Categories
blog

I can’t put the toothpaste back in the tube, what I found when I downloaded my Facebook data

I can’t put the toothpaste back in the tube, what I found when I downloaded my Facebook data

Above is the first post ever written on my Facebook wall. I’m sure it was intended as an innocent, warm welcome, but now it reads more like someone escorting me into my own personal version of the “Hotel California” line: “You can check out any time you like, but you can never leave…”

I’m not so sure Facebook is such a wonderful addiction anymore. Since writing this post I’ve been off Facebook for two months and I want to make a commencement speech to all the youth out there called “It Gets Better.” Perhaps it will be subtitled: “I Didn’t Realize How Much Anxiety Social Media Gave Me Until I Quit It Entirely.”

I recently downloaded all of my Facebook data in preparation to delete my account. I’m not a super-user, I’m not addicted to it. I have genuinely loved using Facebook to connect with my personal network for 11 years, but it’s come to feel like the tide has shifted and now Facebook is using me. Namely Facebook is using my data against me — collecting my every move, likes, interests, conversations, all without my explicit consent or knowledge of how my data is shared, and with whom — I’m finally, really, actually not okay with that.

I have worked in marketing, advertising and public communications for the last 18 years (read: I know how to target communities with FB ads in my sleep). I have been a community organizer for various organizations in my local community (read: I’ve created loads of FB events and FB campaigns). I live in Silicon Valley (read: I’m an early-ish adopter). Plus I have an insatiable curiosity when it comes to stories, people and social trends. What all of this adds up to is I’ve loved Facebook — as a personal and professional tool to get connected to headlines, to culture, to people, to trends, to news, to events, to stories, to gossip, to all of it. Facebook has been a great platform for me to get the connection I desire: I can get the scoop, I can share my scoop, and I can freely lurk around the scoops that everyone else is talking about.

This year something changed. I began to realize the vast amounts of information that Facebook tracks, uses and shares with others. Sure, everyone has had the experience of doing a browser search for … I don’t know … “Best brand of skinny jeans” and then 2 minutes later, there are 5 different brands of skinny jean ads showing in your FB feed. Those targeted ads seemed creepy but mostly harmless, until I realized that’s just the surface. It dawned on me how much information I’ve freely handed to a massive private company, and I am just beginning to comprehend the dangers of not being able to put that toothpaste back in it’s tube.

Facebook has gathered years of my daily activities, online and offline (here’s a list of 98 points it tracks), and spread it across advertisers, companies, websites, lists, etc.

After doing a tiny bit of research on best practices for deleting a Facebook account, I promptly found that I can download all of my Facebook data.

Sifting through this download was astonishing. Remember, I’ve spent years of my life helping brands advertise on FB, I understand how to leverage the information folks list in their profile to target ads, but I was not prepared for what I found in my downloaded data.

Facebook stores literally everything that makes up your profile, everything on the devices you connect from, every move you make, from start to finish:

  • Of course there are all the videos, photos, birthday messages, direct messages, and ephemera you’ve uploaded. That’s great, thanks for holding those for me FB!
  • There is a log of all the times you signed in, including the IP address from where you logged in, and the geolocation from where you logged in. This means it always knows where you. Okay, fine, what’s the rub? Well, FB can make logical leaps based on the intersection between the things you “Like” on the platform and your location: stores you walk into, businesses you frequent, the gym, the market, the office, the bar, the ____ you’re in everyday. That’s a bit stalker-ish.
  • There is a list of all of the personal contact information that has ever been on a device from which you’ve connected to Facebook. (This is where it starts to gets super creepy.) My FB data download has every single phone number I’ve ever had in my phone, any of my phones, any of my devices. I know for a fact that I’ve never listed my phone number on Facebook (privately or publicly), not once. But yet, in my FB data download, I found contact information for all my friends and family members, not to mention loads of people I don’t actually know or care to know: my old landlords, my neighbor’s dad, the lady who bought my table from a Craigslist ad, the nail salon I went to once, phone numbers I know I’ve deleted from my contacts, literally every number is still stored in FB.
  • There is a giant list of all the apps you’ve ever connected to Facebook. Obviously it has a log from Spotify, and with that how many times I’ve listened to Billy Joel last 10 years, #notevenalittlesorry. But I don’t even recognize most of the app names in my Facebook data, and now I know all of these companies have my personal information, too. With some more digging (and research) I’ve learned that this web of my personal data extends even farther: the apps your “friends” are connected to also collect your information. Even if you rarely use FB or are strict about how you connect your profile, any of your “friends” might be soliciting your info out without you knowing it.
  • There is a longer list of all of the ads ever clicked. Honestly, I don’t remember clicking on a single ad while on FB, and yet the list in my data is loooooong.
  • Get this, there’s an even bigger list of all of the companies and advertisers who have your demographic and personal information. I don’t know half of the companies listed in my data, but apparently they know me! And with undisclosed data leaks in the news lately, this is alarming.

Some people say, “But I don’t have anything to hide! I don’t care if FB knows where I live.” You may not care right now, today. But this is an unprecedented amount of permanently undeniable information that we have about ourselves. When teenagers used to talk on the phone with each other all night there weren’t private companies tracking the content, location, diction, or patterns of their chats. This is a new age, and we have no idea in what ways this information will be used by Facebook in the future. What if this information is used against you 30 years from now, in a court of law, where you’re the main suspect in the murder of a coffee shop barista, only because you went to that coffee shop every day for two years straight, which FB knows because you always check FB when you’re waiting for your coffee? But you didn’t even know the barista who was murdered and you coincidentally stopped going two days after he was murdered because a better coffee shop popped up two blocks in the other direction. Maybe that’s far-fetched, but it doesn’t take much to imagine a circumstance when you will find yourself wishing you’d limited how much traceable information is available and beyond your control.

Currently, there are no settings that allow me to limit what data is collected, how, why, or when it is shared, and zero control with whom it is shared. This is the number one reason that I’m leaving Facebook: I’m not allowed to control which or how much data is collected from my profile.

Now, I’m no privacy vegan (thank you, Eva, for the term) — like I said, connection is key to my life. I don’t want to live off the grid, I don’t want to go away, I don’t want to miss precious pictures of my many nephews who live in disparate parts of the country, but I do see the speed train we are on here, heading toward a data economy, and I definitely want to be able to choose how, when and by whom my data is collected. I want a digital environment where I can exercise control over the data that I generate, over the conversations, preferences and interests I have. I’m not comfortable with a platform that knows so much about me and my daily habits and also uses that information at their private-multimillion-dollar-company whim.

This is my number two reason to leave Facebook: The data that FB collects is used without my knowledge or consent in whatever way the company chooses to use it.

Reading Facebook’s terms of service and privacy policy is disheartening. It states, “We use all of the information we have to help us provide and support our Services.”

Let me reiterate: We use. All. The information. We have.

There it is, their license to freely share, use, collect, keep, destroy, sell, manipulate my data, however they choose.

There’s one more reason that I gotta disconnect: Facebook has partnered with so many websites and data mongers that whether you are logged in or not, Facebook is constantly tracking your every move. “It’s alerted every time you load a page with a “Like” or “share” button, or an advertisement sourced from its Atlas network,” says the Washington Post. The Facebook eyes are everywhere, and I don’t want them watching me anymore.

Case in point, while I was researching and writing this article, I was served many “security” posts from Facebook:

Facebook, I’m sure, is set to serve these “security” notices when it notices you’ve been Googling “How to delete Facebook” and “What data does Facebook collect” and “Privacy policy, Facebook.” But these notices aren’t about security, or data, or the platform. They are about how to control who in your network can see what, which is a very superficial version of “privacy controls” and not enough for me.

Getting the latest scoop is certainly not worth the privacy concerns I have, imho.

Of course Facebook may not be the biggest or worst culprit of data manipulation, but surely it is in the top echelon because of the sheer size, reach, and global influence of the company. For me, closing this digital chapter is step one in choosing to live a more empowered digital existence. Seriously, it gets better.

By Maureen Walsh on January 05, 2018.
Categories
blog

What consent should look like when you share your data.

What consent should look like when you share your data.

Bitmark handles consent differently than most apps: we take greater measures to empower the user to have full control over their personal data.

We’re getting ready to launch a beta of our Data Donation App that will make it easy for individuals to donate their personal data to public health studies. Initially there will be two studies from researchers at the UC Berkeley School of Public Health.

This article describes some of the new methods we’re using to make data sharing safe. The Bitmark app uses blockchain technology to keep the ownership of your data secure. The provenance of your data is recorded in the blockchain and then your data is transferred to the recipient using end-to-end encryption. This records clear consent via an authenticated “chain-of-title” — meaning you always know who has rights to access your data.

Most importantly the Bitmark blockchain provides a framework of standardized property rights, rules and infrastructure for your personal data — now you can own your digital data in the same ways you can own physical property.

How the Data Donation App works.

Individuals can browse public health studies and learn about how their data will be used (Women’s reproductive health; Diabetes remission and prevention; etc). A research study has a shareable URL that links directly into the Data Donation app:

Individuals that meet the eligibility requirements can tap a button to participate in the study. The App will then request permission from the participant to access their data. Each time data is shared the participant will be required to sign the transfer.

Taking a step back.

It’s worth pausing for a moment and comparing how different this process is from the other mobile apps. After the initial request to access your data, most apps don’t inform users what personal data is being collected. Accessing user data is like the Wild West. Big companies make money by tapping into the enormous amount of “free” information created by individual mobile users, bundling it together and selling it to the highest bidder.

When apps gain access in perpetuity to personal data individuals lose their freedom. Yes, it’s possible to revoke access. But that requires significant effort the user’s side. Even then, the choice is binary: grant or deny access to all requested data.

Here’s how we can do better.

The Bitmark app makes consent to transfer data an explicit action. When you join a study, you agree to donate data in regular intervals. Yet each time before your data is transferred, you will be asked to sign.

Why do we require your signature each and every time your personal data is transferred? Because we want you to be in control and know what is going on. When you donate data you are issuing a new digital property title, or “bitmark” for your data that will be recorded in the Bitmark blockchain. When you transfer that bitmark to the researcher they can access that specific data set. Your signature is your consent.

A signed transfer is recorded into the blockchain and linked to your signed issuance. This “chain of title” protects both parties, without relying on a central intermediary. (The Bitmark server cannot decrypt donor data or use it for any purpose.) Both sides get clarity as to where the data came from and who gets to use it.

Here’s a diagram of this process:

Note: At anytime during the course of a study, participants can simply choose not to donate data or withdraw from the study entirely. No further data will be collected after that point.

A new model for data consent.

We believe explicit consent through chain-of-title is how the exchange of data should happen. Not just for research, but for all personal data transfers.

In the academic world, when a study is considered to evaluate “human subjects research” it must have approval by the Institution to be conducted. This approval process protects the institution administering the studies and the participants of the research. (UC Berkeley has a great article on this http://cphs.berkeley.edu/review.html).

Bitmark believes similarly that individual internet users should be be able to safely and privately share their digital data. The Bitmark blockchain can enable a new model of consent for transferring personal data:

  1. Public keys are used to identity participants, instead of real names or even usernames.
  2. End-to-end encryption protects the data during storage and transport.
  3. No third parties can access personal data, even Bitmark.
  4. Participants consent is signed and recorded in the Bitmark blockchain every time their data is share to a researcher of their choosing.
  5. Participants can always opt-out and no further data transfers happen.


If you are interested in how blockchain technology can be used as titles (the Bitmark blockchain) versus the ever-popular use as tokens (Bitcoin and/or Ethereum blockchains), look for a blog post coming soon that explains the difference. Follow us on Twitter, @BitmarkInc, to see what else we’re thinking about.

We are thrilled to have UC Berkeley as our first partner for this blockchain application. If you are interested in participating in the Bitmark Data Donation App, either by listing your study, or incorporating this new technology into your project, please email support@bitmark.com.

By Bitmark Inc. on October 2, 2017.