How much data is being gathered about your internet habits right this minute? Do you know. What about on this very website? Do you think that you are anonymous because you are sitting in the "privacy" of your own home?
As a simple example lets see how much information my home built webserver can gather about you. Here is a little test page I put together in about 30 minutes. It demonstrates how simple it is to gather data that can be used to identify you. Who Are You Demo.
As you can see the webserver my site runs on can and does gather your IP address, what site referred you (ie the site where you found the link that brought you here), your web browser version and which pages you visited and for how long. This data is stored in logs which can be converted into analytics friendly structures. It is then a simple matter of checking against a location database to figure out where you are.
Before you say it, this was all done with freely available software which is used by every webserver on the planet. Nothing I just showed you was uncommon or illegal. In fact it was just the tip of the iceberg.
Now you may say that you are safe because you use a mobile device, but even that is no guarantee of privacy. In fact your mobile device is even more likely to give up your location as many now come with built-in gps systems that broadcast your location to cell towers. This is supposed to be for helping manage data traffic. Some mobile browsers even send your gps location to websites you visit (although they have to ask the first time).
Its not only your computer or your phone that tells the world who and where you are, so do the photos you take with your Phone. Thats right, your digital photos (can) store information about where and when a photo was taken. They even embed the make and model of the device used to take the photo.
Any geo-location enabled device (such as an iPhone, Blackberry or Android Device) that you use to take photos can embed that location data in the images files themselves. This location data can be used to identify where you were when you took this photo. Just think about all those iPhone photos you uploaded to Facebook...
If you dont believe me, here is a little system I put together to demonstrate. Geo Map Photo.
At this stage you might say big deal. How bad can it be if a website knows where I am or how long I spent on a website. Well at this stage I cant learn anything more about you... unless you leave a comment.
Like all websites to leave a comment you need to supply a name and email address to complete the submission process. In addition you can optionally leave the address of your website and/or twitter handle. With this information I now know your name and how to contact you (if I so wished). I can search facebook using your name/email and gather information that way (more on this later).
If you gave me your website domain it is possible for me to look up the registered details for that domain name (which include the domain owners name and address.
So lets say you gave me your twitter handle. Well I can now follow you and determine what your interests are. By seeing who you follow and what you say I can determine what your politics are. If you are signed up to a service like foursquare I can get notifications about where you are whenever someone signs you into a location.
Going back to mobile devices for a minute. If you have a twitter app on your mobile device, more than likely it will have a feature to send your location with your tweets. This would be great information to know if someone wanted to burgle your house and needed to know if you were out.
If you are starting to get a bit worried then you should really think about the information you put out on social networking sites like Facebook and MySpace.
Social Networking sites are a goldmine of personal information. If your profile is visible, I can learn who your friends are, who your relatives are. What your date of birth is and the name of you pet dog. By themselves these are pretty useless pieces on information... unless they also happen to be the answers to security questions for your online banking account.
How many of us have played online games on social networking site. Do you remember them asking permission to share your personal details with the app? Do you know what details were shared and how those details were used? Its pretty easy to create an app that can report all your personal details back to a third party database (to be used for anything).
Oh and speaking of online banking. I really hope you didn't decide to "Like" your banks facebook page, because now I know where you bank.
I am not an expert on hacking, but it should be obvious to you by now that hacking is a lot less about technical wizardry and more about gathering the information we all freely give out. Speaking of hacking...
How many of us now have accounts with online gaming networks, or online media networks? Sony, Sega and Nintendo have all been hacked in the past month. Did you know about that? Do you have an account with them... an account that lists your details and has your credit card on file? An account which lists a password you may be using for other things?
How much do you trust their PR department to tell you the truth about what "may" have been stolen?
In talking about all this new technology I almost forgot to mention something. Email, that electronic replacement for the old paper letter, is not secured in any way.
Thats right, every single email we send to each other is sent Un-Encrypted. This means that any device anywhere on the same network path from sender to receiver can read our emails. Not only this, but the government actually requires business's to store emails for several years. This supposedly does not apply to personal email accounts, but I really dont know.
Even the email we send to each other "could" potentially be being used to gather data on us.
Its not just Social Media and the Internet that are risky. Consider how many times you get asked at a cash register for your phone number, address or email address (or all of the above). It happens a lot when you think about it. A friend of mine was asked for his phone number and address recently when he purchased a set of wiper blades.
When you sit down and think about it your personal details are probably on hundreds of databases. Do you think every single one of them is secure? If big corporations with huge IT budgets can (be storing your data unencrypted) and get hacked, what about these smaller guys?
Question: Do we really need to be giving out our phone numbers to buy wiper blades?
The reality is this, social networking sites are business's. Business's are business's. They are not out to be good or evil. They do not have any morality. They have one purpose only, and that purpose is to make money. The security of your data is only going to be a concern as far it it is profitable.
For a free service like Twitter or Facebook the only way they can make money is either selling you stuff...or selling stuff about you to others. As for other business's, they still want to maximize their profit so they are all for jumping on the bandwagon.
Any business that stores information about you see's you as a commodity first a client second (if at all). I know that sounds harsh but its a simple reality.
So at this stage you can see that we freely give out a lot of personal information about ourselves to a lot of people we dont really know to be used in ways we cant track. There is a lot of potential for misuse. The really scary thing though is when all this information starts to get linked up.
I run a small personal website with virtually no resources and I can find out a great deal about you if you visit (and I was really bothered). Now imagine a company like Google or Facebook or Microsoft or Yahoo.
Taking Google as an example (Yahoo and Microsoft have similar capabilities) . Do you know how many websites you visit have google analytics installed? This is a piece of software which is great for web developers as it gives them (including me) free analytics data about site visitors. However if you take it to the next logical step you see that it also gives Google a huge amount of data on the browsing habits of individuals.
Unlike a single site, Google can potentially track you from site to site as long as each site uses the analytics plugin (and many now do). Even if one site does not, the next site you visit can potentially know where you last were depending on if you followed a direct link. This can be linked into the search terms you type into the search engine to build a more complete profile of who you are.
Question: Did you ever wonder why the adds that appeared on some sites seemed so appropriate for you?
In addition to analytics, corporations such as Google are building a database of where hardware devices are physically located. See here. This along with your mobile phone/tablet make it very easy to find you. This technology is how I was able to figure out where you were on that demo page.
I wish I could stop here and say this is all we have to worry about, but progress waits for nobody. Every single day new and inventive ways of tracking, recording and identifying us are invented. This is too often combined with a complete lack of respect for the individual.
I hate to keep naming a particular company but Facebook in particular has a less than stellar record when it comes to its users privacy. It was only recently that we realized that Facebook has rolled out a facial recognition feature that allows you to be identified in photos.
This is a seriously creepy feature in the wrong hands and I know I was never told about it when this feature was enabled. Yes when I found out about it I was able to opt out, but wouldn't it have been nice to be given the choice to opt-in instead of having to opt-out. And what about the photos I have already been tagged in, does that data get erased?
So with all this technology available it would be fair to say that we are putting a huge amount of faith in the integrity of business's (and governments) to keep our data secure and not misuse it. We know we can trust these folks to not lie, cheat or steal from us. Sure accidents happen but that's it, they are just accidents.
Yeah right.
Remember what I said about business not being good or evil. Well its true and I now include governments in this statement. Business's are only interested in making money, and governments are only interested in staying in power.
Of course if they should take shortcuts to save a buck or do something wrong, more often than not they will try to claim it was an accident, or in our best interests. We all remember how Google "accidentally" gathered all that wifi network traffic with its Street-View cars.
So far I have shown you all the dangers to us as users of this technology, and the potential benefits to business's (and other agencies). What I have not yet shown you is the benefits to us the users. There is a reason for this... I cant find any. Well not many.
Yes social networks can be a great fun and the Internet really is a great tool. Sometimes its even nice to get reminders from our local hardware shop about a new set of shiny tools coming in. However do the benefits outweigh the costs?
To finish let me ask this. Who owns your information? You have willingly submitted it to privately owned and run computer systems, operated by business's and agencies who have no interest in your personal rights beyond what is required by law. What do you think they are doing with the information you have given them about your life and that of your friends and family?
In the end I say this. We cannot and should not abandon technology and the freedom of information the internet has brought about just because some bad things could happen. However we must always remember that our data is valuable to others and not just give it out like free candy.
We must be aware of the risks and make informed decisions. This is the new digital reality of our world and we need to stop treating it like a school playground.