Privacy In The Age Of Information

From New Media Business Blog

Jump to: navigation, search



Big Data [1]

“If this is the age of information, then privacy is the issue of our time” [2]. We live in a data driven world: data surrounds us in our private and professional lives, on our computers and in the technologies we use everyday. In industry and business alone, the rise of data has become an important factor of production, alongside labor and capital. For example, by 2009, nearly all sectors in the US economy had at least an average of 200 terabytes of stored data per company with more than 1,000 employees [3]. With all eyes on big data, users of the internet and internet enabled technology are becoming increasingly concerned about what big data means for their privacy.

Big Data

“Big data is an evolving term that describes any voluminous amount of structured, semi-structured and unstructured data that has the potential to be mined for information.” This data is expanding rapidly in velocity, variety and volume, quicker than we can comprehend[1].

The 3V’s of Data

Velocity, volume, and variety, describe the increasing rate at which big data is created.

Privacy Concerns in 2016

Privacy can be perceived by internet users in two separate ways. The first would be regarding the information we choose to share with other users - usually on social media - that we may regulate with privacy settings. The second and more concerning avenue of privacy relates to the collection of our personal data by governments, companies, third parties and other agencies that occur with little user acknowledgement when one uses the internet or an internet enabled device.

Social Media

Online Persona

A persona refers to the role that one assumes or displays in public or society; one's public image or personality, as distinguished from the inner self [4].

Since the inception of Facebook in 2004, most users of various social media sites are now more accustomed on how to control what is shared publicly. A user is more aware of the viewership of others and adjusts their online presence accordingly to present a desirable or ideal version of themselves to different social groups.

The concept of a persona is pertinent to the use of social media and online activity. With the ability to manipulate and monitor what we share with others online, we are able to shape our persona with ease. The online “public persona” in the context of privacy and social media is regulated by our privacy setting know-how: a learning curve that is in its stage of maturity for most online users.

Online Persona: Public vs. Private Identity

Privacy setting know-how has allowed many users of social media to provide two versions of themselves online, their public identity (for employers and strangers) and their private identity (although still considered a “persona”) for their friends and family. These two online identities are regulated by Privacy settings, although both are still subject to manipulation.

Users of social media have become aware of adjusting their privacy settings so as to avoid exploitation or the sharing of personal information in a public space. Overtime, many users increased the amount of personal information revealed to their friends while simultaneously decreasing the amounts revealed to strangers [2]. One benefit of regulating our online privacy by using a public and private identity, is to monitor how we are perceived by employers.


A study by Workopolis found that up to 93% of employers search online to audit the online presence of a potential new hire in the interview process [5]. The study shows that employers think less favorably of prospective hires if they encounter posts of sexual nature, about drugs or violence and posts with bad spelling and grammar. Employers go online to assess the cultural fit, qualifications and creativity of potential hires. Online monitoring of potential hires is a risky practice as many potential employee’s share information revealing protected status (as laid out by the human rights code). One cannot be certain that discrimination based on protected status (such as race, age or religion) has occurred. Such discrimination could be subject to trial by the human rights tribunal.

Data Collection

Many online users are unaware of the scope of data collection that ensues as we navigate online and use internet-enabled devices. There are mixed feelings regarding the optimization of the online experience through targeted advertising and this relevantly young avenue of marketing is yet to face formal regulation. There is also considerable concern regarding government surveillance and data collection. A popular phrase that has arisen in recent debate sums it up perfectly, “if you aren’t paying for the product, you are the product”.

Privacy Policy

A privacy policy is at the foundation of every online or offline business. It contains terms and conditions set out to protect all parties involved in the dealings between the parties. Research has shown that an overwhelming majority of internet users do not read privacy policies [2], but also that nearly half of online policies were found to be written in a language beyond the grasp of internet users [2].


Due to criticisms of the readability and ambiguity of privacy policies, many companies including Facebook and Snapchat have simplified the terms and conditions of their privacy policies.

Study by the Center for Plain Language

Best to Worst Privacy Policies
Company Rank
Google 1
Facebook 2
LinkedIn 3
Apple 4
Uber 5
Twitter 6
Lyft 7

The Center for Plain Language is a non-profit organization, that helps government agencies and businesses write clearly [6] They believe that communication is in plain language if its wording, structure, and design are so clear that the intended readers can readily find what they need, understand it, and use it [7]. TIME magazine partnered up with the Center for Plain Language to conduct a study into the readability of privacy policies of some of the biggest internet companies today. The study revealed that Google and Facebook topped the charts for readability.



In 2014, Facebook introduced Privacy Basics: a set of interactive guides to show users exactly what controls they posses over who sees their posts, whose posts they see, what information is gathered about them from the links they click, and how they can manage their friends list with more granularity [8]. By making their terms easier to read, they believed they were increasing user transparency on the collection and use of user data by Facebook and the sale and acquisition of your personal data by third parties.

Privacy Villain of the Year

Despite Facebook’s efforts for transparency, the company was crowned “Privacy Villain of the Year 2016” by an association of European civil and human rights organizations, the EDri (European Digital Rights Initiative). They stated that "their default settings [were] noxious for privacy: To understand what privacy you are giving away when you use impossible. Data algorithms that can make new assumptions about users are being constantly developed – even Facebook today would have difficulty knowing how they will use your data tomorrow.” [9]

The Devil is in the Default

As highlighted by the EDri, criticism regarding privacy on Facebook stems from it’s multitude of default settings. Default visibility settings in 2005 involved the sharing of your networks, gender and profile picture to other Facebook users. In 2014, users were sharing their networks, friends, basic profile data, gender, profile picture, names, likes and extended profile data with the entire internet [2]. As mentioned, users are more akin to privacy setting know-how regarding who can see their basic information, controlling their viewership with greater awareness.

Of greater concern, is that Facebook users have to opt-out of personal data collection for the purpose of advertising and research. These default settings highlight the quintessential matter for privacy in 2016: as we have more control over what other users see, we are now more concerned over what is collected about us through third parties, marketing agencies, governments and other companies. Facebook is notorious for tracking its users even when they are not logged in, and making these privacy-invading policies it’s default setting[10]. This new era of privacy is big business. We've also agreed to this.

The Storage Of Your Data

We are yet to comprehend the permanency of our online activity. While many users relate the permanency of their online activity to another user 'screen-shotting' or recording information for various reasons, the truth is that this happens on far larger scale and with consequences users of the internet are yet to comprehend. Everything we do online contributes to Big Data, and is subject to analysis and sale.

Facebook Applications

Facebook App Removal [11]

An example of not recognizing the permanency of the information and behavior we share and display online can be demonstrated by the use of third party applications on Facebook. Many of us have mindlessly authorized the access of our personal Facebook information by various third party applications we use both on and off of Facebook. These applications access our data -from our basic descriptors to our sometimes thousands of photo’s - to function, and sometimes post on our behalf. A user with privacy setting know-how may easily manipulate application sharing to “only friends” in privacy settings, or even un-check some (but not all) of the information requested. This is akin to the control we perceive to have over our information. A user may even consider deleting or removing the application from their Facebook entirely so as no longer have access to their data. The deletion of our data, however, does not mean third party applications no longer have access to data already collected. As Facebook states in it's privacy settings: while the application will no longer collect or store your data, it may still have access to and store the data about you that it has already collected. As what we share online increases as the internet capability increases, the permanency of whatever you have shared, regardless of deletion is alarming.

Privacy Uncertainty

It should be acknowledged that there is much benefit to the user as a result of information sharing and data collection. Companies use consumer analytics to better understand you and to provide you personalized marketing. Data storage allows you to access profiles and services online that remember who you are.

As with any revolutionary change, internet users should heed caution in this new territory. With the introduction of smoking came unforeseen and deadly health risks - decades later. While threats of hacking and inappropriate use of our information are ever present, it is advisable to acknowledge that we cannot yet comprehend other potential consequences of our online world. As new users of Facebook in 2004, we could not comprehend what the use of applications meant for our privacy and the permanent collection of our data. We should remind ourselves not to be over-zealous with what we share. We do not know how our data will be used in the future: for better, or for worse.

Privacy Regulation

Two opposing views dominate modern discourse regarding privacy regulation: the first speaking to one's ability to make “self-interested decisions about information disclosing and withholding”[2] . Those who harbor this belief tend to shy away from online regulation. A second popular view involves concern about the ability of individuals to manage privacy amid increasingly complex trade-offs. Those with this view believe that regulatory intervention may balance the interest of data collection between the individual and commercial and government entities holding that data.[2]

Both views are important in the consideration of online regulatory protection. As of now, very little regulation exists. Digital alliances - such as the EDRi (European Digital Rights Initiative) are becoming more prevalent. In North America, alliances such as the Digital Advertising Alliance help consumers opt out and personalize their ad choices, as well as restrict the collection and use of their data by third parties and marketing agencies Such programs are voluntary and leave much to be desired in the way of official government regulation and policy.

Data Brokering

What is Data Brokering?

Data brokering is an industry based on collecting information about consumers then selling it to other companies in order to improve their marketing. Data brokers collect as much information as they are allowed to because the more specific the data the more targeted and thus successful the advertisement will be. Data brokers collect a huge amount of detailed information on millions of people, often without their knowledge.[12].

While data brokering has already existed for decades, the mainstream acceptance of the internet has radically changed the industry. The internet has dramatically increased the volume and quality of digital data. The widespread use of computers, smart phones, and tablets in day to day life is another contributing another factor to the increase in digital data. By using these digital devices to make purchases, plan trips, search health topics and handle finances, companies can form insights into the consumer’s lives such as financial health, physical and mental health and purchase habits. Technology has improved to the point where it is possible to access, store, analyze and share this data [12].

Information Worth [12]

Ethics and Regulations

With the rapid rise of data brokering, several ethical and regulatory concerns have been raised.

    The 3 main concerns are:
    How Data Brokerage Works [13]
  1. What data about consumers does the data broker industry collect?
    • Data brokers collect information about consumers in order to form a profile about them. This includes name, address, telephone number, e-mail address, gender, age, marital status, children, education, income level and even political stance. Almost everything consumers do online is tracked, from the purchases made, to how that purchase was made. Through consumer’s internet browsing history, health conditions can be inferred such as diabetes or high blood pressure[13].
  2. How does the data broker industry obtain consumer data?
    • One source of consumer data is government records and other publicly available data. From these public sources companies can find out property records, census data and criminal convictions. Whenever someone applies for a license or mortgage that data is collected. A huge amount of consumer data is collected from social media accounts. The data they make available is automatically catalogued through the use of web crawlers. Characteristics such as how much of a social media user the person uses is recorded. The individual’s privacy settings can limit these web crawlers by limiting what information is publicly accessible. Retailers often sell customer information after having them sign up for store loyalty cards. The customer information is sold to a broker and this information is added to different databases, depending on the type of the store. Data brokers may set up agreements where multiple companies agree to swap their consumer information with each other, in order to fill out the personal profiles.[13].
  3. Who buys this data?
    • A large variety of different companies purchases consumer data, Axciom, one of the largest data brokerage companies include “47 Fortune 100 clients; 12 of the top 15 credit card issuers; seven of the top 10 retail banks; eight of the top 10 telecom/media companies; seven of the top 10 retailers” [14]. As well as many other large lodging companies, gaming companies and health insurance companies[13].

Facebook Trackers

Facebook has been under scrutiny for their use of cookies on the internet. Cookies are text files that record information about you and the sites that you visit. Many users are unaware that Facebook trackers their behaviour on the internet, whether they are or are not logged into their Facebook account. Facebook was brought to court in Belgian for its tracking of non-facebook users. The court ruled against Facebook and ordered they stop the practice within 48 hours. The Judge argued that non-users had not agreed to tracking, as they had not agreed to a privacy policy with Facebook [15]1. The relentless tracking of users, with - or without a privacy policy, is cause for concern. Many internet users are unaware of the capabilities of tracking, and users - having given consent, or otherwise, will never truly know how their data is being used by any big corporation.

Tracking Your Online Trackers [16]


Violations of Privacy

Targeting the Financially Vulnerable [2]

The data brokerage industry has been scrutinized over the nature of the data they are collecting and selling. Controversial lists have been found for sale such as “AIDS/HIV sufferers”, “alcoholism sufferers” and “erectile dysfunction sufferers”. These lists can then be filtered by other factors such as geographic location, gender and ethnicity. These lists are a huge invasion of privacy as many people would not want this kind of personal information public. There is the potential for abuse with such lists in existence. If an insurance company acquires a list of “Biker Enthusiasts”, then they may charge a customer on that list a higher rate if they believe they engage in risky behaviour [3].

The main concern with data brokering companies is the “veil of secrecy” the companies have over its data. Millions of consumers do not know what data brokering is and many of them do not know that their data about them is being collected. The reason for this is because data collection usually done without direct contact with consumers [4].

    4 main goals to lift veil of secrecy
  • Able to opt out and identify which broker holds which information
  • Provide conclusion they draw from data about consumers
  • Identify any source of data they hold
  • Notify consumers when they sell their data to brokers
Onboarding [5]

How Companies Use Personal Data


Marketing lists: Clients ask for a list of people who match certain characteristics, which can be tailored down to almost any specific. These characteristics often depend on the type of industry interested. Phone numbers will be requested for use in telemarketing campaigns, addresses for mail and email for online marketing.

Online Marketing: Companies can promote products to customers more effectively through a more customized user experience. If a company knows the interests of a consumer, when they browse their page they can customize the experience to better fit the wants of the consumer. This can benefit the consumer by saving them time if the things they are most interested in are shown quickly to them. Businesses benefit by the greater chance of their product or service being purchased. One example is Youtube’s recommendation section. After a user has watched a couple of videos, Youtube gets an idea of the user’s interests. Youtube will then display recommended videos based on these interests. The user can then indicate if these predictions are correct, if they are not, Youtube will update its recommendations to not display similar videos [6].

Privacy as a Business Opportunity

After high profile data breaches such as the 2012 LinkedIn and 2013 Tumblr hack [7] and many more breaches of consumer info, consumers now highly value the security of their information. Businesses that act proactively when it comes to consumer privacy and data can increase the amount of trust consumers place with their brand [8].

Privacy is a large concern when it comes to applying current technology to older practices. Many people are uncomfortable with their health records being made electronic due to security and privacy concerns, but if these can be addressed, then companies can gain a competitive advantage by creating new products and services to fill these needs. Being transparent with customers over how their data is maintained can be a marketing strategy. Letting customers know how long their data is stored for, whether their information is sold to third parties and how their data is encrypted can attract customers to choose their company over competitors. With the emergence of the digital economy, not only technology based companies have to address privacy concerns. Healthcare companies, financial institutions, post-secondary schools and online retailers are just some of the industries where privacy is a key issue.

Drawing the Line


Where do we decide to draw the line when it comes to the collection and use of people’s data? On one hand, the utilization and collection of consumer data is vital for many products and services. On the other hand, companies can easily force consumers to give up more user data than needed. This raises concerns over what exactly the company needs/uses data for and how safely that information is stored. One example is Uber, which now tracks people even after their ride has been completed. Uber states that this will be used to improve pickups, drop-offs, and locating riders without having to call them [9]. Users worry what exactly Uber will do with this information, whether it is selling their data to 3rd parties or simply holding onto it for future use.Ultimately it comes down to the users to protect and limit their data sharing. Governments have been extremely slow to regulate data collection and in some cases, have their own motive to collect citizen’s data, such as the NSA spying scandal. Users must be mindful of the information they put up themselves online, and adjust their settings to restrict who can see this information. Consumers should look up what information companies track about them and how this information is stored.

Constant Surveillance Through Everyday Devices

Webcam Privacy

As a webcams are built in to majority of devices today it is imperative to comprehend the associated threats to your privacy.

In a recent interview with FBI Director James Comey, he recommended covering your laptop webcam as a simple step that everyone should take to protect their privacy [10]. Mark Zuckerberg is another high profile technological genius who advocates covering your webcam, as he does it himself [11].

Webcam Privacy [12]


Users who own webcams that feature an on and off signal light may believe they are excluded from the risk of webcam hacking as they can see if their webcam is on. This is unfortunately not the case. It is possible for you to be spied on at any time without the light turning on, whether it is a malicious teen or an FBI specialist hacking in [2].


Remote Access Trojan’s, more commonly known as RATs, are malware programs that allow hackers to gain administrative control over a targeted computer. Once within a computer system the hacker has access to confidential information and has the ability to access your webcam, take a screenshot, or alter your files. These programs are usually downloaded via a user-requested program for example, an attachment in an email [3]. As such, those who are less tech-savvy, such as senior citizens, are at a higher risk for accidentally installing a RAT into their computer.

An example of a well known RAT is Black Orifice, which was created with the intention to expose the lack of security within Microsoft Windows OS [4]. Black Orifice permits a user to control a computer that is using the Microsoft Windows OS from a remote location [4]. Although this program had legitimate purposes, there were other factors that made it well suited for harmful practices. Including the ability for the program to be installed onto a computer without user interaction. As such, it was dubbed as malware. However, those without ability to write their own harmful code use Black Orifice due to it’s ease of installation[4].

How to Protect Yourself

There are a number of ways in which to protect oneself from the threats posed by a webcam. First, and most sensibly, ensure your webcam is covered. Next, ensure you have antivirus software that is up to date to avoid RATs. It is also imperative to be aware of the camera technology on your smartphone as well. Camera covers can be bought for camera embedded devices such as a laptop or smartphone that feature a sliding ‘window’ to ensure ease of webcam use, when you consent to it.

Webcams however, are not all bad as they allow such luxury as face-to-face connectivity to those who live anywhere from across the hall to across the world. Therefore, they are not going anywhere. Thus, it becomes an individual’s responsibility to properly protect themselves.

Privacy Implications of Using the Cloud

Cloud computing provides users with shared computer processing resources and data to their devices, such as computers, on demand [5]. More often than not these services are free such as Dropbox and Google Drive. Due to the availability and ease of access to these products it leaves users wondering who may have access to their information. This is where the problem of legal ownership arises. Many Terms of Service agreements do not address if a cloud provider can profit off of your data [5]. As a result, a variety of ethical issues are embedded into the core of cloud computing thus making privacy a grey area.

Personal Use

Similar to most services today cloud computing platforms require you to sign terms and conditions that include a variety of privacy threatening terms. Including the ability for cloud service providers to access the data you store in the cloud at any time as a result, they have the ability to alter or delete any information you are storing in the cloud. Additionally, providers may share your information with third parties with or without a warrant if they deem necessary for the purpose of law and order[5].

Implications of the cloud and personal use go beyond the cloud services one uses to store their data. Other companies, whose applications we use, may be storing information on your behalf on the cloud. Whatsapp, a popular messaging app owned by Facebook, recently began end-to-end encrypting their messages. Users of the service were alerted when a private or group message was being encrypted. However, Whatsapp failed to include information about the associated privacy implications. Included in the encryption feature is an option for users to store their chat histories to a cloud provider including Google Drive and iCloud. This allows for messages to be retrieved if lost through decryption. Therefore, the user’s private messages are no longer end-to-end encrypted and the cloud provider may access them[6].

Professional Use

Alongside the personal privacy implications of using cloud services, there are many professional usage issues associated with the cloud. Recently, InfoWorld released an article addressing “The Dirty Dozen” outlining the top cloud security threats organizations face while using the cloud [7].

    The 12 threats include:
  1. Data Breaches
  2. Compromised Credentials and Broken Authentication
  3. Hacked Interfaces and Application Program Interfaces (APIs)
  4. Exploited System Vulnerabilities
  5. Account Hijacking
  6. Malicious Insiders
  7. The Advanced Persistent Threats (APTs)
  8. Permanent Data Loss
  9. Inadequate Diligence
  10. Cloud Service Abuses
  11. DoS Attacks
  12. Shared Technology, Shared Dangers
Companies Using the Cloud [8]

The above threats apply to all individuals not only those directly involved in an organization. Additionally, they occur at a variety of organizational levels and result from both internal and external threats. A study conducted by RightScale asked 1,060 IT professionals with 42% of respondents representing firms with more than 1,000 employees. They found that 95% of respondents are using the cloud [8].

As such, similar to the aforementioned Whatsapp example, companies which you provide personal information to may be storing it on the cloud without your direct knowledge.

How to Protect Yourself

Choose wisely! Research cloud providers and find the one that best suits your personal needs. If you have the ability, encrypt your data stored within the cloud to prevent unauthorized access.

For organizations, it is imperative to choose cloud services wisely and consistently revisit company policies regarding the cloud including which employees have access

In regards to external organizations storing your data on the cloud, there is limited control you have. Therefore, be smart about what information you are providing and to who.

However, cloud services are extremely useful in both personal and business contexts. Therefore, there is no reason for one to stop using these services all together rather, one must take more care in choosing and using them.

Dangers of Always Listening Devices

Always listening devices such as Amazon’s Echo and more recent Google Home pose a substantial threat to privacy as they become key components of the home. These devices work though using a command word “Alexa” for the Echo and “Hey Google” or “OK Google” for the Home. Through integration with a variety of in home and online applications these devices can turn on lights, play music, add items to your to-do list, and search the web.

The danger is that the Echo streams audio from a fraction of a second before you say “Alexa” and continues streaming until the request has been processed [9]. Therefore, pieces of private conversation may be captured. Additionally, Amazon stores their information, including your voice clips, in the cloud. They save these past requests to better serve you in the future [10].

One user online wrote about his privacy infiltrating experience he had with the Amazon Echo. The user discussed having a child with his wife in their common space where they keep their Amazon Echo and the next day, he found an advertisement for diapers on his Kindle. This user did not use any Google or Amazon search engines or products to search for baby products[9].

How to Protect Yourself

As these devices are exceptionally easy to use and convenient, it is unlikely to assume consumers will opt out of using always listening products such as the Google Home or Amazon Echo. As such, other than not using these devices, consumers can guard their privacy by only turn them on when needed and by being cognizant that the device is listening. Until more exact privacy implications of such devices are uncovered this is the best way of protecting one’s personal information.

Truth Behind "Hey Siri" and "OK Google"

“Hey Siri” and “OK Google” are the hands free voice commands for Apple and Google, respectively. Hands free voice commands poses a large threat to privacy as the devices must constantly be listening in order for these features to work. By using Siri for example, you have agreed to the transmission, collection, processing, maintenance, and use of information by Apple and its subsidiaries [11].

In regards to “Hey Siri,” Apple states, “Information about your voice isn’t tracked or stored outside of your iOS device. You can remove this information from your device by turning off “Hey Siri””[11]. However, an article published online on Wired states that Apple actually keeps voice data for two years, details outlined below.

"Hey Siri" Voice Data Storage

When you say something into Siri, Apple’s digital assistant, it is sent to Apple’s data farm for analysis. Once your voice has reached the data farm a random number is generated and assigned to your voice clips to represent you. The number assigned has no connection to you personally or your personal information including your Apple ID [12]. After six months of holding and using your voice, Apple “disassociates” your assigned number from the corresponding voice clip resulting in anonymity of clips. However, the voice file is kept for up to 18 more months for testing and improvement purposes[12]. Therefore, your voice is saved in the Apple system for two years unless Siri is turned off. Once Siri is disabled, both identifiers, the random number and voice clips, are deleted immediately as well as any data associated [12].

How to Protect Yourself

As it is not realistic to assume people will cease using services such as “Hey Siri,” due to the extreme convenience users must take other precautions to protect their privacy. People must be careful about the personal conversations they have around and with Siri and other personal digital assistants. Additionally, turning on and off Siri at regular intervals, although may lessen accuracy of responses, will aid in securing your data due to the deletion.

Self-Driving Cars

Self-driving cars are beginning to gain popularity and abundance in our society with cars such as the Tesla Model S. Due to the capability these self-driving cars possess to drive you to frequently visited locations such as work, school, and home, the driver should consider the threats to their privacy. Cars, such as the Tesla, collect information related to you personally and the products and services you use.

Tesla Information Collection

The three main types of information Tesla collects pertain to you or your devices, your personal Tesla vehicle, and your Tesla energy products.

Information collected about you may include your name, address, phone number and email address, and payment information. Such data is collected through Tesla services you may use including websites or software applications. Additionally, they may collect information through public databases, marketing partners, certified installers, and social media. Furthermore, Tesla uses services such as ‘My Tesla,’ cookies, and analytics applications to gain information about their consumers [13].

Information from or about your Tesla Vehicle includes telematics data, remote analysis data, and other vehicle data. This information pertains directly to car usage and includes details about vehicle usage, battery use, odometer readings, personal vehicle settings used, and accident data including air bag deployment. Additionally, data regarding traffic and autopilot feature may be sent to Tesla and their partners even if you are not currently using these features. The collection of this data can be halted by turning of the “Traffic-Based Routing” setting in the control panel[13].

Information from or about your Tesla energy products may be collected directly from you, through a certified installer, or through the products themselves. Product information, installation date and number of products installed, and serial numbers all may be collected. Opting out of this collection involves directly contacting Tesla. If a user chooses to opt out of such collection, Tesla claims your product may suffer as in case of damage or reduced functionality, Tesla is unable to alert you in real time [13].

Threats to Your Privacy

Due to the varying paths that information is collected through self-driving vehicles, privacy threats endanger not only your personal data but your vehicle as well. This is because hackers have the ability to hack into vehicles and change the radio, turn on the air conditioning and even alter the car’s final destination.

Hackers Remotely Kill a Jeep on the Highway[14]


Consumer Protection

Auto Alliance, an association comprised of 12 of the largest vehicle manufacturers, drafted voluntary privacy principles for automakers to follow. The principles included obtaining affirmative consent to track a user’s geolocation, biometric information, and behaviour [2].

Although Auto Alliance drafted these principles with the consumer’s privacy at the forefront, they do not comply to fully protect users. This is because consent is required only if the vehicle company wishes to use the information for marketing purposes. Otherwise, the organization may use the information as they please [2].

How to Protect Yourself

Self driving cars are extremely beneficial to some users due to ease of use. For example, a driver who suffers from night blindness may take comfort in knowing their car can most likely safely drive them home. However, as the technology is relatively new there are a variety of privacy threats consumers are unsure of how to combat. As such, to best protect oneself there are precautions they should take. Users should not store favourite locations or personal information in their vehicle. Additionally, disabling tracking features including “Traffic-Based Routing” users can decrease the amount of vulnerable information they are putting at risk. A consumer’s best option for protecting their privacy would be to not purchase a self-driving car at least until more in-depth privacy protection measures are imposed.

Dark Web

Learning About the Three Different Webs

As to the surprise of many, there are three different webs including: the visible web, deep web, and dark web. An iceberg diagram is a well known visual representation used to describe the differences between the three webs, highlighting the amount of information that lives and is hidden within the deep and dark web.
Dark Web Iceberg [3]

Visible Web

The visible web is the most common web as it is simply accessed through popular web browsers such as Internet Explorer, Mozilla Firefox and Google Chrome. It is composed of any content that may be searched through search engines such as Google and Yahoo. The content on the visible web is said to be constantly under surveillance by not only the government but also many other individuals. There is no perceived privacy of the information available on the visible web. As there is limited privacy, it is easy trace and track information.

Deep Web

The deep web can be classified by anything that a search engine cannot find. It is a part of the Internet that is not indexed, making it hard for search engines to identify such information. CCN Money suggests, “search engines are like fishing boats that can only "catch" websites close to the surface. Everything else, from academic journals to private databases and more illicit content, is out of reach”. It is important to note that information that exists within the deep web is still accessed by popular web browsers, but as search engines do not index it there is a little more privacy. Information in the deep may be access directly through the web page that owns it or through passwords as it may be under protection [4].

Dark Web

The dark web is an area that lies within the deep web, enabling users to search and exchange information anonymously. It is widely known and referred to as the illegal part of the deep web, as it is associated with the selling of personal information and illicit content. The dark web is not as easy to access as the two other webs, as it must be accessed through a separate browser. The most popular browser used is The Onion Router, as known as TOR for short [5]. This browser is able to find all information that search engines cannot access. As this content and communication on the dark web is seen as completely anonymous, it is not possible for it to be monitored. This anonymity is possible by the repeated encryption of each communication being sent through several network nodes, enabling each node to be encrypted itself. The anonymity within the dark web allows there to be no tracking of the origin, destination and contents within any message [6].

Two Sides of the Dark Web

As the dynamic structure of the dark web entails complete anonymity, many users have learned to take advantage of this.

The Good Within the Dark Web

Using Tor as a browser to simply protect and hide identity has been something that has started to spread, as many users now use Tor to browse both the visible web as well as the dark web. It is known that some users of the dark web simply don't want government agencies or even Internet Service Providers (ISPs) to know about their browsing activities online. On the hand, some dark web users are in countries with strict Internet restrictions that prevent them from access public websites unless they use Tor browsers.

Some other beneficial ways the dark web is used to benefit the public are by whistler blowers, police, journalists and the military. For example government critics and other outspoken supporters who may fear repercussions for their views and real identities may use the dark web as a space to share the views. Governments or companies may also use the dark web to exchange documents with sensitive information. As per the anonymity of the dark web, this could provide added protection when dealing with sensitive content.

The Illicit Within the Dark Web

Of course, with any type of anonymity comes a dark side since there will be criminals and malicious users that prefer to use this anonymity illicitly. The encryption and anonymization tools that are used by both the users and webpages of the dark web ensure that there is no law enforcement presence. This means that there are many sources of illicit content within the dark web, including materials that lay beyond the bounds of common decency and good taste.

There are many websites that touch private information such credit card numbers, social security numbers, driver’s license info, medical records and many more personal information items. All this information is vulnerable to a security breach, which could do irreparable harm to individuals and their reputation.

Within the dark web there are not only thousands of stolen credit card numbers but also stolen physical credit cards that are available for users of the dark web to purchase. The dark web provides a suitable space for these illicit markets to form and operate, as per the zero regulation and it’s dynamic structure. Personal information leaks are also a large part of the dark web. This entails malicious activity where personal information is leaked onto the web to the public on purpose. Many of these large personal information leaks are targeted towards companies, political figures and celebrities. Information that is leaked can range from simple personal information such as a telephone number and address to very personal information such as a Social Insurance number. It is also possible purchase passports from the markets within the dark web. Passports stand as a strong personal identification as it allows you to travel, open bank accounts and even purchase property.

It is important to note that markets within the dark web obtain their information from Internet users. All this information for sale within in the dark web is all private information that is sold for profits. Even though it may be hard for individuals to assign a monetary amount to their own information, the dark web markets do not have problem with assigning an amount, usually in bitcoins and selling their products – our information. This proves that, even if you don't surf within the anonymity of the dark web, you could be at risk of your information being sold or used for other things[7].

Is Your Information on the Dark Web?

Have you ever wondered if your information has leaked into the dark web? It is now possible for you to find out if any of your information has made it into the dark web, all thanks to web crawlers such as Matchlight. Matchlight is a fully automated data intelligence system that sends immediate notifications when it is able to trace and find your data in places in the web it should not be [8]. This is possible by creating an account with Matchlight and entering simple information such as your name, email, and social insurance number. It is also possible to submit important documents for Matchlight to scan over and search for any matching content within the dark web.

You may be afraid to enter your personal information into Matchlight as you not know or understand their privacy policy. When accessing something that is dealing with the dark web it is very important to read the privacy policy and understand the implications. Matchlight is owned by Terbium Labs, it is known that the information that you enter into Matchlight is not actually sent to Terbium Labs. Your browser hashes the search criteria, and then sends this cryptographic fingerprint over to the company's archive of material to check for matches within the dark web. This implies that Terbium Labs will not really know what the customer is searching for, therefore keeping all user’s information more secure [9].

Check if your information has made it to the dark web by visiting: Matchlight

Protect Your Information on the Dark Web

It is important to note that you must take extra precautions when dealing with content or the dark web itself. The anonymity of the dark web makes it a dangerous place. Here are a few suggestions that you can do to help protect yourself:

  • Be Aware of Disclosing Personal Information: We have been told since we are little to never give out your private information to someone whom you don’t know. The same rules apply when browsing the web make sure you are on secure websites that you are able to trust. When browsing the dark web, ensure you are protecting your information and not disbursing it into the dark web.
  • Understand the Implications of Browser Tools: It is important to understand the information browser tools such a javascripts and plug-ins are using. It is suggested to stop using javascripts and plug-ins as they may be giving away browser information, location, configuration and even in some cases cookies.
  • Encrypt your Information: Encryption systems are key. It is important to make sure your information is secure from the dark web. It may be good practice to look at your information from a company’s perspective. You should encrypt any private information to keep others from obtaining and using it for other uses. For example, setting up an encryption system for incoming emails is quite simple and is implemented by many smaller IT departments [10].

Perceived Anonymity Outside the Dark Web

Although the best way to remain completely anonymous online is to use a dark web browser such a TOR, there is another method available that is much easier to access. This option is widely known as a private browsing window or incognito.


Incognito Message [11]
Incognito Tab [12]

Incognito is a well-known type of browser that enables individuals to browse the web anonymously without having to access the dark web. Although incognito may not be as anonymous as the dark web, it does ensure “that search and browser history and cookies will disappear once the browser or tabs are closes”. This may imply anonymity but does not completely protect ones’ identity from Internet service providers, some websites they may visit or even employers. This suggests that although many perceive browsing the web in incognito as browsing anonymously, this is not completely true and important to remember[13].

It is imperative to note, that whether you are browsing the visible web within a normal browser or an incognito browser, it is important to be aware of where and what you’re browsing at all times. Browsing in an incognito browser may protect you from your computer obtaining your information, but does not necessarily protect you and your identity from the rest of the world [13].

Future Predictions

As the issue of privacy is a more recently discussed and researched phenomenon, there is uncertainty regarding the future consequences of our actions today online. Due to this uncertainty it becomes each users personal responsibility to protect their privacy to the best of their abilities. This, goes beyond controlling who has access to view the content you post on social media, and encapsulates your entire internet usage and online persona. Furthermore, as big data may be used against online users through analysis, online privacy control gains further relevance.

The Internet of Things has already begun to rapidly change the world in which we live. As such, privacy and the internet will expand from not only threatening it's users when they sign onto their computer and smartphone but to when they take their self driving car to work, or they walk into their smart house that can tell them when their fridge is left open.

Due to the relative uncertainty of privacy it is ultimately each individual's personal responsibility to remain as educated as possible to impose the proper security precautions. This is especially important as threats break out of our devices into our homes, schools, and cars.


  2. 2.0 2.1
  13. 13.0 13.1


Marie Napoleone, BBA, Beedie School of Business

Tori MacKenzie, BBA, Beedie School of Business

Tynan van Wyk, BBA, Beedie School of Business

Russell Fay, BBA, Beedie School of Business

Personal tools