Page 1: Your Image in the Cloud

Unit 1, Lab 4, Page 1

On this page, you will consider what information is available online about you and reflect on your online data sharing habits.

Personally identifiable information (PII) is information that can let others figure out who you are and possibly get more information like your Social Security number, age, race, phone number(s), medical information, financial information, or biometric data (such as your thumbprint or face scan).

Personally identifiable information about you can easily get to people you don’t want to have it. Posting a picture of you and your friends to a website reveals information about where you were and what you were doing. This may violate both your own privacy and that of your friends. If your phone is lost or stolen, someone else might get access to pictures or messages you thought were private. That’s why data on cell phones is normally encrypted so it can’t be recovered without your password. Having to type your password is a trade-off between convenience and security. But some recent research has shown that cell phone apps are often written to collect information about you and your contacts and location without your knowledge, mostly to sell targeted advertising.

Having PII shared online can have benefits. For example, it can be used to show you personalized movie recommendations or simplify online purchasing by suggesting things you are likely to buy based on previous purchases. Shared PII also has risks: It can be used for identity theft, harassment, kidnapping, fraud, etc.

Don’t be too afraid of the criminal possibilities. Sharing information online is like crossing the street: Don’t be afraid to do it, but do it carefully.

  1. Talk with Your Partner Discuss: What kind of digital information is out there about you?
    • With a partner, list the kinds of information someone might be able to find out about you by searching on the Internet.
    • Which of these things are information that you voluntarily put online?
    • Which of these things would you prefer to keep private?

One reason you are asked to choose a username when you get a Snap! account is to give you the freedom to express political or personal issues without tying those conversations to your actual identity.

Read More What laws exist to protect PII?

United States law says that websites must have a privacy policy that spells out what the site will do with the information you give them. This is a pretty weak protection; the privacy policies are typically really long, and written in ways that make it hard to find out what information is collected and what is done with it. In Europe, there is now a General Data Protection Regulation (GDPR) that defines what counts as PII, and limits what websites can do without your affirmative permission—a definite “yes” from you, not just not saying “no”—regardless of what they put in their privacy policies. These regulations also state that the website cannot deny you otherwise free services because you refused to permit the use they want you to agree to.

The GDPR is new enough that its implications are still being worked out. For example, to get a Snap! account, you must provide an email address, your own or your parent’s depending on your age. That’s the only thing Snap! knows about you: not your name, not your home address, just your email address. Is that PII? Some lawyers think it is. Other lawyers think that your email alone isn’t PII, but it is when combined with certain other information. If it’s PII, then Snap! must ask if you’re in Europe; if so, must collect more information, such as your name, age, and address, to satisfy some GDPR requirements. Your age matters because the rules are different for children and adults. (In Europe, the cutoff age is 16; in the US, we must ask for your parent’s email if you’re below 13.) We need that other PII because if you ask to have your account deleted, we must do so at once, so we have to be able to make sure that it’s really you, or your parent, asking, not somebody wanting to delete your account as a prank.

  1. Think of some website on which you have an account. It can be one of the huge ones, such as Google, Facebook, or Amazon, or it can be a site associated with a store, a TV show, or a game.
    1. How do you connect to that site when you’re using a computer?
    2. How do you connect to the site using your cell phone?
    Compare your answers with other students.

From a privacy point of view, using a browser is much better. If you’re like most people, when you are on a computer you use a web browser (such as Chrome, Safari, Edge) to connect to all websites you visit. But on your phone, you may have a separate app installed for some sites (such as Instagram or Facebook).

Read More Why does it matter how you connect?

  • In a browser, you can install privacy extensions (such as AdBlockPlus, Ghostery, or NoScript) that restrict the ability of websites to gather your information. Site-specific apps do not let you limit what they collect.
  • When you exit from a computer’s browser, it stops running. (This doesn’t have to be true, but when a browser company tries to get around that rule, someone catches them and people stop using that browser for a while.) But almost all phone apps keep running even when you’re not using them, and many are constantly accessing your contacts, messages, and other data and sending that information over the Internet to the company that made the app. That company may even be in a country with very weak privacy protection.
  • On a computer, your information is generally stored on the computer’s own hard drive. Phones generally store your information in “the cloud,” i.e., on computers belonging to your cell phone carrier (Verizon, ATT, etc.) or the phone manufacturer (Apple, Samsung, Google, etc.).
  1. Talk with Your Partner Discuss these questions, and write down answers with as much detail as possible.
    1. What does Google know about you?
    2. What does your cell phone carrier know about you?
    3. What does Facebook know about you?
    4. What does the US government know about you?

“What does organization X know about you?” is kind of a trick question because many these companies and institutions share the information they collect about you. This kind of data sharing is important—and problematic—because different kinds of information, while possibly unimportant by themselves, can become a serious privacy problem when combined. For example, your cell phone carrier knows every place you go and Google knows what people or businesses live at every address; in combination, these two kinds of information can reveal whether you’ve visiting a divorce lawyer, an AIDS doctor, or other possibilities that could be embarrassing (or worse) if revealed.

There are even companies whose sole business is to collect information about you from other companies, large or small, that you use online. (One of the authors looked himself up at Acxiom, one of those companies, and here’s what he found. The information circled in red is incorrect.) But the biggest data gatherers are Google, cell phone carriers, Facebook, and governments, such as the US government or the Chinese government.