ProtonMail Logo ProtonCalendar Logo ProtonDrive Logo

Data dilemmas — the results and our advice

Posted on November 2nd, 2018 by in Privacy & Security.

 

Cyber Security Awareness Month is over, and the results are in from our #datadilemma experiment. Over the past four weeks we asked you a series of hypothetical questions about which types of data you want to keep private. Our goal was twofold: First, we were curious about what information people find most sensitive. And second, we wanted to make the issue of data privacy feel more immediate and personal.

Now that we have your responses, we want to take a closer look at the patterns we noticed and give you some tips on how to best mitigate your risk.

Spotify playlists vs. YouTube viewing history

It seems as though people are decisively less concerned about sharing their music preferences than their YouTube viewing habits. However, both of these leaks could have wider ramifications thanks to both services’ reliance on linked accounts.

Spotify:
Spotify offers the option to link its account to your Facebook account, which was problematic from a cyber-security point of a view even before the news of Facebook’s exposure of user access tokens. While it is certainly convenient, linking accounts this way means that if an account is compromised, the amount of data put at risk is much greater. If you use your Facebook account to set up your Airbnb, Instagram, Spotify, and Tinder accounts, then these other accounts could be compromised if your Facebook account gets compromised.

Our advice: Do not use Facebook or Google to connect to other platforms. It is no different than repeating the same password across different accounts.

YouTube:
As a Google subsidiary, YouTube pushes you to sign in with your Google account. Not signing in with Google, and viewing Youtube on private browsing mode, along with using a VPN, is one way to keep your Youtube viewing history from being stored and tied to you personally.

Google search history vs. Amazon purchase history

Over two-thirds of respondents preferred to have their Amazon purchase history leaked before their Google search histories, reflecting just how ubiquitous Google is in everyday online activity. However, both Amazon and Google have troves of data on their users and numerous ways of gathering personal data, including mobile and/or Alexa-enabled devices.

Google search history:
As we mentioned previously, Google collects an immense amount of user data and uses it to build profiles on you. Your search history is a good proxy for your browsing history in general. It can easily expose your location, your interests, political leanings, and relative wealth.

Our advice: Use the DuckDuckGo search engine, which does not keep a record of your Internet searches.

Amazon purchase history:
As Amazon takes over a larger and larger share of retail, it encompasses more and more of an individual’s total purchases. This data alone can tell you a lot about someone, such as their relative wealth and buying habits. The ubiquity of Amazon also makes Amazon accounts more sensitive. Amazon accounts also include access to your Amazon devices, such as an Echo. Intruders would have access to all the voice recordings and requests made to Alexa which would give them further insight into your daily routines.

Our advice: Make sure your Amazon account is protected with a strong, unique password, activate Amazon’s two-factor authentication feature, and regularly check your account for strange or unauthorized activity. If you are using devices/services such as Echo or Alexa, carefully manage your privacy settings.

Phone call history vs. Phone location history

While less decisive than the previous weeks’ results, far more respondents said that they would rather share their phone call history than their phone location history. This may be a reflection of the fact that phone call records have long been kept by phone companies while having a device that is constantly at our side logging our locations is a relatively recent development.

Phone call history:
As some users pointed out, phone companies keep a detailed list of every phone call that is made. This is what allowed the metadata tracking done by the NSA to be so vast. It very well could be that in the wake of the Snowden leaks, there is not as much of an expectation that your phone call history — who you called when and how long the call was — will remain private.

Phone location history:
Given that each phone is a GPS-enabled device and that so many services, like Uber, Threadless, and fitness apps, rely on your phone (or a linked device) tracking your location, your phone’s whereabouts are almost always accounted for. Data leaks from similar services have already exposed the location of secret military bases, so there is no question that your phone’s location history could contain very revealing data.

Our advice: You can turn off the GPS location history on both iPhones and Androids. Also pay attention to which apps you give permission to access your location.

Browsing history vs Emails

In what was the most far-reaching question of our Data Dilemma campaign, a large majority of respondents chose to have their browsing history exposed rather than their emails. Both offer an unparalleled view into the thoughts and dispositions of individuals but emails can also contain much more personal touches.

Browsing history:
Your browsing history is a treasure trove of data. Back in 2012, much was made of how Target could predict whether someone was pregnant based on their recent purchases. This is dwarfed by the predictive capacity someone would have if they had access to your browsing history.

Our advice: We have an entire guide dedicated to protecting your online browsing activity but there are three things you can do to reduce the vulnerability of your browsing history. Use the Brave web browser, which does not track your activity. Use a VPN to keep your ISP from keeping a record of your browsing history. And, to keep your browsing as anonymous as possible, use Tor.

Emails:
Email presaged modern life’s shift to the digital domain. It has almost completely replaced letters and other forms of correspondence. An email leak in today’s world could expose sensitive business information if it is your work email or deeply private conversations if it is your personal email account.

Our advice: Use Proton Mail or other end-to-end encrypted messaging services to handle your communications.

Breaches can and do happen — one only has to look at the headlines to have that driven home. We have posed these questions in an attempt to make you think about which organizations have what data. As long as you are online, you will need to share data. The question is who you trust with it and what they do to protect it. Making a few adjustments to your normal online routine and using privacy-focused services will go a long way to ensuring that none of these leaks ever affect you.

We thank everyone that responded to these questions and shared their thoughts and suggestions for questions of their own.

All the best,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter | Facebook | Reddit

To get a free Proton Mail encrypted email account, visit: proton.me/mail

Prior to joining Proton, Richie spent several years working on tech solutions in the developing world. He joined the Proton team to advance the rights of online privacy and freedom.

2 comments

  1. Will
    November 3, 2018
    at 2:56 AM

    Why have I not received a way to comment on this… I don’t use tweeter or what ever its called

  2. Richie
    November 6, 2018
    at 8:44 AM

    Hey Will! Do you have any questions of comments regarding this article? We would be happy to answer them :)

Comments are closed.

Back to Blog

Secure
your internet

Get Proton VPN
Get Proton VPN

For customer support inquiries, please submit the following form for the fastest response:
Support Form

For all other inquiries:
contact@protonvpn.com 


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: OpenPGP.js v4.10.10
Comment: https://openpgpjs.org

xsBNBFiYeeIBCACpwuYcTsACyjQaqY3tOUonokamGZf3VDuLvcA9nQnu4vlB
n1RFFUJa5Pmf2yZ9EjJFSldTl5lreE3tFf53CcZ9wKa1R6aMnN/0VqURJho0
ZTqevQlCvuJ9kKHkDck3Em0/1WWnhDJgabp+fOa5HAHoAvcNy5gVPuexTT/N
wp6QcfB7w+qFhf73s0bcSn5RC+FAYlQxZVFhFtA7/7LthBVatDJrYLYP9XJd
zOZqz9AX0XZwKal25RcVeGHkNKgloo0bTgro4D88MR7saqXFHTRhy3+Wss7c
uqrh0uIkVmqtadoK/rAbqOyFXQ2DlvSMVrEMLUvwlZbC0taqcKDfNA+FABEB
AAHNLWNvbnRhY3RAcHJvdG9udnBuLmNvbSA8Y29udGFjdEBwcm90b252cG4u
Y29tPsLAfwQQAQgAKQUCWJh54wYLCQcIAwIJEN4dfnhhw11TBBUIAgoDFgIB
AhkBAhsDAh4BAAoJEN4dfnhhw11T6PwIAKgIHTUaEcCFQ5WfmwGpdhRgFe7H
gnHR8UOFPrRKnbCOQgTVPGwCFt8UVFhEgbmtroThU89DpxFSYUOD6nZ2k1X3
X4Q9OsItFUUuhPtLJrkz5ghtZLmsAH/edTRbVU1Ew1E8KbylLFI1J5yId7zR
GdnaTXv/E7P3po5X/b08TFAhXSyYYUbMeQuthbJajtpFygr53lm47cOWa4N8
udqLhmpheaQj04DuqYXOGC08JQn+XbHzhFl5Yvlt9Idk8+7c2UJ0qgWKQ5ZV
mquRAw5HDCQM5OqF1MoImDxOH+tK3PUlvFDsLZ1WPEOHK/EN12sPBx0x1R04
fcPTPdbMwgISGM3OwE0EWJh54gEIALqhrLUpvarPc0nkuHpyJC/MsrIDPLuV
qMc49tgjgDBsyIKJFEP9qCnkSOEixaFi+nTljUSpkHGR+PvEGecmcOdW6djN
QGxon/nwBT9d8HbtxJesaEIzwRAxmqQW9MqNq4UsfNQ0VvUYqV9wEbYfdDT/
jZfz9N0hjFELF1sg3UPcCRijhf162bp+rLQdO9vWVUbOdMQvsM/kyUJ6JMXR
xUtyKC05ddxii2SMr4XUW45ostPbxJybOF5oSZpEb1EIlrTLLPAe/498XlBW
hpRAPe+9ZfNs7drMvUEFnnOXahrXAuaaZpyaS/XBaloqSb1+v2AkUep3dbSF
PaRtbXRMS+kAEQEAAcLAaAQYAQgAEwUCWJh54wkQ3h1+eGHDXVMCGwwACgkQ
3h1+eGHDXVMZ4Qf4hu5N8/uYNDqJMFRIWSCpPGxmyIVXGARG4hgR8gwPZY9K
fReAUndX3uODBNIgZU7I3YntawU1DlP6GpP6yyR/8lfUMNCAXPDmd+zTFYIJ
UDHD8sw2GRrFVzFOKUpAapWFOI4XjSMP2UiK4HgrpUjAhe1wSaa7nEjtAuYT
zFx1QSuQD1iYcOF/FAm7EuhBIfWITjYAobGM6gonPbp3IPHM52rUbulllcdV
vCLs+blcyiVCGZlNcmlg3eibAJJL19TQLqT2DbQvQ/SyVBJGjoT+y4TTRtmZ
cebEjt2KJcc4x2lzPq3z2KJNyJTOTMB+aYD9Ma9IObDds+M/+5XDWi7f
=ueTT
-----END PGP PUBLIC KEY BLOCK-----

You can also Tweet to us:
@ProtonVPN