There is a well-known Chinese proverb that says “The best time to plant a tree was 20 years ago, the second best time is now.” This saying applies to many areas of life, and it also applies to privacy. The last few decades have seen a dramatic increase in the depth and breadth of privacy invasions from Big Tech companies. This increase tracks with the increase in smartphone usage, because what better way to invade someone’s privacy than with an always-on, always-connected computer full of sensors that people carry with them wherever they go? Few people took active steps to protect their privacy 20 years ago, but the second best time to protect your privacy is now. If you care about your privacy, what should you do, right now?
While there were plenty of privacy advocates sounding the alarm about the surveillance practices of Big Tech companies 20 years ago, their warnings about where these incremental increases in tracking would lead went largely unheeded. At the time people were just starting to take advantage of the capabilities of the smartphones in their pocket to share their pictures, their activities, and their location on social media using apps largely funded by advertisements. Smartphone app permissions weren’t that fine-grained and developers often just asked for full permissions. Tracking cookies, Big Tech cloud accounts, unique phone identifiers and plugins injected into major websites started allowing Big Tech companies to track everything an individual did on the majority of the Internet. They then combined it with search histories and third party databases (such as financial records) to build accurate profiles about them.
For many it was hard to believe that all of this data would be stored in massive databases, combined with other databases, and then used for targeted ads. Others understood the ad-driven nature of the Internet, but assumed the use of their data would stop there. Most people found it difficult to see how this data could be used against them. It seemed like science fiction that in the future so-called AI would be able to use all of your past photos to identify you in any other photos posted on the Internet. It seemed paranoid to believe that law enforcement would routinely tap into these databases for their own investigations.
I saw this firsthand when I worked as the “IT guy” at a small office 20 years ago. On Fridays I would go to the central cubicle area (cubicles were a combination of a desk surrounded with half-height walls that offices used to have to divide individual workspaces and give employees a bit of privacy) where most of my coworkers sat. I would then host “Kyle’s Conspiracy Corner” where I would share a bit of privacy news for the week and explain how some new tech development would be used to track people. The responses were somewhere between shock and disbelief as I explained how cookies could track individuals across the Internet, how grocery loyalty cards were used to track your purchase history, how search engine queries were being stored and linked to individuals because they were the closest thing to tracking an individual’s state of mind, how cell tower triangulation worked to track your cellphone’s location, or how license plate readers would be used to track your vehicle.
When faced with the mountain of personal data people were willingly sharing, some privacy advocates concluded (and still conclude) that most people don’t care about their privacy. I felt (and still feel) that most people did care about their privacy, they simply didn’t understand how that data would be used against them in the future and if they did, they felt powerless to do anything about it.
With the help of documentaries, the Cambridge Analytica scandal, US congressional hearings and regulatory threats from the European Union, most people today have some awareness of the ways Big Tech abuse their privacy. In particular I think Cambridge Analytica was a critical wake up call for most people because they saw that the power to use people’s data to manipulate their purchases with ads (which many felt was relatively innocent or unimportant), could also be used to manipulate their politics.
As I mention in my Privacy Washing post, so many people are now aware of the importance of their privacy that even Big Tech has taken notice and started incorporating it in their marketing. Yet we know these companies are still collecting your data in ever-increasing amounts. At best even if these companies are protecting some of your data from third parties, they aren’t protecting it from themselves.
Even if you didn’t protect your privacy 20 years ago, you should start protecting it today. Big Tech companies are continually developing new ways to track you and many non-adtech companies are now following suit, even tracking paying customers. Many companies perform a social media background check as part of the vetting process. Physical stores are now trying to translate how online stores track customers into their physical locations. Hackers have discovered how easy it is to use fake subpoenas to get private data from Big Tech companies. Law enforcement is routinely accessing this data to bypass surveillance restrictions.
This last point warrants a bit more consideration. In light of the changing legal landscape for abortion in the US, privacy advocates are sounding the alarm about ways these databases can be used to identify and prosecute people who seek abortions out of state. Wherever you stand on the abortion debate, this same capability has been used by law enforcement to identify people who do other things from attending lawful protests to violating COVID lockdown restrictions. Individuals can also access these data brokers to target people who are doing legal activities that they find objectionable, such as Catholic priests who use Grindr. Beyond all of that, activities that are acceptable today might be unacceptable tomorrow. Since it is difficult to know how your data will be used and abused in the future, the smart move is to leave as small a digital trail as you can.
So if the second best time to protect your privacy is today, what do you do? The first step is to reduce your dependence on Big Tech. I only recently fired Google myself, and only after I was able to port my cellphone number over to Librem AweSIM, so I understand how difficult it might be.
Even if you can’t fire these companies completely, start by reducing your dependence on their products, one product at a time. For each Big Tech option there are alternatives that respect your privacy. If you must still use their products, follow guides that help you reduce the amount your are surveilled. By supporting companies and technologies that aren’t funded by your data, but instead are motivated to protect your privacy, you not only help protect yourself against new abuses that might come in the next 20 years, you help build an ecosystem that protects others.