Nothing to Hide? Why Your Privacy Matters in a Digital World
From safeguarding individuals to protecting the foundations of democracy, privacy is vital to our well-being.
“If we are observed in all matters, we are constantly under threat of correction, judgment, criticism, even plagiarism of our own uniqueness. We become children, fettered under watchful eyes, constantly fearful that — either now or in the uncertain future — patterns we leave behind will be brought back to implicate us, by whatever authority has now become focused upon our once-private and innocent acts. We lose our individuality because everything we do is observable and recordable.” — Bruce Schneier.
It’s been over a decade since the controversial whistleblower Edward Snowden leaked classified information from the U.S. Department of Defence’s National Security Agency (NSA). The leak confirmed what many already believed to be the case, but the revelations were no less shocking.
Not only was the NSA conducting a massive illegal telephone collection program, as well as collecting mass amounts of online data, but almost all of the major tech companies, including Microsoft, Google, Yahoo, Facebook, PalTalk, AOL, and Apple, were complicit in the agency’s behavior (though in some cases they were also being hacked by the agency). Furthermore, NSA analysts worked with such impunity that some used their power to spy on and stalk their former romantic partners.
These and other revelations later forced the NSA to admit that they spy on their own citizens and led to calls for reforms. Yet, over ten years later, it feels like nothing has changed. If anything, government agencies, tech companies, and data firms alike are more blasé than ever about collecting the data of citizens and consumers. Furthermore, our increasing reliance on tech provides more means than ever to collect that data, which hackers and foreign entities have only been happy to exploit. Only recently, journalists at the WIRED obtained leaked police documents that point to a secretive White House surveillance program that provides law enforcement access to millions of phone records.
Meanwhile, many members of the general public are equally apathetic, uninformed, or disenchanted.
“Most Americans probably never followed the detail and certainly have lost the thread of the specific concerns that Snowden raised,” says history professor Jeremy Varon talking to The Guardian, “probably some tiny percentage of the people could even tell you any longer the substance of his disclosures.”
Worse yet, many remain convinced that online privacy doesn’t matter. After all, what is there to worry about if you’ve “got nothing to hide?”
But privacy in the digital world isn’t just a nice to have. It’s vital not only for our safety as individuals but the very fabric of our society and humanity. Without it, many of the liberties we take for granted, including our democratic institutions, may not last.
We all have something to hide.
Whenever someone brings the subject of privacy up, the counterargument that “if you’ve got nothing to hide, you’ve nothing to worry about” is never far away. However, this line of thinking is deeply flawed, not least because it starts with the idea that privacy is worthy of suspicion. But the truth is that we all hide things every single day.
Consider, for instance, whether you would leave the stall door open when you use a public bathroom. Likewise, would you agree to put your bank account information on a banner for all to see? Would you be happy for your grandmother to see every message and picture you send to your partner? How about letting a stranger know your financial and medical information, who you sleep with, where you live, and who you vote for? None of these things are illegal or morally questionable, but all concern our privacy.
The problem is that the “nothing to hide” argument suggests that privacy is only for the “bad guys” like criminals, predators, and terrorists. It implies that everyone is worthy of suspicion until proven otherwise. But privacy should never be confused with secrecy. Instead, privacy has everything to do with protection. And we all have things to protect, especially on the internet.
“But they won’t be interested in me.”
Another common misconception about online privacy is that hackers, businesses, and governments won’t be interested in the “average Joe.” But that not only misunderstands how data is collected online but underestimates how valuable data is.
You may have heard the term “data is the new oil.” It’s not a phrase without controversy. Nonetheless, the fact remains that many of the most valuable brands in the world today, including Apple, Microsoft, Google (owned by Alphabet), Amazon, and Meta, are all big tech companies. These companies make the bulk of their money not from services but via targeted advertising (with the arguable exception of Apple) and data collection. And data has only become more valuable since the mainstream arrival of AI.
So valuable is data and advertising to these tech companies that Google pays more money than McDonald’s makes flipping burgers just to be the default search engine. Meanwhile, whole million-dollar companies exist for the sole purpose of collecting and selling data, sometimes going to illegal or morally questionable lengths to obtain it. And with data centers often expending significant resources, the oil analogy extends beyond monetary value. Like oil, data has the potential to harm us and the environment.
Most of this data is collected indiscriminately, on a massive scale. After all, today, storage is dirt cheap and more than a worthy investment for advertisers. And thanks to cookies, scripts, online fingerprinting, and other tracking technologies, it’s almost impossible not to hand over data when browsing the web.
Whenever we look at a website, give a company our email address, or upload a picture of ourselves or our loved ones to social media (or someone uploads an image of us), we add to the potential size of our digital footprint. Once online, this breadcrumb trail of information is collected, bought, sold, analyzed, filtered, stolen, and pieced together by various governments, companies, and hacker groups to form unique digital profiles. These profiles can then reveal all sorts of information about users, be it their habits, who their friends are, where they shop, their interests, their sexuality, their religion, how they vote, what their ‘pain points’ are, and perhaps most crucially, how you can influence them.
Moreover, seemingly harmless and insignificant pieces of information can reveal a lot more about someone than most would suspect. For example, an analysis conducted by MIT researchers found that “just four fairly vague pieces of information — the dates and locations of four purchases — are enough to identify 90 percent of the people in a data set recording three months of credit-card transactions by 1.1 million users.”
You probably already know that data is often collected to show you relevant adverts. It’s why if you browse for items on one site, they turn up elsewhere as ads. Depending on how you feel, this may or may not bother you. But again, data rarely stays where it’s supposed to.
Data is “leaky.”
Over the last several years, data breaches have become increasingly commonplace. In fact, from the beginning of 2023 to October of the same year, there were nearly a thousand reported significant data breaches, leading to no less than 5 billion online records being compromised.
Sometimes, groups use this data to hold people or companies for ransom. Other times, they sell it on the dark web or use it to hack accounts. In other cases, they just throw all that info into a plain text or HTML file or database and put it on the open internet for all to see.
The latter is exactly what happened in 2021 in Mexico, when the personal information of over 93 million voters, including their home addresses, was openly published on the web after being stolen from a poorly secured government database. Considering kidnapping has been a serious issue in Mexico in recent years, to say this data leak presented significant dangers is a vast understatement.
Meanwhile, in 2016, the names, ages, and genders of over 6 million children were exposed after a group hacked into one of the databases of the toy company VTech. You might find that a little strange. After all, why would anyone go after children’s data? But the sad reality is that their data is just as valuable. In fact, over the last decade, child identity theft has been on the rise, with 1.25 million children (half of whom were under the age of 9) becoming the victims of identity theft in 2021 alone.
Children’s data is allegedly valuable to big tech as well. Only recently, multiple U.S. states have accused the social media and advertising company Meta of making their platform addictive to children to collect their information, with a recent lawsuit claiming that:
“Within the company, Meta’s actual knowledge that millions of Instagram users are under the age of 13 is an open secret that is routinely documented, rigorously analyzed, and confirmed and zealously protected from disclosure to the public”
Ultimately, the more these platforms collect our data, the higher the chance that said data ends in places we’d rather it didn’t. Take, for instance, the U.S. military getting its hands on data purchased from a Muslim prayer app. The app developers themselves didn’t sell this data to the U.S. government or necessarily know anything about the spying. However, they did sell it to a data broker, who, in turn, made money by selling it to the U.S. In any case, the U.S. proceeded to use this data to snoop into the lives and routines of Muslims as part of “counter-terrorism” measures.
How data can ruin lives
When you think of the dangers involved in someone obtaining your personal information, identity theft, scams, and frustrating amounts of spam might be the first things that come to mind. But data can be used in a myriad of ways against you, from ruining your career to influencing the way you vote, scaring you from voicing dissenting opinions, blackmailing you, or even stalking you. Sometimes, the results are even fatal.
You’ve probably heard of people posting embarrassing photos or derogatory posts online, only to have their boss find out about it and fire them. But many companies go much further than looking at your public posts. Instead, some industries have been found to keep a “surveillance score” on people to determine employability, trustworthiness, insurance rates, and whether they should rent to you. American Express even once lowered a person’s credit limit because they shopped at Walmart. And there’s often little stopping landlords, managers, or anyone else from buying your data from brokers and secretly discriminating against you.
Perhaps the most horrific way someone can use your private data against you is through blackmail. One particularly awful scam that has spread globally involves apps offering hassle-free loans. However, once people download these apps, they proceed to collect and send user data, including images, ID information, and contacts.
Often using AI or crude photoshopping, the teams behind the apps use this information to extort their victims by creating explicit images of them and threatening to send them to family members and friends if they don’t pay up. In culturally conservative places like India, the anxiety caused by the threats sometimes proves too much to bear. According to a report by the BBC, at least 60 Indians killed themselves after being victimized in this scam, some of whom were only teenagers.
In some cases, the abuse often continues even after tragedy strikes. Talking to the BBC, one father recalls getting an obscenity-laden phone call after his daughter took her life. “They told us she has to pay,” he said. “We told them she was dead.”
As well as the threats posed by governments, hackers, or businesses, lax online privacy presents a more immediate danger in the form of bullies, trolls, and stalkers. According to the U.S. Bureau of Justice, “During a 12-month period, an estimated 14 in every 1,000 persons age 18 or older were victims of stalking,” and “Approximately 1 in 4 stalking victims reported some form of cyberstalking such as e-mail.”
Unfortunately, people assume they’re invulnerable until they’re not. Or they think that, as long as they stick with “trusted” software and websites from “trusted” companies, they’ll be okay. But, without meaning to scaremonger, the reality is that you don’t even so much as have to turn on a computer or smartphone to have your privacy intruded upon.
Digital surveillance is all around us.
Online privacy and security used to be all about staying safe on your personal computer and your smartphone. But with the expansion of the Internet of Things (IoT) and consumer smart devices, that is no longer the case.
Today, many utilities around your house, from your television to your fridge and possibly even your mirrors, may be connected to your network and often the wider web. And yes, these smart devices have the potential to cause harm. After all, fridges have already been getting hacked and used to send spam mail since as early as 2013.
Amazon’s Alexa has become particularly notorious for being clumsy with customers’ private information. For example, in 2018, a German Amazon customer was accidentally sent 1,700 audio files from someone’s echo, providing them enough information to identify the name and location of the device’s owner and their girlfriend. In another incident, a woman in Oregon had her private conversations sent to one of her husband’s employees.
Speaking on the matter to The Guardian, one Amazon employee revealed that he would no longer use the devices, commenting that “having worked at Amazon, and having seen how they used people’s data, I knew I couldn’t trust them.”
Perhaps a more alarming story came more recently, in 2023, when U.S. officials said that Amazon employees were using smart Ring cameras to spy on female users in their bedrooms and bathrooms. In one instance in 2017, an employee had spied on 81 female customers and Ring employees over several months. The FTC’s complaint also claimed that Amazon had intruded on the privacy of children and deceived customers by failing to delete voice transcripts and location information upon request, with the complaint claiming that:
“The unlawfully retained voice recordings provided Amazon with a valuable database for training the Alexa algorithm to understand children, benefiting its bottom line at the expense of children’s privacy,”
Amazon was fined $30.8 million over the incidents — an amount which hardly touched their $3.2 billion first-quarter profits that year.
Speaking of Ring, in 2019, the Amazon-owned firm partnered with 400 police forces, allowing law enforcement unprecedented access to their doorbell cameras. A good idea for security, you might think. But as Andrew Guthrie Ferguson, a law professor and author of The Rise of Big Data Policing, noted while talking to The Washington Post, “If the police demanded every citizen put a camera at their door and give officers access to it, we might all recoil.” Yet, bizarrely, we don’t bat an eyelid when surveillance tech is sold to us as a product. The absurd irony of the situation only intensifies when you learn that the FBI later raised concerns that the doorbells could be “spying on police.”
Yet perhaps the most intrusive “smart” technology of all is one you won’t find in or attached to your house: cars.
AI & smart cars: the new frontiers of surveillance capitalism?
Equipped with GPS, cameras, microphones, and all sorts of fancy gizmos, there’s no denying that modern automobiles are theoretically capable of collecting significant amounts of data. But as is often the case, it’s not the technology that’s causing concern, but the organizations selling us that technology. In this case, the car brands force customers to opt into terms of service that arguably allow them to spy on you.
An investigation by the Mozilla Foundation found that out of 25 car brands, 84 percent of these brands say they can share your personal data with service providers, data brokers, and other businesses, 76 percent said they can sell your data, and 56 percent said they can share car user data with government authorities, with Hyundai’s privacy policy stating that they will comply with “lawful requests, whether formal or informal.”
According to Tesla, who ranked lowest for privacy in the report, opting out of this data collection “may result in your vehicle suffering from reduced functionality, serious damage, or inoperability.”
“While we worried that our doorbells and watches that connect to the internet might be spying on us, car brands quietly entered the data business by turning their vehicles into powerful data-gobbling machines.” said Mozilla in the report, “Machines that, because of their all those brag-worthy bells and whistles, have an unmatched power to watch, listen, and collect information about what you do and where you go in your car.”
Another source of data harvesting and another potential threat concerning what people can do with that data comes in the form of the tech that has been at the tip of everyone’s tongue for well over a year: AI, which is being used for everything from harassment and bullying campaigns to deepfakes. And according to the FBI, an increasing number of sextortion scams. Also, as revealed by a team of Google researchers, Large Language Model (LLM) AI systems like ChatGPT can be tricked into giving up personal information scraped from the web, including names, email addresses, and phone numbers.
Yet our biggest enemy, the one that catches us out more than any government, hacker, corporation, technology, or scam artist ever could, is our desire for convenience.
Convenience is the enemy.
“Data privacy exchanged for frictionless convenience is being compromised, stolen and leaked with disturbing regularity.” — Robert Muggah, Co-founder, of SecDev Group and Co-founder of the Igarapé Institute
Convenience is arguably the source of many of society’s modern ills. Convenience is what keeps us from making dinner and ordering junk food instead. Convenience convinces us to take the car instead of hopping on a bus walking. Convenience gets us to buy things we don’t need from corporations that don’t deserve our money. Convenience is also what keeps us from protecting our privacy online.
Today, online technologies and software offer us “no-cost” convenience in many forms, from websites that answer your questions to apps that enable you to order food, play games, socialize, and even date from the comfort of your couch and smart devices that make even turning on a light switch seem like a chore.
However, when we opt into this convenience, we often opt out of our privacy, as our interactions with these technologies often result in our data being sent along complex networks of global systems. As computer scientist Ron Ross writes,
“These new technologies are not only compelling, but also intoxicating and addicting — leaving us with a huge blind spot that puts us at great risk of losing our property, our privacy, our security and, in some cases, our lives.”
Companies know how to use our desires for convenience against us. Nowhere is this better exemplified in the use of so-called “choice architecture” across the World Wide Web with designs that make users take easy options over ones that are better for their well-being.
For example, cookie consent forms are often made intentionally confusing by providing an array of checkboxes, sliders, and curation options (often with a condescending “we value your privacy” message). When not given an easy option to opt out, most people hit “I Agree” because they want to get on with what they are doing, lawfully providing data brokers and advertisers free reign to snoop.
The truth is that most of us do this. If you’re privacy-minded, you might well feel bad about your “choice.” But as the Privacy Guides team writes, we never really had a choice to begin with:
“Control over your privacy inside most apps is an illusion. It’s a shiny dashboard with all sorts of choices you can make about your data, but rarely the choices you’re looking for, like ‘only use my data to help me.’ This type of control is meant to make you feel guilty about your choices, that you “had the choice” to make the apps you use more private, and you chose not to.”
Privacy is a social matter, not a private one
There’s another thing that people who say they’re not worried about online privacy misunderstand: It’s not all about them.
Privacy isn’t just about individual safety and the right to dignity but is a fundamental part of a functioning democracy. It’s what allows journalists and human rights activists to uncover corruption, speak to whistleblowers, or communicate with those who fear their governments, their families, or their bosses without fear of repercussions. It’s also what allows citizens to vote without intimidation and to deliberate without the eyes of the government upon them or manipulating them.
We’ve already touched upon the way the US government tracks its citizens and citizens of other countries. But no matter where you live in the world, you rarely have to look far or wide to find evidence of governments intruding into the online lives of their own citizens to persuade, track, control them, and quash criticism.
For example, in 2019, the Egyptian government was found to be tracking their opponents and activists via data collected in phone apps. The same year, the Moroccan government spied on the phones of human rights defenders. Meanwhile, the data collection of citizens under the Chinese government is increasingly dystopian, with data being used to spy on the Uighur (a minority Muslim ethnic group) and to clamp down on any opposition.
These policies are often enacted in the name of “national security” or “user protection.” But when this kind of behavior goes unchecked and unchallenged, the threat it poses to our autonomy and freedoms cannot be understated, as former senior staff attorney of the ACLU’s Speech, Privacy, and Technology Project Alex Abdo puts it:
“If citizens are just a little more fearful, a little less likely to freely associate, a little less likely to dissent — the aggregate chilling effect can close what was once an open society.”
When we decide that our privacy isn’t worth protecting, we’re saying our liberties aren’t worth protecting either. We are also saying that the privacy of others, including those more vulnerable than us, isn’t worth defending.
Privacy is everything for the marginalized.
Privacy is a serious matter for marginalized groups or those living in repressive, ultra-conservative, or dangerous societies and communities. The LGBTQ+ community knows this all too well.
For someone who is LGBTQ+, a digital footprint presents a significant risk. For example, if someone visits a queer dating app or a website providing information about transitioning, then data collected there can be compiled by third parties and combined with other identifying information, such as device information and IP address.
When this kind of information is leaked, sold, or handed over to the wrong groups, the consequences can be grave. For example, in Egypt, dating apps like Grindr have been used to identify, track, arrest, and even torture gay people. The apps themselves have also previously come under fire for poor security measures, often sharing sensitive data such as the sexuality, religious beliefs, and HIV status of their users with third parties.
Another at-risk group often targeted by online surveillance is migrants. For example, The Immigration and Customs Enforcement (ICE) in the U.S. often uses a combination of social media surveillance and information bought from data brokers to track down and arrest migrants.
Of course, who and what is deemed “undesirable” is always in flux. Today, you may live in a country where the definition of a terrorist may include right-wing or Islamic extremists. But tomorrow, that definition might include environmental groups, LGBTQ+ communities (as has recently occurred in Russia), or human rights activists.
What groups are protected by laws is always changing, too. And we only have to look at the situation in the United States following Roe v. Wade to see how quickly people can lose their freedoms and how once inconsequential information can lead to dire consequences.
Only months after Roe v Wade was overturned, a woman and her daughter were charged for seeking abortion pills after Meta provided law enforcement with their Facebook chats. Meanwhile, there is a very real fear that menstrual tracking apps and the data provided by other big tech companies will put the well-being of more women at risk.
For better or worse, big tech will almost always comply with authorities. According to a report by The New York Times, in the first six months of 2020, Apple challenged only 4% of requests for customer account data and generally complied with 80–85%. Meanwhile, according to Google’s transparency report, it supplied “some data” in 84% of all government requests for user information in the second half of 2022. 19,834 of the total 55,318 requests were subpoenas, and 30,442 were search warrants.
“Google is increasingly the cornerstone of American policing,” says Albert Fox Cahn, a lawyer and the executive director of the Surveillance Technology Oversight Project, an advocacy group, “It is so chilling. It is so broad. It is so contrary to our civil rights. And yet, because Google has so much of our data, it’s just a ticking time bomb for pregnant people.”
Privacy is a lifeline for these groups and so many more individuals around the world, from the woman trying to get away from an abusive partner to the trans teenager trapped in an ultra-conservative community and those who have risked their lives for a chance at a better life. As a result, practices and legislation designed to impede privacy aren’t just playing with our data — they’re toying with people’s lives. It cannot be allowed to continue.
Taking back our privacy
Today, there is a sense of hopelessness surrounding attempts to safeguard ourselves from online harms. Indeed, research shows that most Americans believe that it is now impossible to go through the day without having personal data harvested. As a result, people treat privacy as a lost cause. It isn’t. Instead, as Neil Richards argues:
“Privacy isn’t dying; it’s the ongoing social conversation about the social power that human information confers.”
That said, no one will protect your right to privacy for you. Most companies won’t offer it to you willingly. After all, your data is too valuable. Most governments won’t legislate companies for the same reason. Often, they’re working with those very companies.
On an individual level, there are tools that you can employ to help, from privacy-focused web browsers like Firefox and Tor browser (not to be confused with the Tor network) to privacy-focused search engines like DuckDuckGo. Other useful tools include ad-blockers, VPNs (if you understand their limitations), encrypted messaging services, and open-source operating systems.
However, as with all online security, protecting your privacy is a process, not a product. Certainly, using specialist tech can be helpful. But sometimes, the best course of action is not to try to do things differently from everyone but to blend in. Consider, for instance, how much more a user browsing on a relatively obscure Linux system on a browser like Tor stands out in a data set compared to someone using Chrome on Windows. That’s not to say you should stick with the most popular software programs, only that specialized systems are not always the answer.
The absolute best thing you can do to protect your data is to limit the data that goes out into the web in the first place by taking a privacy-first mindset. In other words, consider who you give your information to and what they can do with it. In practice, that might mean limiting app permissions, using different emails for shopping or newsletters, thinking twice before posting a picture of your kids to the web, or simply asking yourself whether you need all the utilities in your home to be “smart.”
Also, while security shouldn’t be confused with privacy, good web practices like using strong passwords, regularly (or automatically) deleting site cookies, using an ad-blocker, and deleting unused accounts can all help protect you online.
Of course, privacy does not have to mean anonymity. We all have to decide for ourselves what we feel is acceptable to post online, especially in an age when many of us now make a living working in the online space. For some, letting on any more information than a pseudonym is too much of a risk. For others, providing some information is inevitable.
But again, privacy online is not about individual efforts. It’s about the wider cultural conversations we need to start having, especially regarding the governments we elect and what we expect of them. Because until we take privacy seriously, they won’t.
Final Thoughts
“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” — Edward Snowden.
Talking at any length about online privacy can sometimes make people feel uncomfortable or lead to allegations of paranoia or fear-mongering. But it’s a conversation we need to have, not just for our safety but in relation to the way narratives are formed, influenced, and controlled in our wider cultural sphere.
When we talk about privacy, what we’re really talking about is power. On one hand, that means the power to blackmail, influence, hurt, and steal. Yet, also, the power to liberate, organize, free associate, and be authentic — all things many of us have taken for granted for far too long.
No matter the reasons, when any entity takes our privacy, they take away our power and keep it for themselves. Corporations, hackers, and government agencies know this and fight every day for that privilege. If we care about our future, autonomy, dignity, and those around us, we should be fighting too.
Further reading, guides, and sources
- Digital privacy comes at a price. Here’s how to protect it by World Economic Forum
- Security and Privacy Tips for People Seeking An Abortion by EFF
- Three Reasons Why the “Nothing to Hide” Argument is Flawed by SpreadPrivacy.com
- Why Privacy & Security Matter by The New Oil
