Who Can See What I Do?

In the "Who Controls the Internet?" lesson, we briefly discussed a few entities who can see your browsing habits, but how do they see these things? And what can they actually see?

When a website you visit tracks you, that’s first-party tracking. When a website you visit lets another company track you, that’s third-party tracking.

Third-party tracking companies can track you across most websites you visit, letting advertisers show targeted ads based on possible interests and online activity. For example, if you visit a website about running and fitness, you'll see ads for running shoes when you visit other websites.

All of the following collect information traced directly to you when privacy is neglected:

• Operating Systems
• Wi-Fi Network Admin (or the owner of the wi-fi connection)
• ISPs
• Websites (using cookies and trackers)
• Search Engines
• Apps
• Hackers
• Gov Entities

Why does this matter? Well, if your device is connected to a crime, many of the individuals on this list have to relinquish their information on you to authorities. Digital forensics is an ever-evolving field full of critical information and will continue to be a thorn in the side of hackitivism and cyber activities as long as data collection remains an untouched topic by various governments. It also matters because your personal information is subject to a leak when certain individuals aren't as secure as they claim, like AT&T, which is one of the major ISPs of the internet today. 

Law enforcement authorities can use warrants, like warrants to Google for any devices that were near where a crime was committed in order to collect suspects. Worse, places like AT&T will just let the government by data like phone records. In Chicago, law enforcement reportedly have real-time access, without the need for a warrant, to over 30,000 public and private surveillance cameras throughout the city. They'll explicitly record peaceful protests through police body cameras and search social media feeds for photos and recordings taken by protesters, media, or other observers. Cell-site simulators, or stingrays, mimic cell phone towers and trick cell phones into connecting with them. They can identify cell phones, intercept metadata such as the numbers and duration of calls, and track text messages and internet usage. In addition, they can target the cell phone of a specific individual or, in dragnet style, track all cell phones in the surrounding area.

It shows how our phones are beacons of information, especially when faced with communication interceptions. Given a warrant, your phone quickly becomes a piece of evidence - and depending on what they find, they could decide to discriminate or press harder for a charge of any kind. Not only that, but with big companies like Google, they may be able to formulate a full profile on you with advertiser, phone, and social media data to give to authorities if you ever become a point of interest.

Some people don't mind giving out their information, especially if it seems harmless, but things like your location data, credit card info, IP address, phone number, and birthday can be used and sold for various purposes by each of the offending collection entities. Beyond basic data, tech companies like Google, Apple, Microsoft and Facebook also often have access to the contents of emails, text messages, call logs, photos, videos, documents, contact lists, and calendars. A lot of this information are things that the government is allowed to buy from companies and ISPs (or they could get a warrant if they really wanted) and these kinds of purchases are how people are tracked to their homes or harassed during work. Not only that, but some companies will form partnerships with law enforcement (like Ring, the Neighborhood app, and all of their doorbell cameras) to further provide sensitive information.

The main argument I run upon when worrying about digital safety is "well, if you aren't doing anything bad, you should have nothing to fear", but this thinking is patently untrue and even dangerous. In the case of geofencing, just being in the wrong place at the wrong time with an Android phone is enough like the case Zachary McCoy was involved in, which cost him a few thousands of dollars in legal fees to fight. This and AI facial recognition is putting a lot of digital data into the hands of authorities, which has proven to attack innocents just as much as a perpetrator. There have been multiple lawsuits over wrongful arrests and denial of cases - and it can happen to anyone. Independent assessment by the National Institute of Standards and Technology (NIST) has confirmed that face recognition technologies across 189 algorithms are least accurate on women of color.

In oppressive regimes, these tools can be used to suppress human rights. Finding a post on a news group that goes against a regime, using the IP address to find the service provider, then the credit card details to find the individual poster and track them down - even though they thought their post was anonymous - is just one of the ways all this data can turn around to hurt the individual.

I've mentioned data leaks and hackers, but what can hackers even do with your info? Stealing your identity, using your credit or debit card, selling your information to spam companies, using your health insurance, filing fraudulent tax returns, opening bank and loan accounts; these are just some of the things that could be done. Some hackers get paid to steal trade secrets, client information, and employee records. 

In the next section of the digital literacy course, we'll be covering the various ways hackers can get this information straight from you without having to hack tech giants or communication channels, such as phishing, viruses, scams, downloads, and unsecured messaging systems.