“Promises mean everything, but after they are broken, sorry means nothing,” or so the old saying goes. Each time you sign up for a service, you trust that company with your data. If you use a password manager to generate a unique and cryptographically secure password, that’s fine, because it shows you care about your privacy. But what if the company you trusted fails to live up to its promises?
Tech companies have a long history of collecting data about their users, often violating their privacy. That includes reading through their emails and text messages and going through their call records, which is insane if you consider the privacy implications. This is where a password manager can no longer help you. It’s up to you as to who it is that you trust with your data. As way of proof of such issues, we’ve highlighted a selection of the most worrying displays of corporate privacy breaches.
Google Is Reading Your Emails
Google has mined users’ emails for personal data in order to serve them relevant ads since it launched Gmail in 2004. The company said it would stop this practice in 2017 for free users with corporate Gmail users already having their privacy protected.
While it won’t read through emails, Google will still collect data from free Gmail users to display relevant ads above their emails. These ads will be tailored based on other data collected by Google such as user location, internet searches, and web history.
Third-Party Tech Companies Get Access to Gmail
Google is silent on how many apps have access to Gmail but it is worth noting that the total number of email clients is on the rise (379 in 2017 compared to only 142 in 2012).
Return Path Inc., which collects data for marketers, gains access to inboxes whenever users sign up for one of its apps. Its system is designed to check to see if commercial emails have been read by the intended recipient. Marketers can view screenshots of some actual emails with the names and addresses stripped out.
Another convenient utility, Earny, compares receipts in inboxes to prices across the web. If it finds a better price for items that its users have purchased, then it contacts the sellers and obtains refunds for the difference, sharing it with the users. However, to do that, Earny needs to scan the user’s inbox for receipts, so it checks every email that enters the inbox.
Venmo’s Payment History Could Be Tracked by Anyone
As it lacks default privacy protections, Venmo, a peer-to-peer payment app owned by PayPal, allowed anyone with a bit of a technical knowledge to track a user’s purchase history and obtain a detailed profile of that person.
Facebook Leaks Your Data
In seeking to become the biggest social media service in the world, Facebook struck agreements with at least 60 device makers, including Apple, over the last decade before its own apps became available on smartphones.
Facebook allowed device manufacturers to access the data of its users without their explicit consent, although the social media giant said that it wouldn’t share such information with outsiders.
What caused a worldwide uproar both from users and policy makers was when Cambridge Analytica’s misuse of the personal data of 87 million users came to light. Cambridge Analytica was a British political consulting firm that obtained the data of Facebook users by presenting them with a personality quiz.
But that’s just the case that sparked the scandal. Since then, media reports have pointed to other firms, such as Cubeyou, that collected data from Facebook users through personality tests for “non-profit academic research” and then sold the data to advertisers.
Verizon Reads Your Emails: Oath-Yahoo
As Oath, the newly formed division of Verizon that combines AOL and Yahoo, seeks to combine its properties, it scans user inboxes to turn email receipts into consumer marketing data for advertisers. This is possible only by analyzing email content, so naturally raises lots of red flags when it comes to user privacy.
Yahoo started scanning user inboxes in 2013 under former CEO Marissa Mayer. The reason for scanning through user emails was to deliver targeted ads based on email content.
What Can Users Do to Protect Themselves?
Every app that scans through your inbox or social media profile and any posts you make first requires access permission from you. It’s wise to review the apps and services with which you signed up via a social media profile or Google account. How to do this differs with each service but, for example, Google has a feature called Security Checkup that allows users to review their privacy settings along with any apps authorized to scan their inbox. Facebook and Twitter have similar features, allowing you to review the apps and services authorized to access your social media profile and data.
In the end, it all comes down to who can be trusted. We trusted Google: it failed us, but apologized. We trusted Yahoo: it got hacked. We trusted Facebook: it failed on a massive scale. Maybe it is indeed time to start regularly reviewing who it is that we trust.
Best Password Managers of 2019