Public Perception in Data Privacy - a discussion

Hi,
A partner and I have been working on some research for an ethics class at our university regarding data privacy and the public perception of data privacy. We would love to start a discussion here to learn more about your opinions and experiences on the topic, and share some of our findings. Our main focus was to find out how companies collect data, what types of data they collect, and what that data is used for after it is collected. We also wanted to investigate the public perception of data privacy; essentially “how aware is the average person of the data being collected on them?” We concluded that there is a significant lack of awareness amongst users about the extent of data being collected about them, and the types of data being collected about them. If you’re interested you can read both of our argumentative papers here. We want to ask a few questions to get a discussion started about the topics we’re interested in, so please feel free to share your experiences around these questions:

• How aware are people in your experience of data collection practices?
• What personal anecdotes or stories do you have about someone coming to terms or dealing with data privacy leaks, scares, or other interactions?
• What measures or practices do you take in your daily life to preserve your own privacy?
• What brands or services do you trust or distrust when it comes to data privacy?- How do you see the future of data privacy evolving?
• How do you feel about the transparency of data collection practices?
• Do you think more people would be concerned about their privacy if there was more transparency in this regard?

Firstly, welcome to for forum.

IRL, people in large, are unaware… or should I say, don’t even think about it. When I speak to folks online, they usually claim to be aware of it. Could be the online vs irl communities I belong to, play a big factor?

Most people IRL don’t really care. They don’t see a big deal of they get hacked, until it’s too late. They don’t care because they believe they have more immediate issues to deal with. Privacy is an invisible issue, to most people. It can cause a lot of problems, but people just want to cure the problem, not the cause.

Good security practices like MFA, strong passwords, etc. A privacy respecting OS, various DNS blocks, strong firewalls blocking dodgy IPs, privacy respecting email service, VPN, and so on. I try to consider what I sign up for, who I give details to, and various other things. I try to take privacy somewhat seriously, while not fully impeding daily life. When I need to use a service that’s not so privacy respecting (eg: Google/YouTube), I go through ALL the settings, and be very careful on what I post.

I don’t think you should outright trust anyone or any company. People, leadership, and policies change. While I might trust Proton, today, that might change tomorrow. Same goes for Tutanota, Bitwarden, Signal, Techlore… and I think you get the point. Keep reevaluating. Don’t blindly trust. You have a brain, so use it.

As for the outlook on privacy… I’m unsure. On one hand we have countries slowly adopting better privacy laws… on the other we have the opposite. I mean the UK is literally trying to kill encryption, while France is trying to kill VPNs. Then we have more companies getting into privacy, and FOSS. Yet we also have Google trying to bring in stronger web DRM.

Even if we swipe all that off the table, we still need to contend with the prominence of facial recognition cameras, dodgy smart doorbells, dodgy smart speakers, and so on. People like the new shiny thing… myself included.

All I know for sure is, the fight for privacy, is far from over.

I think the privacy community relies on trust. We trust that companies are using their open source code, on their backend. We trust that the toggles Google offers, actually works on BOTH ends (you and Google). This can only be solved via self hosting… but that is understandably not feasible.

Some might, but largely, no. As I earlier mentioned, people have many problems on their mind. Read Q/A point 2.

How aware are people in your experience of data collection practices?

To be honest, most people are unaware, and among those who are aware, the majority (in my community at least) don’t care about the consequences.

What personal anecdotes or stories do you have about someone coming to terms or dealing with data privacy leaks, scares, or other interactions?

My family thought that I was just being over paranoid and that no one would actually bother to monitor all our activity, and even if so, there was no issue since they weren’t doing anything illegal online.

What measures or practices do you take in your daily life to preserve your own privacy?

Browser compartmentalisation, browser hardening, change DNS, VPN, password manager (KeePass), disabling telemetry and other harmful settings, using FOSS trustworthy software alternatives as much as possible unless absolutely necessary.

What brands or services do you trust or distrust when it comes to data privacy?- How do you see the future of data privacy evolving?

Google, Microsoft, Meta, Amazon, X, and almost every other major tech conglomerate will be involved in data collection. ISPs and governments also do their own things. Fortunately, people are starting to become more aware. The fact that X and Elon Musk have faced so many issues is leading people towards Mastodon, a sign that people can accept privacy enhancing and privacy respecting services, which are becoming more usable by the day. Personally I want to switch to Linux for example, but I cant do so yet due to apps like Office365 which I need to have, plus Windows is a requirement at my school. Hopefully, soon I can make the switch.

How do you feel about the transparency of data collection practices?

Don’t trust Big Tech either way. Smaller services that are GDPR compliant can be at least partially trusted, but take strong measures anyway. The harshness of your measures should vary based on threat model.

Do you think more people would be concerned about their privacy if there was more transparency in this regard?

Definitely. Most people are horrified when they realise what’s actually happening behind the scenes. They are under the illusion that service are completely altruistic in helping them get what they need.

Edit: Welcome to the forum btw.

Howdy, thanks for letting us participate in your research. (Side note: I’m only 40 minutes away from your university, been there a couple times for FIRST Robotics. How is the CS program at your school, and how’s the job placement for CS majors there?)

They’re aware about data collection, but unaware about how the data is used against them. Everyone knows that Google and Snapchat collect gospels of information on users, but nobody knows about how it’s used, and who it’s shared with, outside of targeted advertising. Nobody knows about how the government purchases data from data brokers.

My friend has beefed up his privacy recently by switching to Tor and Signal for certain things. This change was largely in response to me sharing surveillance report articles with in, especially the one where it discussed FBI agents spying on WhatsApp.

Use Proton Mail, Signal, and Tor. Don’t share my email address or phone number, if necessary use an alias. And don’t be a rat and share intimate pictures in group chats that you don’t want getting leaked.

Trust: Proton, Tutanota, Signal, Brave, Tor Project, Mullvad, MailFence, MEGA, Filen, Mozilla, Apple
Distrust: Google, Facebook, Snapchat, Microsoft, Amazon, Adobe, Oracle, any big tech company here in America. Apple is slightly better.
Future of privacy is on the decline because most privacy preserving services will lose funding and shut down or be banned by legislation for using encryption

Definitely, transparency is what got my dearest friends to convert to privacy respecting solutions for their apps.

Welcome to the forum. Interested in reading your papers when I have some time!

Acutely aware but maybe not aware the extent to which companies collect data and link various points together (search habits, shopping habits etc.) to create a profile.

I used to work in computer repair for a small company but also had lots of people coming with software issues, people who had been hacked, infected with viruses etc.
One lady had been hit with a virus, just some silly browser thing from what I recall, but when I requested she type in the password to her PC, she typed in an extremely basic password, just 4 characters if I recall. I sort of couldn’t help but chuckle because she was evidently very concerned for her data, but had a laughably basic root password.

As you’ll likely find with many members here, making choices about which software, hardware and services I use. Most things I use are open source and don’t touch the internet if it doesn’t require it (my password manager doesn’t access the internet and even if it did, I blocked it in my OS from doing so) For times when I need to use something made by big tech, I trawl through settings and disable as much as I can, and I access it through a browser instead of an installed application.

I wouldn’t necessarily trust anyone. That being said, I take a chance using services like Proton and Signal because they are at the least fairly transparent. At the very least, I’d rather take the chance and potentially end up being burned than use something like Facebook knowing full well that all my data is being collected.
Regarding the future, I think legislators have made great strides in trying to rein in the big tech firms. On the other hand, some governments (run by people who fundamentally misunderstand technology) seek to further erode rights to privacy online in the name of crime prevention. I don’t have an optimistic outlook, so I think it’s good to promote and argue for use of more secure and ethical services.

To elaborate, people have gotten used to paying with their data instead of paying with their money, and not everybody wants to or can pony up the cash to pay for services that are normally free. This begs the question of where the money comes from. I know Brave are something of a controversial figure but I wonder if their more ethical approach to advertising could prove useful. It’s less intrusive and doesn’t collect data if I recall correctly. There’s also the Proton model of free access with benefits for paying subscribers. This would prove an issue if the vast majority of users are free, I’d love to know what percentage of Proton’s users are paid.

Great if it’s transparent. I sort of credit Google for at least being frank about this for the most part, and offering compelling products. It’s not hard to see why they’ve proven so successful when their products and services are as good as they are, Docs including collaboration, G Suite, Maps, etc. Facebook are more sneaky.

I don’t hate data collection in principle. Data collection is very useful for people selling products, and looking for ways to improve their product. However, companies should have it turned off by default or at the very least be transparent off the bat about what and how they’re collecting. Some argue that companies should run surveys or focus groups, but this isn’t feasible for smaller businesses.

I’d say so, I remember Netflix’s The Social Dilemma being mentioned a few times casually by people who aren’t in this community. Some will always not care or think that everyone is collecting their data so they shouldn’t even bother. I think there should also be more transparency about open source and privacy respecting tools. Some people have unironically asked if I’m some sort of spy or government agent because of my choice of platforms. I am none of those, I am just a person who wants to protect their privacy.

Say what you will about DuckDuckGo, but they had one of the most excellent marketing campaigns I have ever seen, clear explanation about how creepy big tech is, and how to combat this by using them. Marketing campaigns like that are doubtless very costly, which is a real shame.

Hi and welcome

How aware are people in your experience of data collection practices?

Most of them not at all. But what is worst, in my opinion, is that some are aware of the data harvesting, but deliberately choose to ignore it. Because they don’t want to change anything and want an easy life, they pretend that the problem doesn’t exist (any similarity with events regarding certain respiratory disease is purely coincidental)

What personal anecdotes or stories do you have about someone coming to terms or dealing with data privacy leaks, scares, or other interactions?

I don’t know it this qualifies, but recently I was buying something in the shop and the cashier ask me before the payment:

Cashier: Can I have your phone number?
Me: No, why?
Cashier: …
Me: …
Cashier: Oh, you don’t wanna be in our system?

She was completely unprepared for the situation that someone refuse to give a phone number. That tells you something.

Btw, once the same happend with an email. I asked why. They told me that’s because of the recipe and the warranty. And because I was buying a piece of electronic equipement it kind a made sense. Anyway I was sceptical, so I gave them generated email address. Recipe arrived and less than 24h later - Don’t miss our friday deals! - advertisement shit. Email no longer exist.

What measures or practices do you take in your daily life to preserve your own privacy?

Compartmentalization, 2FA, hardware keys, password manager, alternative browser, search engine, E2EE email, messenger and cloud storage, DNS filtering, adblocker, VPN, no social media.

I pay for most of the services I use. I carefuly choose where to register and if I really need it. If possible provide as little information as possible and usually fake name.

What brands or services do you trust or distrust when it comes to data privacy?- How do you see the future of data privacy evolving?

Mullvad, Signal, ProtonMail, Mega, Brave. Just to name a few.
To be honest I’m quite skeptical. With companies pushing LLMs to every service and devices, with no regulation or accountability, I think it’s gonna be only worst.

How do you feel about the transparency of data collection practices?

Transparency is good, but very few companies actually do that. I would prefer if the companies wouldn’t collect anything or absolute bare minimum. As we see it is possible - eg. Mullvad or Signal.

Do you think more people would be concerned about their privacy if there was more transparency in this regard?

No. As I mentioned above. People will rather willingly live in the lie/denial than to face the fact that they would have to change something in their life. And unless something really bad happens (I cannot even imagine what) vast majority of people will not care.