Every time I look up a product on Amazon, Facebook shows me ads for it. Items I’ve decided, for various reasons to find out more about through Amazon’s great online shopping mall, consumer ratings, aggregated storefront, and official-like repository of information about basically any mass produced, consumer oriented product you might ever find yourself needing more information about.
But, usually, any item I take the time to read about on Amazon I’m ready to buy as long as it fits my requirements. If I didn’t buy it I’ve formed a negative opinion of that product, so all I think when I see the ad is, “I didn’t get that one because it sucks.”
“Clear your cookies,” says old fashioned wisdom.
I did just that. FB made me log in again, but I cleared my cookies and set 3rd party cookies to banned. It’s probably too late though. Amazon and FB have traded info about me and then they told two friends, and they told two friends…and so on.
And, in all honesty, you give little bits about yourself to any site that asks for it because you think it’s not personally identifying information. But you say, “I want the weather for 98122. I’m ok with giving them my ZIP code since there are tens of thousands of people with the same.” But then that site make a deal with a company who has your IP address or some other anchor point for tying this data together. And some other site asks for your email address, buys into the data aggregation system (sometimes not knowing they’re doing so…) giving another anchor point.
Then every single little detail you give to any site gets connected through these aggregators to some personally identifying anchor data. There are companies that exist simply to aggregate data about you and all of these sites that you frequent can know way more about you than what you tell them.
Then there’s a database with all of these data points where someone smart enough can go in and say, “a male, birthdate 1/1/1980, with the username tonyj logged into my site from this IP address. What else can I find out about him.”
The answer is EVERYTHING. Sites always promise to never share personally identifiable information about you. But with everything that’s out there about you, a concise picture can be compiled of who you are, what you Google, which sites you visit, when you were born, your skin color, your address, your OS preference, which browser you use, and what you do for a living.
These services can find you and your compiled profile with a few bits of information you don’t realize you’ve freely given to a service that aggregates information that is, alone, not “personally identifiable,” but when it’s all anchored to something even vaguely unique you are easy to identify.
Just Google your personal email address or full name. Pick up anything that is correctly associated with you and put it into a spreadsheet. Anything there can be, and is, used to identify you by anyone with your email or IP address. Do the same with your common user names.
I have a desire to set up a project that randomizes names, addresses, interests, genders, ethnicities, professions, afflictions, fetishes, user names, family history, etc. Each interested party can retrieve a completely random set of personal details for their fake persona. Then in ten steps or less, the system will ask them for “non-personally identifiable” information that they’d be fine with divulging to any one entity. Fake ZIP code, fake first name, fake gender.
In two to three jumps, it will show them their exact profile. Along the way, I’d like the system to show users how it’s narrowed down so easily: Gender F. 600,000 possibilities. Of those, ZIP 90210. 7,800 possibilities among registered individuals. Of those, First Name Tanya. 12 possibilities. Of those, once searched for “red sweaters” and made a purchase using a credit card. 1 possibility. Tanya Johnsen. Address 1234 7th Ave. Attended UCLA. Last known phone number, according to student roster, 415-234-5555. Purchases large, cheap bottles of wine at Safeway using that phone number to receive a discount.