Iscriviti con RSS

Data dilemmas — the results and our advice

Richie Koch

Condividi questa pagina

Cyber Security Awareness Month is over, and the results are in from our #datadilemma experiment. Over the past four weeks we asked you a series of hypothetical questions(new window) about which types of data you want to keep private. Our goal was twofold: First, we were curious about what information people find most sensitive. And second, we wanted to make the issue of data privacy feel more immediate and personal.

Now that we have your responses, we want to take a closer look at the patterns we noticed and give you some tips on how to best mitigate your risk.

Spotify playlists vs. YouTube viewing history

It seems as though people are decisively less concerned about sharing their music preferences than their YouTube viewing habits. However, both of these leaks could have wider ramifications thanks to both services’ reliance on linked accounts.

Spotify:
Spotify offers the option to link its account to your Facebook account, which was problematic from a cyber-security point of a view even before the news of Facebook’s exposure of user access tokens(new window). While it is certainly convenient, linking accounts this way means that if an account is compromised, the amount of data put at risk is much greater. If you use your Facebook account to set up your Airbnb, Instagram, Spotify, and Tinder accounts, then these other accounts could be compromised if your Facebook account gets compromised.

Our advice: Do not use Facebook or Google to connect to other platforms. It is no different than repeating the same password across different accounts.

YouTube:
As a Google subsidiary, YouTube pushes you to sign in with your Google account. Not signing in with Google, and viewing Youtube on private browsing mode, along with using a VPN, is one way to keep your Youtube viewing history from being stored and tied to you personally.

Google search history vs. Amazon purchase history

Over two-thirds of respondents preferred to have their Amazon purchase history leaked before their Google search histories, reflecting just how ubiquitous Google is in everyday online activity. However, both Amazon and Google have troves of data on their users and numerous ways of gathering personal data, including mobile and/or Alexa-enabled devices.

Google search history:
As we mentioned previously, Google collects an immense amount of user data and uses it to build profiles on you. Your search history is a good proxy for your browsing history in general. It can easily expose your location, your interests, political leanings, and relative wealth.

Our advice: Use the DuckDuckGo search engine, which does not keep a record of your Internet searches.

Amazon purchase history:
As Amazon takes over a larger and larger share of retail, it encompasses more and more of an individual’s total purchases. This data alone can tell you a lot about someone, such as their relative wealth and buying habits. The ubiquity of Amazon also makes Amazon accounts more sensitive. Amazon accounts also include access to your Amazon devices, such as an Echo. Intruders would have access to all the voice recordings and requests made to Alexa which would give them further insight into your daily routines.

Our advice: Make sure your Amazon account is protected with a strong, unique password, activate Amazon’s two-factor authentication feature, and regularly check your account for strange or unauthorized activity. If you are using devices/services such as Echo or Alexa, carefully manage your privacy settings(new window).

Phone call history vs. Phone location history

While less decisive than the previous weeks’ results, far more respondents said that they would rather share their phone call history than their phone location history. This may be a reflection of the fact that phone call records have long been kept by phone companies while having a device that is constantly at our side logging our locations is a relatively recent development.

Phone call history:
As some users pointed out, phone companies keep a detailed list of every phone call that is made. This is what allowed the metadata tracking done by the NSA to be so vast. It very well could be that in the wake of the Snowden leaks, there is not as much of an expectation that your phone call history — who you called when and how long the call was — will remain private.

Phone location history:
Given that each phone is a GPS-enabled device and that so many services, like Uber, Threadless, and fitness apps, rely on your phone (or a linked device) tracking your location, your phone’s whereabouts are almost always accounted for. Data leaks from similar services have already exposed the location of secret military bases(new window), so there is no question that your phone’s location history could contain very revealing data.

Our advice: You can turn off the GPS location history on both iPhones(new window) and Androids(new window). Also pay attention to which apps you give permission to access your location.

Browsing history vs Emails

In what was the most far-reaching question of our Data Dilemma campaign, a large majority of respondents chose to have their browsing history exposed rather than their emails. Both offer an unparalleled view into the thoughts and dispositions of individuals but emails can also contain much more personal touches.

Browsing history:
Your browsing history is a treasure trove of data. Back in 2012, much was made of how Target could predict whether someone was pregnant(new window) based on their recent purchases. This is dwarfed by the predictive capacity someone would have if they had access to your browsing history.

Our advice: We have an entire guide(new window) dedicated to protecting your online browsing activity but there are three things you can do to reduce the vulnerability of your browsing history. Use the Brave web browser,(new window) which does not track your activity. Use a VPN to keep your ISP from keeping a record of your browsing history. And, to keep your browsing as anonymous as possible, use Tor.

Emails:
Email presaged modern life’s shift to the digital domain. It has almost completely replaced letters and other forms of correspondence. An email leak in today’s world could expose sensitive business information if it is your work email or deeply private conversations if it is your personal email account.

Our advice: Use Proton Mail(new window) or other end-to-end encrypted messaging services to handle your communications.

Breaches can and do happen — one only has to look at the headlines(new window) to have that driven home. We have posed these questions in an attempt to make you think about which organizations have what data. As long as you are online, you will need to share data. The question is who you trust with it and what they do to protect it. Making a few adjustments to your normal online routine and using privacy-focused services will go a long way to ensuring that none of these leaks ever affect you.

We thank everyone that responded to these questions and shared their thoughts and suggestions for questions of their own.

All the best,
The Proton VPN Team

You can follow us on social media to stay up to date on the latest Proton VPN releases:

Twitter (new window)| Facebook(new window) | Reddit(new window)

To get a free Proton Mail encrypted email account, visit: proton.me/mail(new window)

Proteggi la tua privacy e la tua sicurezza online.
Passa gratis a Proton VPN

Articoli correlati

VPN on mobile device
en
Growing public awareness about the threat posed to our fundamental right to privacy by online trackers has fueled a surge in VPN adoption, a trend that has been boosted thanks to people spending more time online due to the Covid-19 pandemic. Althoug
Tor over VPN
en
  • Approfondimenti sulla privacy
Tor over VPN explained
Tor is a powerful privacy tool, but you may not want to use Tor all by itself. Learn why you may want to connect to Tor over a VPN. When you connect to the Internet, especially if you’re using public WiFi, there’s a good chance people are watching y
Smart TV privacy
en
Smart TVs are essentially televisions that can watch you. Their surge in popularity, along with smart speakers, means corporations (and anyone that can hack these devices) have another window through which they can view your private activity. The dat
Expats should use a VPN
en
  • Le basi della privacy
Why expats should use a VPN
Living abroad can be an adventure, but it also presents unique online privacy obstacles. A VPN can help expats stay in touch with their family and avoid Internet censorship. In the age of the “digital nomad” more and more people are moving abroad. L
en
The internet is full of information, but some of it is inappropriate, especially for kids and sensitive adults. SafeSearch can help filter out this content to make browsing safer and improve your children’s privacy online. This article explains how
IP whitelisting best practices
en
IP whitelisting is a security mechanism that restricts access to networks, systems, or applications based on approved IP addresses. Only IP addresses on the whitelist are permitted to connect, while all others are denied access. This method is typica