A truism about the free tools online is that if you aren’t paying for the service, then you are the product. Take your grocery store's “club” card program. You sign up and give them your name and phone number, and every time you shop, you swipe your card and get discounts on certain items. If you shop at the same store all the time, it makes total sense to take advantage of these discounts to save yourself some cash.
It is easy to see why a consumer would use an offer for a discount, but why does offering it make sense to the store?
Every club card swipe gives the grocery some data points, some of it in aggregate, for example to track what brand of black beans is popular in this community, or that there is an uptick in baking supplies needed towards the end of the year. Those are all useful statistics in a store’s purchasing decisions. It also gives them data points on you as an individual; if they send you a coupon, will you try this other brand of black beans that they have a better margin on? Stores can also draw inferences about such things as, how many people likely live in your household, as calculated by how fast you restock toothpaste, and other speculations such as whether they should stock more large packs of tissue?
The individual data points still seem like a bonus for you because they are still giving you better service. But, since you've helpfully and freely provided them with all this data, they can also capitalize on it by selling it somewhere else.
The monolithic social networking organizations have taken this from the point of a happy byproduct, to a large source of income. You pay nothing for your account, but every interaction, every text you post, articles you click on, jokes you upvote, games you play, and items you re-share – gives the company information that then can be aggregated, indexed, and sold. Advertisements are targeted towards you, and algorithms manipulate which of your contact’s posts you see. This is not a secret; it's not only written into the obscure user agreements, but the configuration & settings features ask you to tweak your interests so that the network can better advertise to you. Even if you refrain from clicking on tempting issues, don't play data-collecting games, don't post, and only try to find your friends updates in the system, you are on the system, and the system buys information to make a better profile of you, and uses it to target certain content exactly to you for their benefit.
Or, more nefariously, malicious actors get ahold of this carefully compiled profile and figure out ways to target you, your family or your company for their own ends.
Data mining from social feeds is currently getting a lot of attention, and a sudden flood of folks are leaving the big social networks (or are talking about doing it if only all their friends and family migrate together) to go to a different means of connecting with friends.
But are these other social networks any different?
Some of the new hot platforms are set up as “pay-to-access” products. The idea there is that if you are paying for the product, maybe you aren't the product. The new company has created an area of the internet with boundaries and a cost of entry. Some of these tools have current expectations that they won't be selling data, but that may change. Many of them explicitly expect to be sharing the mined data with their parent organizations, or don't say anything about how they intend to use the data. But even if you find one that respects your data privacy, and if you can convince your friends and family to move over to it (and pay the subscription), not everyone will end up on the same platform. Will you be able to reach a wider audience, be able to hear about topics not generated by your personalized group, or learn about issues that this specific network platform doesn’t promote to you?
There's also the decentralized or federated model. If your friend-group has a server and some time, there's open source software that creates an instance, and a group of “Friends & Family” can keep their profile on this private instance, but can link to people at other instances, and can keep their own posts as private or public as they want. Also, an administrator can block federation from a server that doesn’t meet their definition of a good neighbor; for instance, if members of the external server post hate speech or incessantly advertise scams, the blocking mechanism can prevent these bad actors from reaching you. This ought to mean you aren’t giving large organizations your data via social media unknowingly, but is this actually what we see in practice?
Some folks have set up “scrapers”, which are accounts that – if they can cause a link between their server and yours – have the ability to copy (or scrape) all public posts coming from your server, which are then dropped into massive databases for the same data mining processes that have been part of the social media business models. An argument can be made that scrapers are acceptable, since your posts are public. But some administrators are considering these scrapers as bad actors and are banning the servers from whence they originate.
While the monolithic companies have been heavily criticized for developing profiles on every user, the several separate new “private” platforms may be looking to build the same model, and the federated servers need continual monitoring to prevent bad actors from slipping into your social feed (or exfiltrating it). It makes you want to go back to simply emailing your friends. Assuming you and your friends are not receiving mail on some monolithic mail platform that is also snooping in your mailbox to then send all of you advertisements using the profiles they developed.
What is a person to do?
Evaluate your personal information with the same risk tolerance approach used by major corporations. If you have a computer that is never turned on and not connected to the internet, it’s pretty secure, but not terribly useful other than as a doorstop. On the other end of the spectrum, typing in your bank passwords in the clear on a publicly shared computer might be a bit too open. What do you want to be connected to, and how much are you willing to potentially share to get it?
Also, where are your social contacts? Are they currently on the monolithic social networks, and do they intend to stay with those platforms? If all your relatives are on an advertising-based platform, will you join them there just to keep track of family gossip? Finally, how much effort are you willing to put into this, and when? Signing up for those monolithic social networks was incredibly easy, and took little thought. While the federated model may be a piece of the puzzle to solve the problem, it will not happen without a groundswell of people like you and me who are willing to admit that even our most seemingly insignificant data can be of very significant value to those who seek to sell us. Let’s not sell ourselves.
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
