Welcome to the January 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.
Here’s what we’re talking about this month:
If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter.
Every January, we reflect on the year that was and share tips and tricks on how you can improve your privacy this year.
Where do we even begin? Let’s start with the obvious:
Location tracking. The overturn of Roe vs. Wade highlighted how our location data could be used against us. And as evidenced by Google recently agreeing to pay millions to settle an investigation into how it uses location tracking, big tech might track us even when we explicitly tell it not to. On the other hand, law enforcement was found to be using a paid tool that shows them “patterns of life,” i.e., where people go and when to circumvent having to get a warrant. Oh, and Apple AirTags became stalkers’ favorite tracking device last year.
Data breaches. Last year, we had plenty of those. Here’s a list of the most significant ones. While not all data breaches impacted consumers, many did. Globally, a third of consumers were affected by a data breach, according to the 2022 Thales Consumer Digital Trust Index. Weirdly enough, more than 8 in 10 consumers continue to trust that digital services will protect their data.
Federal data privacy law. The American Data Privacy Protection Act (ADPPA), a privacy bill that got bipartisan support, was introduced to Congress last yet—but it didn’t go anywhere. Its biggest hurdle: it overrides state laws. Republicans think that existing state laws (in particular, the California Consumer Protection Act) are stronger, so they won’t support it. Speaking of laws, the Kids Online Safety Act (KOSA) was also approved in 2022 by the Senate Commerce Committee. Most privacy experts oppose it vehemently because it would “force platforms to spy on young people,” potentially harming minors.
A few more privacy-related happenings from 2022 and what to expect this coming year:
Privacy isn’t all-or-nothing. Regardless of where you are right now, you can take small steps to jump up a level in 2023. The following section will help you do just that.
Everywhere you go online, you are being tracked. To understand how the sites you visit spy on you, check out Blacklight, a real-time website privacy inspector by The Markup. Then, use Cover Your Tracks by the Electronic Frontier Foundation to see how protected you are against online tracking.
When you’re done, choose your level:
From Twitter to Revolut, there was no shortage of data breaches in 2022. Use the Have I Been Pwned online tool to see if your details were compromised last year.
Then, based on the steps you’ve taken to date to increase your account safety (no judgment), go up a level:
Although social media platforms are among the worst data privacy offenders, few people are ready to give up social networks for good. But even if you can’t live without *insert your favorite social media platform here*, there are still some steps you can take to increase your privacy—even if it’s just by a little bit.
Depending on your baseline, jump up a level:
Our recent favorites to keep you up to date in today’s digital privacy landscape.
Tax Filing Websites Shared User Data with Meta
Popular tax filing services like H&R Block and TaxAct shared user financial information with Meta, an investigation by The Markup found. The data was sent via the Meta Pixel, a piece of code the services put on their websites, and included names, email addresses, income, and more. While the tax filing services have since changed their pixels’ settings to cease financial data collection, Meta is now facing a class action lawsuit over this practice.
Amazon Will Give You $2 a Month to See Your Phone’s Internet Traffic
Amazon is offering select users $2 a month to monitor the kinds of ads they see on their mobile devices as well as when and where they see them. The tech giant says this will help make ads more relevant. Invited users can also get $10 in Amazon credit if they share receipts of non-Amazon purchases. As expected, this offer has outraged privacy experts, who say that your data is worth much more than $2 a month.
End-to-End Encryption Comes to (Some) Gmail Users
Google added end-to-end encryption (E2EE) to Gmail (the web version), a feature that will make the body of the email and attachments (but not the header) indecipherable to Google servers. Currently, E2EE is only available in beta for some Google users, including Workspace Enterprise Plus, Education Standard, and Education Plus. Users can apply to try out this feature until January 20, 2023.
Brave Now Shows Users “Privacy-Preserving” Ads
Brave Software, the company behind Brave, a search engine that promises not to track users, is testing “privacy-preserving” ads. According to Brave Software, ads are labeled clearly as such to distinguish them from other results and are anonymous, i.e., ads are based on a user’s search query, device type, and country. Users can also pay $3 a month for “Search Premium,” which offers an ad-free experience.
Here are some of the questions our readers asked us last month.
Q: How long do mobile providers store our location data for? Is it for like a day or indefinitely? And what do they use this data for?
A: Really good question.
You might recall how, several years ago, wireless providers like AT&T got into trouble for selling sensitive user location data to third parties like data brokers without user consent. Amidst public outcry (and fine proposals from the FCC), they promised to stop doing so.
So, did they keep their promise?
Earlier this year, the Federal Communications Commission (FCC) asked the country’s top telecom providers to disclose the kind of location data they collect, how long they keep this data, and whom they share it with.
The FCC has shared the providers’ responses on their site.
The long and the short of it is: there’s no standard for how long wireless providers keep user data. For example, AT&T retains cell-site-level data (which can give a user’s approximate location) for five years, while Verizon keeps this data for one year.
All providers also say they don’t sell customers’ location data to third parties. But they can still share this data with civil authorities or the police (i.e., comply with legal subpoenas, etc.). In many cases, they can do this without letting their customers know.
Q: Is Twitter still safe to use?
A: That depends on who you ask.
Elon Musk will probably tell you that his recent policy changes (like not being able to share other people’s real-time location data without their consent) make the social media site safer than ever.
Others, like TechCrunch, have recently warned that some users can’t get Twitter’s privacy features, such as toggling direct message privacy settings, to work on iOS. Many (including Twitter employees) also predict that Twitter will soon fail.
While only time will tell what’ll happen, there’s probably no harm in taking New York Times’ advice and archiving and locking down their data.
We’d love to hear your thoughts about all things data privacy.
Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).
Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.
Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito?
That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.
DeleteMe is our premium privacy service that removes you from more than 30 data brokers like Whitepages, Spokeo, BeenVerified, plus many more.
Save 20% on DeleteMe when you use the code DIYPRIVACY.
Our privacy advisors:
Save 20% on any individual and family privacy plan with code: BLOG20