Facebook’s recent crisis over how it handles and protects its users’ data is horrifying and has raised questions about where the massive personal data leaks come from.

In this article we will assume that you and your friends (Sally and Kristen) are going to have a pizza movie night. Let’s use this common scenario as an example to assess how much data is being shared unknowingly, using the price of a single pizza.

Click here for big Data Digest related reports:

  • How did the data company that helped Trump win the election, Brexit and The Facebook scandal turn people around

  • Industry | election trump has used large data marketing, illegal use of 50 million Facebook users data, zuckerberg has yet to respond

  • Express | small starting long response FB data scandal, Google cloud emphasis on user privacy protection


First, Sally pulled out her iPhone X and exchanged some messages with her friend Kristen.

Sally and Kristen used Apple iMessage to send text messages to each other, but because the messages were encrypted, Apple couldn’t see them.

When a message is sent, Apple can capture and analyze anonymous metadata like timestamps in real time to ensure that the server has enough bandwidth for future traffic. For example, when they send each other the following message:



Data provided to Apple: end-to-end encrypted text, iMessage address information.

Additional data collected by Apple: anonymous timestamps, anonymous message routing information.

The order

As Kristen was cleaning out her apartment, she said to her Amazon Echo, “Alexa, open Domino’s and place an order.”

The Domino’s app installed on the Echo pulls out Kristen’s stored credit card information, and Alexa asks “Do you want to use a Visa card ending in 1234?”

The stored credit card information is used to buy pizza. Alexa also records the interaction, and the Domino program creates a record based on what she says.



Data provided to ALEXA: voice signature, request content.

Additional data ALEXA collects: interaction history, Echo device type, location information, the last four digits of a credit card number.

Data provided to DOMINO: payment and billing information, type of pizza purchased, number of orders.

Additional data collected by DOMINO: speech logs, hardware Settings, operating system, performance statistics.

On the way

Sally got in the car and took out her iPhone, opened Google Maps and set up directions to Kristen’s house. Google Maps uses the iPhone’s sensors to determine her driving position, and accelerometers and gyroscopes to determine speed and direction.

Google has collected anonymised data on her speed and location, and is also collecting data from nearby drivers to detect traffic jams.



Data provided to Google: destination, location information.

Additional data collected by Google: speed, main direction of driving, type of device (iPhone X), IP address of device, nearest Wi-Fi router, nearest cell tower.

selfie

Sally and Kristen hadn’t seen each other for a long time, so they decided to hold up their phones and take a selfie.

After Sally uploaded the photo to Facebook, the app suggested that she tag Kristen based on facial recognition, which Kristen agreed to do.

Facebook can collect Sally’s location information based on the IP address from which the photo was uploaded, so it can send her events in her city that she might be interested in, or send her ads that target specific people in a nearby place. The photos are also analysed to ensure there is no inappropriate content.



Data provided to Facebook: uploaded photos, photo captions, facial recognition.

Additional data Collected by Facebook: Photo analysis, location of the photo (if metadata has this information), date, device type (iPhone) X), device ID, equipment, operating system, battery, signal strength, the bluetooth signal, connection speed, and the rest of the space available, applications, and the file name and type, near wi-fi signals and base stations, with the function of voting screen near the smart TV, time zone, mobile operators, or Internet service providers (isps), IP address, operation time, frequency and duration, Hardware version and software version.

The movie

Kristen turned on her Apple TV, searched for and bought the movie Wonder Woman. Later, Apple would suggest Kristen buy other movies like “Batman v Superman: Dawn of Justice.” By default, Apple offers personalized recommendations, but users can turn them off.

During the process, Apple checked Kristen’s Apple ID and charged the credit card reserved in her account. It also used Internet bandwidth information to make sure the movie download speed was normal.



Data provided to Apple: selected movies, Apple ids, credit card information.

Additional data apple collects: Internet bandwidth information, purchase history.

The cost data

Sally and Kristen contributed at least 53 pieces of information, and the data listed in each scenario reflects what companies can gather based on their privacy statements, terms of service, and related documents.

Apple (AAPL), Amazon (AMZN), Google (GOOG), Facebook (FB) and Domino’s (Domino’s) have privacy policies totaling 76,069 words. At 250 words per minute, it would take more than five hours to read them all.

“Users can’t see what they’re missing through no fault of their own,” said Gennie Gebhart, a researcher at the Electronic Frontier Foundation, a digital civil liberties group.

These companies process data in very different ways and often for different purposes. Apple, for example, often separates user information from users and uses it to improve devices; Facebook and Google mostly use data to improve their services and support their advertising businesses.



What else is in the privacy policy?

According to their privacy policies, Sally and Kristen provided only a fraction of the information collected by tech giants. Below are some lists of data collection, but there is much more. (The following contents can be swiped up and down)

Data collected by Amazon

Information entered on the site: Name, telephone number, mailing address, credit card information, consignee’s name, address, telephone number, Friend’s email address, comment, and Amazon’s email communication content, the personal data of the personal introduction, social security, driver’s license number, account login name and password, purchase histories, browsing history, IP address, time zone, browser type, browser version, browser plug-in, operating system, click stream data, give Amazon contact phone number Code, viewing emails from Amazon, page response time, download error, visit duration, page interaction (scrolling, clicking, mouse hovering), browsing method;

APP use: location, device ID;

Alexa use: Name, phone number, contact information, to-do list, Shopping list, music playlist, the default payment information and receiving information, voice characteristics, the mobile phone address book (if have import), request content, interactive history, buy type, zip code (if you use the “Skill” looked at the weather), and “Skill” custom music radio, auxiliary product information, intelligent household equipment (type and name, the function, status, network Connections, location), voice messages, and common contacts.

What Amazon says

“Our privacy policy describes what information we will collect and how it will be used. We never sell our customers’ personal information, we encrypt the data during transmission and storage, and provide our customers with multi-factor authentication capabilities.”

Data collected by Apple

Create apple ID, purchase and other actions: name mailing address, phone number, email address, contact preference, credit card information, birthday;

To use a service or device: Location information, position, in APP Store operations, the search query service, mobile operators, language, country, zip code, the operating system, browser type, Internet service providers, reference URL, equipment, a unique identifier, time zone, IP address, open the apple email, friend or family member information (name, mailing address, email address, phone number).

Apple Media Services: country, payment method, Apple ID, device activity, location, memory.

What Apple says

Apple argues that companies should not keep detailed customer profiles. Apple typically separates users’ information from the users themselves, and the information is used to improve the devices it sells. It also doesn’t sell users’ personal information to advertisers.

Data collected by Domino’s

User registration information: name, mailing address, phone number, email, billing information, field of interest, product consumption, credit card information, password;

Transaction information: location, purchase characteristics, purchase quantity, purchase price, voice command record, communication entity during transaction;

Data obtained while using the service: Secondary communication, background noise, the device identifier, the equipment type, operating system, browser type, hardware, performance statistics, the server name, IP address, Internet service providers, general geographic information, accessing, date and time, use of a web page or application access page, references the URL, exit URL, trading history, installing fonts, J Avascript objects, social media content (when using Domino’s tags).

Domino’s

“Any customer information we collect from digital orders is only used to complete orders or improve the customer experience.”

Data collected by Facebook

Data obtained while using the service: The content of the name, email address, Shared, browse, participate in the content of the type, the content of the review content, information and communication with others, to contact friends and accounts and life events of the label, religious ideas, political views, people who are interested in, health, racial or ethnic origin, philosophical beliefs, trade union members, address book (” if you choose to upload, synchronization, or import “) , call log (” if you choose to upload, synchronization, or import “), SMS log history, contact information, payment information, shipping information, phone number, accurate location, upload photos and video, face recognition, equipment setup, the behavior of the messenger exchange, on Facebook, interact with friends and his account of the label, use the function, use F Facebook product of time, the location of the photo (such as metadata), date, frequency and duration of activity, the operating system, hardware version, software version, battery, signal strength, the available storage space, browser type, application, the file name and type, plug-in, equipment behavior (the mouse, the window of the front desk or background), device ID, and use , nearby wireless network equipment, bluetooth signal beacon and base stations, mobile operators, Internet service providers, language, time zone, IP address, connection speed, nearby equipment (with the function of voting screen smart TV), purchase, use of the service, Facebook activity (access web sites, purchase, browse the content of the advertisement and use of services), Online and offline operations from third-party data providers, Instagram activity, friends’ comments about you, friends’ contact information with you, photos of friends who show up, Facebook search queries.

Facebook claims

“We are well aware that privacy Settings and other important tools can be difficult for users to find, so we must do more to make people aware.”

Google data

Data obtained by registering an account: name, password, login account, email address, phone number, photo in profile, gender, date of birth, country;

Data obtained while using the service: Language preferences, and the Google service interaction analysis, the credit card information, contacts, written comments, reply to posts, historical position information, the map search, driving speed, driving direction, voice search content, photos, and video information (date, time, location information of shooting), age (via credit card transaction confirmation), browsing history, query the date and time , search history, frequency of visits, ads viewed and clicked on, categories of interest, Gmail messages, Gchat instant messaging, facial recognition, Google-driven content (i.e., documents), YouTube viewing history, calling the phone number of the user, forwarding data, call history and content, date and time of call, voice mail, voice mail greeting, duration and type, message routing information, IP address, mobile network information, the operating system, hardware model, device identifier, the collapse of the hardware setup, reports, browser type, bookmarks, extensions Installed and opened browser labels, referenced urls, calendar, login location, requested date and time, most frequent contacts, IP address urls for accessing links, website download history, Wi-Fi or mobile signal strength.

What Google says

“In order for users to make the right privacy choices, it is essential that people understand and control their own Google data. Over the past few years, we’ve developed tools like My Account to achieve this goal, and we encourage everyone to monitor it regularly.”

Domino’s “Independent Privacy Policy” section states that its data applies to Domino’s Pizza web sites, mobile web sites, applications, and third-party devices accessed through any Of Domino’s software platforms.


The original article was published on April 26, 2018

Author: Abstract bacteria

This article is from “Big Data Digest”, a partner of the cloud community. You can pay attention to “Big Data Digest” for relevant information.