Page 1: Your Image in the Cloud

Unit 1, Lab 4, Page 1

On this page, you will consider what information is available online about you and reflect on your online data sharing habits.

Personally identifiable information (PII) is information that can let others figure out who you are and possibly get more information like your Social Security number, age, race, phone number(s), medical information, financial information, or biometric data (such as your thumbprint or face scan).

Personally identifiable information about you can easily get to people you don’t want to have it. Posting a picture of you and your friends to a website reveals information about where you were and what you were doing. This may violate both your own privacy and that of your friends. If your phone is lost or stolen, someone else might get access to pictures or messages you thought were private. That’s why data on cell phones is normally encrypted so it can’t be recovered without your password. Having to type your password is a trade-off between convenience and security. But some recent research has shown that cell phone apps are often written to collect information about you and your contacts and location without your knowledge, mostly to sell targeted advertising.

Having PII shared online can have benefits. For example, it can be used to show you personalized movie recommendations or simplify online purchasing by suggesting things you are likely to buy based on previous purchases. Shared PII also has risks: It can be used for identity theft, harassment, kidnapping, fraud, etc.

Don’t be too afraid of the criminal possibilities. Sharing information online is like crossing the street: Don’t be afraid to do it, but do it carefully.

  1. Talk with Your Partner Discuss: What kind of digital information is out there about you?
    • With a partner, list the kinds of information someone might be able to find out about you by searching on the Internet.
    • Which of these things are information that you voluntarily put online?
    • Which of these things would you prefer to keep private?

One reason you are asked to choose a username when you get a Snap! account is to give you the freedom to express political or personal issues without tying those conversations to your actual identity.

Read More What laws exist to protect PII?

United States law says that websites must post a privacy policy that explains what they will do with the information you give them. This is still a pretty weak protection; privacy policies are often very long, written in legal language, and make it hard to figure out what is collected and how it is used. In California, the California Consumer Privacy Act (CCPA, 2020) and its update, the California Privacy Rights Act (CPRA, 2023), give residents stronger rights: to know what data is collected, to say no to its sale, and to request that companies delete it. Other states (Colorado, Virginia, Connecticut, Utah, and more) have passed similar laws.

In Europe, the General Data Protection Regulation (GDPR) has been in full force since 2018. It defines what counts as personally identifiable information (PII) and requires websites to get your clear, affirmative consent (a definite “yes,” not just failing to say “no”) before collecting or using that information. The GDPR also prohibits companies from denying you a service that is otherwise free just because you declined to give permission for some uses of your data.

For example, to create a Snap! account you must provide an email address. That single piece of information is considered PII under GDPR, because it can identify you directly or in combination with other data. Privacy rules also vary depending on your age: in the U.S., children under 13 require parental consent because of COPPA (the Children’s Online Privacy Protection Act), while in most of Europe the cutoff age is 16. If you or your parent ask for your Snap! account to be deleted, the law requires that to happen quickly — and Snap! needs just enough information to verify that the deletion request really came from you (or your parent), not from someone else acting as a prank.

  1. Think of some website on which you have an account. It can be one of the huge ones, such as Google, Facebook, or Amazon, or it can be a site associated with a store, a TV show, or a game.
    1. How do you connect to that site when you’re using a computer?
    2. How do you connect to the site using your cell phone?
    Compare your answers with other students.

From a privacy point of view, using a browser is much better. If you’re like most people, when you are on a computer you use a web browser (such as Chrome, Safari, Edge) to connect to all websites you visit. But on your phone, you may have a separate app installed for some sites (such as Instagram or Facebook).

Read More Why does it matter how you connect?

  • In a browser, you can install privacy extensions (such as uBlock Origin, Privacy Badger, or DuckDuckGo Privacy Essentials) that reduce the ability of websites to track you. These tools can block ads, prevent invisible “tracking pixels,” and limit third-party cookies. In contrast, site-specific apps don’t allow the same level of control — you accept their built-in permissions when you install them.

  • When you close a computer browser, it stops running and no longer sends data. Most modern browsers also offer “private” or “incognito” modes that avoid saving history and cookies locally, though they don’t prevent websites themselves from collecting data. On phones, apps can sometimes run in the background, but today’s operating systems (iOS and Android) limit what they can do when not in active use. Apps must request permission to access contacts, location, microphone, or photos, and you can review or revoke those permissions in your settings. Still, companies may collect metadata — like when and how often you use an app — even without direct access to your personal files.

  • On a computer, your information is usually stored on the computer’s hard drive, though many apps also sync data online. Phones store data both locally and in cloud services such as Apple iCloud, Google Drive, or Samsung Cloud. This makes it easier to back up, share, and restore your information, but also means that much of your personal data lives on servers owned by large companies, often outside your control and possibly in countries with different privacy protections.

  1. Talk with Your Partner Discuss these questions, and write down answers with as much detail as possible.
    1. What does Google know about you?
    2. What does your cell phone carrier know about you?
    3. What does Facebook know about you?
    4. What does the US government know about you?

“What does organization X know about you?” is kind of a trick question because many these companies and institutions share the information they collect about you. This kind of data sharing is important—and problematic—because different kinds of information, while possibly unimportant by themselves, can become a serious privacy problem when combined. For example, your cell phone carrier knows every place you go and Google knows what people or businesses live at every address; in combination, these two kinds of information can reveal whether you’ve visiting a divorce lawyer, an AIDS doctor, or other possibilities that could be embarrassing (or worse) if revealed.

There are even companies whose sole business is to collect information about you from other companies, large or small, that you use online. (One of the authors looked himself up at Acxiom, one of those companies, and here’s what he found. The information circled in red is incorrect.) But the biggest data gatherers are Google, cell phone carriers, Facebook, and governments, such as the US government or the Chinese government.