.
“Google’s third-party partnerships … capture approximately 70 percent of credit and debit card transactions in the United States,” the company stated in a May 2017 blog post.
Related: 8 Times Uber Has Tracked People
This goes for credit card purchases made at brick-and-mortar stores and retailer websites. Google can match a credit card purchase with an ad click by a Google user, but in an “aggregated and anonymized way” that doesn’t give retailers access to individual customer data.
Another company that helps advertisers measure the effectiveness of ads is Foursquare, through a tool called Attribution. However, Foursquare measures foot traffic instead of tracking purchases. Fast-food sandwich chain Subway has used Attribution to measure foot traffic resulting from its ads on music app Pandora.
Objects in your home
Last year, iRobot CEO Colin Angle confirmed to Reuters that the Roomba — a disc-shaped mini vacuum cleaner product — maps users’ homes to help it avoid bumping into walls and furniture. Angle explained that iRobot would be interested in establishing a deal with Apple, Amazon or Google in which it would share Roomba-generated maps — with customers’ “informed consent.”
Angle discussed the potential for this type of mapping technology as the smart home market grows. When the news broke that iRobot had its sights set on sharing the map data, some people expressed privacy concerns related to targeted advertising and home security.
In late 2016, the Electronic Privacy Information Center and the Campaign for a Commercial Free Childhood, among other groups, filed a complaint to the FTC regarding a company called Genesis Toys. Genesis, the maker of the My Friend Cayla doll and the i-Que Intelligent Robot, contained voice recognition software from Nuance Communications that allowed dolls to ask children questions, then keep records of their answers via cloud-based speech processing software. Questions included things such as the children’s parents’ names, the name of their school and more.
These dolls are not the first internet-connected toys that have raised concerns about compliance with the Children’s Online Privacy Protection Act of 1998. Mattel’s Hello Barbie and a teddy bear from Fisher-Price were previously shown to have the potential to leak user data.
Some people have wondered whether virtual assistants such as Amazon Alexa collect audio of any conversation or sound that plays within users’ homes, but their makers explain that the devices don’t collect data until their users say a “wake word” (i.e., “Alexa!”). Users can also delete their voice-search history.
In the U.S., a good credit or FICO score often is required to obtain a loan, sign a lease on an apartment, avoid high interest rates and more. But in China, a new system of social credit is taking individual quantification to a new level.
The goal of this system is for nearly all of an individual’s activities to factor into a numerical social credit score. Whether or not an individual engages in environmentally sustainable behavior or criticizes the government can impact their score, along with their education level, purchase history and even the social credit scores of people with whom they associate, Wired reports.
The higher someone’s score, the greater their access to certain perks. For example, people with a score of 650 or higher might not have to pay a deposit on a rental car. Certain scores promote users’ profiles on dating apps or even make travel security more streamlined. On the flipside, low scores limit social credit participants’ opportunities.
If you’ve ever seen the episode of Black Mirror titled “Nosedive,” you’ve seen the hypothetical pitfalls of this concept play out.
Related video: How to Create Video Content Without Being on Camera