Journal, July 22, 2022

A while back I put out an article on online privacy (Whose Privacy Is It? - Met Media). At the time, my perspective was focused on the individual's willingness and capacity to share information beyond their immediate social sphere. In communication, the concept of privacy management establishes privacy as a coordinated exercise in trust between parties who, ideally, effectively communicate boundaries to negotiate the ownership of private information and its disclosure to third parties. Broadly, communication doesn't have an undo. If you're going to communicate (and you can't not communicate), be intentional in your disclosure and aware that it may be shared with others.

A lot has changed since I wrote that article. At the time, my intent was to bring awareness to what people choose to post online. Aristotle taught me to always consider the audience when crafting communication. The key difference, now, is the sheer volumne of data that we create and transmit online.  It's much more than the photos we post, or the messages we share.  The metadata—the data we create incidental to our use of products and services—is currency. It's grown beyond what we choose to share online - posting on social media, writing product reviews, and other acts of intentional communication. What we share online may well be literally everything we do. Where we go, who we interact with, what we use, our interests, our desires, our feelings.  That's a big claim, so allow me to break it down with some real-world examples.

It's early in the morning and your alarm goes off. You turn off your alarm (on your phone). Your phone's manufacturer and the developer of its operating system tracks every interaction you have with it - when the screen turns on, for how long, which apps were opened, where you pressed. They know when your alarm goes off, when you disable it, how long you looked at the screen for, and when you put the phone back on the table. They sell this data (and more) to countless companies who want to sell you things, and they analyze this data to develop more engaging user experiences in an effort to capture your attention.

Maybe you head to the bathroom and open your favorite social media app. That app is collecting countless data points, like which posts you view, for how long, what you interact with, what you press, how long you use the app, and is likely taking input from your cameras and microphones to analyze your nonverbal emotional responses to content and to identify keywords for providing targeted advertising. Beyond interaction data, they're also collecting system information like your GPS location, the wifi networks near you, and information about the other devices connected to your network - your computer, your television, your game consoles, your smart devices. They sell this data (and more) to countless companies who want to sell you things, and they analyze this data to develop more engaging user experiences in an effort to capture your attention.

You hop in the shower. As you're washing up, your water heater turns on. Your water heater, along with other electronic devices, present distinct energy signatures that your energy company monitors for. Your energy company knows when you use heating, cooling, refrigeration, cooking, entertainment, laundry, lighting, and always-on devices. They sell this data (and more) to countless companies who want to sell you things.

You get dressed, walk to the kitchen, and make breakfast. When you purchased those clothes and that food, the stores your purchased them from collected countless data points about you - the products you purchased, the coupons you used, your personal information if you signed up for a store card. When you walked into the store, beacons identified your phone using bluetooth and wifi. Security systems profile your movements, your appearance, your face. The register tracks your purchases and associates them with your credit card. Each of these tracking systems build a shared profile of you and your shopping habits. They sell this data (and more) to countless companies who want to sell you things, and they analyze this data to develop more engaging user experiences in an effort to capture your attention.

Let's say you have a bit of time to watch a quick episode of your favorite show. You turn on your smart TV and load up your favorite streaming app. Both your TV and the app are siphoning your viewing habits to themselves and to countless third party analytics vendors. Some smart TVs send your viewing habits on one service to their competitors. Some smart TVs have cameras and microphones and they're doing the same thing your phone is doing when you load up your favorite social media app. They sell this data (and more) to countless companies who want to sell you things, and they analyze this data to develop more engaging users experiences in an effort to capture your attention.

All this and you haven't even started your work day.

Every device on your network is connecting to servers on the internet - your phone, your smart TV, your thermostat, your cameras, your tablet, your computer. Each time one of these devices wants to connect to a server on the internet, it needs to identify that server's address. The process for identifying that server's address is called a DNS query. Perhaps your phone synchronizes its clock once a day - that's a DNS query to a timeserver, like pool.ntp.org. This morning, in a two hour window, devices on my home network make 5,624 DNS queries from the time my alarm went off in the morning until I left the house for work. While I was at work? 19,307. My television, which I haven't turned on in over 24 hours, is responsible for 4,154. Your internet service provider is aware of every single connection. If they're your DNS provider, they know as much about you as every device collecting data knows about you. They sell this data (and more) to countless companies who want to sell you things. This data is also widely understood to be tapped by our government.

The problem here, and the reason I revisit this topic, is that the concept of privacy centers around ownership of information and control over disclosure. We have all but lost any sense of privacy in the digital sphere. It's increasingly offensive that so many products and services show complete disregard for our data. It's incredibly alarming that our data has become the capital through which new products and services are developed, marketed, and implemented. It's challenging, if not downright impossible to stay off the grid.

When I purchased a smart TV, I wanted a device to watch media. I paid good money for it, and in exchange for my money, that TV silently sells my data to countless companies for their own benefit. In addition to numerous servers that I can identify as owned by the manufacturer, the TV sends information to numerous analytics vendors, streaming services that I'm not subscribed to, and larger software and technology companies.  Remember that today, my television which has been powered off is responsible for over 4,000 connections to the internet. When I subscribed to a streaming platform, I wanted to watch media provided by that platform. I paid good money for it, and in exchange for my money, that service silently sells my data to countless companies for their own benefit. If I watch a show on one popular streaming platform, the app makes nearly constant connections to no less than six distinct analytics vendors in addition to content delivery networks owned by third parties. In neither case did I want to disclose my viewing habits - I paid for a product and service, they received money for a product and service, and that's as far as I'm interested in extending our relationship. In both cases there's significant boundary turbulence. It's not just the people I paid for the product and service that are monitoring literally everything I do with both. They disclose that information to countless third parties and I have no control over that disclosure.

If I purchase a paper book from a store, that store knows what I purchased and the publisher knows a book was sold.  Once I take that book home, the author, publisher, and retailer have no insight into what I do with it.  Whether I read it, stop mid-way through it, dog-ear a page, or bookmark it before leaving it on the coffee table, nobody else needs to know.  There's no service tracking which word I'm on, no analytics vendor analyzing how fast I'm reading it, no myriad of databases logging my use.  It's nobody's business whether I'm reading it, using it for toilet paper, or lighting it on fire.  My relationship with any third parties involved in the book ends once I've paid for it.  I think that's how it should be.

I have a reasonable expectation of privacy in my own home. Data vendors have gone too far, and I think it's time we take our privacy back.