I started this year with a deceptively simple question: What does the internet know about me? I wanted to do a deep dive into the privacy policies and data collection practices of the digital products that I use the most, in order to figure out what pieces of myself I’ve been unwittingly giving away in the 25 years I’ve been online. And, perhaps more importantly, I wanted to know if there was anything I could do about it.
What I found over these past eight months was both shocking — and not. Shocking, because I think it’s important that we all keep being at least a little bit shocked at what companies get away with when it comes to privacy-violating data collection. Shocking, because it’s scary to realize that the internet essentially knows everything about me, from my heartbeat to my address to who walks up to my front door. Not shocking, because — as my friend who sparked this idea for me said — “I kind of just assume everything I do online is tracked.”
While most of what the internet knows about me feels fairly mild, there were some slightly salacious bits of info that I realized. For example, I use an Oura ring as a fitness tracker and because it tracks body temperature, it could theoretically know if I was pregnant, had Covid, or even had too much to drink one night. (Same goes for my Eight bed, which also tracks body temperature.)
There’s no guarantee that they do know those things, but there are cases of apps and services knowing about pregnancies and serving related ads, for example, before the person experiencing the pregnancy was ready to share. So it’s a fair bet that they could figure it out if they wanted to.
I also realized something kind of surprising about myself: I’m willing to give up more personal information than I realized. As my conversations with my friend illustrated, there’s a certain normalization around online data tracking and collection, at least in the US. We’ve been trained to accept this model of the internet as inevitable and our general apathy toward data collection and protection reflects that.
But that doesn’t mean I’m wrapping up What Does the Internet Know About Me? by throwing my hands up in the air and releasing all of my personal information into the Dark Web myself. Because despite the negatives I came across, there were also a lot of positive signs that the tide is turning when it comes to online privacy.
For example, the vast majority of privacy policies that I read (and I read a lot), were surprisingly clear and comprehensive. They were written in plain English, had clear sections, and utilized a minimum of tricky legal language. I appreciate that a lot and also know that it hasn’t always been the case.
I also saw firsthand how legislation can make a huge difference when it comes to how much or how little that we’re asked to give up in exchange for access to sites and services. I live in California but Avast is based in Europe, so I made a point to look at companies’ policies for the California Consumer Privacy Act (CCPA), General Protection Regulation (GDPR) in Europe — and everyone else.
I found that many sites and companies have multiple sets of rules, based on where you live. That means I have more rights than my colleagues who live in North Carolina, for example, and my colleagues in the EU and the UK have even more than I do. So while the internet has no borders, the laws we enact for it certainly do.
That plus the fact that many of these companies have ways to “easily” delete your data (or limit their collection) gives me some hope. I think we’re in the midst of a massive shift away from this data-sucking model to which we’ve all become accustomed. I don’t know where that shift will leave us — but I’m hopeful that it’s going to be somewhere better than where we are today.