Data Snatchers! The Booming Market for Your Online Identity

Make no mistake, your personal data isn’t your own. When you update your Facebook page, “Like” something on a website, apply for a credit card, click on an ad, listen to an MP3, or comment on a YouTube video, you are feeding a huge and growing beast with an insatiable appetite for your personal data, a beast that always craves more. Virtually every piece of personal information that you provide online (and much that you provide offline) will end up being bought and sold, segmented, packaged, analyzed, repackaged, and sold again.

The “personal data economy” comprises a menagerie of advertisers, marketers, ad networks, data brokers, website publishers, social networks, and online tracking and targeting companies, for all of which the main currency—what they buy, sell, and trade—is personal data.

No-Track Add Ons: Third-party products such as Abine’s excellent Do Not Track Plus browser extension block cookies in real time from third parties like ad networks and data aggregators. (Go to find.pcworld.com/73080 for the download of DNT+, which works based on the privacy suggestions of Abine.) An icon shows how many companies are gathering your personal data at the site you’re visiting.
Their databases pull user information from a long list of sources—everything from birth certificates to browsing history to Facebook “Likes”—and they’re becoming better at finding patterns in the data that predict what you might do or buy in the future. A child born in 2012 will leave a data footprint detailed enough to assemble a day-by-day, even a minute-by-minute, account of his or her entire life, online and offline, from birth until death.

And the databases that collect this information are increasingly hyperconnected—they can trade data about you in milliseconds.

Facebook, to many, is the face of the personal data economy. Its entire business is aggregating the personal data that its users give at the site. Today, Facebook uses that mountain of personal data to help advertisers target ads on the Facebook site. However, as many observers have said, Facebook’s investors are likely to pressure the now-public company to look for new ways to “monetize” its personal data.

“We’re accepting more privacy intrusions each day, sometimes because we don’t realize what we’re giving out, other times because we don’t feel we have a choice, other times because the harm of this isolated transaction seems so remote,” says privacy attorney Sarah Downey, who works for personal data security products company Abine.

Sarah Downey
"The widespread and largely unregulated collection, sharing, sale, and storage of massive amounts of consumer data are a threat to all of us." --Sarah Downey, attorney for online privacy products firm Abine
She adds, “Once collected, our data ends up in unexpected—and unwanted—places, and spam emails, inclusion in harmful information databases, and even identity theft can follow.”

In the following pages I’ll try to add to the personal data economy story by describing some of the latest trends in personal data collection and analysis—the combination of online and offline data, hyperconnectivity and real-time ad targeting, browser fingerprinting and tracking, and finally the new methods of analyzing huge databases of consumer information.

Combining Online and Offline Data

Personal data has become far easier to access and aggregate than it used to be. Long before we started cataloging our lives on the Internet, much of the information about us lived in hard-copy public records documents at the city hall or the county courthouse. Those public records, which include birth data, real estate records, criminal records, political affiliation and voting records, and more, have in recent years been scanned, digitized, and otherwise fed into databases. That data is now being combined with our online personal data.

A whole industry of public records data companies has sprung up to ag­­gregate public records data from every city, county, and state in the union, and to make the data easily available online (for a price). Some of these firms, like Intelius.com and Spokeo, are combining public records data (originally created offline, in the physical world) with online data (information that we give out via the Internet), such as personal data from social networks.

Spokeo aggregates data taken from social media and networking sites, and it augments user profiles with public records data, the company’s chief strategy officer, Emanuel Pleitez, tells me.

Jim Adler
"With the social networking revolution, the expectation of privacy is way down, and the ... expectations of privacy with specific types of data ... are still very much in flux." --Jim Adler, Intelius privacy and data systems official
Intelius Inc., which owns Intelius.com and other “people search” sites, has begun augmenting its core public records data product by adding social network data to its user profiles. “It’s an area we’re moving in now,” says Jim Adler, chief privacy officer and general manager of data systems at Intelius.

He adds, “Our job is to pull data together from whatever sources are available. If it’s publicly available, we’ll use it.”

Today Intelius is capturing only the most basic information from Facebook, Twitter, and other social networks—names, ages, and where a person has lived. But many aggregators are just beginning to explore the uses of social networking data.

Next: New Privacy Threats

Subscribe to the Security Watch Newsletter

Comments