It started with a photo. A floral arrangement, to be precise — wild flowers and leafy sprigs stuffed haphazardly into a bouquet that screamed, “You could do this yourself, but you won’t,” in a way that seemed specifically designed to fit into my Instagram feed. Were it not for the tiny “sponsored” tag, I never would have given it a second glance.
“I was just talking about needing flowers for the party next week,” I muttered.
Then I stopped. I hadn’t just been talking about needing flowers for a party next week; I had been talking about needing flowers exactly like this.
Now before you start slowly backing away, let me just say that our phones are listening — though not in the ways you might think. It’s not paranoia; it’s a fact. You don’t need to be Carrie Mathison (or, err, me) to realize that the conversations you’re having over dinner tend to show up in your Instagram feed the next day.
But how is this data being collected?
According to Sandy Parakilas, a former operations manager at Facebook and chief strategy officer at the Center for Humane Technology, our conversations aren’t actually being recorded. “The chance that that’s happening is almost zero,” he said. “The vast majority of what you talk about has no commercial value.”
What is being recorded — or rather, tracked and purchased — is our location data and financial transactions.
Remember that dialogue that popped up on your phone the last time you downloaded an app? It might have asked you whether you’d like to share your location “always,” “never” or “only while using.” If you chose “always,” your location is always being tracked — at least when your phone is not in airplane mode. But even if you chose “only while using,” that app can still buy location data from other sources and use it to build a more complete picture of where you are. Harrowing? I thought so too! But it gets worse.
“When you have enough data about someone, you’re starting to get a really accurate picture of who they are, and when you combine that with data mining and AI, you can start being able to know people better than they know themselves,” said Parakilas.
Think about the Cambridge Analytica scandal, a story so groundbreaking it got Americans to care about data collection and stayed in the news cycle for weeks. And the data they were collecting? The Facebook pages we’d liked.
And we now know that data is far from harmless — it can (and was) used to build psychological profiles and target political ads.
“While it may seem innocuous that you like Starbucks and Nike and Walmart on Facebook, and the ad content they show you might not seem to be particularly manipulative…when you take that at scale and start applying it across society, you’re now in a pretty dystopian world,” Parakilas noted.
Put another way, if bad actors can tell who might be susceptible to misinformation about voter-registration requirements, they could target ads aimed to augment voter suppression. And if they know your search history, financial transactions and location, they can guess what you want before you want it.
Of course, it’s not always that dire. Back in August, artist Annie Kahane was scrolling through Facebook when she saw a story that made her pause. “Catch Him and Keep Him,” the headline read — it was a sponsored post by dating guru Christian Carter. “I clicked,” she said. While she thought it was strange that her computer knew she was single, she figured the information might be interesting.
Doctor Edith Bracho-Sanchez, a medical fellow at Stanford, cited a similar experience. She was chatting with a friend about a fertility-tracking bracelet called Ava when she noticed something strange going on. “It was all over my social media feeds all of a sudden,” she said.
Starting in 2020, California residents will get a data-privacy boost with the California Consumer Privacy Act (CCPA), a watered-down version of the General Data Protection Regulation (GDPR) in Europe. CCPA will require companies that collect user data and sell it to third-party sources to have an “opt out” option.
Of course, the two biggest data-collecting companies, Google and Facebook, are largely protected from CCPA since they don’t sell data—they just lease it. If that seems like tech-speak for “I don’t inhale,” that’s because it is.
But even people outside California can do more to protect their personal data. If you don’t need to “always” share your location, don’t. And if you’re asked for your personal details (say, your name and birthday), feel free to lie unless there’s a good reason to be truthful. “You’re doing everyone a service by entering massively wrong information,” said Parakilas.
In my case, knowing my phone wasn’t listening to me talk about flower arrangements was comforting. But it still probably knew that I had stopped by a flower shop last week, and it might have even guessed that I hadn’t yet purchased any flowers. Just to spite it, I didn’t go to the flower shop Instagram had suggested. I walked to the florist next door and purchased a bouquet in cash.