Binary code

Collected, bundled, and sold: your sensitive private data

As a follow-up to our “Data trackers are watching your every (digital) move” article, we’re sharing 7 more instances where your sensitive private information and personally identifiable data are trackable, in many cases without your opt-in approval.

Why does it matter? Because once data is created, it lives on indefinitely and becomes a commodity that companies like data brokers convert into revenue streams. “These companies share just about everything. ‘It’s what Web pages we visit, where we’re shopping, who we’re interfacing with on social media — all of that information is available to be collected by entities that park themselves on the various websites,’” said one former Federal Trade Commission commissioner.

Another area where personal data is being monetized is referred to as “Telecom Data as a Service” or TDaaS, in which mobile service providers capture, bundle, and sell aggregate customer data to advertisers and other third-parties. This data “is seen as potentially more valuable than some other consumer data because it directly connects mobile phone interactions to individuals through actual billing information.”

Before you re-assure yourself that you’re protected by the anonymous nature of aggregate customer data, consider that two different research studies have demonstrated that individuals can be identified in large, anonymous data sets using as few as 4 data points—like, say, a public tweet that mentions a place you were visiting.

Given the threshold is so low for turning a few data points into a personally identifiable profile, the best defense may be simply limiting the data collection in the first place. With that in mind, here are some data tracking technologies to watch for:

1. Your ambient conversations aren’t believed to be recorded, but Alexa and Google Home listen to everything you say in order to activate each system. You can restore privacy by using the physical mute button on each device.

2. Uber is collecting location information for up to 5 minutes after rides end. Unless you opt out, Uber collects a rider’s location even after closing the app.

3. Some types of wearable devices record the movements of users’ hands. These devices can be hacked in real time to reveal ATM PIN numbers and other key-based security codes.

4. The conversations kids have with these cute toys through an app are being sent to a third-party server in the U.S. without asking for permission first.

5. Android apps that are downloaded outside of Google Play are not always secure. Hackers create lookalike apps that, when downloaded, can take over a device, spread ransomware, and steal data.

6. Headphones can be hacked into and used as listening devices.

7. Even when Shazam is turned off on a Mac, the microphone remains active. The stated purpose is to create a better user experience, but it leaves the app vulnerable to hacking.