This past year I’ve started to get lots and lots of scam phone calls. By the time the scammers got around to me, they had already gotten to local news. My partner had also gotten scam calls, so I knew to expect them. I was a bit miffed how they got my phone number. I’m findable, for now, but it seems like a lot of work to go through for what has to be a bulk business. I didn’t give it more thought until this past weekend when I saw the news about the 2019 Facebook data leak. They mention phone numbers as data that was leaked. I didn’t remember giving Facebook my phone number, but the news talked about phone numbers people used to sign up, so I must have, right? So, now it’s out there, which is annoying to say the least. It might become dangerous.

They want your data

The myriad ways social media and others use your data can be hard to track. Facebook decided to hang on to all the bits of data that users ever provided, no matter how fleeting. Maybe Facebook wasn’t using it, but they chose to hang on to it. It has to be a conscious decision from multiple people to hang on to it. Data is a fucking headache. You need to figure out the things that users want to share, the use cases of the data you’re keeping, the storage. If you’re being responsible about it, you also need to make sure that only the people with permission to view the data have access to it. It’s a pain in the patella. Really, it’s easier to just not hang on to data that you don’t need for a specific purpose. Of course, that’s not how companies like Facebook or Uber operate.

I know this is probably not news to anyone, but a company like Facebook is in the business of gathering data. And the data is the product. The same goes for Uber, Twitter, and probably all the other companies either giving something or selling a service for significantly cheaper than other comparable services. Such as taxi companies.

Data is money

And thus, we come to Uber. I was watching a video by iilluminaughtii about Uber on YouTube and there was a throwaway line in it; “Uber is not in the transportation business”. The whole video is full of terrifying stuff about Uber, but that line stuck with me more than the rest. Because the fact of the matter is that Uber is not, in fact, in the business of transportation. It is in the business of data about transportation. Every time you take an Uber ride, data about that ride is collected. The time, the traffic patterns, all that good stuff. Through their God View they can also collect data on the habits and patterns of individual users, which they can then collate into larger patterns of how individuals tend to use transportation. They can then turn around and sell this data to governments, businesses, and self-driving car developers.

Facebook’s example from the beginning of this blog post shows it’s not guaranteed that this data is actually secure. They save it all, but because that data is just a product, it’s not secured in a way that health records or similar might be. Although, at least here in Finland, it turns out that health records aren’t always secured in the ways that health records should be. But that’s a blog post for another day.

You don’t really change

This is something that the companies collecting your data don’t want you to understand. Most people don’t change their birthdays, their phone numbers, or a lot of other information all that often. Home and work addresses also change only very rarely. People tend to get into patterns of behavior, and that can be a good thing. But it becomes potentially unsafe when that data can be accessed by people the person doesn’t want to access that information. I am definitely thinking about changing my phone number, now that I know the source of the infection. It just sucks because I have had this phone number since I first got my own phone. It’s going to be such a hassle to change my number and let everyone know that it’s changed. Data about most people just doesn’t change as often as these companies like to pretend it does.

What can you do then? Not much. Give as little of your data to these companies as possible. Give fake data where possible. My birth date on Facebook has been the first of January 1905 for a good while now. I would prefer to leave Facebook entirely, but my local writer’s group is there and I don’t want to give up that group. And the other thing you can do is to lobby your legislators to do something about the way these companies gather, secure, and use your data. Clearly, the GDPR is not enough to get anyone to change these patterns, but it’s a start. We desperately need similar legislation everywhere else as well. And that is definitely the biggest thing that you can do. Talk to friends and family about it. Regulation is the only way to get these companies to pay attention to your privacy.

There’s also a growing idea of people actually owning their own data. The technical implementations of that are more or less non-existent, but that’s where the legislation is hopefully headed toward. And as someone who’s probably going to need to work with those implementations, I am very excited. Bring it on.