When taking a quiz on Facebook leads to an unknown analytics firm gathering information on you, your friends and family, the uncomfortable truth starts to settle in: There is almost nothing you can do online without digital eyes following you.
Trackers have long been widespread across the internet, with advertisers and social networks collecting as much information on you as possible. Even when you create an account with almost no personal details on it, it doesn’t take long for a company to relearn everything about you.
The only difference now is we’re starting to open our eyes to all of it.
Suddenly, we’re much more aware of how our data is being collected without our permission. Awareness has gone from an obscure band only a few friends knew about to the Grammy-winning tune you can’t get out of your head — it’s everywhere. The number of consumer complaints over privacy issues sent to the Federal Trade Commission jumped by more than 14 percent to 8,000.
“In 2018, we really do view it as the year where there was a reckoning with privacy practices across the industry and people waking up to these concerns,” said Marshall Erwin, Mozilla’s director of trust and security.
With that momentum, advocates, tech companies and lawmakers see an opportunity for real change — beyond just changing your own privacy settings.
People are flocking to privacy tools online that block trackers following your every click, companies are hiring more privacy experts and more politicians are fighting for legislation to force companies to be more open about how they use your data.
Winds of change
Facebook’s mission statement since 2017 was to “bring the world closer together.”
With its Cambridge Analytica scandal, Facebook did just that: Privacy experts pointed to Facebook’s Cambridge Analytica scandal as a unifying moment that put data concerns in the spotlight.
The UK data analytics firm gathered data on 87 million people without their permission, using an innocent-looking personality prediction quiz. That information included access to a person’s profile, location, likes, as well as data on friends linked to the account.
Facebook’s scandal hit home in many ways that past data breaches didn’t. The service is a household name used by almost everyone on a daily basis. The shock also came from Cambridge Analytica’s political ties, as the firm worked with the Donald Trump campaign and Sen. Ted Cruz’s campaign during the 2016 presidential election.
“The Cambridge Analytica story was a rude awakening for a lot of people,” said Omar Tene, vice president of the International Association of Privacy Professionals.
These experts aren’t the only ones seeing a positive side to more people being aware of privacy issues. Facebook is too.
“We think it’s a good thing that people are more interested in using privacy controls and managing their information online,” a Facebook spokesperson said in a statement. “In 2019, we want to keep making sure people know about the controls they have available and how to use them.”
While Cambridge Analytica was the biggest event, other privacy mistakes continued to grow people’s concerns throughout the year. Reports found that Google’s services would track and store people’s location data, even if location history was disabled, while lawmakers learned that wireless carriers were selling real-time location data from your phones to tracking companies.
When reached for comment, Google pointed to a September blog post from its chief privacy officer, Keith Enright.
“People deserve to feel comfortable that all entities that use personal information will be held accountable for protecting it. And we believe that regulation can support a dynamic marketplace for businesses of all types and sizes,” Enright wrote in the post.
Wireless carriers including T-Mobile, Verizon and Sprint didn’t respond to requests for comment. AT&T declined to comment.
While the laws apply only to the EU, tech companies with a major global footprint changed their policies across the board. This gave users more control over how companies collected their data.
Along with more people aware of privacy issues online came an increased desire to control their own data.
Analysts from Forrester Research found that 79 percent of US adults were using at least one privacy tool online this year. A Pew Research study also found that more than half of Facebook users in the US adjusted their privacy settings after the Cambridge Analytica scandal.
Privacy tools have been available online for quite a while, but there’s been a spike in traffic over the last year, developers found.
DuckDuckGo started as a privacy-focused alternative to Google in 2008, offering a search engine that didn’t track people around the internet. Its traffic had steadily been growing since, but it boomed in 2018 after Facebook’s privacy issues, said Gabriel Weinberg, the CEO and founder of DuckDuckGo.
He compared the spike in traffic to Edward Snowden’s revelations on the NSA’s surveillance in 2013.
“If you had two points of data that you wanted to mark, I would mark Snowden and 2018,” Weinberg said. “Snowden got the awareness and people to care, but not to act. 2018 made people want to act. ‘OK, this is real. My information got leaked. I’m getting targeted.”http://www.cnet.com/”
From 2015 to 2017, searches on DuckDuckGo steadily increased by about 1 billion every year. By November 2018, the number of searches jumped by 3 billion over last year.
“The last three months alone, we gained almost 50 percent in just those three months,” Weinberg said in November. “It used to be 50 percent for an entire year.”
After the Cambridge Analytica scandal surfaced, Mozilla announced its Facebook Container extension for its Firefox browser, which blocked the social network from tracking people across the internet. The tool was a massive hit, Erwin said.
“We saw demand for that add-on, and the add-on itself drove a lot of Firefox downloads,” the Mozilla trust and security director said.
Adjusting the sails
Tech companies were fully aware of the tides turning on the public’s focus on privacy issues.
In June, Apple announced new privacy features for its Safari browser, which would block web trackers from following people online.
Apple CEO Tim Cook has also been on the forefront for privacy, as the first tech executive to openly call for a US data privacy law.
“Our own information, from the everyday to the deeply personal, is being weaponized against us every day,” Cook said at the European Parliament in October. “We shouldn’t sugarcoat the consequences — this is surveillance. This should make us very uncomfortable, it should unsettle us.”
The changes aren’t limited to Apple.
Before Pokémon Go’s boom in July 2016, the Pokémon Company didn’t consider itself a tech company. Sure, Pokémon had its line of video games, its trading card game and its animated series, but it didn’t have data on every single person that indulged in Pokémania.
Then Pokémon Go arrived, giving the company data on more than 800 million people, including names and location history.
While millions of people continue to play Pokémon Go, it’s had privacy worries from the beginning. When the game released, then-senator Al Franken wrote a letter to Niantic Labs, who developed Pokémon Go, demanding to know what data it collected and shared.
The company hired John Visneki in May 2017 to serve as a data protection officer — almost a year after the game released. The Pokémon Company understood a growing demand for privacy protection from players, he said, and also knew just how sensitive the information it collected was.
“Privacy isn’t something that’s just a rainy day fund, or something we do because there are fines associated with it,” Visneski said. “We believe it’s our customers’ rights, and it helps us as a business.”
Since Visneski joined Pokémon, the IT team has expanded from 10 people to more than 100, many of which working on security and privacy, he said.
That trend goes across the industry, Tene noted.
In the last year alone, the International Association of Privacy Professionals picked up more than 20,000 members, the organization’s vice president said. The group has 45,000 members in total, he said.
“Once something transforms and crosses the divide from a niche industry topic to driving the agenda for the biggest company in the world, then yes, privacy awareness has arrived,” Tene said.
For most people, platforms like Google and Facebook are often too convenient or ingrained into your social life to up and leave.
Companies know user backlashes don’t last, and it’s why you often don’t see much change.
“If you want to see real changes for consumers, it’ll have to come from regulations,” said Bénédicte Dambrine, a privacy counsel for OneTrust, privacy-management company. “The only way to make things better for consumers is for companies to change their practices, which regulations would force them to do.”
It’s why GDPR had such an effect on your privacy settings. It’s also why tech companies have now changed their stance on regulation, now supporting laws, but hoping to shape how it looks.
“Google welcomes this and supports comprehensive, baseline privacy regulation,” Enright said in Google’s framework for privacy legislation.
While experts see that regulation is the most optimistic path to real change, the downside is that legislation takes time to pass. You won’t see these changes in privacy policies immediately, but 2019 is a good starting point.
Sen. Jerry Moran, a Republican from Kansas, said at a hearing on November 27: “It has become clear the US needs a federal consumer data privacy law.”
He’s working on a bipartisan privacy bill with Sen. Richard Blumenthal, a Democrat from Connecticut, which they hope to pass in 2019.
The advent of a federal privacy bill would’ve seemed impossible just a year ago, Weinberg said. Privacy groups would tell the DuckDuckGo founder that it was a “waste of time” back then.
“We talked and backed off any work on it because it seemed completely impossible,” he said. Now DuckDuckGo is a major supporter for Sen. Ron Wyden’s proposed privacy bill, which would include jail time for CEOs involved in data breaches.
Privacy isn’t an issue that’ll just be forgotten, thanks to breaches and data abuse scandals that continue to surface. Once you’ve seen what companies can do with your data, you can’t unsee it, Weinberg said.
While 2018 got everyone aware, 2019 is looking like a good starting point for getting legislation passed.
Until then, feel free to change your own privacy settings.
CNET’s Holiday Gift Guide: The place to find the best tech gifts for 2018.
Security: Stay up-to-date on the latest in breaches, hacks, fixes and all those cybersecurity issues that keep you up at nght.