All the Ways Data Brokers Get Your Personal Information

Unhappy about the personal data that shows up when you Google your name? Here’s a guide to understanding where this information comes from and how you can improve your online privacy.

Data brokers are companies that make money collecting and trading personal data belonging to consumers they don’t ever do direct business with. Data brokers sell your personal information to marketers, financial institutions, political consultants, employers and landlords doing background checks, and crucially, anyone else with money to spend. Unfortunately, this means that cybercriminals have easy access to information that can help facilitate cybercrimes like stalking, doxxing, and identity theft. 

Here are a few key sources data brokers use to mine for people’s personal information and how you can limit their activities. 

1. Mobile Apps 

Mobile apps on smart phone

Photo by William Hook on Unsplash

Remember the adage “there is no such thing as a free lunch”? This is certainly true of all the apps we supposedly use for free on our mobile phones. Their hidden cost is your personal information. The apps make money by selling your data or by charging companies for advertisements that target you. 

Every phone is given a unique ID number called “mobile advertising identifier” that is specific to the device you use. Each app has multiple third-party partners that get access to a little bit of your personal data along with this ID number. 

For example, one app may give a data broker your exact location, another app may share your name and surname, and yet another app may reveal your phone number. Data brokers can collate this information to create a very clear picture of who you are, including your interests, family and friends, and even pets. 

The Solution

  • Audit app permissions. Don’t give apps access to your location, contacts list, camera, photos, and mic. 
  • Always get your apps from the official app store on your phone. But even then, be sure to check the app’s rating and user reviews. 
  • Before you download any messaging apps, make sure they have end-to-end encryption. Otherwise, you run the risk that your messages will be read by strangers. 

2. Harvesting or Scraping Social Media Profiles

Mobile phone / smart phone

Photo by Erik Lucatero on Unsplash

Data brokers use automated scraping bots to copy your public profile information, including your name, location, phone number, email address, photos, and more. They then connect this information with other data points they have on you. 

Although scraping is against social media networks’ terms of use, data brokers still do it. If they get caught, they sell the data they scraped to other data brokers and disappear before they are faced with legal action.

The solution

  • Use Abine Blur masked email service when signing up for a new social media network. Find out how masked emails work in this 1-min video.
  • Avoid sharing personally identifiable information (like your birth date, relationship status, and your workplace) and photos publicly. Better yet, make all your social media profiles private and never tag your specific location.
  • Don’t accept people you don’t know in real life as friends on social media. 
  • Create strong, unique passwords for all your accounts. A password manager, such as the one offered by Abine Blur, can help you keep track of all your login credentials. 
  • Stay away from social media networks with poor privacy policies and settings, such as Clubhouse. 

3. Credit Card Transactions 

Credit card transaction data

Photo by Ales Nesetril on Unsplash

Data brokers buy anonymized and aggregated credit card transaction information from credit card processing networks. According to Fast Company, Mastercard made $4.1 billion in 2019 from this type of service.

You might be wondering: if transaction data is anonymized, how can data brokers link it back to you? It’s really quite simple:

  1. Banks and credit card services use third-party companies for anonymization (or “tokenization”). 
  2. These third-party companies assign your credit card a randomly generated ID code (token). 
  3. Tokens are not mathematically reversible with a decryption key. However, a combination of a few receipts and social media posts is usually enough to connect your credit card transactions with other personal information. 

In a 2014 investigation, the Federal Trade Commission found that data brokers use credit and debit card transaction data to place consumers into various categories, like “Bible Lifestyle,” “Plus-size Apparel,” and “Modest Wages.”

The solution 

  • Use Abine Blur masked cards feature to create a new burner credit card number for every purchase. With a masked card, the token for each of your purchases will be different, which means that data brokers won’t be able to create a financial profile on you. 
  • To take it a step further, use Abine Blur masked email service when signing up to e-commerce sites. 

4. Behavioral Tracking (Aka Browser Cookies)

Cookies

Photo by Mollie Sivaram on Unsplash

Everywhere you go online, your behavior and activities are tracked via cookies. Cookies are small text files that identify your computer when you visit a particular website. While some cookies are useful (for example, they may record your login information and remember items in your shopping cart), others track your browsing history across the web. 

Data brokers buy your personal information from third parties that observe your web browsing. In some cases, data brokers may also place cookies on consumers’ browsers themselves and then give their clients the option to advertise to those consumers across the web. It’s because of cookies that you keep seeing highly targeted ads everywhere you go on the internet. 

The solution

5. Public Records 

Public Records

Photo by Olena Sergienko on Unsplash

Data brokers collect most of their information from public records. Public records include things like voter registration information, census data, birth certificates, property records, vehicle registration records, marriage licenses, and divorce records. 

Unfortunately, most public records are available to anyone who requests to see them. For this reason, data brokers are not technically breaking any laws when they scrape public records. That being said, some public records are confidential or have eligibility requirements. For example, under certain circumstances, you may be able to seal your divorce records.

The solution

  • Check your state laws on who qualifies for Confidentiality Programs (ACP).
  • Visit the county clerk’s office and ask what, if any, personal information can be removed, redacted (like your phone number and a part of Social Security Number), and changed (full name to initials). While you’re there, ask which documents can contain your P.O. box instead of your home address.
  • Check the Uniform Commercial Code (UCC) database to see if your Social Security Number is listed on the records for your property ownership and liens.
  • Set up Google Alerts for your name to get updates any time someone posts information about you online. 

Wait — There’s More

Sadly, these aren’t the only sources data brokers harvest their data points from. Other sources include (but are not limited to) periodical subscriptions, loyalty card services, and online polls and surveys. 

While it’s not possible to delete your online and offline footprint entirely, that doesn’t mean that you should tolerate companies you’ve never even heard of amassing huge amounts of data about you. 

In addition to following the advice outlined above, you should also take the time to opt-out of all the major data brokers and people search sites out there. Check out our step-by-step guide on how to do that or subscribe to DeleteMe to have a team of professionals do it for you.