Latest News

Big Brother? New tool reveals how much data companies hold on us – and it’s scary

With privacy an increasing concern in the modern world, users should be more aware than ever of what personal data companies hold – but how many of us truly know what details our favourite services hold?

In the advent of GDPR and in-depth privacy settings, you would be forgiven for thinking that you have more control over your data than ever. But despite the familiar site message asking if you’re willing to accept cookies, many don’t realise what this entails – and it can be hard to keep track of what data you’ve given away.

new tool from vpnMentor highlights the data different major websites holds on you, as listed in their privacy policies. With over 7.2 billion accounts held across the services studied, including platforms like Google, Facebook, Amazon, and Tinder, how many are aware of the finer details of the privacy policies that many automatically accept?

Your Data, Their Rules

While it’s unlikely to come as a surprise that sites you’ve signed up for will hold the details you’ve given them, for many sites this isn’t all they track. With Facebook and Instagram being the biggest offenders, seemingly tracking as much as they can about their users, is it time that we thought twice about what we’re accepting within the terms and conditions? Some of the surprising details tracked include:

  • Location– Of the 21 services within the study, 18 tracked your current location at all times when using the app. Some of these, such as Tinder, continue to track this even when the app is not in use, while Facebook & Instagram both not only track your location but also the location of businesses and people nearby, as well as saving your home address and your most commonly visited locations.
  • Your Messages – Think nobody will ever know about you sliding into someone’s DMs? Think again. Both FacebookLinkedInInstagram use the information you share on their messaging services to learn more about you, while Twitter and Spotify both openly state they have access to any messages you send on their platforms.
  • Device Information – Seemingly harmless, but many services and apps track more of your device information than is appears to be needed. Facebook  Instagram, for example, both track your battery level, signal strength, nearby Wi-Fi spots and phone masts, app and file names on your device and more. Meanwhile, Google and Amazon both keep hold of voice recordings from searches and Alexa respectively, and Apple Music confusingly tracks phone calls made and emails sent and received on the devices the service is used on.

No Profile? Still A Problem

On top of this, even if you don’t hold an account with these services this won’t stop your online moves being tracked. Google keeps track of your activity on third party sites that use Google features like adverts, while Facebook partners (an enormous 8.4 million sites across the web) send both them and Instagram data collected through Facebook Business Tools like the Like button – regardless of whether or not you have a Facebook account or are logged in.

And for those among us who have taken the action to set up the “Do Not Track” option offered by some browsers, which was created to stop sites tracking your information, this won’t help you either. Almost no major sites respond to the signal given, instead continuing to track you regardless. In fact, it’s not just third-party sites these companies are storing your data from, Facebook also holds any data provided about you from others – including if they upload your contact information without your permission.

Online Data-ing Disasters

With the technological takeover hitting all aspects of life, even dating, more and more of us are turning to online dating to find “the one”. In fact, there are over 2.6 million accounts held across the seven dating services we reviewed – but how do they treat your data?

One of the key discoveries revealed that those dating sites within the umbrella (Match.comTinderOKCupid and Plentyoffish) all share any data shared with one service with all of the others.  On top of this, all of these services, with the addition of dating app Hinge, also have access to your private messages to potential suitors. Notably, Hinge also states that user data is accessible on a need-to-know basis by Hinge personnel, rather than completely anonymised.

Overall, the best dating app for those looking to keep their private data private appears to be Happn, who were the only service to note that it does not keep track of where users have travelled or where they are regularly. Instead, it only keeps track of when members are in close proximity and where they were when they crossed paths with another user. Happn also makes a point that messages are not accessed except by legal request, including by anonymised engines. This is markedly not the case with many other dating or social apps.

Internet security expert Gaya Polat, from VPNmentor said:

“The amount of data held online about users should make them wary about how their personal details are used. While the majority of this data usage is benign or necessary for services to function, knowing which companies hold which data about you is the only way to track your privacy, and how secure you really are.

“We recommend always reading the privacy policy to ensure you know what you’re agreeing to by signing up – but we hope this project will give something of an insight into what it all entails.”

For more information on what data major businesses hold on you – even if you don’t have an account – have a look at the full study on VPNmentor.