I’ve signed away my information in more Terms of Service prompts than I can count, facing endless pages of legal jargon with little hope of making sense of what I’m actually signing.
This practice is not only accepted by citizens of the digital world, but required. A lot of us have made it a habit of skipping through the Terms of Service, and carelessly signing away personal information.
Every time I hear of a data leak, I see society continue to trend towards a dystopian future – one in which all of our personal information is exposed and up for sale.
More companies than I can count have access to my information, and while this is a haunting prospect on its own, this threat is magnified by the possibility that should any of those companies be hacked, my personal information could fall into the hands of bad people.
When a company is hacked, or in other words, suffers a data leak, any customer data that company holds could be exposed to the hacker. Hackers can then sell this personal data to other criminals, or sometimes outright release it onto the internet for anyone to view.
Sometimes the data leaked is just an email address, but depending on the severity of the attack, sensitive data such as banking details or social security numbers can be leaked.
A crucial step towards mitigating the effects of these common data leaks is to use a different password for every account you make. The easiest way to do this is by using a password manager.
Password managers are like an address book or contacts list for your accounts. Using a password manager off-loads the strain of having to remember a plethora of different passwords, allowing you to use longer, more unique passwords for your accounts.
A free password manager that I use, KeePassXC, is encrypted, stored locally, and open source, meaning that anyone can review its code. While it is not necessary for everyone to use Keepass XC specifically, it is useful to have some sort of offline password management system, and have different passwords for different websites, in order to minimize the damage should a service be hacked.
By using a password manager that stores data locally on your device, passwords can be accessed without the need for the internet. This means that in order to access my data, a “bad guy” would need to access my computer specifically, and find a way around the encryption. Storing locally puts your data in your hands, and significantly reduces the amount of paths a malicious actor could take to access your data.
However, unlike data leaks, certain companies intentionally sell users’ data. CollegeBoard, one company that dominates education at MVHS, is an example of this. One of their services, Student Search, is defined on their website as a, “service that helps college and scholarship programs find and get in touch with students that might be a good match.” But what they don’t tell you upfront is the depth of the data that they share, which includes sensitive student data, such as your address, gender, date of birth, ethnicity, academic courses, activities and more to their customers. Not only is this a major invasion of privacy, but each customer that CollegeBoard sells data to, creates an additional pathway to having their data leaked.
Equally concerning is the use of dark patterns in the communication around personal data. Dark patterns are a common practice in tech, used to take advantage of users, and push them towards doing something that may not necessarily be in their favor. An example of a dark pattern could be agreeing to something they didn’t mean to, hiding necessary options to frustrate them enough to push them towards agreeing to something they don’t want to, or deceiving a user about something’s purpose.
In a pop-up that CollegeBoard users get, they are asked if they would like to participate in student search — a service in which CollegeBoard sells student data to colleges, scholarship programs, and nonprofit educational institutions.
However, when a user opts into the service, they are not able to control who the data gets sent to, meaning that the responsibility of protecting that data is now spread across more hands, with more potential for leaks.
It offers the user two options, being “yes” and “not now.” This alone is not the problem, but the real cause for concern occurs when a second pop up appears after a user selects “not now.” It prompts the user with two large buttons, the first being “go back,” and the second being “remind me later.” Above these two is an inconspicuous option to not show the message again; this is a prime example of a dark pattern. In order to help combat this problem, it is crucial that students are aware of the existence of dark patterns, and how to identify them in order to not fall for the unethical practices that companies use to take your data.
It is important that individuals in our community, especially those knowledgeable about methods like these, help educate others in the community who are unaware about these unethical practices. The average person may not know about these dark patterns, and are at serious risk with all of the threats that exist in the modern age once someone has your data.
The final protection against data exposure is considering why a company is asking for your data in the first place. Once someone uses this practice, and is smart about their data, they can reduce their risk of data leaks, and help prevent them in the first place.
While little can be done from an individual perspective to change the industry to cause immediate change, it is important to remember your place in the greater picture. Instead of asking why companies keep going further and further with absurd data collection policies, consider why people keep accepting them. Instead of asking why your favorite game is filled with microtransactions, ask why people keep buying them. Instead of asking why the consumer experience has gotten worse in many industries, ask why people keep buying those products.
In our capitalistic society, the market has tremendous sway over what companies do. When consumers do not stand up to companies that take advantage of them, they ensure that the unethical practices will continue. When consumers choose not to buy an unethical product, and instead choose one that aligns with their morals, this sends a signal to the market. It tells these companies that they can continue these practices, and that the market will bear these injustices. Buying from ethical companies also aids the company in continuing their good practices, and helps them grow, instead of helping an unethical company.
It is crucial that individuals think carefully to decide on what morals they wish to uphold when it comes to buying something. Voting with your wallet is one of the few ways to change the industry as it stands, and refusing to support unethical companies goes a long way in this.
Changing the industry for the better will require a group movement towards ethical practices, and this is why it is crucial for users to identify unethical companies, and steer clear of them in order to change the market, and change our society for the better.