Most Americans today spend many of their waking hours online. In fact, we’re up to spending an average of five hours per day just on our mobiles. Much of this time is spent browsing the web or checking in, updating, and sharing via our favorite social networks. There’s just one problem: unless you have your privacy controls locked down, the chances are you could be sharing way more personal data with third parties than you’re comfortable with.

That information could then be used to serve you up relevant ads; it could help government snoopers investigate cases; it could be used to screen you ahead of job interviews; to compile credit scores, and even to help political candidates influence your voting behavior. Most dangerous of all, it could be harvested by hackers to commit identity fraud.

It nothing else, the recent Facebook-Cambridge Analytica scandal has brought privacy right back into the spotlight as a major concern for American netizens. If data on 87 million Facebook users can be harvested by a third party without their consent and used for political profiling, there are serious questions to be answered about how our information is being used by the online entities we interact with every day.

The good news is that there are things you can do right now to protect your privacy online, both by using the built-in features of many social networks and browsers and third-party tools like Trend Micro Security’s Privacy Scanner.

This two-part blog series will first examine how online privacy affects you — where the key problems are and the consequences of over-sharing data on the web. Then in part two, we’ll take a look at concrete steps you can take to better protect your privacy online.

Why should I care?

Most of us take using the internet for granted today — we treat it as a utility like running water or electricity in our homes. But we might not stop to think about what we’re giving away in order to access this online world. There are various ways that our data can end up in the hands of third parties, whether it’s granted explicitly by us, hidden away in privacy policy small print, or stolen without our knowledge. Sharing our personal data like this can sometimes be beneficial: for example, resulting in better-targeted ads. But at the other end of the spectrum, it could lead to identity theft and cyber-attacks.

There are three main dimensions to consider:

• The social network: Whether you’re on Facebook, Twitter, Instagram, LinkedIn, or other social sites, the risks are broadly the same. You might over-share information in your public feed or sign up for a privacy agreement without realizing how intrusive the policy is. Although many of us don’t read privacy agreements when we sign up for social networking sites, it would be a useful exercise to find out exactly what rights you have, how your info will be protected, and when it won’t. Be warned though, policies can change significantly even overnight.
• Third-party applications: These are programs that interact with the social network but are owned and run by separate developers. Many require deep access to your user profile without being held to the same levels of accounting over what they do with it. This is the problem that led to the Cambridge Analytica scandal after a third-party developer harvested data on tens of millions of Facebook users who were mere ‘friends’ with users of his app.
• Browser tracking: We often forget just how much information we can give away via simple internet searches. That makes our browsing data highly valuable to advertisers and malicious third parties looking for information to blackmail us. They could also target any online passwords we store in the browser.

Focus on privacy

Let’s take a closer look at three examples where your online privacy could be at risk:

Facebook: So much of our digital lives are lived on Facebook today that it’s arguably the most important site to keep a close eye on. Everything from your email address, birthday, and phone number, to political views, sexual orientation, and who you’re married or related to could be online there. That’s in addition to any public updates, links, photos, and videos you might post.

If you overshare, this information could be used by prospective employers, credit agencies, or police and government agents. There’s also the risk of the info being used by online stalkers or trolls. Most concerning is if scammers come across your profile. They are particularly adept at piecing together bits of your identity data: either to commit ID fraud by opening new accounts in your name, or to launch highly convincing phishing emails designed to elicit more personal data such as bank details, or to spread malware.

Any linked apps you might have such as online games and quizzes could also demand access to sensitive private information. They might sell this on to third-party advertisers or others. Although Facebook has now changed its terms of service and clamped down on such activity, this is how the details of 87m users ended up being used for political targeting.

Twitter: It’s much easier to protect your privacy on this site, as you only share with the world what you tweet or put in your public profile. That said, there are concerns around geolocation. If this feature is on, then users may accidentally leak their location at the time of a post. In extreme circumstances, this could be used by robbers to burgle a user’s home, if they see the owner is away.

You could also be tagged in photos unless you request not to be, and third-party marketers might be able to access your account-linked email and phone number. Twitter will also serve you ads based on website visits or behavior on the site unless you choose not to.

Online Browsing: We focus here on Chrome as the most popular browser, but these cautionary notes pertain to any browser you may use. Surfing the web via Chrome provides Google with a huge amount of data on your personal life, which it then sells to advertisers to personalize your search results. That’s why its ad revenue for 2017 was close to $100bn. The incognito browser offers some protection, but can also lull users into a false sense of security. Although using it will mean any data on the sites you search for and the pages you visit will not be stored in your browser’s history, cookie store, or search history, the ISPs and third parties that know your IP address will still be able to track its geolocation, as will the websites you visit, unless you use a VPN.

Chrome also asks if you want to store online passwords every time you enter them on a new site. Although this saves time, it can create additional security risks because they’re stored in the browser. If you’re hacked, an online attacker could steal these digital keys fairly easily, to unlock your accounts at will.

Stay tuned for part two, where we’ll explore what you can do to protect your privacy online.