Wednesday, 25 November 2015

Who's selling your data?

Who's selling your data?

AVG isn't the only company selling your data. Jane Hoskyn reveals the trusted tools that share your secrets - and explains how to stop it

Security firm AVG admitted selling your data to advertisers, who then use this data to target you with adverts for products you may (or may not) want. When confronted about this abuse of customers’ privacy, AVG did the digital equivalent of a shrug. Everybody does it, they said - it’s the way free services work. That may be true in a cold business sense, but it’s an insult to customers. Sharing your secrets for financial gain betrays your trust.

We’ve covered AVG in detail in our article on troublesome security tools, so here we’ll focus on the other companies that hand out your data - and reveal what you can do about it.


Google


While newspapers get their knickers in a twist over the new Snooper’s Charter (‘Investigatory Powers Bill’, www.snipca.com/18599), we’re more worried about commercial snooping - like the kind of data-hoovering Google has indulged in for years.

Google’s snooping is not about safety - it’s about money. “They’re gobbling up everything they can learn about you and trying to monetise it,” Apple boss Tim Cook said in June (www.snipca.com/18600). Cook didn’t name names, but “they” were widely assumed to be Google and Facebook.

Last year, Google started including users’ names and photos in adverts for products they’d rated - without asking or even notifying them. Then came reports that Google is ditching cookies for new tracking technology that makes it easier for advertisers to target you (www.snipca.com/18601).

This is the web’s new business model. Google is candid about this in its Privacy Policy (www.google.com/policies/privacy). Gmail, Chrome, YouTube and other Google services are free, because you “pay” by letting them give data about you to advertisers, for whom this data is extremely valuable. Security expert Bruce Schneier of Harvard University sums up this new economy: “You’re not [these companies’] customer, you’re the product, and you’re being improved for their actual customers: their advertisers” (www.snipca.com/18602).

Facebook


Facebook fosters a private atmosphere. Google (Gmail aside) never feels like a place you can share secrets with your friends. Twitter, too, feels far more public (Twitter’s own data-selling habits are well documented: www.snipca.com/18603). Only on Facebook do you feel safe to discuss health problems and post photos of your grandchildren.

But the truth is Facebook isn’t private at all. In its new Help Center, a page patronisingly titled ‘Common Myths About Facebook’ states: “No, we don’t sell any of your information to anyone and we never will” (www.snipca.com/18605). Right, but it does share your data with advertisers in return for targeted advert deals. That sounds like selling to us.

Facebook’s terms (www.facebook.com/terms) are a bewildering mess of legalese, but they are more clear about what happens to your data. “You give us permission to use your name, profile picture, content, and information in connection with commercial, sponsored, or related content served or enhanced by us,” it says.

Windows 10


A couple of years back, Microsoft claimed Google employees read people’s private messages and sold the juicy bits to advertisers (www.snipca.com/18611). Not true: Google’s data-collection is automated, and no-one reads your emails except their intended recipients.

Shockingly, Microsoft is now failing to practice what it preached by doing exactly what it accused Google of. Its privacy policy (www.snipca.com/18612) says: “We will access, disclose and preserve personal data, including... the content of your emails (and) files in private folders”. It also assigns you a personal advertising ID for sharing data with advertisers and ‘data broker’ middlemen.

Windows 10 also spies on your settings, PC hardware, app choices, Cortana activity and even keystrokes (read Microsoft’s License Terms at www.snipca.com/18610). Some reports claim it does this even if you can switch off all your data-collection settings (www.snipca.com/18607).

Microsoft claims this snooping is all for the greater good - law enforcement, bug fixing and so on - but they use it to target you with Start menu ads, too. They’ve also started installing targeted software on your PC without your permission.

In September, Windows boss Terry Myerson responded by insisting Microsoft “takes steps to avoid collecting (identifiable) information such as your name, email address or account ID” (read his blog post at www.snipca. com/18608). “Takes steps” is hardly the reassurance we wanted.

Amazon


What’s an advertiser’s dream? The power to know what you’re thinking, right now. That’s what Amazon gives them, by sharing your search data instantly.

In 2012, the shopping giant started automating the process of monitoring users’ activity and sending it to advertisers, who then post targeted adverts. Sounds long-winded, but it happens in the blink of an eye. One moment you’re browsing for lawnmowers; next moment you’re looking at a sidebar of hedge-trimmer adverts posted by third-party advertisers.

Firefox


Mozilla’s open-source browser was advert-free until earlier this year, when it introduced Suggested Tiles (www.snipca.com/18627) - essentially targeted adverts. So it does share your data with advertisers.

However, it goes further than its rivals in letting you control the data you share. Just before we went to press, Firefox released a new Tracking Protection feature (www.snipca.com/18624) that lets you limit the data it collects. If you use this feature together with Private Browsing (www.snipca.com/18625), you’ll block adverts, analytics trackers and ‘share’ buttons that social-networking sites use to collect saleable data.

Remember, though - Firefox is not a unified beast. It supports thousands of extensions (‘add-ons’) whose developers’ attitudes to your privacy can vary. Check an extension’s small print - including sneaky mentions of in-app purchases - before you add it to Firefox.


DOES ADBLOCK PLUS SELL YOUR DATA?


"Ad Blockers in iOS 9 Are Selling Your Personal Data" screamed recent headlines (www.snipca.com/18581). Please don't let that put you off using advert-blockers - they're a vital privacy tool. The story was actually about the difficulty of changing app permissions in iOS, and used a fake advert-blocking app as an example.

Adblock Plus, our favourite free advert-blocking extension, has a clear and reassuring Privacy Policy (https://adblockplus.org/privacy). The tool stores data about ad-blocking activity, but only locally on your PC - not on its servers.

However, if you use other extensions in the same browser, they may grab data from Adblock Plus for their own servers.

Adblock Plus recommends using private or incognito browser modes if you don't want data stored anywhere.

KEEP YOUR DATA PRIVATE


Investigate data brokers
Sites that sell your private data to advertisers are often called data brokers. Around 50 brokers are listed on the site StopDataMiningMe (www.stopdatamining.me). Many online forms on the 'Opt Out List' can only be used in the US. Some listed companies have UK branches (for example, www.experian.co.uk), which you can contact for opt-out information.

Tighten Google settings
You can use CCleaner to remove all your Google and Chrome data, but as we saw this may leave you unable to open Chrome. Instead, remove selected cookies, browse incognito, add the Do Not Track extension (www.snipca.com/18629) and consider using a VPN.

Tighten Facebook settings
Facebook's new Privacy Check-Up tool (click the padlock, top-right) doesn't prevent Facebook harvesting - nay, owning - your data. Your ultimate opt-out is to delete your account. Download all your posts and photos first (www.snipca.com/18614).

Tighten Windows settings
Microsoft's new About Our Ads page (www.snipca.com/18630) lets you opt out of certain 'interest-based, (targeted) advertising. It doesn't stop Microsoft gathering and storing your data, though.

Tighten Amazon settings
Use the Advertising Preferences page (www.snipca.com/18626) to control what's shared with advertisers and sellers.