IN THE 1964 SPY MOVIE GOLDFINGER, James Bond’s device munitions stockpile incorporated a “homer,” a GPS beacon that was science fiction at that point and appeared to be interesting at this point. Today, 007 wouldn’t need it: There are lots of companies selling our real-time location data based on where our cell phone is. They buy this data from not only wireless carriers in the U.S. and Canada but also innocuous apps, like the ones we use to check the weather, get sports scores, or read the news. According to a 2018 New York Times exposé, there are at least 75 such data-brokers tradings in the whereabouts of millions of devices. “Area data can uncover the absolute most close subtleties of an individual’s life,” U.S. Senator Ron Wyden told the newspaper, “[like]whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date.”
If the threat of losing your privacy makes you shrug—after all, why worry if you have nothing to hide? — consider that there’s more at stake than just secrecy. “Privacy is about having personal control over your personal data,” explains Dr. Ann Cavoukian, who leads the Privacy by Design Centre of Excellence at Ryerson University. If you’re personally cool with disclosing exactly where you live, where you go every day, what you write in every email, what you’ve Googled, what pics you’ve snapped, and more—well, having privacy means that’s your call. Privacy means control isn’t in the hands of corporations and governments that may vacuum up your data and use it for purposes you can’t predict now, don’t know, or don’t want.
When you think about privacy as a matter of control, it’s more obvious why mass surveillance is a signature of totalitarian states. “You cannot have a free and democratic society without a foundation of privacy,” says Cavoukian. Likewise, Brenda McPhail, director of the Privacy, Technology & Surveillance Project at the Canadian Civil Liberties Association, points out: “Privacy is an internationally recognized human right. So when we talk about tools and apps violating our privacy, what we’re really talking about is a business model we’re allowing to take away a fundamental right.”
The tech we use daily knows us better than our best friend does, and it’s not in the business of keeping secrets. “Basically, it’s without limits,” says Cavoukian, who’s regarded as one of the world’s leading privacy experts, when asked what personal data is being amassed through our can’t-put-down devices. Unless you’ve taken extra security measures, “you have to assume your information is flowing out there,” she adds.
Here’s just some of the data-hoarding that’s going on: Facebook knows what you’re doing on Facebook—and off Facebook. It tracks your behavior around the web in numerous ways, including “like” buttons and the invisible F.B. pixel embedded on advertiser sites. The latter enables companies to “retarget” you later, serving up a Facebook or Instagram promo for that lipstick you were perusing. Google knows who you are, what you’re searching (from the banal to the deeply intimate), what’s in your Gmail messages and every location you’ve been
With Facebook and Instagram, there’s also been long-running speculation that these apps are eavesdropping on us. How else to explain that creepy coincidence of seeing an ad pop up that are promoting a store you just mentioned to a friend over lunch? No one has hard proof, but the rumor won’t die, despite Facebook and I.G.’s repeated denials. In McPhail’s view, these companies don’t need to tap your mic—they can find out so much about you already, which is no more reassuring.
Then there are smart devices designed to listen, like Google Home and Amazon Alexa. Last year, a woman in Portland, Ore., was alarmed to discover that her Alexa had secretly recorded a private conversation she’d had with her husband—and sent the audio to a random acquaintance. While Amazon cited Alexa’s misinterpretation of words to explain what it called a “sporadic occurrence,” the case highlights the privacy we give up when we welcome tech designed to eavesdrop. “I won’t have it in my home,” says McPhail. “We’re in the Wild West right now when it comes to this ‘ internet of things’ devices.” There’s a lack of regulations restricting what they can and can’t do, she explains.
What the internet’s most prominent companies are capable of may not be surprising, but there’s a good reason to be suspicious of all apps, from the aforementioned weather checkers, which are reselling real-time location data, to selfie tuners wanting to access your entire camera roll. Consider a recent study done at Northeastern University, in which researchers analyzed more than 17,000 Android apps. They found that somewhere sending screenshots and videos of phone activities to third parties—without getting permission or notifying users. Such a privacy breach could be exploited to, say, steal sensitive info, like your credit card number.
But perhaps the darkest side to apps is capable of spying on us is stalker was, or what a recent report from the CitizenLab at the University of Toronto called “the predator in your pocket.” Stalker ware is defined as any software with the ability to conduct surveillance, and that can be used, for example, by an abusive partner to control, harass, and terrorize a significant other. (Even legit apps, like a GPS tracker intended for keeping tabs on your kid, can be stalkerware if used like this.)
According to a 2014 NPR survey of counselors at domestic-violence shelters in the U.S.,85 percent had helped victims whose abusers tracked them with GPS. Sometimes, abusers need to get the victim’s phone to install stalkerware; other times, spying is done by getting into, say, a victim’s Apple iCloud account. “These apps, and what they enable people to do, are already illegal, but there’s a lack of enforcement,” says Cynthia Khoo, a research fellow at the Citizen Lab who worked on the stalkerware report.
Privacy experts say that Canadian laws, such as the Personal Information Protection and Electronic Documents Act (PIPEDA), lack teeth and desperately need updating. “Our privacy laws were made at a time when we were worried about keeping files safe in locked cabinets,” explains McPhail.
But as governments lag behind, we’re living in the age of “surveillance capitalism”—a term coined by Harvard Business School professor Zuboff to describe how corporations are mining the human experience to not only make money but also predict and manipulate our behavior. It may sound abstract, but it’s already happening: Last year, news broke that Cambridge Analytica, a political consulting firm that has done work for the Trump campaign, harvested personal info from up to 87 million Facebook profiles to design micro-targeted ads—allegedly for election meddling. How w did the company hoover up so much data? By making a seemingly innocent Facebook app: a personality quiz.
So, short of becoming a neo-Luddite, what’s the solution? “It’s not realistic to tell people to give up these services simply,” says Khoo. “We have to put pressure on companies to do the right thing and put pressure on regulators and politicians to enforce the laws—putting the onus to act where it belongs.” It’s possible: While Canadians wait for PIPEDA to be overhauled, last spring, the E.U. implemented the world’s strictest data privacy laws, known as the General Data Protection Regulation (GDPR). But until everyone else catches up? You’d be wise to use your gadgets with your own eyes wide open.
Here are a few ways to take back some control over your personal data.
Choose devices and apps carefully. Dr. Ann Cavoukian personally favors Apple devices because they have stronger privacy protection. With any given app, you don’t know what will happen with your personal data, so ask yourself if you need it enough to accept the risks.
Switch to sites that guard privacy. Wary of Google knowing all? Duck Duck Go is a privacy-focused rival search engine that doesn’t track you and sells nothing to advertisers.
Check permissions. Which apps are tracking your location at all times? Or are you seeing your contacts, getting into your calendar, and accessing your camera or mic? Review your settings and revoke permissions you’re not cool with.
Set up device encryption. If you do only one thing, it should be this, advises Brenda McPhail. Encryption makes your phone data readable only when your device is unlocked. Look for device-specific how-to’s online.