Welcome to the January 2022 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Here’s what we’re talking about this month:
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
If you’ve been following the news headlines, then this likely won’t come as a shock to you: 2021 was a cyber security (and consequently, privacy) nightmare.
Here are three important trends from last year:
1. We have entered a “golden era” of ransomware. Ransomware attacks went through the roof in 2021, with cybercriminal gangs turning ransomware into a multi-billion dollar business — think cybercrime gangs employing project managers and PR professionals, working 9 to 5, and taking the holidays off. Massive attacks on tech giants like Apple and Acer and critical infrastructures such as Colonial Pipeline, JBS, and the entire Irish Health Service (HSE) prove that no organization is safe. Ransomware is now “a serious national and global problem.”
2. Last year saw more data breaches than in 2020. By the end of September 2021, the number of recorded data breaches had already exceeded the total number of 2020 by a whopping 17%. This means that hundreds of millions of people have had their personal information exposed in 2021 (but many may not even realize they’ve been compromised).
3. Accessing people’s personal information has never been easier. According to our own research, the amount of online personally identifiable information available for the average individual has grown by 150% in the past 2 years. Not only are there more places to find this information online, but there are now also more data categories available about individuals than ever. So, whereas in the past, pretty much anyone could find out your “basic” information like your name, address, and phone number, today, they can also know who your spouse is and where you work, and even see your court and property records.
Facebook was busy. In 2021, the tech giant: 1) Released RayBan Stories, first-generation smart glasses that many experts have described as a “privacy nightmare”; 2) Rebranded itself to “Meta” to reflect its commitment to build a metaverse ecosystem, which sounds cool… until you look at the privacy implications that this would have on users everywhere; 3) Was fined $270 million by Irish authorities for lack of transparency on what WhatsApp, the messaging service it owns, does with the data it collects from its users.
Almost three-quarters of Americans are worried about their online privacy. However, apart from changing the occasional password, the vast majority are, weirdly enough, not willing to do anything about it.
Don’t get us wrong — changing passwords is important (more on that below). But there are a number of other precautions you should take to ensure you have a safe and privacy headache-free 2022:
Protect your accounts and devices
Secure your web browsing (and online shopping)
Safeguard your social media and email and remove your name off the web
Delete your name from common data broker sites (and do it often). Or, better yet, get a professional service to do it for you.
Our recent favorites to keep you up to date in today’s digital privacy landscape.
Found: The Most Serious Computer Vulnerability In Decades
A critical vulnerability in many versions of the Apache Log4j library, a ubiquitous Java logging tool, has been discovered. The vulnerability, dubbed “Log4j,” allows cybercriminals to access companies’ computer servers. By mid-December, there had been over a million hacking attempts, with almost 50% of corporate networks affected by the vulnerability.
Verizon Automatically Enrolls Customers Into a Data Collection Program
All Verizon users are automatically enrolled in the “Verizon Custom Experience” and “Custom Experience Plus” programs. Previously known simply as “Verizon Selects,” the programs track user data, like the sites they visit and their location. While Verizon does not share this data with third-party advertisers, it does share it with service providers who work with them and can use the data to personalize its offers to you (luckily, you can opt out).
DuckDuckGo Will Soon Have a Desktop Web Browser
DuckDuckDuckGo, the internet search engine that prioritizes searcher’s privacy, is now building a desktop browser that will come with “robust privacy protection” from the get-go. According to DuckDuckGo CEO Gabriel Weinberg, just like the DuckDuckGo mobile app currently, the browser will also have a “Fire” button that will let users delete their browsing history, tabs, and stored data instantaneously. The browser will also supposedly be significantly faster than Chrome.
Family Locator App Life360 Sells Precise User Location Data
The family location sharing app Life360, used most often by parents to track children, appears to have been selling user data to about a dozen data brokers. However, while this data is free of the most obvious identifying information, it is not aggregated, fuzzed-out, hashed, or otherwise obfuscated, meaning that anyone who buys this information can tie it back to individual users.
Here are some of the questions our readers asked us last month.
Q: I have a lot of recipe apps on my phone, are they OK to use?
A: Unfortunately, while recipe apps may look innocent enough, as the vast majority of apps, they also track your activity.
The nonprofit Mozilla Foundation recently conducted an investigation into how bad this tracking is. The answer? It’s pretty bad. Most popular recipe apps have been found to send personal data and behavioral data to third-party advertisers for the purpose of improving their marketing.
The data these apps collect frequently includes everything you do on the app, your location, and device information (the model and OS version but also things like screen brightness, battery level, and whether your phone is on charge or if your headphones are plugged in). In one app studied by Mozilla, an Amazon Ads tracker asked for user data as many as 36 times in just 2 minutes. In another app, a tracker constantly asked for information on how long users were looking at certain ads.
If the above hasn’t scared you off downloading recipe apps (or deleting them off your phone), at the very least, avoid Recipes Home, Allrecipes Dinner Spinner, and Food Network Kitchen. According to the report, these are the worst recipe apps for data collection and sharing. On the other hand, BBC Good Food is probably one of the least offensive recipe apps. Even though the app uses trackers, they don’t appear to be collecting that much personal information about users.
Q: What’s Netflix like for privacy?
A: It’s not the best. But it’s also not the worst, either.
Terms of Service; Didn’t Read, a community project that analyzes and grades the terms of service and privacy policies of popular services and sites, gives Netflix a rating of “C.”
Similarly, Common Sense Media, an advocacy group for families, gave Netflix a rating of 46%, meaning that the streaming service fails to meet the group’s privacy and security requirements. Interestingly, the only streaming service that passed the group’s requirements was Apple TV+.
Although Netflix says that it doesn’t sell users’ data, it does target them with ads. The company also says it might share user data with service providers and partners, which can include your internet provider or mobile phone carrier. It can also share data with third parties to run joint promotions and programs — and these third parties are responsible for their own privacy policies.
Scarily, Netflix seems to keep the data it collects about you for quite some time. For instance, in an article for Wired, journalist Kate O’Flaherty found that Netflix had information on her going back to 2015. What’s even more frightening is that, based on the data collected by Netflix, privacy consultant Rowenna Fielding was able to accurately guess O’Flaherty’s living circumstances (relationship status, income bracket, and values and cultural backgrounds).
You can always request to see what information Netflix has about you, as well as enable a few options in your settings to improve your privacy at least somewhat (if you haven’t done that already).
We’d love to hear your thoughts about all things data privacy.
Get in touch with us. We love getting emails from our readers (or tweet us @Abine and @DeleteMe).
Share with friends! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.
Let us know. How’s your online privacy? Did you find the above tips useful? Also, are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?
That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.
Our privacy advisors:
Save 20% on any individual and family privacy plan with code: BLOG20