Truth is, it is much bigger than Google. It is Apple, Microsoft, Facebook, LinkedIn, Twitter, WhatsApp, search engines, and hundreds of more so-called free apps — loyalty programmes especially — that have the sole purpose of gathering information about you. It is also your government/s, telco, newspaper subscription, gym membership, medical records, Uber, cab bookings, banks, and so many more. Some use it to generate advertising revenue, some to present tailored offers to you, some sell it, some put it into massive collaborative data lakes like Adobe or Oracle Marketing clouds, etc.
Double-Click admitted in 2012 that at that time it shared its tracking with 105 companies. Ghostery, a tracking blocker, says now over 2000 trackers know your every Web move. It is not unusual for it to find 30 to 50 trackers per page – especially on high volume sites.
Whatever the case your personal data is growing – and was estimated at 45GB collected per person in 2014. It is worth big bucks to business and cybercriminals. The International Advertising Bureau (IAB) estimate that legitimate sales of data in 2016 in the US alone will be over US$64+ billion. Let’s look at a few key players.
Google have come uncharacteristically clean — but that could be to their disadvantage — on the amount of information collected from Android users. It’s a lot – gobsmackingly too much.
Log into the ‘My activity’ page with your Gmail account and password for it to reveal every search you have done on an Android device. On my page, it went back to January 2013.
To be fair, you can see a lot of activity and can delete it – I suggest you do. The following is the tip of its information iceberg.
It has location and timeline — wherever you go your phone goes — including overseas. Accuracy is down to street and lot number level. It marries up locations like restaurants, shops and more. It tracks back to 2009, and you can select by date!
It has YouTube "watch and search" history – all the dog and cat videos, and more. It keeps information on what music you have searched for using its Play Sound Search. It has device history that includes contacts, apps and other device data sent to Google.
It knows what device and brand you are using – Window, Mac, Samsung, LG, and much more. It knows what apps are connected to your account. It knows where you live, your age, gender, email address, occupation and so much more personally identifiable information (PII). It reads your Gmail, Google Docs, uses your contacts, knows your calendar and interrogates just about everything on the device.
Before we go much further with the company that professes “Don’t be evil – but if you do you may as well be hung for a sheep as a lamb” let's segue to the others.
A Google search on “What does Facebook know about me” yields 383,000,000 results – so I will only present pertinent points. I have reproduced a list from DaylanDoes – the article is excellent and worth a read.
The standard stuff you provide them…
But wait, there’s more…
Daylan says you can find all that it knows about you by downloading a zip file – the instructions are in his article.
The bottom line is that Facebook uses this data and more to target advertisements to you – oh, you thought using Facebook was free.
LinkedIn — recently purchased by Microsoft — knows more about your career and business life. It is a great source for socially engineered spear-phishing campaigns, and cyber criminals will try to “know you” so that they can spear phish you later.
Twitter and the rest
Any site that uses search is collecting your data. Any site that you can recommend, comment, or like is tracking you. Most of these will collaborate in the cloud to get you to buy something.
But you can’t use an Apple device (iOS or macOS) without logging in, so it collects much of the same data as Google does on Android devices. It knows search, contacts, email, calendar, location, where you live, eat etc., let’s face it anything you do or put on an iOS device.
Apple tends to couch things in a non-threatening way. When you use Siri or Dictation, the things you say will be recorded and sent to Apple to convert what you say into text and, for Siri, to also process your requests. Your device will also send Apple other information, such as your first name and nickname; the names, nicknames, and relationship with you (e.g., “my dad”) of your address book contacts; and song names in your collection (collectively, your “User Data”).
It has a significant repository of privacy advice here, but it stops short of telling you what data it collects and what it is used for. Apple apparently does not share data with advertisers, but it can serve ads to you via Safari and its App store.
Microsoft is no better or worse than Apple. Its platform is Windows, and that starts from its initial activation and goes on to Bing searches, Hotmail, Outlook, all its 365 cloud services, and more. Since Windows 8, one is invited to log in to Windows devices using a Microsoft account. (You can also opt for a local account, but if you forget your password, resetting it is much easier with a Microsoft account. You can use any email address for this Microsoft account.)
Microsoft says it does not want to know you – it only stores information needed to help you, but it does not use it outside that. Good information includes error reporting, usage patterns, etc. It is what kept the “Ribbon Bar” alive in Office or new directions it takes with software or hardware.
Cortana and Bing are a different issue. These services have been “Googlised” and anything you do with them is fair game. Although to Microsoft’s credit its Cortana policy is not 4000+ words (as Siri is) and importantly for Cortana it clearly states:
When you use Cortana, Microsoft collects and uses information including your device location information and location history, contacts (People), voice input, searching history, calendar details, content and communication history from messages and apps, and other information on your device. In Microsoft Edge, Cortana collects and uses your browsing history. This information is saved on your device, in your Cortana Notebook, and in the cloud on the Bing.com dashboard.
Cortana doesn’t use the information you share with Cortana to send you targeted ads. Ads may accompany search results that Cortana delivers – just as they do when you do a search on Bing.com.
You can delete any information from Cortana’s notebook and turn off tracking etc.
I spent many hours researching this, and while my paranoia levels ratcheted up a notch or two, I was reassured that the major players have privacy policies — sure, you could drive a truck through some of the gaps — and generally do no evil. But it is easy to knock Google as they are the most comprehensive offenders.
There are other more insidious offenders – especially those that offer “free” services. I am also more worried about the others — telcos, banks, loyalty programs, etc., that build a profile on you — it is not fair they know more about you than you do. If they breach your trust, then the government will need to act.
Apart from wearing a tin-foil hat, using cash, having plastic surgery to disguise your face, and living in a cave somewhere, the short answer is you cannot escape a digital footprint but you can and should minimise it.
You can and should spend hours going through the privacy settings of the devices you have. You can delete Facebook, LinkedIn, and other social media profiles – perhaps it is better just to remove PII, but the damage is probably done already. You can use a VPN for all Internet activity and encrypt everything.
One thing you should do is install Ghostery for Opera, Firefox, Chrome, Safari and IE, an extension, that gives you complete control over the scripts and cookies that run when you visit any site. You'll be able to see which sites are dropping cookies or running scripts that call home right in your browser, and choose to block or allow any of them you choose.
But in the end it comes down to education — like this article — and common sense. Never put anything in writing that you don’t want your mother to see.