Guard Your Digital Privacy to Keep Your Real Self Safe
The ACLU has obtained data showing that one company, Geofeedia, was packaging data from the phones of people protesting the killing of Freddie Gray in the custody of Baltimore police. Since then, multiple stories have emerged about the Department of Homeland Security, including its sub-department ICE, using similar data to circumvent the law to catch drug smugglers and immigrants without papers.
Legislators seem either unwilling or unable to help solve this problem. The most aggressive legislation to date, the California Consumer Privacy Act (“CCPA”), was supposed to prevent the selling of consumer data without permission and require apps that collect location data to obtain user permission before doing so. The “requirement” turned out to be more of a “suggestion,” and data mining companies have taken advantage of the law’s definition of the word “sell” to call what they do “sharing” instead, while continuing to monetize the “sharing” of our data.
So what is a tech-savvy consumer who wishes to continue protesting (or other legal activities) without being tracked? The answer is to understand how these mechanisms work and to work around them.
First of all, your phone is tracking you by associating “probabilistic data” with your “deterministic data.” The latter is any username, or other ID, that can be tracked back to your real name. The former are bits of data (i.e. purchases, location pings, and call metadata) that can be assembled with or without an ID into a dataset that reveals private details or that can be linked back to your name.
What this means is that logging out of apps tied to your name, deleting said apps, or wiping your phone will not likely prevent you from being tracked if you continue to do the same things (shopping) from the same places (home or your commute).
The easiest way to avoid being tracked is to use a cheap, disposable cellphone just during whatever activity you don’t want tracked. If you must log into an app to coordinate activity, do so under an account not linked to your name. Keep this “burner” phone away from your other devices (laptop, phone, or smart TV), because these are likely already associated with the real you and will “ping” the burner phone often enough to associate it with you. Finally, keep the burner phone physically isolated when not in use (electromagnetically shielded bag or room), so it doesn’t associate your location with other data linked to your identity.
Be aware of the ways your phone can collect data and share with other devices. NFC and Bluetooth protocols will collect data about other devices nearby, and advertising screens (like in the Minority Report, except that they’re real and already in use) will use these protocols to ID your devices. GPS is not the only location information gathered either. Point-of-sale data is linked to physical location, and your device can get a location fix from WiFi just as easily as GPS, except WiFi works better indoors than GPS does. Anything you do can and will be recorded, even when your phone is off or in airplane mode; it just won’t get uploaded to the data companies until you turn your phone back on or turn airplane mode off.
Keeping yourself safe online and in the real world may depend on vigorously guarding your privacy. Staying initially invisible all the time may be nearly impossible, but staying private just long enough to be effective is merely difficult and certainly manageable with the right know-how. Now you know how.