SXSW: the real cost of free services is giving up your data

Naked Security is reporting from SXSW in Austin, Texas this week

“Even with the best will in the world, you cannot be completely anonymous online,” said Liz Kintzele, VP of sales and marketing at Golden Frog, at this year’s SXSW conference in Austin, Texas.

Kintzele took her audience on a broad journey around anonymity and privacy on today’s internet. It might have been light on technical details, but if the goal was to force the audience to stop mindlessly browsing and think about some of the issues around big data, then it was a success.

Kintzele’s message is simple: “There is no such thing as total anonymity on today’s internet.” From the moment you sign in to your smartphone or desktop computer, how you interact online has the potential to be tracked and used by others for profit.

Many will be uncomfortable with this and look for ways to hide their online footprint. The goal should not be to believe the claims of total anonymity, noted Kintzele, but to think carefully about what online services you use, what information you are giving out and how this information could be used by others.

Kintzele focused on how this situation has occurred, laying out how the internet grew to feed the “big data” machine. She highlighted three moments that led to the current attitudes and expectations of widespread data collection: the launch of Google in 1998, Facebook in 2004 and the alterations to Google’s privacy policy in 2014. These moves ushered in and gave tacit permission for the monetisation of big data.

More of our data is being stored and used by companies every day. The Investigatory Powers Act 2016 in the UK increases the amount of personal data that has to be retained. Recent changes to the FCC’s privacy regulations has increased the ability for US telecom operators to log and process personal information.

In a world where services are free at the point of use, the real cost is giving up your personal data. From search engines and browsers to websites, apps and social media hubs, you are constantly providing companies with this data.

When you sign up for free you give away information. You hand over your personal details, usernames, birthdays and location. But you also hand over more data when you use these services. You hand over the websites you visit, the links you click, the images you look at, the people who you communicate with, your location, your device’s unique identifiers, and much more.

All of this data can and will be used and sold for profit.

Although Kintzele reminded the audience that there is no simple answer to the challenge of anonymity and privacy, the talk was decidedly light on practical examples that could be used by the audience. Tor was highlighted as a good starting point for those with concerns, but it was also used to highlight the dangers of trusting a privacy provider. Tor has to gather some of your personal data to work effectively, and when your data is being collected it has the potential to be used.

Kintzele’s message was about taking responsibility and looking beyond the advertising to see what a service will do with your data – that tends to be hidden deep in the terms and conditions, but it will be there.

Ghostery’s move towards a more transparent approach was praised. This browser extension blocks advertising trackers, tags, and beacons. Its model does involve selling data back to advertisers on adverts that are blocked so they can refine their approach. What is key in Kintzele’s mind is that Ghostery is transparent and clear with its users in what it does with the gathered data, which was not always the case.

Kintzele argues for a personal approach that will limit your exposure as much as possible. Be aware of the information that you are offering whenever you use a service, be it a service that can limit the data you offer or one which will use a much of your data as possible for profit. Look beyond the surface of the companies and tools that you are using, drill down into the terms and conditions to see not only what your data will be used for, but who actually controls the company.

Most importantly you have to take control. Your privacy is not the responsibility of others, it is yours.

You can never hide every single action you make on the internet, but neither should you trust these companies to respect your data while profiting from it. Educate yourself, research the tools you can use and reduce your visible digital footprint. These will all make it harder for companies to track you and monetise you, and will put you back in control of your personal data.