How User Agreements Are Killing our Privacy 

February 12, 2018 Security and Compliance, MOVEit

Online privacy is a mythical creature not unlike the unicorn or Cyclops—we’ve all heard the tall tales, but we’ve never seen it in the wild. And we have only ourselves to blame. If we take governmental monitoring as a given and add the fact that U.S. ISPs can now monetize their customer’s service usage without permission, is there any expectation of online privacy left?

Can we take back control of our browsing data? How do we know what data is being collected by the websites we visit? What actions can we take against those who abuse our trust and monetize our data or fill our inboxes with unwanted emails or web prompts?

Many of us are lazy when it comes to using social media, visiting websites, and performing research as we fail to review the user agreements for every site and platform. Okay, I’m kidding. We’d get nothing completed if we read all that. However, we can start with the global companies and decide if our use of a free service is worth the loss of privacy. I’ll refrain from pointing the finger now, but all are guilty of using analytics to serve us better,i.e. annoy us every time we log on.

My first piece of advice is an obvious one – Think about what you post online. Would you be okay with your children, friends, or future employers reading what you’ve posted? Secondly, when you browse the web, would the same people be okay with your search terms?

With these two tips in mind, how can you tell what information is gathered by the website or service you’re using? The user agreement is usually part or the terms and condition section of a website. I did have a gullible user response in mind, but I was beaten to it by Charles Henson, a managing partner at Nashville Computer Inc., a Tennessee-based provider of managed IT services

I’ve shown it below in full for entertainment value and not as a means of padding the word count.

A Typical User (Surprisingly Accurate)

If you think of the large platform providers (social media, shopping sites, and search engines, for example), all will have a long user agreement that few of us take the trouble to read. We just assume that we sacrifice a little privacy to use the free service. After all, they must make money somehow.

I heartily agree with Henson’s depiction of the ideal user response aka – This is what they want from us.

“Sign me up! I’m not sure what I’m signing up for, but I agree to your 30-page agreement if you’ll let me use your platform. I want to use this platform to tell the world and anyone else who will listen, exactly what I like and don’t like. I’ll also share with you what my day to day life is like and my opinions and views of the world, not just political but also in general. Not only will I willingly give you my opinion, I’ll also share with you all the locations that I visit, restaurants I eat in, stores I shop in and will allow you to view my pictures, messages and show me advertisements based on these items. Of course If I had read your user agreements, I would have known that when I am on vacation in Toronto, and while I visit a shoe store I snap a couple pictures of the latest Michael Jordan shoes and message the images to my son, that I would be allowing you to intercept that conversation and then start showing shoes for sale in sponsored ads in my Facebook feed,” said Henson.

It’s funny because it’s true. In addition, the user agreements are biased and not in our favor. Here’s how Henson put it.

“The problem I see with user agreements is that they are legal documents and even if I took 2 hours out of my day to read through one, prior to using an app or service, I wouldn’t understand it as I do not have a law degree. If you shortened it to read: “By installing this app, you allow us to follow you 24/7, listen in to what you say, look through your “likes,” messages, and photos so we can play matchmaker with advertisers. Oh, and we have the right to keep this data and information gathered in a database to use in the future as we see fit. And in no way, can you sue us or stop us from retaining the information under any circumstances.” Would you still want to install and use the app?”

I doubt it, but in some cases, we can still use it and salvage some privacy. More about that later.

User Agreements – Giving Your Permission to Harvest Data

As Henson pointed out, use of the services implies or is dependent on agreeing to legal terms of use. If you have an issue with those terms, the simplest solution is this: don’t use the website or service in question.

“Not all agreements are the same. IF you visit a site such as Google and do a search, they will not track and display information pertaining to you to others, however, if you “sign in” to your Google account, you now have given them permission to track, record and keep a history on items you search for,” said Henson.

“I personally do not login to Google while I am searching and I use the Google Incognito option if it is random searches or items I don’t want to show up in my search history. Using Incognito allows you to browse the web without cookies (site data), form fill data and history without the information being stored locally. The sites you visit however, will still know your information in regards to type of PC used, which Internet browser and what Internet Provider you are using,” added Henson.

Clearly, if you want to restrict Google or any other search engine’s tracking option, then don’t sign in. The minor inconvenience of signing in and out of specific service (YouTube for those oh so funny cat videos, for example) is a small price to pay for a little browsing privacy.

For social media, to avoid becoming a brand spokesperson, avoid liking brands on the platform, recommended Henson.

Of course, that doesn’t solve ISPs’ wily ways to monetize data.

Track This, Buddy!

As of last year, ISPs can now sell client data for profit and Comcast has been doing just that in Tennessee.

“Comcast has an online tracking policy. This policy as written, allows Comcast to use your information, browsing history, sites visited and any other information given, to allow them to better serve you. In their own words The more you tell us about yourself, the more value we can offer you. Supplying this information is entirely voluntary,’” said Henson.

“It further states that information collected by Comcast falls into two categories: (1) information voluntarily supplied by visitors to and users of the website and (2) tracking information recorded as visitors and users navigate through the website. Some of this information is personally identifiable information, but much of it is not. So, in plain English, what you do while on the internet using our services, we track and allow advertisers to have ads relevant to what you are searching for,” added Henson.

If you would rather not have your ISP share your data (you’re already paying for a service) then use a VPN that routes everything though another location (such as another state or country). Just make sure that your VPN provider is not sharing data. Otherwise you’re merely swapping one problem for another.

In addition, Henson recommends Ghostery for private website browsing.

“I personally use a product that is a web browser plug-in, named Ghostery. It will allow you to block websites from seeing who you are, what cookies (Internet history) you have on your device as well as preventing ads from popping up on other sites you visit later. This type of ad is called “retargeting” and is great for retailers who can see you visited their site and will want to advertise to you later. For example, you visit an eBay auction item but don’t bid on it, you leave eBay’s website and go on about your day noticing later that in your news feed, an ad appears letting you know the item is still available. Again, this is not someone breaching your privacy, you agreed to allow them to do this activity in the user agreement,” said Henson.

In conclusion, users need to be aware of the user agreements on the sites the use a lot. It is better to make an informed decision when selecting a service. Unfortunately, even due diligence may not be enough as user agreements evolve as new ‘techniques’ to annoy or monetize become available. You may not even be informed of changes.

“A company has the right (something else you agreed to) to update their terms of service and not give you notice. This is common practice and the reason why their terms are made available on their website. This allows them to make changes as they see fit and not send you a new agreement. If you are ever curious about how or what a company can do with your data, go to their site and typically in the bottom footer, you will see terms of service agreement links. If you do decide to read them, be ready to uninstall the app or stop using their site as you may realize exactly how much privacy you are forgoing by using these,” said Henson.

In the meantime, use ad blockers, Ghostery, VPNs and anything else you can think of to confuse those seeking to monetize your data with or without your permission. Switch off location tracking and sign out immediately. In fact, I’ve got an idea for a change that will revolutionize the Internet. How about allowing users the option to pay for an ad-free experience without additional monetization programs? If the service is good enough, we’d pay for it, wouldn’t we?

Michael O'Dwyer

An Irishman based in Hong Kong, Michael O’Dwyer is a business & technology journalist, independent consultant and writer who specializes in writing for enterprise, small business and IT audiences. With 20+ years of experience in everything from IT and electronic component-level failure analysis to process improvement and supply chains (and an in-depth knowledge of Klingon,) Michael is a sought-after writer whose quality sources, deep research and quirky sense of humor ensures he’s welcome in high-profile publications such as The Street and Fortune 100 IT portals.