Cyber Security Awareness Month is over, and the results are in from our #datadilemma experiment. Over the past four weeks we asked you a series of hypothetical questions(new window) about which types of data you want to keep private. Our goal was twofold: First, we were curious about what information people find most sensitive. And second, we wanted to make the issue of data privacy feel more immediate and personal.

Now that we have your responses, we want to take a closer look at the patterns we noticed and give you some tips on how to best mitigate your risk.

Spotify playlists vs. YouTube viewing history

It seems as though people are decisively less concerned about sharing their music preferences than their YouTube viewing habits. However, both of these leaks could have wider ramifications thanks to both services’ reliance on linked accounts.

Spotify offers the option to link its account to your Facebook account, which was problematic from a cyber-security point of a view even before the news of Facebook’s exposure of user access tokens(new window). While it is certainly convenient, linking accounts this way means that if an account is compromised, the amount of data put at risk is much greater. If you use your Facebook account to set up your Airbnb, Instagram, Spotify, and Tinder accounts, then these other accounts could be compromised if your Facebook account gets compromised.

Our advice: Do not use Facebook or Google to connect to other platforms. It is no different than repeating the same password across different accounts.

As a Google subsidiary, YouTube pushes you to sign in with your Google account. Not signing in with Google, and viewing Youtube on private browsing mode, along with using a VPN, is one way to keep your Youtube viewing history from being stored and tied to you personally.

Google search history vs. Amazon purchase history

Over two-thirds of respondents preferred to have their Amazon purchase history leaked before their Google search histories, reflecting just how ubiquitous Google is in everyday online activity. However, both Amazon and Google have troves of data on their users and numerous ways of gathering personal data, including mobile and/or Alexa-enabled devices.

Google search history:
As we mentioned previously, Google collects an immense amount of user data and uses it to build profiles on you. Your search history is a good proxy for your browsing history in general. It can easily expose your location, your interests, political leanings, and relative wealth.

Our advice: Use the DuckDuckGo search engine, which does not keep a record of your Internet searches.

Amazon purchase history:
As Amazon takes over a larger and larger share of retail, it encompasses more and more of an individual’s total purchases. This data alone can tell you a lot about someone, such as their relative wealth and buying habits. The ubiquity of Amazon also makes Amazon accounts more sensitive. Amazon accounts also include access to your Amazon devices, such as an Echo. Intruders would have access to all the voice recordings and requests made to Alexa which would give them further insight into your daily routines.

Our advice: Make sure your Amazon account is protected with a strong, unique password, activate Amazon’s two-factor authentication feature, and regularly check your account for strange or unauthorized activity. If you are using devices/services such as Echo or Alexa, carefully manage your privacy settings(new window).

Phone call history vs. Phone location history

While less decisive than the previous weeks’ results, far more respondents said that they would rather share their phone call history than their phone location history. This may be a reflection of the fact that phone call records have long been kept by phone companies while having a device that is constantly at our side logging our locations is a relatively recent development.

Phone call history:
As some users pointed out, phone companies keep a detailed list of every phone call that is made. This is what allowed the metadata tracking done by the NSA to be so vast. It very well could be that in the wake of the Snowden leaks, there is not as much of an expectation that your phone call history — who you called when and how long the call was — will remain private.

Phone location history:
Given that each phone is a GPS-enabled device and that so many services, like Uber, Threadless, and fitness apps, rely on your phone (or a linked device) tracking your location, your phone’s whereabouts are almost always accounted for. Data leaks from similar services have already exposed the location of secret military bases(new window), so there is no question that your phone’s location history could contain very revealing data.

Our advice: You can turn off the GPS location history on both iPhones(new window) and Androids(new window). Also pay attention to which apps you give permission to access your location.

Browsing history vs Emails

In what was the most far-reaching question of our Data Dilemma campaign, a large majority of respondents chose to have their browsing history exposed rather than their emails. Both offer an unparalleled view into the thoughts and dispositions of individuals but emails can also contain much more personal touches.

Browsing history:
Your browsing history is a treasure trove of data. Back in 2012, much was made of how Target could predict whether someone was pregnant(new window) based on their recent purchases. This is dwarfed by the predictive capacity someone would have if they had access to your browsing history.

Our advice: We have an entire guide(new window) dedicated to protecting your online browsing activity but there are three things you can do to reduce the vulnerability of your browsing history. Use the Brave web browser,(new window) which does not track your activity. Use a VPN to keep your ISP from keeping a record of your browsing history. And, to keep your browsing as anonymous as possible, use Tor.

Email presaged modern life’s shift to the digital domain. It has almost completely replaced letters and other forms of correspondence. An email leak in today’s world could expose sensitive business information if it is your work email or deeply private conversations if it is your personal email account.

Our advice: Use Proton Mail(new window) or other end-to-end encrypted messaging services to handle your communications.

Breaches can and do happen — one only has to look at the headlines(new window) to have that driven home. We have posed these questions in an attempt to make you think about which organizations have what data. As long as you are online, you will need to share data. The question is who you trust with it and what they do to protect it. Making a few adjustments to your normal online routine and using privacy-focused services will go a long way to ensuring that none of these leaks ever affect you.

We thank everyone that responded to these questions and shared their thoughts and suggestions for questions of their own.

All the best,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: window)

Protect your privacy and security online
Get Proton VPN free

Related articles

Why a VPN is important when working remotely
In 2023, roughly 40% of workers in the US worked remotely or on hybrid schedules (some days in the office, some days at home). This arrangement offers benefits to employees and employers, but it also introduces new cybersecurity vulnerabilities, like
Proton VPN now operates one of the largest VPN server networks in the world.
At Proton VPN, we’ve reached a new milestone in our mission to make online privacy the default for everyone. Now offering over 5500 servers on six continents, Proton VPN is one of the largest and most popular VPN services in the world. And we’re grow
What is DNS security?
In this article, we’ll look at DNS security, what it means for your businesses, and how using Proton VPN provides your business with the DNS security it needs.  The Domain Name System (DNS) translates human-friendly domain names to numeric IP addres
Paris Olympics
The 2024 Summer Olympics in Paris begins this July. While you’ve likely already missed your chance to get a ticket and witness the best athletes from around the world in person, there are plenty of ways to enjoy the games from the comfort of your hom
Where to watch euros
Every four years, the entire continent of Europe turns its eyes to see who will be crowned as the continent’s champion of football (or soccer for the Americans).  This is the 17th edition of the UEFA European Football Championship, in which 24 natio
How to enable location services
Location services refer to a combination of technologies used in devices like smartphones and computers that use data from your device’s GPS, WiFi, mobile (cellular networks), and sometimes even Bluetooth connections to determine and track your geogr