So you’re considering switching from WhatsApp to Signal and Telegram because Facebook is about to connect the dots between your WhatsApp usage and your Facebook behaviour?
Well, then you should also consider abandoning almost every free service you use on your smartphone or the Internet. The reality is that securing privacy on the Internet is a project every bit as complex, frustrating and self-defeating as getting off the electricity and telecommunications grid. The latter is futile, and the former is not only expensive, but also requires serious engineering and electrical expertise or advice.
Price-wise, privacy is only as expensive as the cost of using paid-for alternatives to the free service that use you as their product. But the hidden cost is in the loss of seamless communications with your social and family circles, and ready access to a world of “free” content.
This issue came into sharp focus in the past week, when Google “banned” third-party cookies, the horribly innocuous and inappropriate term for code that is used to track your activity across the World Wide Web. The move by Google was a knee-jerk reaction to a similar decision by Apple.
The latter went further: it declared that it would ask users of apps that collect their personal data – in particular Facebook – if they wanted to continue allowing those apps to collect such data. In other words, users could have the audacity of deciding if they wanted to be tracked.
Facebook founder Mark Zuckerberg treated this as an attack on the very foundations of capitalism. Well, he would: targeted advertising earns Facebook more than $80-billion a year. He argued that collecting user data made for a better experience. He did not mention that it was a better experience primarily for advertisers, and that it meant users would find themselves targeted with product pitches that would be so personal, they would be downright creepy. You’ve probably been there.
The public debate between the two has, in effect, positioned Apple’s Tim Cook on the side of the angels and Zuckerberg on, well, the other side. Google CEO Sundar Pichai also wants to avoid the dark side, especially given his employer’s founding slogan, “Don’t be evil” (now conveniently updated to “Do the right thing”).
However, there is a vast difference between the two approaches. Google may be banning third parties from using its resources to track users, but that will make little impact on its own ability to keep tabs on those same users. While cookies are a generic form of code that can be tracked across any web site carrying advertising, Google enjoys the proprietary ownership of many of the platforms on which users operate: most notably, the Chrome browser, YouTube video content, the Gmail email service, the Android operating system, and its front end, the Play Store.
So if you’re going to abandon a specific app or platform, it would be useful to know what personal data you are still leaving on the table.
Go to the next page to read what you surrender.
What you surrender
Here is a brief guide to the data you typically surrender:
Almost every communication app requires one’s phone number. This is an identifier that most people are familiar with and most apps, even Signal, require it to function. There are some chat apps like Briar and Element that make use of a username instead, but these are extreme cases.
One step further is a device identifier, commonly called a fingerprint. This fingerprint is made up of a combination of bits about a browser/device that makes a user unique (like browser type and version, operating system, language, time zone, active extensions, installed fonts, screen resolution, CPU class, device memory, IMEI, etc). This is generally given up by the time a page is loaded or an app is installed, even if a user isn’t signed in to a service’s account. Facebook, Google, Twitter, and TikTok use this identifier to track users, even while they’re using other apps. Other providers, like Microsoft collect these, but don’t use them to track users across the Web.
Contact lists make up another vital piece of data one surrenders. Even though most apps don’t really need them (like Facebook and Twitter, where you can build networks through names or handles), apps like WhatsApp need a contact list to establish relationships about who can connect with you. These are tricky to take down, because most services don’t show users where they are stored and how they can be removed.
Even if your GPS is off, location data is generally collected by most services like Facebook, Google, and now, WhatsApp. This is done through one’s IP address, which can expose the area where you live down to exactly where you live. The former two services use this data to target relevant ads at users, while WhatsApp’s intended use of this kind of data is still unknown (and will likely benefit Facebook in the end). Diligently using a VPN service can help mask where one is. But, be warned, Google and Facebook know that people can’t (yet) travel from Cape Town to Geneva in under 5 seconds.
How one searches and browses through a service like Google, Facebook, Twitter, and TikTok is linked to a user. The services use keywords from searches and interactions from browsing history to target ads at a user at a later stage. Apart from Twitter, services don’t use this to track users across app/the Web — instead, they use it for their own advertising networks and analytics.
Best advice: using Google and Facebook’s Privacy Checkup, and Microsoft’s Privacy Hub, can help users keep a finger on their online privacy pulse.
It won’t be all doom and gloom for long: Google’s hand has been forced, to use Federated Learning of Cohorts, which is a method to collect and anonymise data about a user on a device. This allows users to get “lost in the crowd” of people who have similar interests, while keeping advertisers happy that they’re still personalising their ads. It’s not that much better, because personalised ads will never not be creepy, but it’s a step in the right direction for user privacy.
* Goldstuck is founder of World Wide Worx and editor-in-chief of Gadget.co.za. Follow him on Twitter on @art2gee
Go to the next page to see what data the major apps and platforms collect from you
Data privacy at a glance
Data used to track you (collected data that follows users around the web/across apps)
| Microsoft | Telegram | TikTok | ||||||
| Location | ☑ | |||||||
| Purchases | ☑ | |||||||
| Contact info | ☑ | ☑ | ☑ | ☑ | ☑ | |||
| User content | ☑ | |||||||
| Usage data | ☑ | ☑ | ||||||
| Identifiers (phone IMEI, SIM IDs, etc) | ☑ | ☑ | ☑ | ☑ | ☑ | |||
| Browsing history | ☑ | |||||||
| Other unspecified data | ☑ | ☑ |
Data linked to you (collected data that is linked to one’s identity but doesn’t (unless listed above) track one around the web)
| Microsoft | Telegram | TikTok | ||||||
| Health & Fitness | ☑☑ | ☑☑ | ||||||
| Purchases | ☑ | ☑ | ☑ | ☑ | ☑ | |||
| Financial Info | ☑ | ☑ | ☑ | ☑ | ☑ | |||
| Location | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ||
| Contact Info | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ |
| Contact list | ☑☑ | ☑ | ☑ | ☑☑ | ☑☑ | ☑☑ | ☑ | ☑☑ |
| User content (like photos and videos) | ☑☑ | ☑☑ | ☑☑ | ☑☑ | ☑☑ | ☑ | ☑☑ | |
| Search history | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ||
| Browsing history | ☑ | ☑ | ☑ | ☑ | ☑ | |||
| Identifiers | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ |
| Usage data | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ||
| Sensitive information | ☑ | ☑ | ||||||
| Diagnostics | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | ☑ | |
| Other data | ☑ | ☑ | ☑ |
Data that is collected but anonymised (i.e. not linked to a user’s identity but collected)
This is the most valid of all to collect because this is generally what’s needed to fix bugs and see where users are spending time on the app, regardless of who they are.
| Microsoft | Telegram | TikTok | ||||||
| Contact info | ||||||||
| Location | ☑ | |||||||
| Usage Data | ☑ |