Incognito — November 2022: Political Micro-Targeting Continues to Spur Privacy Debate

Welcome to the November 2022 issue of Incognito, a monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month:

• Political micro-targeting. How politicians use your data to win elections. 
• Recommended reads, including “Accounts of Prepaid Verizon Customers Breached.”
• Q&A: How can I create fake answers to security questions and then remember them?

Know someone who could benefit from privacy protection? Refer them to DeleteMe—they get a 20% discount and you get a $50 Amazon gift card if they sign up. 

If you think your friends or family might enjoy learning more about data privacy, feel free to forward them this newsletter.

With the 2022 United States midterm elections happening later this month, you’ve likely seen an ad or two that might have seemed a little too personal. For that, blame political micro-targeting. 

What Is Political Micro-Targeting?

Political micro-targeting is what happens when politicians use consumer information to target households/individual voters with personalized political ads.

For instance, showing ads that feature men to male voters only. But that’s a very basic example. 

Beyond gender, targeted political ads can also be based on things like race, education level, income, geolocation (for example, whether someone attended a political rally, visited a church, etc.), purchasing and browsing habits, behavioral traits and attributes (including if someone is a Star Trek fan), and people’s stance on controversial topics such as the right to abortion, gun control, and stem cell research). 

Fun fact: People with gym memberships are apparently more reliable voters.

Voter Data Is Easy to Find

Most political campaigns get their hands on personal voter information by working together with data brokers or advertising companies/political data brokers. 

Data brokers are companies that collect personal consumer data from various different sources, including public records, social media, tracking firms, retailers, and survey marketers.

ProPublica’s Facebook Political Ad Collector project found that many political candidates use Experian’s and Epsilon’s data (two large data brokers) to show Facebook ads to voters most likely to support them. The Open Rights Group (ORG) describes Experian as a “one-stop shop for data used in political profiling.” Campaigns also use data brokers for political ads shown on streaming services. A number of streaming services let campaigns provide specific voter lists to show ads to particular individuals. 

According to Geoffrey A. Fowler of The Washington Post, who wrote an article on political targeting in 2020, other sources of information for campaigns include (in no particular order):

1. What you/those close to you tell these campaigns (i.e., when you sign up for news updates or when your friends upload their contacts list to campaign apps). 
2. Other campaigns.
3. Facebook. Even though Meta announced it would no longer target people based on their political affiliations, race, or ethnicity, campaigns can still use other data points to reach specific voters, says Nick Corasaniti in an article for The New York Times. 

When Fowler spoke to the Republican National Committee (RNC) for the article, they told him they had over 3,000 data points on each voter. And Democratic National Committee (DMC) said they have enough information to understand every voter as an individual. 

How Much Are You Worth to Political Parties?

Use our political Val-You calculator to find out how much your personal data is worth to political data brokers. Simply enter anonymous information about yourself (like the state you’re registered in, age group, and ethnic group) to see what your vote is worth. 

It’s a Massive Problem

Targeted ads are, in general, a problem. But whereas a targeted brand ad might sway you to buy a new jacket or kitchen appliance, a targeted political ad can have more serious consequences. Think political polarization/distorted political discourse and/or the election of a particular politician based on specific voters seeing only one aspect of their campaign rather than their whole platform. 

• Speaking to the Brookings Institution, the head of political advertising at one big advertising firm said that having political targeting allows them to deliver different messages to different people. 
• “This message is only for women. Only in these ethnicities and only at this income and education level. We’re going to tell this story to them. Then we’re going to tell a completely different story to this different ethnic group, a different story to immigrants, a different story to businesspeople. And we’re going to whip everyone into a froth and no one else is going to see the other messages.”

Foreign governments or domestic actors interested in influencing elections can also abuse targeted political ads. Britain’s Channel 4 alleges that the notorious and now defunct British political consulting firm Cambridge Analytica used voter data to dissuade African Americans from voting in the 2016 elections. 

Perhaps unsurprisingly, research shows that most people really, really don’t like micro-targeting. About three in four individuals say that internet companies should not be sharing their data with politicians. This sentiment is the same whether people identify as Democrats, Republicans, or independents. 

Political campaigns are also not known for having great cybersecurity, which means there’s always the risk of personal voter data being exposed, either accidentally or through a breach. 

Why Nothing Is Being Done 

Just like there are no laws against data brokers, there are currently also no laws against using consumer data for political purposes. 

That politicians benefit massively from this type of data might be the reason why. In 2014, a senior fellow at the Information Law Institute, Ira Rubinstein, said that data brokers are even using this as an argument when the need for regulating the data broker industry is brought up. 

Steps You Can Take to Reduce How Many Political Ads You See

Remove yourself from data brokers. You can’t remove yourself from campaign databases, nor can you ask to see what information they have on you (this is true even if you’re a California resident). However, you can opt out of commercial data broker databases like Epsilon and Experian. 

Control your privacy settings. To minimize the amount of targeted political ads you see on social media and elsewhere online, set strong privacy settings and avoid oversharing on the internet. 

Vote early. Speaking to The Washington Post, a DNC representative said that voting early updates party databases. No one wants to waste money on someone who has already cast their vote. 

Spread the word. Let others know about political targeting and the role data brokers play in political campaigns so that they too can take control of their personal data. 

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape.  

Uber Riders to Be Targeted Based on Destination

The ride-hailing company Uber will allow marketers to target riders based on their destinations and recent travel history. For example, a fashion brand might show an ad to a rider going to the famous New York shopping strip Fifth Avenue. Although Uber says its targeting is contextual, experts worry this could negatively affect consumer privacy. 

FCC Is Determined to End Robocalls

The Federal Communications Commission said it would remove seven voice service providers (Akabis, Global UC, Cloud4, Morse Communications, SW Arkansas, Horizon Technology, and Sharon Telephone) from the nationwide network of phones unless they comply with efforts to stop robocalls. It is hoped that the move will encourage telecoms to bolster their anti-robocalls defenses.

Google Makes It Easier to Remove Sensitive Data

Google’s new “Results About You” tool allows users to ask Google to remove sensitive information (email, phone number, and home address) directly from the search page or the Google app. Previously, users that wanted to remove this information had to use a complex Google form. Remember: removing your data from search results doesn’t delete it off the web overall. 

Accounts of Prepaid Verizon Customers Breached

Verizon notified about 250 of its prepaid customers about a recent data breach that involved an unauthorized third party accessing customer accounts. The attacker accessed the last four digits of customer credit cards, names, billing addresses, phone numbers, and service-related information. In some cases, the attacker might have also transferred the victim’s phone number to their own phone (i.e., “sim swapping.”)

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: How can I create fake answers to security questions and then remember them?

A: Great question—and strategy! 

Using fake answers to security questions is much better than being honest. There’s nothing easier for a bad actor to figure out than your date of birth, the city you were born in, or your pet’s name. 

The InfoSec Institute has some tips on creating fake answers to security questions, including:

• Using multiple words in your answer.
• Making your answers a friend’s preference (for example, when answering “what’s your favorite breed of dog?”, you’d give your friend’s favorite breed, not yours).
• Using a combination of lies and truths. 

You might still find these kinds of answers difficult to remember, though. In 2015, Google researchers found that when people use easy fake security question answers like “Don’t have one” or “I don’t know,” their accounts are more vulnerable than when they answer security questions truthfully. 

The best strategy is, therefore, this: use a password manager to generate a random string of letters and numbers, aka your “answer.” Then store it in the notes section of the password manager with the question and the platform it’s from. 

Q: You said Firefox is a good browser for privacy. Are there any others? Like Opera?

A: Opera specifically is not the best browser for privacy. 

Sure, it comes with a built-in ad blocker and tracker blocker. And it has a virtual private network. But although the VPN might add another layer of data protection, it also tracks bandwidth and logs usage. 

Opera’s privacy policy is also a bit confusing. In its “International Data Transfers” section, it says:

“As noted above, in different contexts we may share or make available data (including personal data) with other members of the Opera Group, and sometimes with third parties, such as our marketing and monetization partners.” 

It’s unclear what “different contexts” means and why and how your data might be shared. 

ExpressVPN has a comprehensive list of the best and worst browsers for privacy. As to be expected, Firefox comes highly recommended. Other browsers you should consider (from the list) include Tor Browser, Brave, Chromium, and LibreWolf.

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Share Incognito with friends. If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito! Stay safe and we’ll see you in your inbox next month.