Your phone number is arguably as strong a personal identifier as your social security, driver’s license or passport number. Once it became easy and free to “port” phone numbers to new land lines and cell phones, people stopped changing their number. Phone numbers have become a life-long unique identifiers. If there’s one non-governmental ID that’s tied to most people today, it’s their cell phone number.
It’s no coincidence that websites, apps and even restaurants and stores are now asking us for our phone numbers – in some cases, even requiring them. Why? For our convenience, of course! We’ll text you deals and updates on your orders! You can get a frequent-shopper discount! Oh… and yeah, we can now track all your purchases and buying habits, and sell those out the back door. But hey, don’t worry – we anonymize your data first, of course!
Location Location Location
Here’s the thing about “anonymous” data. First of all, it’s not truly anonymous – in most cases it’s really pseudonymous. What’s the difference? Truly anonymous data has been scrubbed clean of any and all identifying information – there is (by definition) no way to re-identify the data. For example, if you averaged a bunch of people’s data together (properly), there should be no real way to figure out the data that corresponds to a single individual, let alone associate it with a specific human being. Pseudonymous data replaces identifying information (name, number, email, home address, etc) with some sort of “random” ID.
But this is rarely done well. There’s an entire industry set up to re-identify data – that is, to take all this rich and supposedly anonymous data mined by the likes of Google and Facebook, and figure out who it belongs to. Specifically. One common way to do this is using location information that is either implied by the data or can be associated with the data (combining multiple data sets). Your location says a lot about who you are. One study found that you could uniquely identify someone from just four locations they’ve been 95% of the time. And your location data is unfortunately being collected and resold all over the place today. This sort of tracking was used just last week to out a Catholic priest and in 2018 to murder a journalist.
Stop Sharing So Much
So what can you do about it? First and foremost, stop sharing so much information. Thankfully, companies like Apple and Mozilla (Firefox) have really been cranking out some great new privacy features that can help you rein in your oversharing. It’s not really your fault- apps and services today will collect and share your data by default. They also depend on dark patterns to keep you from finding or changing the privacy settings, or even understanding them. Without privacy regulations, the onus falls upon us.
Specifically, though, stop sharing your contact lists with apps and online services. Many social media companies will beg you to allow access to your contact list or address book. They will usually tell you that they do this to help you find other friends on the network, automagically! But your contact list basically describes your social graph and can be very revealing. It also allows these companies to plot out who’s related to whom, which is also telling. As if that weren’t enough, people store all sorts of odd personal data in their digital address books – like passwords and account numbers.
It’s important to realize that your data isn’t just about you. It includes data about many other people. Your friends, your family, your co-workers, your professional contacts, even your doctors, lawyers, mistresses, and more. Stop sharing it! Like, literally, go into your privacy settings right now and stop sharing it (iPhone, Android).
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!