Data dilemmas — the results and our advice

Cyber Security Awareness Month is over, and the results are in from our #datadilemma experiment. Over the past four weeks we asked you a series of hypothetical questions(new window) about which types of data you want to keep private. Our goal was twofold: First, we were curious about what information people find most sensitive. And second, we wanted to make the issue of data privacy feel more immediate and personal.

Now that we have your responses, we want to take a closer look at the patterns we noticed and give you some tips on how to best mitigate your risk.

Spotify playlists vs. YouTube viewing history

It seems as though people are decisively less concerned about sharing their music preferences than their YouTube viewing habits. However, both of these leaks could have wider ramifications thanks to both services’ reliance on linked accounts.

Spotify:
Spotify offers the option to link its account to your Facebook account, which was problematic from a cyber-security point of a view even before the news of Facebook’s exposure of user access tokens(new window). While it is certainly convenient, linking accounts this way means that if an account is compromised, the amount of data put at risk is much greater. If you use your Facebook account to set up your Airbnb, Instagram, Spotify, and Tinder accounts, then these other accounts could be compromised if your Facebook account gets compromised.

Our advice: Do not use Facebook or Google to connect to other platforms. It is no different than repeating the same password across different accounts.

YouTube:
As a Google subsidiary, YouTube pushes you to sign in with your Google account. Not signing in with Google, and viewing Youtube on private browsing mode, along with using a VPN, is one way to keep your Youtube viewing history from being stored and tied to you personally.

Google search history vs. Amazon purchase history

Over two-thirds of respondents preferred to have their Amazon purchase history leaked before their Google search histories, reflecting just how ubiquitous Google is in everyday online activity. However, both Amazon and Google have troves of data on their users and numerous ways of gathering personal data, including mobile and/or Alexa-enabled devices.

Google search history:
As we mentioned previously, Google collects an immense amount of user data and uses it to build profiles on you. Your search history is a good proxy for your browsing history in general. It can easily expose your location, your interests, political leanings, and relative wealth.

Our advice: Use the DuckDuckGo search engine, which does not keep a record of your Internet searches.

Amazon purchase history:
As Amazon takes over a larger and larger share of retail, it encompasses more and more of an individual’s total purchases. This data alone can tell you a lot about someone, such as their relative wealth and buying habits. The ubiquity of Amazon also makes Amazon accounts more sensitive. Amazon accounts also include access to your Amazon devices, such as an Echo. Intruders would have access to all the voice recordings and requests made to Alexa which would give them further insight into your daily routines.

Our advice: Make sure your Amazon account is protected with a strong, unique password, activate Amazon’s two-factor authentication feature, and regularly check your account for strange or unauthorized activity. If you are using devices/services such as Echo or Alexa, carefully manage your privacy settings(new window).

Phone call history vs. Phone location history

While less decisive than the previous weeks’ results, far more respondents said that they would rather share their phone call history than their phone location history. This may be a reflection of the fact that phone call records have long been kept by phone companies while having a device that is constantly at our side logging our locations is a relatively recent development.

Phone call history:
As some users pointed out, phone companies keep a detailed list of every phone call that is made. This is what allowed the metadata tracking done by the NSA to be so vast. It very well could be that in the wake of the Snowden leaks, there is not as much of an expectation that your phone call history — who you called when and how long the call was — will remain private.

Phone location history:
Given that each phone is a GPS-enabled device and that so many services, like Uber, Threadless, and fitness apps, rely on your phone (or a linked device) tracking your location, your phone’s whereabouts are almost always accounted for. Data leaks from similar services have already exposed the location of secret military bases(new window), so there is no question that your phone’s location history could contain very revealing data.

Our advice: You can turn off the GPS location history on both iPhones(new window) and Androids(new window). Also pay attention to which apps you give permission to access your location.

Browsing history vs Emails

In what was the most far-reaching question of our Data Dilemma campaign, a large majority of respondents chose to have their browsing history exposed rather than their emails. Both offer an unparalleled view into the thoughts and dispositions of individuals but emails can also contain much more personal touches.

Browsing history:
Your browsing history is a treasure trove of data. Back in 2012, much was made of how Target could predict whether someone was pregnant(new window) based on their recent purchases. This is dwarfed by the predictive capacity someone would have if they had access to your browsing history.

Our advice: We have an entire guide(new window) dedicated to protecting your online browsing activity but there are three things you can do to reduce the vulnerability of your browsing history. Use the Brave web browser,(new window) which does not track your activity. Use a VPN to keep your ISP from keeping a record of your browsing history. And, to keep your browsing as anonymous as possible, use Tor.

Emails:
Email presaged modern life’s shift to the digital domain. It has almost completely replaced letters and other forms of correspondence. An email leak in today’s world could expose sensitive business information if it is your work email or deeply private conversations if it is your personal email account.

Our advice: Use Proton Mail(new window) or other end-to-end encrypted messaging services to handle your communications.

Breaches can and do happen — one only has to look at the headlines(new window) to have that driven home. We have posed these questions in an attempt to make you think about which organizations have what data. As long as you are online, you will need to share data. The question is who you trust with it and what they do to protect it. Making a few adjustments to your normal online routine and using privacy-focused services will go a long way to ensuring that none of these leaks ever affect you.

We thank everyone that responded to these questions and shared their thoughts and suggestions for questions of their own.

All the best,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: proton.me/mail(new window)

Related articles

How to fix a 502 error
en
In this article, we explain what a 502 bad gateway error is and explore possible ways to fix it as a visitor to a website.
Watch Thanksgiving Day football with Proton VPN
en
Here's how you can live stream this year's Thanksgiving football games using Proton VPN, whether you're watching from home or abroad.
Where to watch Macy's Thanksgiving day parade
en
Here's how and where to watch Macy's Thanksgiving Day Parade live from anywhere in the world with Proton VPN.
What we've been up to, and what's next
en
Here are the main things Proton VPN delivered this spring and summer and the exciting changes that lie ahead on our product roadmap this winter.
Proton VPN for Windows ARM
en
We’re pleased to announce a new Proton VPN app with native support for Windows devices that use the ARM chipset.
What is doxing and is doxing illegal
en
  • Privacy basics
We look at what doxing is, who does it (and why), and at how to protect yourself from doxing .