Who might be interested in my data? And why should I care?

No one is interested in photos of my dog 📷 🐶

you may reason. Very true, even your family has probably seen enough of them 😜. Your dog photos are trivial bits of information about you, though you are not the subject of the photo. The location of your post, your caption, time of post, comments, likes and re-shares, etc., are less trivial.

But if you add all the unimportant bits of information together about the same person, you have one large important bit of information. Even when anonymised, it's still your data, and it can still be possible to de-anonymise you if enough anonymised data is gathered of the same person.

In any case, if you've been using a social network for a few years, they have a fairly large dataset on you. When you mix in your Google searches, Amazon purchases, Instagram followers, etc. etc., you have a unique profile which is very valuable indeed, in real money terms.

It has been estimated by one valuation method that each Facebook post in 2012 could be valued at 2.5 cents, each LinkedIn search at 12 cents and Foursquare check-in 40 cents [1]. By another method, each user is worth $120 to Facebook, $71.43 to Twitter and $28.09 to Pinterest, again in 2012 [2]. Both these valuations are rough and ready divisions of company valuation by content in the first example, or users in the second, but it highlights the fact that the profitability of a social network is directly proportional to the number of users, and the quality and frequency of their interactions with others on the network. This is before even considering the value when linked with other social networks, a method used by third party advertising networks.

As far as I know, Steemit is the first social media platform to give back to users in a real monetary sense, but they still permit various information gathering and sharing with third parties. This is to say, they are interested in exploiting the same value we users bring to social networks. They are clear enough about this, and I'd recommend you read their Terms of Service and Privacy Policy, as we have been warned by South Park to do! 😱 Btw, I'm currently reading the Steemit white paper and will write about data ownership on Steemit after getting through it.

So, it's clear that the networks themselves are interested in your data, but who else? Let's take a look at that. In this world of posts, likes, STEEM and tweets, there are six main categories of viewer you should consider when making information available. These are presented to you here, in order of scariness 👻, from least to most. 👏😊 I love lists 💛

The Six Eyes

_Yes this is a play on _The Five Eyes 😉

1. 😀 The average, individual user
2. 😆😡😔 Organised users, or the mob
3. 🏠 The system itself
4. 🏯 Third party systems
5. 🛠 Hackers
6. 👮‍♀️ Intelligence agencies / 🏛 the government(s?)

😀 The average, individual user

We probably don't need to worry very much about them, except in certain situations. It's not really a big concern if your neighbour sees the new Haiku you wrote, or if some bored office worker in France does. It may matter though if a future employer sees your angry posts about your previous employers. The privacy settings will probably be enough to keep this in your control for most social networks, but this does not apply to Steemit. For the rest, beware of defaults settings here, keep what you consider private as private.

😆😡😔 Organised users, or the mob

It's a bit more of a concern if individual users group together to target you for harassment. Again, they will only be able to see what is public (on Steemit this is everything). There have been a number of cases were people have lost their job because of the viral reaction to a tweet or Facebook post made in bad taste. Jon Ronson's book So You've Been Publicly Shamed is a deep yet funny look at this phenomenon.

Similarly, like-minded trolls can band together to harass people they disagree with, or who they perceive to be a threat to their agenda. The gamergate controversy is a well known example of this, as well as the more recent harassment of actor Leslie Jones in connection with her role in the movie reboot Ghostbusters.

I believe this relates to data ownership because the only way these tweets and posts can matter in the offline world is if a real person is identified as the author. They are identified by information, information which they make available, perhaps as a requirement of usage, but often voluntarily. For example, a troll can find out where you work and contact your employer to complain about you, perhaps even making up lies about you.

🏠 The system itself

We give away so much data to private companies. Some of this data becomes their property. Most of your interactions with online services are governed by a licence agreement most often granting them rights to your data, some of which are practically irrevocable. This applies to both the main content and metadata.

Why does it matter? Well if your data is worth something to them, shouldn't you be compensated? Some would argue you are, by the usage of their service for free. This argument may have worked in the early years of social media, but the company owners are simply making too much money for this, therefore increasing the value of users and their data. Steemit is a wonderful attempt to correct this balance, and since I'm new here I don't know how it works in reality, I'm catching up. But it looks promising.

However, ownership is a larger concept than usage and compensation. The data owner has, within the limits of the law, the right to use data, but also to grant others rights to use it, withdraw these rights, destroy or modify the data, and so on. This is simply not possible when data is surrendered to social media companies. Once transferred, we have little guarantee that if we request it to be deleted, that it will. Most T&Cs make this clear, and either refuse to delete data, only delete some of it, or say that some will remain on their systems. A precious few will actually delete it, hats off to them. And of course, on Steemit, deletion is not possible.

🏯 Third party systems

Third party systems are those that collect information, either directly from the social platform (what you have already supplied) or newly generated information gathered via tracking mechanisms (essentially spying with tacit permission) such as cookies.

Once a social network has assumed rights and possession of your data, they are often entitled (by the license agreement you agreed to just by using the service) to share some or part of it with third parties, as well as make your browsing on their site available for their own analytics. These third parties are usually ad networks. Steemit does this, as well as nearly every website of note on the internet.

Many of us have a gut reaction against this kind of thing, because it seems creepy. 👹 Well it is. It's pretty weird to get ads on Facebook for schools when you buy a school uniform on Amazon (if this ever happened, pulled it from the air 😅). But that's not my main concern. Our social media data is sold and then resold, with all kind of additional analysis, as a service available to anyone who can pay. You can get access to this kind of information at Datasift.com for example. I find it significant that their front page tagline is

Provide Insights. Protect Identity. Translate data into action with the privacy-first Human Data platform.

It's completely the opposite, they buy private data and scrape public data, then sell it. They are not protecting privacy, though they anonymise data. If you're on any of the main websites, your data is in their databases too. I encourage you to click around their website, it's pretty enlightening as to what is possible and again, the value this data and their analysis of it. Another quote, from here:

Tap into the hidden value of Human Data. The value of social data is estimated at $1.3 trillion but most of it is untapped. We are here to change that and help you extract and create more value in the ever expanding universe of social data.

🛠 Hackers

So you've bought a Tomagochi on Amazon and a drone delivered it to you house! 🚁 🎁 😁 Very cool. Amazon are governed by the law of the land, and cannot take and additional $1,000 out of your bank account because it is a Tuesday, even though they have your information and so the ability to. They are bound by the law and respect as must of it as makes business sense to do (which we take for granted is usually most of it). Hackers on the other hand, feel bound by no such laws. Data theft continues to be an issue, and a site you use could be targeted. You can check here at Have I Been Pwnd if you're a known victim (you probably are). The bottom line is that if your information is stored on centralised servers and accessible by anyone but you, it is vulnerable to attack. Be afraid, but be careful. Use different passwords, and even email addresses.

An exception here are services that only store encrypted data on their servers, which their staff don't have access to. It's a new area because it's quite difficult to actually do anything without having access to your data. At least, difficult to do anything profitable, and certainly doesn't make it available to advertisers, which if it's not clear by now, run the internet. Interested to see what happens in this area. Some examples are Tutanota, the email service, and Mega, the file storage service started by MegaUpload founder Kim Dotcom.

👮‍♀️ Intelligence agencies / 🏛 the government(s?)

The most notorious surveillance agency in the world is certainly the NSA, but the Russian and UK governments also have far reaching eyes and ears, amongst other state and non-state actors. In general, their level of intrusion is far beyond what I consider in my practices. They operate outside and above the law, as they are empowered to by the current state of politics and fear in the world.

In general, if an agency, or indeed elite hacker, has the resources and time to devote to an attack on an individual civilian, they will doubtless succeed. You can do some things, but beyond serious OPSEC such as having an air-gap computer, you are toast if a target. That said, encryption is a big issue for them, so if you can keep your keys safe, this might get in their way somewhat. Get politically active to mitigate this risk because you just don't have the resources to stop them. Be very afraid, and listen to Snowden.

TLDR

The internet is scary sometimes. Protect yourself to the best of your ability and organise with your compatriots to change things. ⚠️ 🔐 🔗 💪 ✍️

References

• [1] [2] Fake It! Your Guide to Digital Self-Defense, 2nd Edition; page 29; copyright Pernille Tranberg & Steffan Heuer 2013

Closing

This turned out to be a bit longer than I expected, so if you read it all, I thank you very much. As my first proper post, I'm even more grateful. ✌️