Is My Online Information Private?

No. At least, not completely. From text messages, phone calls and voicemail, email and IM chats, to search history, shopping habits, etc., your privacy is for the most part, an illusion. The only thing that is private is what’s inside of your head. Once you share something in any capacity, especially through technology, it is no longer private.

Before we dive into the conspiracy theory stuff, let’s just keep it simple and look at some inarguable facts.

Backups

Most all services, automatically make redundant backups of all the information you send and receive for simple fail-safe reasons. In case something fails or there’s a power outage, etc. Now, once you delete something, depending on the website, there’s no clear way to know for sure how long the service will keep the backups. Maybe ninety days, maybe indefinitely. “Deleting” something usually only means hiding it from your view and public view, not actually deleting it from the database.

Directly from Google’s privacy policy:

…after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems [ever].

Google really isn’t sneaky about this stuff at all either, though it’s not surprising that most of these facts go straight over most people’s heads. After all, not everyone is a web and tech expert. However, in an interview, Google’s CEO himself, Eric Schmidt, straight up said:

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.

That could have other implications, but to me, he’s basically making a common sense point. If something is that private or sensitive, don’t put it online for someone else to find (because they will). The only problem is that the average internet user really isn’t that tech-savvy and will mostly and understandably be oblivious to the way things really work and agree to a lot more than they would have bargained for if it was really laid out for them in a concise, easy to understand manner (I probably don’t need to point out that people never read the fine print, it’s simply too time-consuming). The average internet user assumes that because they have a password and that it’s their “private” email account, that all is well. Simply not true.

Research

Many services learn from your behavior and search habits (especially Google) to better target ads toward you and possibly for other tracking and study purposes. This includes scanning all your emails and attachments and even browser fingerprinting you to track your movements about the internet, even when you’re not using their services directly.

Most companies claim this data is kept anonymous, but there are holes in that story, and how could you ever really know anyway (it’s not outside the realm of possibility that some companies simply lie to us), and even when data is anonymized, it can be de-anonymized quite easily. While I’m sure data is being collected on everyone regardless of who you are, I do doubt, however, that someone is personally reading your email unless you’re saying some pretty radical things. But, most likely, I’m not that important and you’re not that important.

Google gets a lot of controversy and scrutiny over privacy, as they should. But, more so, I think Facebook has their claws in your brain even more. Most people use Facebook these days as email, and maybe even more so than texting or anything else. Also, people tend to post a lot more personal information and tons of pictures on Facebook than anywhere else.

Most people seem to think only certain people can see certain info that they post, when that idea has crumbled over and over as we all know. “Liking” is probably the most genius of ideas. Once you like enough, I’ll bet you anything that someone like a criminal profiler could learn everything about you, your age, sex, location, sexual preference, religious affiliations, and more, without even your name or picture, solely based on your Likes. The same kind of info someone malicious might want, is the same kind of info companies can use to make money off of you.

All your Facebook info is served up to ultimately turn you into a demographic for advertisers to better target you (I should know, I place ads on Facebook myself — the targeting is better than what even Google can offer). So, the next time you see an ad that is eerily directed toward you, you know why. Not to mention the possibilities of your info being shared or sold to third-parties for any number of reasons. Another important mental note to make to yourself, is that “free” online services aren’t actually free, we pay for these services by exchanging our data (which is a valuable currency).

To that end, you should understand what Google, Facebook, and similar companies really are, they’re data agencies. Again, we pay for the great tools and services they offer with our data, and to be clear, I do choose to use a lot of their services because they are useful to me. The distinction, however, is that I understand that trade-off, what these companies really are and that their services aren’t really free. Most people do not have that vital information going in before they agree to these impossible to read and understand terms and policies.

Subpoenas

Your information, from any service, “deleted” or not, can be court-ordered or in some cases, just demanded without warrant. The Patriot Act has opened up a whole new can of worms and other bills are creeping in too.

Other

Backups, research, and subpoenas are all legitimate worries of your online privacy. But, I’d also like to quickly brush over some other all-to-real possibilities. Hackers, scammers, and spammers looking to steal your identity, your boss (or potential boss) doing some extracurricular internet research on you, your boss or spouse putting a keylogger on your computer and monitoring everything you say and do, if you run a business, competitors trying to drag your name through the mud, as just a few off-the-top-of-my-head examples.

Time to Get Paranoid

But, to really get paranoid, we’ll have to put on our “Big Brother” tinfoil hats. Here, we find the super gray area of control of information. We can safely assume that known criminals are fully monitored in every capacity, that’s really just common sense. But, the stuff made of real nightmares, is what if they’re monitoring us all regardless, all the time, if they have a backdoor to just about every database of every service you use?

Maybe because we made one too many “red flag” searches, even innocently just looking to learn about all sorts of things. Maybe they’re monitoring us all anyway regardless of that even? There is certainly no shortage of resources and opportunity. Who’s to say that Google and Facebook don’t already answer to a higher power and already haven’t given government agencies full access to their servers? These are billion dollar companies after all. Of course they would comply rather than face the intimidation and wrath of the US government, right? And maybe they even benefit financially and in other ways to give access anyway?

Bottom Line

There’s really no possible way to ever know exactly what is happening with your information online (or your records in general). There just isn’t. But, to help you sleep at night, you have to remember that you’re just one in around seven billion people.

You’re probably not that interesting and worth the manpower to go through all your personal info, again, not that that information probably isn’t being collected anyway in case you do ever become “interesting”. And if you are that interesting, you’re probably a criminal, in which case, you’d have to be a pretty dumb criminal not to already be communicating with encryption and code and through other off-the-grid channels (not to imply that you could for sure still escape the almighty eye in the sky).

Another thing to remember, is that although there’s certain things you may want to keep private, and by all means, you have every right to privacy, you should still be prepared, even if your privacy is violated and exposed, you should be strong in knowing who you are and confident no matter what. While I generally hate the argument “So what? I have nothing to hide.”, if you’re not a criminal and you’re generally a good person, to a certain extent, you really shouldn’t have anything to hide, at least in terms of letting it destroy your life.

Because, outside of being a criminal, there’s nothing you could ever say or do that could truly hurt you and that many others haven’t also already said or done (but I understand that celebrities, politicians, and other public figures can have their careers and dignity destroyed, receiving much more scrutiny than a nobody would). Despite personal embarrassment you could potentially face, possibly losing a job, things you’d rather remain private, what I’m trying to say is that ultimately, if you’re not an evil person, you should be able to survive a worst case scenario of your privacy being violated.

I don’t mean to be unrealistically optimistic or flippant about the issue, because that’s not to say that you shouldn’t be angry, that you shouldn’t care about your basic human rights, that you shouldn’t try and be tactful, keep your reputation safe, especially between your personal and business life, fine-tune your privacy settings, choose strong passwords, delete unneeded or sensitive data, etc.

I also don’t want to give off the impression that we should just lay down and give up with a “That’s just the way things are now, what can we do?” mentality, that there’s nothing we can do about the violation of our privacy. I’m just trying to be realistic. You don’t want to be so naive and trusting to the point that you get your identity stolen, lose personal accounts to phishing attacks, and the like over and over, but you also don’t want to be so paranoid, that you can no longer function in society or find happiness and trust that there are still good people that respect others and their privacy in the world. You have to find a healthy middle-ground to deal with our rapidly-changing world.

You have to remember also, that there are only deterrents in protecting yourself. All security measures are mere deterrents, if someone wants to hurt you bad enough, they’ll find a way. That’s simply a condition of mankind that will never change. So, if there is information that you feel is so sensitive that it could ruin you, don’t use technology to communicate it to people, speak with them in-person or simply keep it to yourself altogether. Just try to be safe, although I understand that the ability to have a simple private conversation in the privacy of your own home today even isn’t what it used to be.

Update

Wow, so much for any of this being on the paranoid, conspiracy-minded, anecdotal side. With what we now know about the NSA and the Heartbleed bug, everything I said and predicted here (not that we shouldn’t have also had common sense about these matters well before anyway), was 100% true.

Outside of official confirmations, I think it just goes to show you, there’s a lot you can simply assume about the way the world works with just a little concern and critical thought for protecting yourself against the bad guys. To ever assume you’re completely secure and private, doing anything, anywhere, at anytime, is really just naive.