Your Secrets, Medical Info and Sexual Habits are Being Grabbed, Compiled and Resold Online
Julia Angwin’s book, Dragnet Nation: A Quest For Privacy, Security and Freedom in a World of Relentless Surveillance, looks at what’s going on behind our computer screens. It describes how Silicon Valley’s newest business model is tracking our digital lives and selling that information—and how hard it is to stop them.
Steven Rosenfeld spoke to Angwin, a former Wall Street Journal reporter who is now with Pro Publica, about what websites, including online dating and pornography, are grabbing, compiling and reselling, and what cyber tools can be used to stop the data miners.
Steven Rosenfeld: Your book starts with a couple who met in a online forum and discovered that Nielsen, the TV ratings company, broke into their chatroom and was spying on them. The same company was also selling client profile metrics to drug manufacturers. What were they looking for? What were they finding?
Julia Angwin: Actually, the couple met in a patients’ forum. It was a password-protected site for people who are patients. These two people both were suffering from depression and they were there to talk about their issues with depression. So, we don’t actually know for sure what information the drug makers wanted from this. But most likely, they wanted to find out who was using their drugs, and what kind of results they’re having. They like to try to find that information online. So they hire people to scrape all sorts of info from the web and look for information.
SR: So we have two people who were in a chatroom, seeking some comfort and understanding, and they didn’t know that this wasn’t private. How common is that?
JA: I don’t think it’s that common, actually, that this kind of break-in occurs. After it happened, Nielsen said that they were not going to do that anymore—to make a fake patient profile to get into the forum; and then they were scraping data off. But what is common is the second part of the story, which is the forum itself, which notified the people about the break-in. It said, "By the way, in case you didn’t read the fine print on our website, we also sell the data about our users to different companies to analyze."
Interestingly, people were more outraged about the site itself than about the break-in. But they hadn’t realized that they had given up that right to have confidentiality when they entered this website. And I think that most privacy issues are weird that way. We have signed away our rights but we didn’t know it.
SR: Let’s talk about online dating and sex sites: pornography and even prostitution. What digital trails are people leaving? What user profiles are being generated that people don’t know about?
JA: When you visit any website, whether it’s a dating or a shopping website, there’s most likely an invisible tracking technology on the page by third parties—not the site that you are visiting, but other sites. They basically are building profiles of users. So they notice that you arrive. They don’t know your name. They have a cookie ID—so you are 1-2-3-4-5-6. So you add that to all the other places on the Internet that they see you. They get a very robust view of who you are.
SR: Is there any way for people to erase these traces and profiles?
JA: One thing I want to say to people is that what doesn’t work is this incognito mode in the web browser. Chrome has incognito. Microsoft has in-private browsing. They lead you to believe that you aren’t leaving any traces. But actually that’s not true. Those companies have seen you arrive at a website and notice it already in their profile of you. All that does is removes the cookie from the rest of your browsing session so that anyone else who uses the computer doesn’t see where you were—if they looked at your cookies. So it’s really about protecting yourself from another user of your computer, but it’s not protecting your privacy from third parties who want to keep tracking you.
SR: That’s what I thought. You can hide from your family, but not data miners.
JA: Well, not using those modes. If you use other technology, you can attempt to block it. I use something called Disconnect, or you can use something called Ghostery, or you can use NoScript. There are various technologies that you can add to your web browser that attempts to block all of those types of tracking. However, unfortunately, it’s an arms race between the blocking technologies and the trackers. So most often, there’s a few tricks that the blocking guys haven’t caught up to yet, that the most sophisticated trackers are using. So you can’t be sure that it’s blocking everything.
SR: How have you seen personal information come back to bite users? The people in the chatroom around depression realized that they were spied on in a couple of ways. Dating and pornography are such a big part of the Internet. What’s being gathered and collected, or sold and shared, or marketed, if that is what you’re doing online?
JA: That’s the problem, because what happens is you browse the Internet and then you think that it’s anonymous. Things about you are known. Anyone who has ever had ads follow them around online, has had that experience—Oh my gosh, they know that I looked at this shoe or whatever.
I tell the story in my book of a woman who was at her work, and checking Facebook, and there were a bunch of ads on her page for LGBT cruises, paraphenalia, and her collegue looked over at her and said, "Why are all the ads on your site for gay stuff?" And then, the colleague, said, "Oh, of course, I guess that I didn’t realize your sexual orientation." This woman was out, but not to her colleagues. She was really annoyed, that even something as innocuous as an ad in the wrong context disturbed her in a way that she didn’t expect.
SR: Is it worse in different folds? Shopping is one thing, but when you get into more private areas, where you might think you have protections—whether it is religion or health or sexuality—do you see different levels of tracking? Or is everyone using the same technology, grabbing all they can, and selling it to whoever will take it?
JA: I have seen really aggressive tracking behaviors all over the world. There are people who are tracking people’s diseases very aggressively and people who are tracking drug use. We saw one online dating site that when you logged in it sent your—whether you had used drugs to some of the advertisers as one of the various attributes about you. It is across the board. There is no law that says you can’t do any of this. And everyone’s fine print [user agreement] says you can. It’s just the Wild West out there.
SR: What do you tell people to do—besides read your book? Don’t go online? Don’t use your computers? Or do you tell them that this is the new normal? There’s going to be an growing overlap between our private lives and the Internet, and it’s going to be seen by marketers and possibly the government.
JA: What I say to people is I am not willing to live without technology. I think that is an unfair outcome. There is this incredible digital world that we have built in the past 20 years and it has so many benefits. I don’t think that the right answer to this is to give up technology. I think the right answer is we need to fight back a little bit.
I fight two ways. I try to do as much as I can to block tracking technologically. But I also think there are some things that we can’t do. As I mentioned, it’s an arms race, and I’m underfunded in this arms race. My arms are cheaper and less powerful than the people who are surveilling me because they have bigger budgets. So then we have to figure out if maybe there’s a way collectively that we can all even this playing field.
If we had the rights to see what data is collected about us, to correct it, to remove it, to dispute if it was used against us, to sue somebody if they used it against us in some way. If we had all those kinds of rights, then maybe we could live in this world. But right now, we don’t have any of that. We’re actually one of the only western nations that doesn’t have any type of baseline privacy law that allows us to even see data gathered by commercial data-gatherers.
SR: A good part of your book recounts your efforts to shield yourself from trackers using digital devices that people take for granted: WiFi, email, texting, telephones. Let’s go through them and suggest to people what they can do, and cannot do, with their home computers and portable devices. What tools should people use for WiFi?
JA: I turned off WiFi on my phone and I don’t use it much on my computers anymore, for various reasons, mostly on the phone side of it. Because there’s increasingly companies that basically sniff your WiFi signal as you walk by. Anybody could just sort of notice the WiFi signal transmitted by your phone as you’re walking by if they have the right technology. Some retailers and shopping malls are beginning to use this. There was a company in London that had installed some kind of device in waste bins on the street and was logging everybody who walked by the garbage can. When the city found out, they actually shut them down.
But this technology is here. It is the democratization of surveillance. Why should the phone company be the only one who knows where you are? And the government goes to the phone company for those records? Now anyone can grab your WiFi signal. So I turned off my WiFi signal, so I know that I’m only dealing with the phone company and government following me around.
SR: What about email and texting?
JA: Email is really hard. There are very few services that are dedicated to privacy protection. There was one that Edward Snowden was using [Lavabit] that got a court order from the government to turn over information about their members and they had to shut down because their business was about privacy protection. I found a privacy-protecting email service called RiseUp, which I use. They did post a note saying, Look, if the government comes to us we might also shut down. Make sure you’re storing your emails on your computer so you don’t lose everything.
It’s not the best situation. I wish that gmail or one of the big guys would offer a privacy-protecting email service, but they don’t appear to be interested in that. I’d be willing to pay for it.
SR: What about texting?
JA: Texting is also hard. Apple has a pretty decent encrypted text message system called i-message. If you turn that on and somebody else has it, your texts are encrypted. Apple says that they can’t read them, but I don’t know if that’s true. I use something called TextSecure. It’s from a company called Whisper Systems. It’s on Android. It’s a free texting app that you can use with anyone else who has TextSecure. And then on iPhones I use something called SilentText. It is also an encrypted texting program and once again, you can only use it with people who have SilentText and it’s actually rather expensive.
SR: What about our cellphones? You said before that you have to surrender, that the cellphone companies and government are going to know where you are.
JA: The cellphone is hard. If you carry it around, it is going to be in communication with the towers. And it will be sending out data that you may or may not know about; the apps can transmit data to advertisers or anyone else.
There was this amazing story of how the NSA was trying to intercept data that cellphones were sending to advertisers. It doesn’t seem like you could really control that, which is why I ended up just getting a phone in another name. I got a prepaid disposal cellphone using cash, and not using my real name, so I could at least be tracked under some other identity.
Now it’s not a very good level of privacy protection because somebody who really wanted to get me would notice I was going to all the same places and making all the same calls. But, at least on the face of it, it wasn’t that easy to track me.
SR: If people want to try this—which is very hard—where else can they go?
JA: I do have a list on my website of privacy tools that I use at JuliaAngwin.com. It is hard to find resources for this. Another source is EFF—the Electronic Frontier Foundation—which has a good anti-surveillance guide.
SR: One more question. Does anyone in Congress take this seriously? That is, understand what’s really at stake, and take it seriously, not just give it lip service?
JA: I think Sen. Ron Wyden has been leading the charge against NSA surveillance. He seems pretty serious about it. Then senators Rockefeller, Frankin and Markey have been pretty aggressive on the commercial data gathering, and asking those people to account for their behavior. But the truth is there is not any consensus on either side. So, many bills have been introduced, but not many have moved because there doesn’t seem to be a consensus around how to solve the problem.