(The Great Courses) Jennifer Golbeck - Taking Control of Your Personal Data. 1138-The Teaching Company (2020-02)

Topic Subtopic
Better Living Personal Development
Taking Control
of Your Personal Data
Course Guidebook
Professor Jennifer Golbeck

University of Maryland, College Park
4840 Westfields Boulevard | Suite 500 | Chantilly, Virginia | 20151‑2299
[phone] 1.800.832.2412 | [fax ] 703.378.3819 | [ web] www.thegreatcourses.com
LEADERSHIP
Paul Suijk President & CEO
Bruce G Willis Chief Financial Officer
Joseph Peckl Senior Vice President of Marketing
Cale Pritchett Vice President of Marketing
Jason Smigel Vice President of Product Development
Debra Storms Vice President, General Counsel
Mark Leonard Vice President of Technology Services
Kevin Manzel Senior Director of Content Development
Gail Gleeson Director of Business Operations & Planning
Kevin Barnhill Director of Creative
PRODUCTION TEAM
Trish Golden Producer
Michelle Pellatt Content Developer
Juliet Riley Associate Producer
Lisa Persinger Robertson Associate Producer
Trisa Barnhill Graphic Artist
Daniel Rodriguez Graphic Artist
Owen Young Managing Editor
Art Jaruphaiboon Editor
Charles Graham Assistant Editor
William DePaula Audio Engineer
Gordon Hall IV Audio Engineer
Valerie Welch Production Assistant
Roberto de Moraes Director
PUBLICATIONS TEAM
Farhad Hossain Publications Manager
Blakely Swain Copyeditor
Tim Olabi Graphic Designer
Jessica Mullins Proofreader
Erika Roberts Publications Assistant
Renee Treacy Fact-Checker
William Domanski Transcript Editor & Fact-Checker
Copyright © The Teaching Company, 2020

Printed in the United States of America
This book is in copyright. All rights reserved. Without limiting the rights under copyright reserved
above, no part of this publication may be reproduced, stored in or introduced into a retrieval
system, or transmitted, in any form, or by any means (electronic, mechanical, photocopying,
recording, or otherwise), without the prior written permission of The Teaching Company.
Jennifer Golbeck, PhD
Professor in the College
of Information Studies
University of Maryland,
College Park
Jennifer Golbeck is a Professor

in the College of Information
Studies and Director of the Social Intelligence Lab
at the University of Maryland, College Park. She
received an AB in Economics and an SB and SM in
Computer Science at the University of Chicago,
as well as a PhD in Computer Science from the
University of Maryland, College Park.
Professor Golbeck began studying social media
from the moment it emerged on the web, and she
is one of the world’s foremost experts in the field.
Her research has influenced industry, government,
and the military. She is a pioneer in the field of
social data analytics and discovering people’s
hidden attributes from their online behavior, and
she is a leader in creating human-friendly security
and privacy systems.
Professor Golbeck is the author of several print
and online publications, including the book
Analyzing the Social Web, and she is a frequent
contributor on NPR. Her TED talk on what social
media likes can reveal about you was featured in
TED’s 2014 Year in Ideas.■
i
Taking Control of Your Personal Data
TABLE OF CONTENTS
INTRODUCTION
Professor Biography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . i
Course Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
LECTURE GUIDES
Lecture 1 How Your Data Tells Secrets . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Lecture 2 The Mechanics of Data Harvesting . . . . . . . . . . . . . . . . . . . 11
Lecture 3 Privacy Preferences: It’s All about You . . . . . . . . . . . . . . . 22
Lecture 4 The Upside of Personal Data Use . . . . . . . . . . . . . . . . . . . . . 32

Lecture 5 Online Tracking: Yes, You’re Being Followed . . . . . . . . . 42
Lecture 6 Nowhere to Hide? Privacy under Surveillance . . . . . . . 53
Lecture 7 Consent: The Heart of Privacy Control . . . . . . . . . . . . . . 63
Lecture 8 Data Scandals and the Lessons They Teach . . . . . . . . . . 73
Lecture 9 The Dark Web: Where Privacy Rules . . . . . . . . . . . . . . . . . 83
Lecture 10 Algorithmic Bias: When AI Gets It Wrong . . . . . . . . . . . . 92
Lecture 11 Privacy on the Global Stage . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Lecture 12 Navigating the Future of Personal Data . . . . . . . . . . . . . 111
SUPPLEMENTARY MATERIALS
Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Image Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
ii
TAKING CONTROL OF
YOUR PERSONAL DATA
Today’s headlines are dominated by reports of scandals and hacks
involving millions of people’s personal data. There has never been
a more important time to be informed and in command of what
personal data is, how it’s used, and what you can do to protect
your privacy.
This course introduces you to the complicated and evolving world
of personal privacy in the digital age. You’ll learn what constitutes
personal data, both online and in your physical interactions. You’re
already familiar with much of this data and how it’s gathered and used,
but you may be surprised at how data can be aggregated and analyzed
by powerful algorithms to reveal astonishing things about you.
You’ll be guided through the mechanics of the many technologies that
exist to track your behavior online. Sometimes these technologies
make your life easier, but often they are used in ways that are hidden
and can be used to manipulate you. How comfortable you are with
these practices is a personal choice. This course will help you figure out
where you stand on the spectrum of privacy approaches so that you
can choose the strategy that works for you.
The course offers concrete advice and tools for creating and
maintaining privacy controls that work for you. You’ll find a variety
of control strategies for all of your privacy concerns, from VPNs and
alternative social media options to technologies that help you navigate
the bewildering world of consent. Some of the most serious personal
data issues can only be addressed through regulation, and you’ll
discover how governments in the US and abroad are dealing with
these serious concerns.
The world of personal data is constantly shifting as technology
evolves. This course teaches you how to ask the right questions and
find the right answers to keep your data safe and protected—today
and in the future.
1
HOW YOUR DATA TELLS SECRETS

LECTURE 1
The landscape of data collection and analysis has changed many

times over the years—sometimes in expected ways and sometimes
in surprising ways. Never before in human history have we been
able to share so much about ourselves with other people so
quickly. And never in our history have we been so exposed
to forces that want to take advantage of that ability.
And this new reality has pros and cons.
2
Lecture 1
How Your Data Tells Secrets
Artificial Intelligence Algorithms
Personal data can be a When she did, she posted a

powerful tool to help people. photo of herself at the beach
Consider this example. Suicides on Facebook. The insurance
among soldiers, especially company paying for her
those returning from conflict disability saw the photos,
zones, is unacceptably high. decided that she looked like she
The Department of Defense was having a good time and
acknowledges this as one thus was no longer depressed,
of their most frustrating and revoked her coverage.
problems that they want to Apparently no one told the
do more to address. One insurer that even severely
project showed how soldiers’ depressed people can smile and
social media data and other laugh sometimes.
writings could be analyzed
by artificial intelligence and We all know that when we
used to identify people at risk post things online—whether
of self-harm. The resulting it’s a restaurant review or
tools could identify suicidality a social media post—this
more accurately than state-of- personal information can
the-art medical approaches, be seen and shared. Data is
and these were built into collected in many startling
other tools to help medical ways, and new information
professionals intervene. is created from that with
artificial intelligence.
But that same analysis can
also be used to hurt people.
Our data tells stories. It is bad
One infamous story comes
at keeping secrets. Artificial
from Canada, where a woman
intelligence can bring those
was diagnosed with severe
secrets out—sometimes for
depression and put on long-
good and sometimes in very
term sick leave. Her doctors
creepy ways.
advised her to try to have fun
and maybe take a vacation.
3
You create a lot of data by just But data is collected in many

existing in a digital world. Your more subtle—and some might
purchases are tracked through say nefarious—ways. Maybe
your use of credit cards and you’re chatting with a friend in
loyalty cards. Your internet person, not using your phone
traffic and web searches are at all, and say, “Next year for
recorded. Your social media spring break, we might go to
posts contain all sorts of Costa Rica!” You don’t look up
personal information. Your anything about Costa Rica or
phone tracks your location, post about it; you only make
the apps you use, and the time the comment to your friend.
of day you are using them Yet the next day, ads for Costa
and connects that with your Rican tourism start appearing
contacts, calendars, phone on Facebook or blogs or other
calls, and text messages. websites. How does that
Cameras capture your happen? Some apps have code
movements in public spaces. that turns on your phone’s
It can be overwhelming when microphone and passively
you list it all out like that, but listens in!
most people probably aren’t
surprised by any of this.
4
Lecture 1
Huge amounts of data are intelligence algorithms

being collected about you, and that analyze what you have
you’re probably unaware of interacted with before and
many of them. Why is so much then guess about new things
collected? Because it can be you might like in the future. But
used to generate even more what’s going on inside those
information about you! algorithms, and what else can
they find out about you?
You’re probably familiar with
artificial intelligence algorithms An algorithm is just a
that use your data, even if you series of steps a computer
haven’t thought about it. For takes. Artificial intelligence
example, Netflix and Amazon algorithms are steps a
both make recommendations computer takes to become
to users. Netflix suggests “intelligent” about something—
shows you might want to such as Siri understanding
watch; Amazon recommends what you’re asking or a map
products you might want to application finding a good
buy. They do this with artificial route for you to take.
Machine Learning Algorithms
A machine learning algorithm Each day, it would note the

is a specific kind of artificial conditions and then wait to see
intelligence algorithm that if you go outside. If you do, it
helps a computer learn things. learns that that day’s conditions
As a simple example of how are good. If you don’t, it
these algorithms work, say learns that they are bad. Over
you have an app that tracks time, it builds up a model of
when you go outside for a your preferences.
walk or a run. It also knows
the weather. If that app had a There are great ways that
machine learning algorithm algorithms help people every
built in, it could start to learn day, but there are also terrible
which weather conditions uses of it that invade people’s
are conducive to your walks. privacy and impact their lives.
5
We build up mental models like in 2012. Researchers used

this for ourselves and others people’s public Facebook
all the time. If you walk with information to guess what
a friend, you probably know their personality traits were.
what days your friend will Basic personality tests,
want to come out and what such as the Myers-Briggs
days he or she will want to stay Type Indicator personality
home. That’s because you have inventory, measure things
learned a model of his or her like whether you’re an
behavior, and even if you’ve introvert or extrovert, if
never seen a day with this you’re a procrastinator
exact set of conditions, you or a planner, and if you’re
can still make a good guess. open to new experiences
or prefer to do the same
Machine learning models do things habitually.
the same thing. The algorithm
takes some input, such as To make an algorithm that
weather conditions, and an could guess these traits from
answer about whether it is Facebook data, researchers
a good or a bad day. Then, the had hundreds of people
algorithm builds a model from take a personality test and
a series of examples. When it’s then fed a machine learning
done, you can ask it a question algorithm their Facebook
about a totally new set of data and their scores.
weather conditions, and it can The algorithm learned a
make a guess about whether model of each personality trait.
it’s a good or a bad day. In the end, the algorithm could
guess someone’s score
Machine learning models
on the personality test
can use your personal data
as input instead of weather exceptionally well just by
conditions to build up models examining their Facebook
that let them guess all kinds of data. It was only off by about
personal things about you. 10 percent, which is basically
how much your score can
A lab at the University of change when you take a
Maryland did one of the first test depending on the mood
research projects in this space you’re in.
6
Lecture 1
Since that first study, there has But it turns out that algorithms
been an explosion of work on don’t rely on these obvious
this topic. In a study conducted indicators very often. Instead,
at Cambridge University, they are finding statistical
researchers wanted to see connections that don’t make
if they could use Facebook much sense to humans.
likes to predict a whole host
of personal attributes.* These algorithms are very
They used the likes to predict opaque. They can give us an
demographic information, accurate answer a lot of the
such as race, religion, gender, time, but they don’t give us
and sexual orientation; any insight about how they
behavioral attributes, such as got to that answer. Part of
if you were a drinker, smoker, that is intentional. Computer
or drug user; and preferences, science as a field is only
such as if you were liberal or concerned with whether
conservative. They could even something can be computed;
tell if your parents divorced it is not interested in the social
before you were 21. insights as to why.
You may be thinking that you

don’t need any algorithms Research has found that viral
to connect likes to some of videos, fads, rumors, fake
these attributes. If you like news, and pages to like on
the GOP page on Facebook, Facebook all spread in online
there’s a good chance you’re social networks the same way
conservative. If you like the that diseases spread in offline
Jim Beam page, there’s a social networks.
good chance you’re a drinker.
* On Facebook, you can like all sorts of things—sports teams,

movies, books, bands, restaurants, or any page that a person
creates. The things a person likes is a pretty narrow sliver of all
the information that person shares on Facebook, but it is always
public. You can’t make your likes private, so anyone can get access
to them at any time. In other words, people can use your public
likes to discover private information about you.
7
Homophily and Correlations
Most of what you like on social homophily, and it’s basically

media is social—it’s stories, the concept that birds of a
pages, pictures, and videos feather flock together. If
that appear in front of you you’re rich, your friends tend
because someone shared it. to be rich. If you graduated
Rarely is it something you from college, your friends
go search for yourself. So also probably graduated
what you see depends on from college. It’s not that all
your friends. of your friends are the same
as you, but rather that your
Sociologists have known for a personal attributes are shared
long time that we are friends by your friends more often
with people who are similar than they are shared by the
to ourselves. They call this general population.
8
Lecture 1
Essentially, an algorithm Also, correlations found by

guesses that you belong in algorithms are not stable.
the group of people who Algorithms constantly refine
liked a certain page, and that and rebuild their models
group’s traits are reflected and don’t rely on specific
back onto you. Without correlations explicitly.
knowing it, the algorithm For users, it means that you
is picking up on traces of can’t adjust your actions
your social interactions and based on knowledge about
using them to learn more what was predictive last
about you. Homophily is week, because it may
incredibly powerful when have changed.
used by these algorithms.
It’s important to know that In addition to algorithms
these are not meaningful discovering things that are
correlations in the data from a true about you right now,
human perspective. They are researchers are getting very
statistical patterns that are good at predicting things
found for some people in the that will be true about you in
context of millions of others the future—even before you
that allow a mathematical know it.
tool to separate people
One project followed
into groups.
pregnant women on Twitter
It’s also important to realize and developed a model that
that you can’t hide from could predict whether they
algorithms. You may be able would develop postpartum
to control what you post on depression. On the day
social media or what you buy, a woman gives birth, the
but you don’t know what your algorithm already knows the
actions say to an algorithm. outcome—and it is right 80
So if there is something you to 85 percent of the time. It
want to keep private, there’s does this using data about the
no way to know how to do that style of people’s writing, their
when an algorithm is doing interactions, and the kinds of
the analysis. posts they make.
9
So What Can You Do?
How can you take control over Sometimes it is for relatively

these algorithms? In most benign purposes, such as show-
ways, you can’t. ing you the most relevant ad.
Sometimes it’s really helpful,
In the US, you do not own your such as Amazon notifying you
personal data, and companies of items you need to go with
do not have to tell you what a new appliance you bought.
they know about you or how But they were also used in the
they are using your data. 2016 presidential election to
These algorithms are used try to suppress and manipulate
behind the scenes all the time, the vote—and no one told you
often without your knowledge. about it until after the fact.
Assignment
Where are you leaving data behind? Any time you participate in
a digital transaction—log onto a website, buy something with a
credit card, drive through a toll sensor, or check the weather on your
phone—data about you is collected. Over the course of these lectures,
you will probably discover new ways you are being tracked that you
didn’t know about! But for now, try to make a comprehensive list.
Don’t forget to include any device in your house that has internet
access, such as a scale, smart light bulb, or video doorbell. You’ll
probably be surprised by how long your list is.
Resources
Duhigg, “How Companies Learn Your Secrets,” https://www.nytimes.
com/2012/02/19/magazine/shopping-habits.html.
Golbeck, “Smart People Prefer Curly Fries,” https://slate.com/

technology/2014/10/youarewhatyoulike-find-out-what-algorithms-
can-tell-about-you-based-on-your-facebook-account.html.
Netflix Research, “Recommendations,” https://research.netflix.com/

research-area/recommendations.
10
Lecture 2
The Mechanics of Data Harvesting
THE MECHANICS
OF DATA HARVESTING
LECTURE 2
When thinking about being careful with our personal data, especially
online, we tend to think about what we explicitly choose to share, such
as our address, phone number, or other sensitive personal information.
But data is collected about us in many other ways. Some of these we know
about. Our phone companies keep track of who we text on our mobile
devices; our credit card companies keep track of where we shop and
what we spend. In addition, though, vast amounts of data are being
collected that you might not know about. Websites and your
devices with apps you’ve installed are regularly collecting
huge amounts of information about you, including
sensitive information that they probably
don’t need to operate.
11
How—and How Much—Information Is Collected
Facebook wants to know people typed in the box, just

details of how people use their how much they typed there.
platform. Their main goal But if their policies changed,
is to keep people engaged or if other services used this
with it. They want people technology, they could store
to use Facebook as much as
that information and use it in a
possible and to know what
variety of ways. The technology
kinds of activities keep people
engaged. For example, if to collect text like this is very
you are commenting on your straightforward to use. Thus,
friends’ posts, that is good it is safe to assume that many
from Facebook’s perspective websites are harvesting
because it keeps you on information that you type on
Facebook and encourages your their platforms, even if you
friends to engage. But what if choose not to send it.
you start to post something and
then reconsider, never actually Your phone is also a gold mine
posting it? for companies who want to
collect information about
Facebook wants to know when
this happens, so they have code you. For example, Geoffrey
that collects information about Fowler at The Washington Post
you when you do this. We don’t wondered about his iPhone.
know if they are collecting the Just how much data was it
text you type or just data like sending out that he didn’t
how much you typed, but the know about? He worked with
technology exists that would let a company called Disconnect
them grab your comment, store to monitor the data that was
it, and analyze it—even if you sent from his phone and was
don’t actively post it.
shocked by the results: In a
When this was first reported, week, 5,400 hidden apps and
Facebook claimed that they trackers received data from
were not collecting what his phone.
12
Lecture 2
During the Women’s World Cup, La Liga, a National Professional

Football League in Spain, used their app to spy on users. They
turned on the microphone to listen in and hear if the user was in a
bar or other establishment that had the game on TV. Then, using
location services, they could identify exactly which establishment
that was. If the bar didn’t have a license to show the game, La Liga
could come after them. Essentially, users’ phones were hijacked
to catch bars showing the game who hadn’t paid for the rights.
They were able to do this because users allowed microphone and
location access to the app when they installed it, but the app did
not say what it planned to do with that access.
Apps, trackers, and your phone Some of them are tracking us

itself can track your location, in especially surprising ways.
your pattern of movements, For example, some apps turn
who you call and how long you on your phone’s microphone
talk, who you text with and and passively listen in on
how often, what other apps what’s happening in the
you have installed, your phone background. They can use
number, your contacts, and this to pull out keywords you
sometimes even your photos. say or to identify TV shows
And in most cases, we do not or songs or commercials you
know who these companies are hearing. All of this feeds
are or what they are doing with into a profile about you, your
our data. interests, and your activities.
13
Even without access to the And even when we do

microphone, though, it is know that our devices are
possible to listen in on you. listening, they may capture
Phones have accelerometers more than we expect. Virtual
that can tell how fast you are personal assistants work
moving in three dimensions. by listening for a “wake”
This is used for things like the word or phrase, such as
compass, fitness apps that “Hey Siri” or “Hey Google”
count steps, and games you or “Alexa.” They record what
control by tilting your phone. follows, upload that audio
There is no special privacy to the host (such as Apple or
permission that controls Amazon or Google), where
access to the accelerometer. it is processed and analyzed,
Researchers have shown and a response is generated
that the sound from talking and sent back. If someone
causes vibrations that the were to activate an Echo while
accelerometer picks up, and an something criminal *was
app could analyze those and happening, Amazon may well
convert it into speech. have a recording of it.
* Timothy Verrill is accused of murdering Christine Sullivan and

Jenna Marie Pellegrini in January 2017. On the night of the
murder, he broke into Sullivan’s home and brutally beat and
stabbed the two women to death. There was an Amazon Echo
personal assistant device in the home, and prosecutors took the
device. They believed there may be some recordings of the actual
murder on it. A judge in the case also ruled that Amazon had to
turn over any recordings they had.
14
Lecture 2
Perhaps you are not criminally the recordings as the man’s

inclined and therefore are not girlfriend. Amazon says that
particularly worried about releasing this data to the wrong
your personal assistant device person was a mistake, but the
incriminating you at trial, but fact that they save thousands
the fact that these devices can of recordings from people is
and do make recordings in your an interesting fact on its own.
home without your knowledge These recordings contain
should set off alarm bells. deeply personal data that,
when aggregated, can reveal
Just how much does Amazon a tremendous amount about
collect from devices like this? In a user.
late 2018, a German Amazon
user requested an archive of all And why collect all that data?
of his data that the company Because it can be used to
profile you. The realm of things
held, a right he has under the
that can be understood from
European privacy General
simple data is vast—and
Data Protection Regulation.
growing. In fact, recent work
Amazon sent 1,700 recordings
has been able to predict
from someone else—including
things that will be true about
some recordings that person
you in the future before you
had made while he was in even know it.
the shower. The recipient
contacted Amazon but never A study conducted at Cornell
heard back from them. So University set out to identify
eventually, he went to the someone’s spouse or
magazine publisher Heise with significant other on Facebook
what he had received. by looking only at which of
their friends knew one another.
The journalists found that As they analyzed their data,
by listening to recordings they accidentally discovered
that asked for weather and that they could predict whether
mentioned people’s first someone’s current relationship
and last names and friends’ was likely to last or fall apart in
information, they were easily the near term.
able to identify the voice on
15
Many researchers study how There’s a lot of information

to build algorithms to predict that can be uncovered
future behavior and attributes. about you from background
A lot of concern comes with data that you may be
this technology, especially unaware is being collected.
when it operates on public On top of that, you’re even
data. It can really help people less likely to be aware of
and the organizations they the algorithms being applied
work with. At the same time, to that data and the power
it can be incredibly intrusive they may have to understand
and used in unfair ways. We things about you. And
don’t yet know how to strike basically, you can’t hide
the balance. from them.
Shadow Profiling
Even if you have not created Facebook, how do they build

a Facebook profile, Facebook a profile about you, and what
still knows a lot about you. could they come up with?
For many people who are Facebook admits that
not on the site, Facebook they have these shadow
creates something called profiles, but we don’t know
a shadow profile. Basically, a lot about how much data
they have in each one or how
it’s very easy to know when
they calculate that data.
a person is missing from But there is straightforward
a social network. There is a technology that could be
hole where a person should be, used to build one of these
and Facebook can easily figure shadow profiles. We don’t
know exactly how Facebook
out who that person is that
is doing it, but what follows is
the hole represents. an educated guess. Also, the
focus here is on Facebook, but
So if you don’t have a Facebook most other big social media
account and you’ve never platforms could and may do
shared any information with this, too.
16
Lecture 2
The most obvious information If you are not on Facebook

to use is other people’s contact but you are in someone’s
lists. If you have a friend who contact list when Facebook
has a social media account and downloads your friend’s
that friend uses the app, your contact list, Facebook now
friend likely has given access knows that you exist, what
to his or her contact list. Many your name is, what your phone
platforms ask for this because number is, what your email
it allows them to pair you up address is, and maybe things
with other people who are like your street address or
using the app. They do this your website or a picture of
by downloading a list of your you. Getting that from one
contacts along with all of your person is useful. But the vast
contacts’ data—their phone majority of Americans who
numbers, email addresses, have internet access also have
street addresses, and maybe a Facebook account. So even
photos—and if a particular if you are not on Facebook,
platform has another user in most of your friends still are,
the system with that same and you are likely in many of
email address or phone their contact lists. And when
number, it can suggest that your friends give permission
you become friends with that for Facebook to access their
person. Essentially, a phone contacts, Facebook retrieves
number or an email address your data from a lot of
are unique identifiers. different people.
17
So now Facebook doesn’t just if Facebook has your street

know that you exist. It also address and can show that
knows who a bunch of your you live nearby.
friends are. And since these
Similarly, if you go to a church
friends have profiles, some of or temple or mosque and have
them are likely friends with friends on Facebook who
each other, while others are have you in their contact
from different social circles. list who go to that same
This can reveal your interests. religious institution and who
are friends with each other,
For example, several people Facebook may be able to
may be in your neighborhood’s infer your religion from that.
Facebook group. And if you The same thing applies if a
have three or four people lot of your friends share an
who you know in real life interest in a sports team
or list the same employer.
and those people have you
From this information that
in their contact list and are
your friends have provided,
on Facebook and also part Facebook knows your name,
of the neighborhood group, your location, your contact
Facebook may infer that you’re information, a bunch of
likely to live in that same your friends, and many of
neighborhood, especially your interests.
18
Lecture 2
This information can also friends who do not, Facebook

reveal other traits. For may be able to tell your
example, research shows that sexual orientation just from
it’s quite easy to determine information that other people
sexual orientation based provide. These details about
solely on information about people who have opted out
people’s friends, especially of the system can be used
for men. So even if you keep in a variety of ways with
your sexual orientation both good and potentially
private online, if you have dangerous consequences.
So What Can You Do?
Check out how much of

your data is being shared. Technical steps alone
There are apps that will cannot stop the mass
allow you to do this. The collection of data about
Privacy Pro app, created by us, but we can make it a lot
the Disconnect team that harder to collect.
helped The Washington Post
investigation, has a free option
that will let you monitor Check your privacy
trackers and information being preferences. On your phone,
shared in the background on turn off apps’ permission to
your phone. It will also block access your location, contacts,
them, which speeds up the and other information, unless
performance of your phone it is really critical. To stop
and protects data that would background data collection,
be shared. select the options that prevent
apps from running in the
Delete old posts on social background, and if they do not
media. When less information need to contact the internet—
is available about you, as is the case with many
algorithms can discover less games—turn off their rights to
about you as well. use cellular data.
19
By blocking apps from using downloading and showing

data, you are preventing ads to you. This might disable
them from being able to send some features of the app, but
any information about you you can decide which option
out to the world. This action feels best for you for each
may also stop them from individual app.
Assignment
Check out your privacy settings. If you are on social media, such as
Facebook, Instagram, or Twitter, log into your account, look at your
privacy settings, and see what your default sharing is set as.
Are you OK with it? Are you surprised by the setting? If you have
a smartphone, go to your settings and select Privacy. Look at the
different features and see what you share with which apps. Is this
what you expected?
Are apps accessing more than you thought? If you don’t have any
social media accounts and don’t have a smartphone, you can still
look at your TV, cable box, or other household devices. Some of
these will have privacy policies in the settings. You usually can’t
change these, but it is informative to see what your devices are
collecting. This is a great opportunity for a privacy checkup—
update any settings you don’t like or that concern you and try the
new settings for a while. Your privacy may improve without any
negative impacts.
Resources
Fowler, “It’s the Middle of the Night. Do You Know Who Your
iPhone Is Talking To?” https://www.washingtonpost.com/
technology/2019/05/28/its-middle-night-do-you-know-who-your-
iphone-is-talking/.
Haskins, “Amazon Sent 1,700 Alexa Recordings to the Wrong Person,”

https://www.vice.com/en_us/article/pa54g8/amazon-sent-1700-
alexa-recordings-to-the-wrong-person.
20
Lecture 2
Matias, “Spain’s Top Soccer League Fined for Using App to Spy on Fans
in Fight to Curb Piracy,” https://www.npr.org/2019/06/12/732157537/
spains-soccer-league-fined-for-using-app-to-spy-on-fans-in-fight-to-
curb-piracy.
Perez, “Some Apps Were Listening to You through the Smartphone’s

Mic to Track Your TV Viewing,” https://techcrunch.com/2018/01/02/
some-apps-were-listening-to-you-through-the-smartphones-mic-
says-report/.
Whittaker, “Judge Orders Amazon to Turn Over Echo Recordings in

Double Murder Case,” https://techcrunch.com/2018/11/14/amazon-
echo-recordings-judge-murder-case/.
21
PRIVACY PREFERENCES:
IT’S ALL ABOUT YOU
LECTURE 3
When it comes to personal data and our individual privacy

concerns, there is no one-size-fits-all solution. Every one of us
falls somewhere along a spectrum regarding how much
information we are willing to share and in exchange
for what. Part of taking control of your personal
data involves getting to know where you
stand on that spectrum.
22
Lecture 3
Privacy Preferences: It’s All about You
The Privacy Spectrum
One easy and useful way to On question 1, a score of 4 or

measure where you stand on 5 indicates concern, while a
the privacy spectrum is with score of 1 or 2 indicates a lack of
the Westin-Harris privacy concern. On questions 2 and 3,
scale,* which groups people the reverse is true, with a score
as privacy fundamentalists, of 1 or 2 indicating concern
privacy pragmatists, and and 4 or 5 indicating a lack
privacy-unconcerned of concern.
individuals. The scale has
three statements and asks Privacy fundamentalists want
people to rate them on a scale to closely control their data;
from 1 (strongly disagree) to they give answers that indicate
5 (strongly agree): concern on all three questions.
Privacy-unconcerned
1. People have lost all individuals generally do not
control over how personal worry about their data and give
information is collected and answers that indicate a lack of
used by companies. concern on all three. Privacy
pragmatists consider the
2. Most businesses handle trade-off between privacy and
the personal information convenience, and their scores
they collect about users in a fall in the middle.
proper and confidential way.
3. Existing laws and About 10 percent of people

organizational practices are unconcerned, 25 percent
provide a reasonable level are fundamentalists, and the
of protection for user rest are pragmatists.
privacy today.
* The scale was originally developed to measure people’s concerns

about financial information, such as credit card numbers getting
out, but has been modified to help understand concern about
personal data more broadly.
23
Knowing where you fall on Privacy pragmatists

the scale can guide your will have to think about
decisions. If you are a privacy how much value they
fundamentalist who doesn’t get out of applications
want any of your data that collect their data
collected, used, or analyzed and where the trade-off
without your explicit line is for them between
permission, you are likely to the convenience and
want to take more steps features they get
to protect it. and protecting their privacy.
As a society, we have by default made social

media a repository for our lives, but there
is no reason that you need to have years of
personal information stored on Facebook or
Twitter or Instagram.
Fortunately, there are automatic tools
that can help you purge your social media
content or periodically review it with
targeted deletion.
• Facebook Timeline Cleaner runs in
your browser, and you can specify
that it should delete everything older
than a certain number of hours.
• Tweet Delete automatically deletes
content that’s more than a specified
number of days old.
If you’re interested in adopting this strategy
but don’t want to lose all the content you
have created, all the major social media
sites have an option in the settings that
allows you to download an archive of your
data, including all of your posts, photos,
and comments.
24
Lecture 3
Being unconcerned about into the information that

your data is OK if you truly is available about you. He
understand all the ways that or she may even employ
your data can be used and several people to spend
you genuinely don’t worry many hours combing the
about it. internet for any little crumb
that may be able to be used
It’s also useful to think about against you.
who you are worried about
having your data and using it, A CIA agent. This person
because that can also guide has access to tremendous
you to think about where you power, resources that are
want to put your efforts into not available to the general
controlling your data. To help public, and technology
you understand this, imagine to do things that even
three people: sophisticated people or
organizations cannot.
A person you’re going on a And this person is likely
date with. This is someone pursuing an agenda that
who’s probably going to you are not aware of.
search for you on Google
and Facebook and may These three imaginary people
spend 10 minutes looking represent three broad types
through the information of people or organizations
that’s out there online. that might gather and use
This person is not trying your data.
to stalk you or get some
deep understanding of your The first group, represented
psyche; he or she just wants by your potential date, is
to understand a little bit relatively innocuous—not
more about you. searching deeply, no harmful
intent, just seeking to get
A lawyer representing to know you a bit using data
your ex in a vicious custody that is readily available.
battle. This person is willing This group might also
to spend a lot of time and include a potential landlord
money to dig very deeply or employer.
25
The second group, much more power than an

represented by the lawyer, average person to collect
may be more worrisome. This information about you and to
person has access to the time analyze it.
and resources needed to dig
deeper and is motivated to act For each type of data, you
against you. Scammers and have to think about which of
small-scale hackers might also these groups you’re worried
be in this group. about. It may be all. But if
you’re not worried about an
The third group, represented organization as powerful as
by the CIA agent, may be the government, then you
most troubling of all, with may be able to skip some
vast resources available steps that will protect your
and whose presence and data. Often, the more steps
motives may be completely you take to protect your data,
invisible to you. This group the more inconvenience you
would include government have to deal with. This may
organizations who are doing come from slower connection
an investigation, but also large speeds, loss of functionality,
technology companies who or extra steps you have to take
are willing to collect, analyze, in the course of your work.
and store data about hundreds Your personal preferences
of millions of people to make will dictate what you want
money off them. This group to put up with and when
doesn’t necessarily have to you’re willing to give away
have negative intent toward information in exchange
you, but it’s a group that has for convenience.
Types of Data to Control
There are three types of about you in the background

data that you want to be that you may not know about,
able to control: data that and data that is inferred or
you are explicitly choosing to calculated about you using
share, data that is collected artificial intelligence.
26
Lecture 3
We can be lulled into thinking that even if our posts are public

and available to everyone, the only people who are really looking
at them is a small group of friends. But studies have shown that
people tend to vastly underestimate the number of people who
actually look at their posts.
The easiest group to tackle is First, review the default

data that you explicitly share. privacy settings on social
This tends to be where you media and any other internet-
get the most guidance about based applications where
taking care on social media: Be you are storing your data,
careful about how much you such as a photo-sharing
post, don’t share your address, or video-hosting website.
and maybe turn off location ID. The default setting for
these is often to share
All that traditional advice everything publicly.
is good if you want to keep
this information private. And If you are using social media
again, it’s a reasonable and or other internet-based
sane position if you say that services with the expectation
you don’t care. The one caveat that only your friends are
is just be careful when you’re looking at your posts, then
thinking about how you might you should make sure your
be revealing other people’s privacy settings actually limit
information. For example, the visibility of your content
consider who else is in the to those people. If you don’t
pictures you want to post and limit it, it is likely that many
if they would be OK with them more people are seeing it
being posted. and thinking about how
to use it. On pretty much
If you want to control what every platform, there will
can be discovered about be a section for privacy and
you through what you security under settings where
explicitly share, here are you can limit the visibility of
some basic steps to take. your content.
27
Some sites have very technology prevents internet

sophisticated privacy controls, service providers (ISPs) from
but the basic choice that you analyzing the websites you
will have is to make everything visit and aggregating and
public—which is often the selling that information
default—or to limit the visibility to advertisers—which is
of your posts, which usually something that they are legally
means only friends or people allowed to do. Basically, VPNs
that you approve can see route all of your internet
your content. requests from your computer
to a third party, which then
What about information that sends them out to the internet.
is collected about you in the
background? This can be data Another thing you’ll have to
that is harvested off your think about in establishing
phone or collected from your your privacy profile is how
web-use behavior. This gets you use other connected
much more complicated and devices. We pretty much all
is a good place to spend time have internet access on our
thinking about where you computers and phones, but
fit on the privacy spectrum there are many other devices
and how you want to control in our lives that want and
your data. For information may use internet access.
that’s being collected in the And if they have internet
background, we rarely know access, it’s likely that they are
what that is or even who is collecting information about
collecting it and how it will you. Just how extensive that
be used. information is depends on
the device.
If you want to limit this kind of
surreptitious data collection, In-home surveillance
what can you do? One tool devices, such as an Amazon
that can be very powerful Echo, can collect extensive
in combating background recordings of your personal
data collection is virtual conversations, along with a lot
private networks (VPNs). This of other data. Smart devices,
28
Lecture 3
such as smart refrigerators The final important step in

and TVs, often come with figuring out where you stand
privacy warnings to not have on the privacy spectrum is
sensitive conversations in knowing how information gets
front of the devices because inferred about you from your
they could listen in and personal data—even if you are
these conversations could careful about what you choose
be captured. to share on social media and
you have made informed
Once again, however, there is choices about what you share.
convenience that comes with
Plenty of insights about you
having these internet-enabled
and your behavior can be
devices. What kind of privacy
inferred from even seemingly
you are willing to trade for that anemic data about you. On
convenience is up to you. the one hand, you don’t have
But you should make a a lot of control over this. Once
conscious decision about this the data about you is out there
from a privacy perspective and people get a hold of it,
instead of just allowing this they can basically do whatever
technology in that may be they want with it, including
eavesdropping or spying making all sorts of inferences
on you. about you.
29
The one place you do have to hide it from them beyond

power is in limiting what the steps that already have
they are able to use. The been discussed. But you do
most powerful groups, such have an element of control
as governments and very in choosing the platforms on
large tech companies, are which you share information.
likely to amass this data Some are more privacy-
about you no matter what. conscious than others, so
There’s very little you can do shop around.
So What Can You Do?
Treat social media as a more charge you a small monthly

ephemeral store of information, fee to host the photos, but
and use alternatives where it’s a small price to pay to
it makes sense. For example, have a private, password-
for sharing photos, you might protected site for hosting
currently use Facebook, your photos.
which makes it easy to share
those photos with friends and You can actually use a photo-
family. However, Facebook sharing site in combination
makes money by analyzing and with Facebook. For example,
exploiting your data, and there instead of posting photos
have been many instances directly to Facebook, you could
where they have not been post a message to Facebook
good stewards of that data. that says “the birthday party
photos are now available
If you want to limit what on this website” with a link
Facebook can analyze about to a password-protected
you and the people you know, photo-sharing site. Facebook
you might want to look for is unable to access or
an alternative photo-hosting analyze those photos, and
service. There are many of unauthorized people are
these online that don’t make unable to see the photos, but
any money off analyzing your all of your family and friends on
photos or identifying people Facebook to whom you have
in them or learning anything given permission are able to log
from them. They may in and see the pictures.
30
Lecture 3
Consider moving things like media site into a text message

private messaging out of or group chat. Text messaging
the direct message or private is much more private
message service from a social and secure.
Assignment
If you have social media accounts, such as a Facebook account, go

far back in your posts and see what’s there. Are you happy with it?
Does it make you feel a little weird? Would you like other people
to read through that old content, or would you maybe like it gone?
This is a good chance to check in on the data you are storing online.
It’s fine if you are happy with what’s there, but if you’re not, take this
opportunity to delete some old content!
Resources
Facebook, “Accessing & Downloading Your Information,” https://
www.facebook.com/help/1701730696756992?helpref=hc_global_
nav.
Golbeck, “How to Set Up a Virtual Private Network,” https://slate.com/

technology/2017/02/how-to-set-up-a-virtual-private-network.html.
TweetDelete, https://tweetdelete.net/.
31
THE UPSIDE OF PERSONAL DATA USE

LECTURE 4
Many of the ways our personal data is used and collected are
pretty creepy. But the reason these technologies are still being
developed by many people who are not evil conglomerates or
profit-hungry corporations is because they can be used in
ways that benefit you. And knowing those benefits
can help you make sound choices in
controlling your data.
32
Lecture 4
The Upside of Personal Data Use
Simple Applications of Personal Data
In the early days of the internet, This is personalization based on

if you searched for a term, such your personal data, but it’s not
as “pizza delivery,” the search all that creepy.
results you would get would
be the most popular page in This is very basic technology,
the world that matched that and it doesn’t include
term. For many searches, that’s anything especially personally
good, but for pizza delivery, it identifiable about you.
probably isn’t. Moreover, you know why your
location is being used: to help
If you live in a small town in you find the most relevant
Iowa, you’re not interested in information using basic data
what the world’s most popular that is easily available.
pizza delivery website is; you’re
probably interested in a pizza This same kind of technology
delivery website that delivers is also used to do things like
to your town in Iowa. This show pages that are written in
requires showing different your language. If you are using
search results to different a search engine in English, it is
people based on what we know likely to show you more English
about them. pages, especially if you’re
located in an English-speaking
Any website can tell roughly country. If you are in Russia
where you’re located by your IP and have set your language
address, the unique identifier preference to Russian, you will
that every computer gets when probably see more Russian-
it connects to the internet. language pages. Again, we
From there, the search engine basically understand how
can add location in as a factor companies get this information
to determine what search about us, and it is not invasive
results you are shown. or surprising that they have it.
33
Information about you is media sites may learn what

used to personalize your web kind of information we are
searches in more sophisticated most interested in by paying
ways sometimes. If you allow attention to what we click
it, in many search engines, on, what we spend time
histories of things you’ve reading, and what we share.
searched for in the past are For example, Pinterest, the
used to help build a profile of social networking platform
your interests. That can, in turn, that allows you to save visual
be used to adjust what results bookmarks and organize them,
you may see for a search. This uses patterns of items that you
can be very helpful if you are have interacted with in the past
searching for terms that might to show you new content.
be ambiguous.
The more information sites use
For example, if you live in an to personalize what you see, the
area that is wild and has a lot more it inches toward feeling
of bear activity, if you search invasive. However, in most of
for the word “cubs” in the these examples, the creepiness
spring, you’re probably looking factor is relatively low. This is
for information about the because we tend to know how
animal. If you live in the city and why the personalization
of Chicago, you’re probably is happening.
looking for information about
the baseball team. Personalized We know how Pinterest, or any
searches will not restrict you other social media platform,
to search results about only gets data about what we’re
the animal or the baseball interested in by tracking how
team, but they may prioritize we use their site. Most of
results about one topic higher us expect platforms to pay
than others depending on your attention to what we click and
interest profile. save. And if they are only using
that information to suggest
Similarly, patterns in our things that we might want to
behavior are used online to see, we understand that this
personalize our experience improves our experience and
with social media. Social their service.
34
Lecture 4
Dr. Munmun De Choudhury,

a professor at Georgia Tech
studying mental health and
social media, develops artificial
intelligence to understand
people’s emotional states
from their social media posts
with a particular emphasis on
depression and suicide.
Another important factor Plus, even though

is that when a site uses your search engine has
information about their personal data about you, it
own users to personalize is contained only within that
the content they see, users’ company and used in a way
personal information is not that is straightforward, not
being shared outside of its
surprising, and not particularly
use in personalizing their web
invasive. It helps you find more
pages. Your search engine
might know where you are relevant information, and
located and what language it also helps the
you are searching in, but it is company presumably make
not publicizing this to other more money by offering a
people or companies. better service.
Online Advertising
The place we see There are some incredibly

personalization based on intrusive ways that advertisers
interests most often is in monitor users’ behavior; some
online advertising. Advertising of this surveillance crosses
is a gray area when it comes the line into activities that
to personalization and many people likely would
whether it is good, bad, or consider illegal if they knew
outright evil. about them.
35
However, if we accept that farmer’s markets that are

ads are a way that many probably in your area, and the
of these websites support advertisements will tend to be
themselves and that there for farmer’s markets in your
will be advertising one way area as well. Both the content
or another, some reasonable and the advertising is tailored
personalization, built on top to you. That could be very
of data that we know and helpful if you are looking to
expect a site to have, can not find businesses.
only make those ads better but
even useful. The search results you
get may not be a listing of
Personalized ads come in farmer’s markets but could
many flavors. Some are be information about them
personalized purely based on or their history, whereas
the content of the page. If you the ads will tend to be for
are looking at a page about actual markets where you
what kind of food to feed your can purchase things. If you’re
dog, you are likely to get dog looking to buy stuff, it’s helpful
food ads appearing there. to get ads for companies who
They don’t have anything to do are selling things!
with you.
On web searches and on many In the early days of the web,
web pages, the ads you see advertising was placed
are almost always tailored similarly to how it is done
based both on the content— in newspapers. If you went
the search term you used to a particular website, you
or the content of the page saw an ad that an advertiser
you are looking at—and on paid to have on that website
information about you, which to be seen by everyone who
may be something as simple as visited. It didn’t matter who
your location. came; everyone saw the
same ad. These types of ads
If you search for farmer’s still exist today, but they are
markets, you will see search much less common than the
results that link to pages about personalized ones.
36
Lecture 4
Recommender Systems
Companies who have a lot of Fraud alerts would not

personal data about us can be useful if they were not
also analyze it in deeper ways personalized to each of our
for mutual benefit beyond habits. They would either miss
web-content personalization. suspicious charges for some or
This is something that send constant alerts to people
your credit card company who were going about their
does. It knows a lot about normal business. By using our
you: where you are, where data to personalize alerts,
you often travel to, and credit card companies can save
how you normally spend us the hassle of dealing with
your money. The company fraudulent charges, and they
uses all of this information can save themselves the
with algorithms to money and effort that comes
identify transactions that with resolving those cases. It’s
seem suspicious. a win-win.
37
Other examples of where of millions of products. With

this has been incredibly that many items, it is helpful to
successful both for users have personalized suggestions
and companies are in about what we might want.
recommender systems: When these systems work well,
algorithms that suggest they bring consumers a lot of
things to you that you might value by helping them identify
be interested in. You have items of interest.
probably encountered these
on Netflix and Amazon. So how do these kinds of
Netflix recommends shows algorithms work with respect
and movies you might want to to your personal data? There
watch; Amazon recommends are two major approaches:
items you might want to find things that are like the
buy. These types of systems things that you like or find
generally do not feel creepy things that are liked by people
to people because we know who are like you. There are
how those websites got our also hybrid approaches that
data—by knowing what we combine these techniques.
interact with on their own
platforms—and how they The first approach looks at
are using it—to help us find things you like—movies, for
more of what they supply. example—and tries to find
other movies that are similar.
We get useful information The only person whose
from these systems. There are information is needed is yours.
far too many items for us to The system relies on data
sort through ourselves. Netflix they have about the items in
has thousands of shows and their catalog to decide what to
movies; Amazon has hundreds show you.
Netflix values their recommendation engine at 1 billion

dollars; Amazon says that their recommendation engine is
responsible for 35 percent of their profits.
38
Lecture 4
The other approach uses Sometimes, the algorithm

information from lots gets the recommendations
of people. This is called totally wrong. It will suggest
collaborative filtering. Such a something that you would
system would look for other never enjoy. This tends to
people who enjoyed the same make up 10 to 20 percent
movies you did and then of the recommendations on
recommend movies to you that average. Most of the time,
were commonly liked among Amazon is recommending
those people. products that are basically the
same as what you have already
Recommender systems bought, but sometimes
also highlight an important something weird will pop up
aspect of how our data and into those suggestions.
the algorithms that use it
should work. These are called Finally, sometimes the
decision support systems: algorithms get it right in
systems designed to support a brilliant way that gives
you making a decision. you a new kind of insight,
They are not decision- or they help you discover
making systems. something that you wouldn’t
have discovered before. If
For example, you probably you have encountered this,
don’t just watch every show it is probably through a
Netflix recommends. You don’t streaming music service like
let their recommender system Pandora or Spotify. You make
decide what you should watch. yourself a channel and listen
It just supports you making to songs that you expect, and
your own decision about what then sometimes, it will play
to watch. a song that you have never
heard, but it’s exactly what
Most of the time, these
you like. Though this is a very
recommendation algorithms
small percentage of what
are correct in that they
the algorithms recommend,
suggest things that you will
it is where they really show
probably like, but they are not
their value.
especially insightful.
39
So What Can You Do?
How do you exert control You can also try to confuse the
over recommender systems? algorithm by giving it a lot of
The answer depends on if false information.*
you want to make them work
better for you or if you want If you want to use this
them to stop knowing so approach, you can get some
much about you and to be automated help. Noiszy is a
less effective. browser plug-in that generates
lots of meaningless web
If you want them to work traffic to confuse anyone
better, providing more who might be collecting
information is key. For data about your web traffic,
recommender systems, that including your internet service
means rating more things, provider (ISP). It visits random
such as giving star ratings or sites from a list you approve
liking things. and randomly clicks around in
the background while you let
If you don’t like this kind of it run. Because it is constantly
personalization, you have visiting sites—and it visits far
a few options. You can rate more than you can on your
fewer things and, where own—its traffic will generally
possible, delete the history of overwhelm your own traffic
your browsing and searching. and disguise your actions.
* The Random Shopper bot was a computer program written

by Darius Kazemi that would go to Amazon and randomly buy
things. It had a budget, but besides that, it could order anything.
This makes it very hard for Amazon to figure out what Darius
really likes. Adding in misleading information is difficult as a
strategy, though, because you really need to overwhelm the real
information with fake. That’s a lot of work!
40
Lecture 4
Assignment
Showing results based on our location is a common way that a little bit
of data can help us. This assignment will let you see how things differ
if your location changes. First, do a web search for something that
interests you. It could be a news topic, a hobby, or a sport. Do a second
search for “pizza delivery” and see what kind of places come up. Next,
you should do that same search but as though you were in a different
country. LocaBrowser.com is one tool that will do this, but if you
search for “browse the web from another country,” you will find other
websites that let you do this. Pick a country and do the same web
search from there. How do the results differ? Do you find them
less useful?
Resources
Random Shopper, Tumblr, https://randomshopper.tumblr.com/.
Rejoiner, “The Amazon Recommendations Secret to Selling More

Online,” http://rejoiner.com/resources/amazon-recommendations-
secret-selling-online/.
What Is My IP Address, https://whatismyipaddress.com/.
41
ONLINE TRACKING:
YES, YOU’RE BEING FOLLOWED
LECTURE 5
The more fluent you are in how data collection works from a
technology standpoint, the more nuanced and effective
you can be in your privacy-related decision making.
This includes understanding the process of web
tracking: how websites keep track of
you, your actions, and the data
you produce.
42
Lecture 5
Online Tracking: Yes, You’re Being Followed
How the Web and the Internet Work
The terms web and followed. Say you’re requesting

internet are often used a video so you can watch it on
interchangeably, but they’re your device. Your computer
actually different things. The puts together a request for this
internet is the global network information, and it goes from
of computers. The web is your computer to your internet
a network of websites that service provider (ISP), such
operate on the internet. as the cable company that
brings internet to your house.
Information is transmitted From there, it may go to a
over the internet on the web few other servers** owned by
using protocols, which are your ISP. Then, it gets passed
basically rules about how to out to the internet backbone.
format, send, and receive From there, it connects to the
information. The internet uses server you are trying to reach.
the Internet Protocol (IP), and That server processes the
the web uses the Hypertext request and sends a request
Transfer Protocol (HTTP). An back to your IP address in a
IP address is a unique address reverse route. The exact path
assigned to every computer your request takes may vary
and device that is connected to each time.
the internet; HTTP goes at the
beginning of web addresses to Servers keep a log of the
tell your browser that you are requests they get and
using the Hypertext Transfer responses they send. This
Protocol.* allows them to analyze their
own performance. Your IP
When you make a request address is included in the log.
for information online, there This is the first way you can be
is a series of steps that gets tracked online.
* Even if you don’t type the HTTP part, your browser fills it in
because it’s a necessary part of requesting web pages.
** Servers are just computers connected to the internet.
43
If the internet is like a highway system,

with the roads and interchanges and
intersections all part of it, the web would
be like a national and local public bus
network. It uses the highway system,
but it’s not the same as the highway
system. It’s a way to transport things
over that network.
All requests are routed The web operates on

with IP addresses, but you top of the IP. It uses the
probably don’t interact with same processes that run
IP addresses on a daily basis. everything on the internet
When you try to go somewhere and then adds a layer to make
online, you usually use a web pages, images, and
domain name, such as google. other data appear in your
com. When you enter that, web browser.
the first step is that it has to
get turned into an IP address. There is a lot more tracking
There is a large, distributed, that can happen on web pages,
public database that maps but just from the core way
domain names to IP addresses the web works, there are logs
called domain name servers of your IP address and every
(DNS). The first step that your web page you visit. Since
computer takes is to take the the earliest days of the web,
domain you entered, look it this information has been
up in a DNS, and get the IP recorded, but it wasn’t used
address to route it. These to track people across the web
lookups are another way you or do much to personalize
can be tracked. their experience.
44
Lecture 5
Tracking with Cookies and JavaScript
On the web, there are a JavaScript is another

few technologies that have technology used in
made their way into tracking tracking. This is a
infrastructure, though they programming language
were not originally intended that is used for all modern
to be used that way. One of interactive functionality
these technologies is cookies, on the web, but it is so
which are little pieces of code powerful that it can be used
or identifiers that a website to monitor everything you
places on your computer. do, down to individual
keystrokes you type in forms,
There are lots of benign uses even if you don’t submit
of cookies. For example, the data.
a website might use cookies
to keep track of the fact You’ve probably had
that you are logged in or to the experience where
remember your username for you’ve been looking at
a login screen. It might keep a product and then ads
track of what products you for that product show up
have viewed with a cookie. In on other websites, even
fact, you can disable cookies when you know there is
in your browser, but most no partnership between
modern websites will not work the two sites. This is called
without them. ad retargeting.
Based on their original use,

cookies could tell a website Only the ad company
that you had visited it before. tracks your browsing
However, there are now behavior across the web,
more-modern cookies that not the individual sites,
can track you across many but it can be upsetting
websites and aggregate that that any company
information to follow your is tracking you!
visits more broadly.
45
For example, if Emily’s that this person has looked

Home Improvement uses ad at and show them.” This uses
retargeting, it partners with a a combination of JavaScript
web advertising company. The and cookies.
home improvement site puts a
In this case, the cookies
little code in their website that that you agree to when you
the ad company uses to track engaged with the website
what products you have looked keep a note of products you
at. Then, other websites that have viewed. The ad company
partner with that ad company then retrieves those cookies to
have a little code that tells decide what ads to show you on
the advertiser “find products other websites.
Tracking with Browser Information
If you shop for a product on Browser fingerprinting

your home computer, the is a technology that can
retargeted ads may appear uniquely identify your
on your phone or tablet. How browser by its characteristics,
do companies know it’s you just like a fingerprint can
when you’re using different uniquely identify you by its
devices? They do it through characteristics. How does
this work?
browser fingerprinting.
Hundreds of pieces of
A browser is the application
information about your system
you use to access the web.
setup are available anytime
Internet Explorer, Firefox, you visit a web page, including
Google Chrome, and Safari are which version of the operating
all browsers. They know how to system you’re running, what
send requests for web pages, fonts you have installed on your
such as when you type in a system, the dimensions of the
search or a web address, and window you have open, and
how to display the web pages’ what extensions are installed in
code in a nice way. your browser.
46
Lecture 5
If an advertiser collects all configuration on your phone

of that information for every and on your computer, how
person, that information do advertisers know to link
essentially becomes a those two profiles together?
fingerprint. It is not necessarily They can do this with
unique for every person, account information.
because two people could
have the exact same system If you are logged into an
configuration, but it is unique account on a website and visit
in the vast majority of cases. it on your desktop computer,
advertisers don’t need to know
This allows advertisers to any personal information
know that you are the same about your account; they
person visiting different just need to know something
websites, even if you don’t like a username or user ID
have any cookies or other
number that was logged
stored information. They can
in on that computer. That
see that you are the person
is often easy to identify.
with that browser fingerprint,
Then, if you log into the
so they know what other pages
same account on your
you have visited. Essentially,
phone, the identifier tells
they have a fingerprint for one
advertisers that the same
of your fingers, and they can
detect it in a bunch of places. person owns these two
fingerprints. Essentially, they
But how is this used to now have prints for two
track you across devices? of your fingers instead of
If you have an identifiable just one.
About 80 percent of people can be uniquely

identified by the configuration of their system, with
no personal or otherwise identifying information.
47
Advertisers store all of this Since many commercial

information in a database websites, even personal
so that when you visit a blogs, have advertising,
website, they grab the large advertisers may have
information provided about information embedded on
your system configuration the majority of web pages that
and reference that against you visit. This means that not
their database. This lets them only do they know that you
know exactly who is visiting. have come to a particular web
You cannot block this system page at a particular time, but
configuration information they may actually be able to
from being transmitted, so track the series of websites
this is a technique that can that you visit because every
be used on you regardless one of those pages has some
of what privacy settings or of their code embedded on
other privacy techniques it. Even if they miss a few of
you might implement. It is a those websites because their
very powerful way that your advertising is not used there,
behavior can be tracked across they get a pretty thorough
the web, especially when these picture of your behavior on
advertisers are large. the web.***
Tracking by Your ISP
In addition to all the tracking to go through your ISP, which

already discussed, you can sees where that request
also be tracked by your is going to and can keep
ISP, which knows all the a log of it.
websites you are going to
because the ISP provides Until fairly recently, there
the internet connection was not much that ISPs could
to your house. Thus, any do about that. They were
request that you make has not supposed to use it to
*** The Electronic Frontier Foundation runs a tool that will analyze
your configuration information and let you know if your browser
fingerprint is unique and therefore likely to identify you.
48
Lecture 5
target ads to you, and in the Many people get their internet
United States, the Obama service through their cable
Administration introduced providers, and for a long time,
rules in 2015 to make this cable providers have been
illegal. However, one of the telling advertisers that they can
first pieces of legislation quite specifically target people
passed under the Trump based on their interests. This is
Administration allowed ISPs not just with web advertising;
to use this data to target you this is with the commercials you
with ads. see on your television.
These regulations direct what By combining some of your

ISPs can collect and what web activity with your viewing
they can share. If your ISP activity, your ISP can create a
is able to see what you do profile of your interests. Then,
online and with its service, your ISP can use this to show
the ISP may decide to use this you different television ads
only internally to target you than it shows your neighbor,
with advertising, or it could who may be watching the same
sell that information to other program. Now, ISPs can also
people. The recent legislation legally analyze your web traffic
allows its use with outside to enhance those profiles,
advertisers, but internally, and they have permission
ISPs have been using that to use this information with
information for a long time. advertisers online.
So What Can You Do?
If you want to block the one of which is Ghostery.

monitoring of your browsing You can install these in your
behavior, you have several browser, and then, when you
options. The first is to install go to a page, they block all the
browser extensions that block trackers that they know about.
much of this kind of cookie and Many will also create a report
tracking activity. There are for you so that you know what
many tracker blockers available, was blocked.
49
If there is a website that needs If you do a quick search

these kinds of trackers and in your web browser’s
that you trust, you can allow extensions library, you’ll
for an exception so that that find lots of extensions to
particular site can use them. block tracking. One thing
Not only does this protect to keep in mind, though, is
you from a lot of tracking that some pages rely very
and improve your privacy, heavily on these kinds of
but it also can increase the
trackers and simply will not
speed at which you browse
function if they are blocked.
pages online. That’s because
To deal with that, you can
it prevents all kinds of code
from running in your browser either add exceptions in the
and stops lots of places from blockers to allow the trackers
putting code onto the web to be used on those pages
page, so there is less data to or install a second browser
load and less processing that’s and use that on the rare
happening in the background occasion that you need to go
that’s not necessary for your to a web page that requires
web experience. the trackers.
50
Lecture 5
There are two main ways that There are lots of free, open
your ISP can see what you’re DNSs provided by independent
doing online. The first is that entities. You can easily find
they can see the actual web these with a web search. When
pages you go to because they you put those in as the DNSs
bring those web pages into to use, your computer sends
your home. the domain names to those
The second is that they know servers instead of your ISP to
what pages you want to visit get the IP address. That then
because they turn the domain blocks your ISP from seeing
name—the thing that ends where you’re going based on
in .com or .net—into the IP that lookup.
address, the number that
the internet uses to send you The next step is to stop your
to a web page. Looking up a ISP from bringing those web
domain on a DNS to get an IP pages to your device. One way
address is a necessary step around this is through the use
to get information online. of a virtual private network
Usually, your ISP has their own (VPN), which essentially hides
DNS, which means the ISP can your web traffic from anyone
log all the lookups done for who might be looking.
you and then know what pages
you are visiting. Those are two With a VPN, instead of your
separate steps, and both are ISP fetching a web page,
ways that you can be tracked. your VPN host does it. Your
computer establishes a secure
If you want to stop your ISP connection with your VPN
from tracking you, you need
server, and your requests
to stop your ISP from seeing
always go from your computer
information in both steps.
To stop them from seeing to the VPN service provider.
your domain name lookups, They are encrypted, as is
you can have someone else the information that comes
do that for you. In the network back, so your home ISP is
settings on your computer, unable to see any information
you have the option to specify about what page you visited
the IP address for the DNS or the content that was on
you will use. that page.
51
A VPN is a great way to Paid VPNs are affordable

increase your overall security and give you a lot of security
online and to protect the and additional privacy.
privacy of your data. There are
By using an alternative DNS and
free VPN service providers, a VPN, your browsing activity
but they can see all of the will be totally hidden from your
pages you’re visiting and ISP, and you get the added
make money by selling benefit of keeping your
information about you. information much more secure.
Assignment
Check out how much you are being tracked. On your home computer’s
web browser and/or on your phone, get an extension or app that
monitors tracking. A good phone app is Privacy Pro by Disconnect,
and a good browser app is Ghostery. You will likely find others if you
search; just be sure to check their privacy policies to confirm they
aren’t tracking you as well. Then, spend a day online like you normally
do. Check in at the end of that day and see how many times you were
tracked. It will likely be hundreds of times!
Resources
Disconnect, https://disconnect.me/.
Ghostery, https://www.ghostery.com/.
Golbeck, “How to Keep Your Web Browsing Private,” https://www.
psychologytoday.com/us/blog/your-online-secrets/201703/how-
keep-your-web-browsing-private.
Rubenking, “How (and Why) to Change Your DNS Server,”
https://www.pcmag.com/review/364418/how-and-why-to-change-
your-dns-server
52
Lecture 6
Nowhere to Hide? Privacy under Surveillance
NOWHERE TO HIDE?
PRIVACY UNDER SURVEILLANCE
LECTURE 6
We’ve come to expect surveillance through digital channels, but

surveillance is also out in the world in many ways that we may
not suspect. We know that our devices collect data about
us. But what about our interactions when we are off
of our devices and out in the world? Just how
pervasive is that sort of surveillance?
53
Monitoring of Health-Related Data
Companies are trying to collect However, after the first

more information about us night, he woke up to an email
with a veneer of consent, congratulating him on his
even though we may not use the night before. Later,
know exactly what is going he talked to someone at the
on behind the scenes. Health company who mentioned that
insurance companies, for the device was working well at
example, offer some people keeping his airway open. She
discounts or gift cards if they knew that because she had a
link their fitness tracker with report of his usage.
their insurance account. Of
course, if you take a lot of This was something his old
steps, it makes sense that you machine did, but that was
might get rewarded for that. recorded on a removable card
Auto insurance companies are that he would bring to his
similarly giving people tracking doctor’s office. This machine,
devices that can monitor their without his knowledge, was
speed and driving habits. In transmitting data about his
exchange for the discount, usage. And it was sending it
people may give away their much more widely. It wasn’t
privacy in that domain. just going to his doctor; it
was going to the company
But what about when we who made the machine and,
don’t know? The Houston to his shock, to his insurance
Chronicle shared a story in company. And insurers use
2018 about a man who had this data to deny coverage to
sleep apnea and used a CPAP patients who aren’t using the
machine to help him breathe machine enough.
at night. These machines
need replacement parts, Even with strong federal
such as filters and hoses, that protections for health-related
insurance will pay for. When data, this type of monitoring
the man got a new machine, seems to be legal when
he registered it and opted out patients agree to the terms
of receiving communication. that come with their devices.
54
Lecture 6
In 2014, Janet Vertesi was pregnant and wanted to

keep that private. She decided that for the full nine
months, she would not share any information about
her pregnancy in any digital form, including using
credit cards to buy baby items online.
When she wanted to buy a stroller on Amazon, her
husband took 500 dollars in cash to a local pharmacy
where Amazon gift cards were sold and tried to
buy enough to cover the price of the stroller. But
the pharmacy told him that they had to report the
transaction because excessive cash spending on gift
cards is suspicious.
That’s because this is how terrorists do a lot of their
business, for exactly the same reason: They don’t
want to be tracked and analyzed in their digital
activity, so they don’t use credit cards. Instead, they
use cash to buy prepaid gift cards, which they can
then use online.
Essentially, if you do not want to be tracked, you look
like a terrorist.
55
Facial Recognition Technology
Outside the home, facial which sometimes isn’t working

recognition technology is or sometimes is misdated or
another space where real- blurry. It requires watching
world surveillance is becoming hours of footage to try to
more sophisticated. identify exactly the right
person and the time that
Surveillance cameras are he or she walked past and
everywhere when we are to reconcile that with what
moving around in public. other cameras show. This, of
Private businesses have them, course, makes things difficult
and some municipalities have for police, but for the average
them. And devices like ATMs person who is just moving
also have built-in cameras. As around, it means it’s also
a result, our movements can very difficult for any large
often be tracked. But privacy organization to keep track of
is preserved in a way because our movements.
so many people walk past
these cameras. The images Facial recognition algorithms
from the cameras are owned can identify an individual
and controlled by many by analyzing the pattern of
different people. As a result, the person’s facial features.
it’s difficult to aggregate all It’s a technology that many
this together to follow a single large corporations are
person’s movement. working on. Facebook has
a good facial recognition
While that may change in algorithm. When you upload
the future as technology and a picture, it automatically
integration develops, you identifies the people who
only need to look to examples are in that photograph.
of police trying to track the However, not everyone
movements of a victim or a has access to such a huge
suspect on cameras to see database of people’s
just how difficult this can photos, so there are only a
be. It requires going into handful of companies with
businesses and asking for large and accurate facial
copies of their video footage, recognition systems.
56
Lecture 6
Some of these companies, did an experiment using

such as Amazon, are selling Amazon’s facial recognition
that technology to third software. They compared 120
parties. There has been a lot of California lawmakers’ images
controversy around this. The to a database of 25,000
technology is not extremely mug shots. The algorithm
accurate. It works much better incorrectly identified 28 state
for white men than it does for legislators as criminals even
women and for people of color. though none of them had ever
That means that when errors been in jail and they were not
are made, they are more likely the people matched in the mug
to be made for those groups. shots. That is a pretty high
error rate for an algorithm
This was highlighted in that is being deployed and
August 2018, when the used by police forces and
American Civil Liberties Union other organizations.
In China, there
is massive state
surveillance that
can indeed be
used to track the
movements of
people on a large
scale. Part of the
way China is able
to do that is with
facial recognition
technology.
57
The way that this technology There is a lot of debate over

might be used makes this even the right way to use these
more troubling. For example, algorithms. The inaccuracy
there was a plan that has and the potential for them
since been rolled back to link to create a variety of social
facial recognition technology problems have led to
and criminal databases with bans on the use of facial
video doorbells. So when recognition technology by
someone comes to your door, government departments,
the video doorbell picks them including police agencies,
up, runs their face against in some cities. However, we
the set of databases, and can are in the early days of this
identify if someone with a technology. It’s possible
criminal record is at your door. that facial recognition may
However, we know that there become more integrated into
is a lot of inaccuracy in these applications. It will require
algorithms, and they tend to close monitoring if it is to be
be more inaccurate and make used in a fair way.
more mistakes on people
with darker skin. This means In fact, even if the accuracy
it is likely to reinforce existingproblems are solved, it’s
social biases. hard to say if there even
is a fair way for this to be
Furthermore, in neighborhoods used. It would constitute a
where there is a higher density dramatic escalation in the way
of people who have been in that people are monitored
jail, it means that people’s through their everyday
criminal records will be movements. As one of the
constantly at the forefront greatest threats to personal
of everyone’s mind. There and civil liberties, facial
are real social implications to recognition technology should
doing this kind of thing even drive the development of
if the algorithms are right all privacy legislation in the
the time. United States.
58
Lecture 6
Tattoo Recognition
Beyond facial recognition, Data collection about tattoos

technology exists to is already quite advanced.
individually monitor people The US National Institute of
and their associations in Standards and Technology
other ways. Consider tattoo provides government and
recognition. Facial recognition law enforcement with a list
looks at the biometrics of of characteristics to note
your face to uniquely identify about tattoos, including type,
you. Tattoo recognition location, color, and imagery.
does a similar thing,
scanning an image of the Law enforcement has long
tattoo to distinguish it from used tattoo imagery to
any other. identify gangs and members
of hate groups, but tattoo
However, tattoos may be recognition technology allows
nearly identical between this to be carried to a new
two people. If two people level. People on streets that
have the same flag or logo are monitored with cameras,
tattooed on their forearms, even existing surveillance
an algorithm may have systems, could have their
a hard time telling them tattoos automatically scanned,
apart. Interestingly, the fact cross-referenced, and flagged
that they have the same as potentially gang-related.
tattoo may reveal that they Essentially, an otherwise-
are part of the same group, anonymous person can be
such as the same branch of the labeled as a gang member
military or the same gang.* without any other action.
* Daniel Ramirez Medina, a 25-year-old immigrant who had been

granted Dreamer status, was arrested in 2017. The government
tried to strip him of his protected status, alleging that he was a
gang member because of a tattoo he had. The tattoo actually was
the name of the place his family was from in Mexico. Eventually, he
was released, and a federal judge restored his status.
59
Advertising Kiosks
But taking pictures of us and This kind of processing

monitoring us are not just respects privacy more than
limited to identification for facial recognition does, but
law enforcement purposes. it is still invasive. It blurs the
There are now advertising line between surveillance
kiosks that analyze your face cameras that we have
as well. become somewhat used
to—that monitor us in stores,
The Wall Street Journal presumably for public safety
reported that some shopping and to deter theft—and facial
malls in South Korea had recognition technology that
installed kiosks that have is monitoring and recording
maps of the mall with lists our movements as unique,
of the stores, and each kiosk identifiable people.
had a set of cameras and
a motion detector. When When we are in public spaces,
someone came up to look at we know that we can be seen
the map or browse the stores by other people who are
on the screen, those cameras there. And we know that we
and detectors used a facial can be monitored in different
recognition–type system to ways. But we may not expect
analyze the face of the person that the way we look, act, or
using the map. move through those spaces
will result in personalized
The malls were not trying to advertising directed
uniquely identify that person specifically toward us.
but rather to estimate the
individual’s gender and age. Our reactions to this kind
From there, the kiosk could of technology should also
drive the person to different consider how our data is
stores or show him or her handled. For example, in the
ads for other products. A kiosk situation, what is being
young woman may see ads for stored? Is a person’s age and
something different than an gender being recorded or just
older man would. used in the moment?
60
Lecture 6
Could the kiosk owner analyze and obvious transparency. And

the demographics of people because European laws require
who used it? Are copies of an explicit opt-in, people
people’s photos being stored? would have to essentially push
Are they being shared with a button that says they are
third parties? willing to have their picture
taken and personal information
The fact is that when we walk analyzed in order to show them
up to a kiosk like this, we ads. That really defeats the
generally have no idea that purpose of passively analyzing
a camera is present or that people with a system like this.
it is finding out information
about us. Because of their This kind of surveillance in the
privacy laws, a system like this world highlights the need for
is unlikely to be able to operate legislation that will clarify what
in Europe. Collecting this kind kind of privacy we should be
of personal data about a person able to expect and what kind of
would require explicit consent monitoring we can avoid.
So What Can You Do?
There are ways to avoid being for public safety and security,
tracked digitally, but actually but too much can threaten
doing so can be almost individual liberty and freedoms.
impossibly difficult. So in terms The difficulty of analyzing
of digital surveillance, it’s really that data has protected most
important to think about your of us from the most troubling
comfort zone and what sort of consequences so far, but the
effort you want to expend. technology and the algorithms
are improving every day.
Offline surveillance is even
more difficult to control, This is a case where individual
because we so often don’t efforts at control might not
know when we are being be very effective. Surveillance
watched and to what end. and its consequences can only
Some surveillance in public really be controlled through
is inevitable and has benefits regulation and policy.
61
If you feel strongly about on each of us to decide how

surveillance and its impact much we share about ourselves,
on you, get to know the especially with profit-driven
privacy laws that are in place surveillance systems, are likely
in your country or community our best hope for a future with
and become active in trying less monitoring, but we have far
to improve those laws. to go before those structures
Guidelines that bestow rights are in place.
Assignment
How often are you tracked out in the world? Next time you go
out, make a conscious effort to tally all the cameras you pass.
Include traffic cameras; surveillance cameras outside buildings, at
gas stations, and in ATMs; cameras in stores; toll-collection cameras;
and any other recording device you come across. Even keep an eye
out for video-enabled doorbells. Search hard for them and see how
many you can find. How much of your movement can happen without
recording of some sort or another? It’s probably less than you
originally thought.
Resources
Allen, “With Connected CPAP Machines, Insurers Make ‘You Snooze,
You Lose’ Literally True,” https://www.houstonchronicle.com/
business/article/With-connected-CPAP-machines-insurers-make-
you-13411742.php.
Goldstein, “Meet the Woman Who Did Everything in Her Power to

Hide Her Pregnancy from Big Data,” https://thinkprogress.org/
meet-the-woman-who-did-everything-in-her-power-to-hide-her-
pregnancy-from-big-data-80070cf6edd2/.
Madrigal, “The Mysterious Printer Code That Could Have Led the
FBI to Reality Winner,” https://www.theatlantic.com/technology/
archive/2017/06/the-mysterious-printer-code-that-could-have-led-
the-fbi-to-reality-winner/529350/.
62
Lecture 7
Consent: The Heart of Privacy Control
CONSENT:
THE HEART OF PRIVACY CONTROL
LECTURE 7
Consent is a critical element of the conversation around our personal

data and how it is used. If you have a thorough understanding of
what data is being collected about you, how it’s being used, with
whom it is being shared, what decisions will be made with it, and
you’re OK with all of that, then there is no problem. But to
give true consent requires all of those things, and today,
the biggest problem surrounding personal data is a
lack of attention to the part of consent that
requires information.
63
The Ethics of Consent
Consent is something that experiment. Researchers in

concerns many aspects of life, government and academia
but in the world of personal must all have institutional
data, there’s a long history review boards (IRBs), which
of consent being abused and are ethics committees that
people suffering as a result. review every experiment that
has human participants.
The ethics around consent
are at the heart of how many Participants need to sign
researchers must operate a form that indicates their
in their work. Those same consent to participate before
standards are not applied they begin participating. The
in industry. Companies form includes the purpose
don’t think about consent of the experiment, the ways
in the same way academic participants’ private data and
researchers have to, but identity will be protected, their
academic researchers came to right to stop participating, and
the current consent systems as other details.
a result of some serious ethical
violations and questionable
practices.* Privacy is not keeping things
secret; it is deciding who to
Now there is a nearly universal share what information with,
institution of informed at what time, and in what
consent for human subjects context.
participating in any type of
* Up until the middle to late 20th century, all kinds of terrible,

unethical things were done in medical research. Drugs,
treatments, and vaccines were tested on orphans, the mentally
ill, and prisoners all the time. People were unwillingly forced into
experiments to advance medical science. Some of these led to
good outcomes in the end, but at a serious ethical cost. However,
many experiments were poorly conceived, were bad science, and
led to a lot of unnecessary suffering.
64
Lecture 7
This applies across this process, nor will work

the board, from something be published without this
as simple as a survey to approval and review.
something as complicated as
administering experimental Industry is not constrained by
cancer treatments. these rules. Some companies
Obviously, the level of have their own IRBs, but
review from the ethics most do not. Yet they are
committee varies based conducting similar research
on the potential risk that with similar risks—and doing
participants face, but it without giving experimental
you are not allowed to subjects any information or
conduct research without obtaining consent first.
Facebook’s Social Contagion Experiment
One stark example is that people are less happy

Facebook’s social contagion when they use Facebook.
experiment. Ever since Obviously, Facebook doesn’t
Facebook became think that it is creating a
popular, researchers have service that makes people
studied the impact of unhappy and wanted to run
the platform on people’s its own study to show that
happiness and self-esteem. its service did not make
A number of studies found people sad.
65
First, Facebook researchers probably aren’t going to post

used an algorithm to lots of happy things, even if
determine whether people’s you are happy and your life is
posts were happy or sad. going great. Similarly, if all of
Then, they came up with an your friends are celebrating
experiment where a large and going through good
number of Facebook users times, you might be more
were separated into groups. cautious about posting
One group would only see something sad.
posts that ranged from neutral
to happy; all the posts that You can’t actually measure
were sad were excluded. whether people are happy or
The other group would only sad based on what they are
see posts that were neutral sharing because there are
to sad; the happy posts many things that influence
were excluded. what people share beyond
their moods. But the Facebook
Facebook researchers wanted study doesn’t account for this;
to measure whether people in researchers conclude that if
the happy group posted more you are posting sad things, it’s
happy things and people in because you “caught” sadness
the sad group posted more from your friends, and the
sad things. If so, they would same goes if you’re posting
conclude that Facebook didn’t happy things.
make people sad but rather
that people’s moods were This experiment is also highly
influenced by how their friends unethical. An academic
were feeling. researcher would have to
submit a long proposal to the
Aside from the ethics of this IRB to review this for ethics.
research, this is a very poor Everyone who participated
experiment. If your friends would have to be informed
are all sad because their pets that they were being put in the
are dying, their parents are experiment, and they would
sick, they have diseases, and also have to consent to give
they failed their classes, you their data.
66
Lecture 7
The vast majority of The risks that come from

Americans are on doing controlled psychological
Facebook, so it has a very experiments on people are not
wide coverage of every minimal, and an ethical
type of person in the country. study needs to consider the
This means that there psychological state of the
are people who were on people participating. This was
Facebook during the study not something that Facebook
who are severely depressed considered in its experiment.**
and suicidal. Is it ethical
And many experiments like
to manipulate the feeds this one are run often and
of suicidal people to show every day, usually undetected
them only sad things from by the people who are
their friends? Couldn’t unwitting or unwilling
that have a real participants. And there’s not
psychological impact? much we can do about it.
Transparency and Control
Transparency means being shared with, and how it is

clear about what is being impacting their experience.
done with users’ data Ideally, privacy policies
and how their experience would cover this, but
is being controlled. they tend to be written
Transparency generally either with a lot of legal
involves clearly language that is hard to
telling people what is understand or with a lot
being done with their of vague language—
data, who it is being and sometimes both.
** Facebook eventually published an article on this experiment,

and the journal in which it was published was inundated with
ethical concerns from other researchers. It was forced to publish
a response and to add a caveat about the ethics of this project to
the published article.
67
For example, it’s not abandoning the platform is

uncommon for these policies not an honest alternative.
to say that your data will be Even if you thought it was,
used for a few specific things a person can’t meaningfully
and then “research.” This is decide whether or not to use
a very broad term that could a platform when there is no
mean anything from analyzing transparency about what is
which friends you want to see happening with people’s data
news from first to running or how it is being used in the
a full-fledged psychological platform. Thus, transparency
experiment. It also doesn’t is a critical element toward
explain when those things obtaining or assuming
might happen or how real consent.
they’re happening.
Control is the other element.
It’s also common for privacy Control means giving people
policies to talk about data the right to opt in or out or
being shared with “third-party change their preferences.
business partners.” Those
could be content distribution In this case, people have a
networks,*** which just choice about whether their
provide additional server data is used in certain ways.
capacity designed to help Social media platforms
host the content, but it can tend to give users some
also include advertisers or control about who can see
entirely different companies. information they post. These
The language doesn’t provide options may be simple or
transparency because you complex. For example, Twitter
can’t read it and understand and Instagram allow you to
what is actually going on. essentially have a public or
private account; Facebook
One possible response to has much more sophisticated
this might be that if you controls, which let you choose
don’t like the possibilities, individual people who are
then just don’t use the allowed or prohibited from
platform. But in many cases, seeing your posts.
*** Essentially, a content distribution network is a server rented by

the social media company.
68
Lecture 7
Knowing where you stand on the

privacy spectrum is only part of the
battle. Companies and people who
use your data need to know where
you stand, too—and respect it.
Ultimately, respecting privacy means
respecting people’s right to consent
or withhold consent over how their
personal information is used. And to
truly give consent, you need to know
a lot about what’s happening with
your data.
Unfortunately, these platforms in the US, the Health

give very little control to Insurance Portability and
people regarding what Accountability Act (HIPAA)
companies can see their data contains a privacy law
when it is provided by the that controls who can see
platform. The back-end data health information about
sharing remains mysterious. you. Overall, getting a
For example, it’s hard to know few signatures allows
which of your Facebook posts you to identify people
or data derived from them can or businesses who are
be seen by advertisers. That allowed to ask for your health
derived data is important to information, and it cannot
consider as well. be shared with anyone else.
We provide this kind of consent
There are laws that all the time, and the process
protect people’s data in for doing so is relatively
some areas. For example, simple and straightforward.
69
Does our online data deserve to our data from social media
similar protection? This platforms would be relatively
is a really hard question, straightforward. There may
because our online data is be general cases we would
not really different than our always consent to, such as
general life data. But there having a server company
are elements of transparency receive copies of our data
and control that can be easily because the company helps
and reasonably introduced a platform work. In general,
to online data. For example, though, this is an area that
allowing us to determine requires much more attention
which third parties have access and consideration.
Questions of Law
Why is it that we have robust age of the internet, this has

mechanisms in place in come to mean that if you post
areas like health care, where information on a social media
people have to explicitly platform, even if it is covered
consent to their data being by privacy settings and only
shared, but there are not even intended for a small number
lightweight legal requirements of people, you’ve given up
in place for consent or your right to privacy over
transparency around social that information because you
media data, which can also be have shared it with a third
very sensitive? party—the social media
platform itself.
In the United States and
in other countries, the law You also don’t have a right
says that once you share to know what information
information with a third companies have about you,
party, you no longer have nor do you have a right to have
a right to privacy over that that data deleted or corrected
information. In pre-internet if it’s wrong, except in a few
days, this was a fairly explicit cases, such as with
reasonable law. But in the credit reporting.
70
Lecture 7
The result is that in the United This law codified some

States, tech companies basic rights for European
can basically do whatever citizens that Americans
they want with people’s don’t have. Basically, users
data and face very few legal are in control of their own
repercussions. Most of the data and are allowed to
legal trouble that companies know what people have
have gotten into surrounding and what they’re doing
privacy have come because with it. The law also
they violated their own terms requires companies
of service that everyone agrees to disclose when and
to when they use the platform, what they’re doing with
not because they have actually respect to personal data
violated laws governing the and tracking.
protection of information.
It is unclear if this law
Contrast this with Europe, is exactly the right
where the fundamental idea way to handle privacy,
is that people own data about transparency, and consent.
themselves. Even if you share However, the core idea that
information with a third party, we own data about ourselves
data about you belongs to you, and should have control over it
and you have legal control over is one that many people would
it. This has been the core idea likely think is inherently a right
of European law for quite a we should have. That general
while, and most recently it was legal idea would likely
codified in a new way with the bring us to a place with much
EU General Data Protection better transparency and
Regulation, which went into clearer mechanisms
effect in May 2018. for consent.
So What Can You Do?
You can’t possibly read, take a huge amount of time

understand, and consent just to read them, and even
to all the terms of use and if you did, they may not
data policies that govern clearly describe what the
you on the web. It would policies are.
71
But you can start by finding Read (ToS;DR) assigns an

more efficient ways to easy-to-understand letter
understand the terms you grade to sites and, in a short
are agreeing to. A long- bulleted list, highlights the
running service called good, concerning, and bad
Terms of Service; Didn’t elements in their policies.
Assignment
Pick a website you use fairly often and where you have an account,
such as your bank, a social media platform, or a news site. Check to
see how transparent it is. Make a list of who you think your data can
be shared with. Can the company share it with its business partners?
How about its advertisers? Government and law enforcement? Any
third party? Now review the terms of service or privacy policy and
check your answers. Were you right—or, even more interestingly, was
it difficult to tell?
Resources
Centers for Disease Control and Prevention, “U.S. Public Health
Service Syphilis Study at Tuskegee,” https://www.cdc.gov/tuskegee/
timeline.htm.
McLeod, “The Milgram Shock Experiment,” https://www.

simplypsychology.org/milgram.html.
Meyer, “Everything We Know about Facebook’s Secret Mood

Manipulation Experiment,” https://www.theatlantic.com/technology/
archive/2014/06/everything-we-know-about-facebooks-secret-
mood-manipulation-experiment/373648/.
72
Lecture 8
Data Scandals and the Lessons They Teach
DATA SCANDALS
AND THE LESSONS THEY TEACH
LECTURE 8
There have been many scandals related to overcollection, poor

protection, and manipulation of personal data. A few prominent
examples are the Cambridge Analytica scandal, the failure of
Google Buzz, employer social media spying, and the Ashley
Madison hack.
73
The Cambridge Analytica Scandal
Cambridge Analytica was a In 2018, former Cambridge

British-based company that Analytica employee
worked primarily with political Christopher Wylie revealed that
campaigns to profile people. the firm had used Facebook
Using artificial intelligence, to collect data on tens of
the company gathered millions of people without their
insights about the personality knowledge and in violation of
traits of these people and Facebook’s privacy guidelines.
then used these insights to
target them with political Here’s how they got the data.
messages that were most Cambridge scientist Aleksandr
likely to get them to behave Kogan built a Facebook app
in the way that the campaign that allowed people to take a
wanted them to. quiz that would reveal their
personality profile. The people
During the 2016 US who installed the app were
presidential primaries, news informed that their answers
emerged that Ted Cruz was would be used for an academic
using Cambridge Analytica research project. When they
technology in his campaign. installed the app, that app
The idea that a company was able to access all of their
was psychologically profiling Facebook data and the data
people and using that data of all their friends. People
to target them for political knew that their own data
purposes was disturbing was being collected but not
to many people. But there that their friends’ data was
was something even more being harvested. The friends
troubling: We knew that were given no opportunity
Cambridge Analytica had to consent or opt out; they
detailed personality profiles weren’t even aware of what
of people, but it was unclear was happening. So far, this
how they obtained the data to is all permissible under
build those profiles. Facebook’s guidelines.
74
Lecture 8
Furthermore, the people who Once they had the data and
installed the app believed combined it with information
that it was only part of from other sources,
an academic experiment, Cambridge Analytica was able
not that the information to create detailed personality
was being turned over to a profiles of everyone in their
commercial entity. This is data set. They then used this to
still OK under Facebook’s target political messages that
guidelines, but it is a violation people received on a variety of
of the informed consent platforms, including Facebook.
procedures commonly
accepted and used When news of this broke,
by researchers. criticism started being
directed at Facebook, which
Next, Cambridge Analytica responded that Cambridge
stored all of this data— Analytica had obtained data
information about the from an unauthorized data
people who installed the breach. That makes it sound
app and the data about their like someone hacked Facebook
friends. This step was the and took this information
main violation of Facebook’s without them knowing, but
data guidelines. that is not what happened.
Cambridge Analytica was involved in the

Vote Leave campaign for Brexit and may
have violated EU and British campaign
laws in the process.
75
Facebook just had no The impact that Cambridge

protections in place to keep Analytica’s targeting had
people from storing the data on the election is difficult to
that Facebook was handing quantify because we cannot
over to them whenever they really tell who saw what or
asked for it. So while this how impactful those ads
researcher at Cambridge did were. However, this major
break the Facebook rules, data scandal prompted a lot
Facebook also willingly of scrutiny of social media
gave him all the data that companies and questions
he eventually used with about their stewardship of
Cambridge Analytica. our data.
The Failure of Google Buzz
While Cambridge Analytica easier to share the content

was one of the biggest data that you want with the
scandals, it was hardly the people that you want. But the
first. One of the early privacy problem is that none of your
scandals in the social media friends are on those social
space came with Google’s networks, so there is very
first attempt to break into little value to them, even if
social media. Google Buzz they may be nicer to use than
was designed to be something Facebook is.
of a competitor to Facebook.
And it got off to perhaps the Google knew that friends make
worst possible start. social media work, so they
wanted their social network
One of the challenges of to be populated with lots of
starting a new social network users right at the start. They
is getting people on it. There realized that they already had
are plenty of social networks many users who had Gmail
that are better than Facebook accounts or accounts on other
in many ways. They respect services that Google offered
your privacy more, have a and could merge those into
nicer interface, and make it their social network.
76
Lecture 8
Trust is a critical part of operating a social network, because you have

access to so much information about people and their lives. When a
social network or social media site breaches that trust, users are left
with a decision about how much to risk by interacting with it.
Facebook has had a lot of scandals, but it has the benefit of being the
holder of people’s lists of friends and the majority of their social media
posts. Thus, while people don’t trust Facebook all that much, they face
a big cost in leaving because all of their friends and content are there.
However, when Google Buzz came along, people had nothing invested
in it, so leaving it was very easy.
This strategy alone is not friends lists are usually

a bad one. But Google also visible. However, by making a
wanted to make sure that friend list visible to everyone,
people who had accounts in essentially Google was
the newly created Google Buzz showing the world a list of the
also had friends, so Google people that you email most.
decided to give users friends
automatically by adding This created many problems.
people who users emailed the A therapist reported that
most as their friends. he used email primarily to
talk to his patients, so by
This is a problematic choice generating his friend list from
from a social perspective. his emails and then making
Of course, you may email that public, the names of
someone often who is not his patients were revealed
your friend. to everyone, including to
one another.
On top of this bad decision,
Google decided to make those The response to this was swift
automatically generated friend and harsh. And as a result,
lists public. On one hand, this Google Buzz failed basically
is typical of social networks; from the start.
77
Employer Social Media Spying
One scandal that also came “current personal or business

to a rather satisfying end was websites, web pages, or
the practice some companies memberships on any internet-
adopted of asking job based chat rooms, social clubs
applicants for the passwords or forums, to include but not
to their social media and limited to: Facebook, Google,
email accounts. Yahoo, Youtube.com, Myspace,
etc.,” along with their
During the recession of 2007 usernames, other login info,
to 2009, as people lost their and even passwords. Even as
jobs and struggled to find the public outcry arose, other
new ones, companies were companies followed suit.
in a position to make a lot of
demands of desperate people If companies weren’t actively
who needed income. This asking for passwords, they
manifested in many ways, might require applicants to
and some companies saw an open their email and social
opportunity to dig deeply into media during an interview.
the personal lives of people Others required applicants
who were applying. to add someone in the
organization as a friend who
The first major report of this could monitor their posts,
came in 2009, when the city of and still others were asking
Bozeman, Montana, added a applicants or employees to set
question for all job applicants all their content to be public
that asked them to share rather than private.
From the perspective of companies, as long as they can get access to

personal data, they might as well collect more than they need, and
if there’s future value in the data, it will be worth the small cost of
storing it in the meantime.
But companies are not necessarily ethical or secure in their treatment
of such information. Because cybersecurity laws are so lax, there is not
a huge incentive for companies to thoroughly protect personal data.
78
Lecture 8
Companies saw this as an In an interview, if a potential

opportunity to dig deep into employer forces a woman to
the backgrounds of their bring up her social media posts,
applicants in a profoundly which include posts about her
unethical way. And because pregnancy, and then doesn’t
they could take advantage of hire her, she could reasonably
the poor economic situation argue that they used her
and people’s desperation to pregnancy against her in an
find jobs, they got away with it illegal way.
for a while.
In addition, if an employer
But fortunately, within a asks for an applicant’s
few months of news reports password and the applicant
surfacing of these practices sends it to the employer
becoming more widespread, electronically, this creates a
many US states began huge cybersecurity problem.
drafting legislation that By storing an unencrypted*
forbid companies from these password—storing it in
practices. Nearly half the states plaintext—anyone can see and
eventually passed laws to use that password. Of course,
protect people. this is why the companies were
asking for them; they wanted to
The outrage and fast legislative
log in and see what people were
response show that this
doing in their private accounts.
practice was widely considered
But not only does this open
unethical and an abuse of
up access to the person’s
power. But there are other
account to anyone who gets
reasons it is a bad idea.
ahold of that password, but it
First, it may reveal information also means that if the system
about a candidate or employee where that password is saved
that is illegal to use in hiring gets hacked, the password
decisions. For example, would be exposed. For
employers cannot discriminate sensitive systems like email and
against pregnant women. social media, this is a huge risk.
* Normally, companies who have a login for you only store the
encrypted version of your password. That way, if their systems get
hacked, people don’t get your actual password.
79
It also likely puts the would not pass any test
companies in a position with respect to industry
where they are out of security standards.
compliance with regulations
or policies that govern Fortunately, this problem now
their own cybersecurity.** seems to be under control
Collecting and storing because of the legislation that
passwords for applicants’ was quickly passed to block
social media and emails the practice.
The Ashley Madison Hack
One very dramatic hack of their profiles—even if you set

personal data happened with up an account on your own,
the website Ashley Madison, you might decide that having
which is explicitly marketed as a profile on a cheating website
an adultery dating site. was a bad idea—the company
charged people to take
A huge problem with the down their profiles. They
website was that you could reported bringing in 1.7
create a profile for someone million dollars a year just from
else using just an email these fees.
address. Anyone else who went
to the site could then search On top of that, it turns out
for that person and find the that Ashley Madison was not
profile you set up. And because actually deleting the data that
Ashley Madison knew that a lot was supposed to be deleted
of people would want to delete when people paid the fees!
** Many larger companies and government agencies have to comply

with a variety of standard practices to maintain certifications that
are necessary to their business. As part of this, they are audited
for their cybersecurity practices.
80
Lecture 8
Because of the adulterous user-to-user messages, street

nature of the website and addresses, credit card numbers,
because of the exploitative and photos—onto the dark web.
data practices, Ashley Madison
became the target of many The humiliation and
groups who were concerned repercussions from an adultery
with their ethics. This all website being hacked were far
came to a head in 2015, when greater than it would have been
a group calling themselves the with other domains. A number
Impact Team breached the of suicides were tied to the
systems of Ashley Madison and hack. People and unscrupulous
downloaded all of their data. organizations combed
through the data and used it to
The Impact Team told Ashley blackmail or threaten people
Madison that they would post in the data set. Companies
the data, exposing users’ searched for people who used
identities, unless the website their work emails to register for
shut down immediately. Ashley accounts. ***
Madison refused to do so and
denied that there was a massive Class action lawsuits were filed
data breach. The Impact Team against the company that were
called their bluff and released settled for millions of dollars,
all of the user data—including but the company still exists,
full user profile information, with millions of followers.
So What Can You Do?
If you’ve followed the data you store online,

steps outlined in other delete frequently, and use
lectures, you’re in pretty good privacy and
good shape. Limit the cybersecurity practices.
*** There were 1,200 Saudi Arabian (.sa) email addresses in the
hacked Ashley Madison data, and in Saudi Arabia, adulterers can
be punished with death.
81
However, any system can be legal and regulatory

hacked, and when our data changes. In the meantime,
is in the hands of many one best practice might
organizations, we have be to maintain a good
to trust them to be good dose of skepticism
stewards. Not all companies about the security of your
live up to those responsibilities, information. Even if you trust
though, especially when the company with whom you
they can make money by are sharing that information,
spreading our data around. that trust can be
manipulated or broken
Many of the solutions in many ways. So share your
to these problems information sparingly
are only possible with and wisely.
Assignment
Check to see if your data has been breached. You may have received
a notification for some major hacks, but do you know the full extent?
There are tools online that will search for your email in databases
of hacked information. Have I Been Pwned (haveibeenpwned.com)
is a legitimate and long-standing tool, but there are many others.
Check for your email address in some services and see where you
stand. Do the results surprise you?
Resources
Bhat, “Google Buzz,” http://stlr.org/2010/02/19/google-buzz-a-recap-
of-the-controversy-and-the-current-legal-issues/.
Chang, “The Facebook and Cambridge Analytica Scandal,” https://

www.vox.com/policy-and-politics/2018/3/23/17151916/facebook-
cambridge-analytica-trump-diagram.
Lord, “A Timeline of the Ashley Madison Hack,” https://

digitalguardian.com/blog/timeline-ashley-madison-hack.
82
Lecture 9
The Dark Web: Where Privacy Rules
THE DARK WEB:

WHERE PRIVACY RULES
LECTURE 9
Although the dark web is known as a place where illegal

activity happens on the internet—from drug and weapons
dealing to trading software viruses—it is also a
place where plenty of people go for legitimate
reasons, including because they
want privacy.
83
Using the Tor Browser
The dark web is not accessible Any particular server in the

from regular web browsers series of servers only knows
and is not indexed by search the location of the server
engines. It uses the same that came directly before it
technology as the web and in the chain. Thus, even if
operates with web browsers, your traffic were intercepted
but to get there, you need to at one of the servers, no one
be able to access that part of would be able to track it back
the web network. This is done to your computer. Eventually,
using the Tor browser* —which your request will reach the
you can download for free and site you want to visit, which
use just like you would any web will then return the page to
browser. The key differences the last server who requested
are that it can access sites on it. That server will pass it
the dark web, and it protects back in the chain, and this
your web traffic from snooping. repeats until the page finally
reaches you.
Tor is built on top of Firefox,
so it looks and works mostly This gives you a great deal
like the Firefox web browser. of privacy with respect to
However, it’s designed to your web searching habits,
protect your web browsing by since no one can trace a request
routing it differently. Instead of back to you. Your home IP
connecting you directly to the address is only known by
web page you want to access, the first server in the chain.
Tor routes your traffic through Servers on the Tor network do
a series of intermediate servers not log this information, so no
so that no individual server one can piece together that
knows where you are actually chain to track a request back
connecting from. to you.
* Tor, which originated as an acronym for The Onion Router, was

originally developed by the US Navy.
84
Lecture 9
A study of more than 2,500 dark websites

found that more than half of them included
some kind of illicit or illegal content.
Unfortunately, though, routing a few times, every server

your traffic around like this has to wait and respond,
dramatically slows down and that really slows down
your web experience. If you what’s happening. Ultimately,
try to go to Google from your whether you think that
home computer in a regular kind of delay is acceptable
browser, you hardly notice a or not comes down to
delay before the page appears personal preference.
on your screen. On a slow There are other
day, it may take one second inconveniences that come
before it appears. With the with this traffic routing.
Tor browser, accessing that The website at the end may
same website in the same way be using basic information
may take five or 10 seconds. about where you are
Sometimes, it even fails, and coming from to determine
you have to try to connect what to show you. If it looks
to the website again. That’s like you are coming from
because if you route your another country, some
request around the world websites may not work.
85
People may want this kind with oppressive governments

of protection simply if they and restrictive internet to
are privacy-conscious, but it access whatever sites they want
becomes more important if you while covering their tracks.
live in places where you know
that your web traffic is being Of course, people who are
monitored. In many countries engaging in illegal activities
who do this kind of monitoring, also want this kind of privacy.
VPNs—virtual private networks But it is perfectly legal to use
that encrypt data coming from the Tor browser, and many
your computer—are banned, so people use it for legitimate
traffic can’t be hidden that way. purposes, so there’s nothing
Tor provides a way around this, wrong with downloading it and
allowing people in countries giving it a try!
Dark Web Anatomy
The dark web does not use The domain names of .onion
different technology from the sites look different than
regular web. The main way what you would expect on
that you can tell the difference the regular web. Instead of
between dark websites and being able to choose your own
regular websites is that dark domain name, every dark web
websites all end with the .onion domain name is 16 characters
top-level domain instead of followed by .onion. Just like
ones you’re familiar with, such with the regular web, anyone
as .com or .net. If you try to who is connected to the dark
access a .onion website with web can set up a server and
your regular browser, your host a website.
browser will just think that
you have entered an incorrect
Some websites you’re familiar
address, and the browser will
with exist on the dark web.
not be able to get to it. The Tor
For example, Facebook
browser, on the other hand, can
is on the dark web as
access these sites.
facebookcorewwwi.onion.
86
Lecture 9
On the regular web, if you want are missing a lot of relevant
a domain name, you need to information. This is not because
register it with a domain name there are no professionals
registration service. That building the search engines, but
maps your domain name to rather because things change
the IP address of the computer at a much faster rate on the
that hosts your website. dark web.
A distributed database of these
mappings is kept on domain There is a lot of nefarious
name servers. activity going on there. Popular
sites will get attacked by
On the dark web, there’s a hackers that bring the service
similar domain name service, down, or they are targeted and
but instead of just choosing shut down by law enforcement
the word that you want for because illegal activities are
your domain name, you taking place there. Once
basically pick from a list of all they are gone, it’s very easy
available 16-character strings. for them to simply reopen
This means that almost every with a new dark web domain.
website on the dark web has And because those domain
a meaningless domain name names are not meaningful or
that’s just a bunch of letters and memorized, it’s not like they
numbers followed by .onion. are losing important branding.
That means that it’s pretty But frequently changing
much impractical to memorize domain names means that
domain names on the dark web search engines can’t rely on
like you do on the regular web. sites being in the same place
for very long. Thus, many of the
Because domain names ways that you discover things
essentially can’t be memorized, on the dark web is by word
it would be useful to have good of mouth.
search engines for the dark
web, but that’s not the case. Websites on the dark web also
There are dark web search look very outdated. They tend
engines, but they are more like to have very simple interfaces
using a search engine from and don’t look as professional
the 1990s on the regular web. as regular websites, but the
The results are often irrelevant, advantage of this is that they
lead to broken web pages, and load very quickly.
87
Dark Web Activities
In the context of your personal you can buy pretty much
data, there are two relevant anything—including stolen
reasons to use the dark web: It’s credit card numbers, stolen
where personal data that has login information, drugs,
been stolen can be found, and guns, pornography, computer
it’s a way to keep your activities viruses, and the services of
more private. people who will help you do
illegal things, such as hackers,
On the dark web, there are currency traders, and hitmen.
plenty of perfectly legitimate The marketplaces where
activities going on, including
these types of things happen
people playing games and
look like low-rent versions
having political debates. If you
of eBay.
are discussing sensitive topics,
you can do that anonymously in In addition to the anonymity
a way that cannot be tracked. offered by the dark web, the
In this way, the dark web rise of bitcoin** and other
embodies the ethics of the early cryptocurrencies has enabled
web that focused on freedom these sorts of transactions
of expression—and that to take place anonymously
freedom as a tool for improving and securely. Transactions
people’s lives. with cryptocurrencies are
But the dark web is also recorded in public ledgers
a place where many illicit maintained by volunteers.
things happen. For example, The transactions are
you can find the full text of anonymous, with each person
popular books, along with identified only by a string of
pirated content. letters and numbers. And the
data within them is encrypted,
One of the major activities so it remains secret to everyone
that you can do on the dark except the two people in
web is to buy things, and the transaction.
** Bitcoin and cryptocurrencies are currencies that were invented;

they are not tied to any government or company.
88
Lecture 9
Ideally, you can convert When there are data breaches

cryptocurrency into any other of username and password
currency, but it is highly volatile, information for large websites,
and whether or not conversion that data tends to end up
works reliably and safely is still on the dark web. It is not as
up for debate. It often involves valuable as bank account
meeting strangers in parking information, but it can be used
lots to do the exchange. You in many ways.
can buy bitcoin and other
cryptocurrencies with regular Hacked personal information
money, trade it on exchanges, can also be aggregated, so
and use it to buy things on the there are places on the dark
dark web.*** web where you can find
a person’s collected email
In terms of personal addresses, login names, and
information, you can buy bank hacked passwords, along with
account numbers and login other information that may
and password information for have been obtained legally,
bank accounts on the dark web. such as credit card numbers
Using this sensitive personal and Social Security numbers.
information comes with a All of this extremely sensitive
huge risk, but it can be had for information is available
a price—a relatively low one, for a relatively low price to
in fact.**** anyone who wants to buy it.
*** Cryptocurrency and the dark web marketplaces have evolved

together: The marketplaces make cryptocurrencies more useful,
and cryptocurrencies enable dark web transactions to take place
securely and privately.
**** In 2017, Experian found that on the dark web, a Social Security
number cost just one dollar, a credit card number with the code on
the back was five dollars, a debit card number and the associated
bank information was 15 dollars, and a driver’s license was
20 dollars.
89
If you have any kind of normal privacy and security elements
online presence, there is associated with the dark web,
probably information about it’s difficult to shut these
you for sale on the dark web. repositories down. They just
Unfortunately, there’s not pop up someplace else and are
a whole lot that you can do not traceable to the individuals
about that. Because of all of the who are running them.
So What Can You Do?
If you want to know what’s The only real steps you can
on the dark web about you, take to protect yourself are
you could get on the dark web using good security practices.
yourself and start searching, Using things like two-factor
but plenty of places like credit authentication will alert you
bureaus and credit card if anyone tries to get into your
companies now offer dark web accounts, and it makes it harder
monitoring that looks for your for people to access them.
personal information on the You can set up a credit freeze
dark web and alerts you to it. or monitoring with a credit
If they find your credit card bureau, but be sure to read the
number or a password that fine print.
you are still using, they can
alert you that this is something But beyond that, the dark web
to change to keep other and the dark marketplaces
accounts secure. of information that exist
there are just an unfortunate
However, these services come reality of our modern digital
at a cost. Sometimes it’s in life right now. Hackers are
random fees that you are going to hack, and until
charged, and often it means there are stiffer penalties for
that you give up your right to companies to encourage them
sue the people monitoring you, to do much more to protect our
even if they are the reason your information, that information
information ended up on the will fall into the hands
dark web in the first place. of criminals.
90
Lecture 9
Assignment
You may not want to get on the dark web itself, but try out the
Tor browser. You can use it for any normal web browsing. You can
download it at torproject.org. Try visiting a few websites you normally
go to. Can you notice a slowdown in the browsing speed? Do you have
difficulty accessing some sites? These are side effects of the privacy
protection, and they highlight the trade-offs we often have to make
when balancing privacy against convenience.
Resources
Bitcoin, https://bitcoin.org/en/.
Stack, “Here’s How Much Your Personal Information Is

Selling for on the Dark Web,”
https://www.experian.com/blogs/ask-experian/heres-how-much-
your-personal-information-is-selling-for-on-the-dark-web/.
Tor, https://www.torproject.org/.
91
ALGORITHMIC BIAS:
WHEN AI GETS IT WRONG
LECTURE 10
While algorithms can be eerily correct at predicting people’s

desires and behavior, they can also be incorrect, with troubling
consequences. When algorithms go astray, it can often be traced
to bias within them. As algorithms become more widely used
outside the research lab, bias can have real and potentially
damaging effects on people’s lives. It is important
to understand how this bias manifests,
where it comes from, and how it can
be addressed.
92
Lecture 10
Algorithmic Bias: When AI Gets It Wrong
Bias in Algorithms
Facial recognition algorithms tag who is in them, that can

can use a picture of your face— be used to teach a facial
whether it’s posted online recognition system who each
or captured in a surveillance person is and, on a larger
system—to identify who scale, to learn which facial
you are by comparing it to measurements are useful
a database of known faces. at identifying people. But
But such algorithms can be if you don’t have access to
wrong; in fact, they’re wrong that kind of data, you need
in biased ways. to look to public databases
of identified photos. One of
If you are a white male, these the most common databases
algorithms work very well for used for this is one of celebrity
you. If you are a member of any photos. There are many
other group—such as white celebrities, and there are
women or men of any other many pictures of them taken
race—they are less accurate. from many angles, making
this a useful set of faces to
How does that happen?
learn from.
It’s not that there was
any racism or sexism at But for this to work, celebrities
play in the development need to be representative of
of the algorithms; it’s that the general population. In a
in order to work, these way, they are. We all look sort
algorithms need to learn of like celebrities; we all have
from a bunch of examples of the same face parts in roughly
known faces. the same spots. But celebrities
also look much different than
A social media company
most people. And depending
might have photos for many
on your race and gender, the
of its users. People share
variation within celebrities can
lots of photos, and if they
be different.
93
For example, famous white intentionally but is a result

men tend to have more of bias in the data—and even
variation in their age, weight, the bias in the data is more
and range of appearance than accidental than intentional.
famous women. While it is But sometimes bias makes its
relatively common to see male way into algorithms in a more
celebrities over 50, there are overt and malicious way.
many fewer women of that age
who are celebrities. Female Consider lending, whether
celebrities are also expected to for credit cards or mortgages
conform to much more specific or bank loans. Not long ago,
beauty standards. Male lending was legally biased.
celebrities tend to have more Women were required to have
varied body types than female their husbands on their credit
celebrities do. cards. With a restriction like
this, women were not able
This is not to say that there is to independently establish
no discrimination based on credit ratings in the same way
celebrity men’s appearances that men could. Even after
but rather that male that rule changed, it would
celebrities tend to have much take decades for women to
more variation than female establish the same credit
celebrities. Thus, identifying histories as men and appear
men is easier because the as reliable. This kind of social
algorithm has learned bias against a group has long-
from a more diverse set of lasting impacts that appear in
male examples. the data.
This shows that algorithms And just because a bias is no

can be less accurate for longer legal, that doesn’t mean
certain groups almost by it disappears. Human decision
accident, because the data making is often biased in racist
the algorithms learn from and sexist ways. While some of
is not representative across these biases may be explicit,
all groups. The bias is not some of them are unconscious
embedded in the algorithm and unintentional.
94
Lecture 10
Facial recognition algorithms can

be correct nearly 100 percent of
the time for white men but only
about two-thirds of the time for
nonwhite women.
There is evidence that with the exact same credit

mortgage rate decisions by history, African Americans
lenders are influenced by were steered into subprime
human bias—often racial bias. mortgages one and a half
Perhaps higher rates are times as often as white people,
offered to minorities, even if and Hispanics were sent to
they have good credit. And subprime mortgages twice as
when we build an algorithm often. Those decisions were
that learns from the made by an algorithm.
data created by these
human decisions, it learns Certainly, the bank knew it
a similar bias. was illegal to set mortgage
rates based on race, and the
One example of this took race of the applicants was not
place in the lead-up to the something that the algorithm
mortgage crisis. The city of Los was told. So how did the
Angeles did an investigation algorithm end up making
and found that among people racist decisions?
95
It learned from human being discriminated against

data, which has some of that was excluded, artificial
bias in it, because humans intelligence (AI) was smart
are biased. From that data, enough to find other
it recognized that certain features that allowed it to
people were sent to mimic that bias. Essentially,
subprime mortgages more by discriminating based on
often. And while it couldn’t see zip code, the algorithm
race, it could see zip code, was being more “accurate”
which maps closely to race in because it was more closely
much of the US. Thus, even reflecting human
though the factor that was decision making.
Inscrutability of Algorithms
The problems of bias are and principals. The school

also exacerbated by the system implemented an
inscrutability of algorithms. algorithm to rank teachers,
They can produce an answer and the school district fired the
but rarely produce an lowest-scoring five percent.
explanation to accompany
it. Often, that’s because This particular teacher was in
algorithms cannot explain that group, much to everyone’s
how they made a decision. The surprise. She talked to the
internal math is impenetrable school about what happened,
and complex, so there is no and the answer she got
way to know how they came up back was essentially “the
with an answer. algorithm says so.” It’s known
that these algorithms vary
For example, in Weapons widely in their accuracy, with
of Math Destruction, Cathy teachers scoring at the top
O’Neil describes an algorithm one year and in the bottom
that was used in Washington the next—with no change
DC to determine whether or in classroom techniques or
not teachers were retained. strategies. Yet she was not
She tells the story of one given the opportunity to
excellent teacher who was challenge those results and
loved by students, parents, was let go.
96
Lecture 10
This teacher was only probably flawed—gave an

unemployed for a few days answer that people decided
before getting rehired in a to rely on without question to
wealthy suburban school make a decision.
district outside Washington
DC. This outcome is exactly When there is no insight
what we want to avoid: into the algorithm’s decision
An excellent teacher in an process like this, it can be
underresourced urban school difficult or even impossible to
system who wants to stay detect bias. Was this algorithm
there ends up being fired and systematically biased in some
bringing her skills to a wealthy way? Did it simply make a
suburban school system. She’s random error? Is there some
exactly the kind of person other important factor at
that districts want to retain, play that we don’t know? It’s
yet an algorithm—which was impossible to know.
So What Can You Do?
The combination of of gender! But this does

algorithmic errors that go not work. Countless examples
unquestioned and algorithmic show that AI is smart enough
bias that is hidden by the to pick up on a person’s
veneer of objectivity that gender from other clues.
comes with AI means that Hiding the obvious indicators
there is a lot of social bad that of a trait may be good at hiding
can arise from these kinds
the bias, but the bias usually
of technological approaches
will still be there.
being implemented without
question, without checks, There are a few ways to
and without understanding. approach the use of these
Unfortunately, it is common algorithms to make things
for algorithm builders to better, including algorithmic
offer a naive solution to the explainability and auditability
problem: If an algorithm is as well as diversity in
sexist, for example, we could algorithmic design, though the
just drop out indicators problem is large and complex.
97
Part of the difficulty that One important area of

comes with using AI is that research is trying to figure
these algorithms are very out how we might be able to
difficult to understand. Under better explain what’s going on
the hood, there are many inside algorithms. It’s a place
layers of complexity that lose where we hope to make fast
human meaning very quickly. progress because as these
Even though we can output algorithms are more widely
all the numbers and data that used, it will become important
an algorithm uses, we can’t to explain what they are
understand what it means or doing. This is one of the spaces
how it came to a decision. where we’re likely to see some
of the earliest regulation over
In fact, in the 1990s and early the use of AI.
2000s, computer scientists
spent about a decade trying This may come from using
to come up with a way to different types of algorithms.
explain how these algorithms Some are much easier to
made their decisions, but understand than others.
ultimately they gave up For example, one class of
because it was too hard. algorithms, called decision
Thus, if someone asks if an trees,* aren’t always as
algorithm is discriminating accurate as some of the more
based on gender, it’s very hard complex algorithms, but if
to answer based on what the companies are required to
model looks like. You can’t just explain their algorithms’
peek under the hood and see choices, they may end up
that it considers gender in a sacrificing some accuracy for
specific way. more interpretable results.
* With decision trees, you start with a question on the top level,
such as “Is it raining?” Depending on the answer, you will go to
another branch, which will ask a different question, such as “Is
the temperature 80 degrees or above?” Eventually, the branching
stops with a decision like “Today is a good day to visit the beach”
or “It’s a bad beach day.”
98
Lecture 10
There’s also research going With AI being used to hire and

on that hopes to better fire, make lending decisions,
understand what’s happening and potentially determine
inside the more complicated insurance coverage, health-
algorithms. Technology has care access, and other financial
advanced a lot since the last decisions, there will certainly
time researchers worked on be accusations of unfairness
making these explainable, so and lawsuits. Users of the
there is some hope that there tech will need some defense,
could be progress there. and comprehensive audits
are a way to show that care
Another approach—called has been taken to screen the
auditing—is to analyze the algorithms for problems.
output of the algorithms They are also important
rather than analyzing what’s before things go as far as a
going on inside them. The lawsuit for companies to know
processes for this can be how well their algorithms
complex, but essentially it are working and where any
involves sending a bunch of unfairness lies before they put
different examples to the them to use.
algorithm, seeing what kind of
output is generated, and then In addition, companies will
evaluating that for bias. want to avoid building bias into
their systems in the first place.
Just how to do this auditing This means having diverse
is a difficult problem, and it’s teams working on creating the
an active area of research algorithms. Some of the bias
among AI scientists. Because issues that arise come from a
of the ethical and legal context lack of knowledge on the part
around it, this is also a space of the algorithms’ creators.
that we are likely to see a good The bias is not necessarily
amount of progress in the malicious, but a product of
coming years. ignorance or naivete.
99
On the personal data side, become more widely deployed.

these issues are also relevant. As average users of technology,
More diverse teams lead to we don’t have a lot of control
better decisions about data over this. But it is an issue
privacy as well as to better worth paying attention to
insight about fairness and because ultimately there is
bias—one of the biggest likely to be regulation over
challenges as algorithms these issues that will directly
that use our personal data impact our lives.
Assignment
Many search engines have an auto-complete function on their

home page. You might type in “chocolate cake” and it will offer
you options like “chocolate cake recipe” and “chocolate cake from
scratch.” Try searches for the same phrase for different groups.
For example, try typing in “is my daughter” versus “is my son”
or “why are men” versus “why are women.” Look at the different
suggestions offered and compare them between the two groups.
Are the differences reflecting stereotypical biases? How do you
think they got there?
Resources
Dastin, “Amazon Scraps Secret AI Recruiting Tool That Showed Bias
against Women,” https://www.reuters.com/article/us-amazon-com-
jobs-automation-insight/amazon-scraps-secret-ai-recruiting-tool-
that-showed-bias-against-women-idUSKCN1MK08G.
Jackson, “Facial-Recognition Technology Flagged 26 California

Lawmakers as Criminals,” https://www.cnn.com/2019/08/13/tech/
facial-recognition-body-cameras-bill-california-trnd/index.html.
O’Neil, Weapons of Math Destruction.
100
Lecture 11
Privacy on the Global Stage
PRIVACY ON THE GLOBAL STAGE

LECTURE 11
Around the world, there are very different approaches to how personal
information is used, protected, and shared. While the default in this
course has been viewing things from the perspective of the United
States, two very different examples are Europe and China.
Europe is leading the world with a strong, comprehensive
privacy law that grants citizens protections that many in
the US envy, whereas China is carrying the collection
and use of data on citizens to a level that many
would consider dystopian.
101
United States
In the United States, discussed is whether someone

private communications has a reasonable expectation
are protected. The of privacy.
Fourth Amendment gives
citizens protections from When we share
unreasonable search and communications with third
seizure, which prevents the parties, though, we lose our
government from intercepting expectation of privacy. In the
phone calls or mail or modern context, that means
otherwise spying on you that if you post something
without a reason. on social media—even if you
have privacy settings that
There are other legal make it visible to only a few
protections that help keep people—you cannot expect
your information private from that it will be kept private. You
the government and from third have shared it with the social
parties. For example, a person media platform in the process,
is not allowed to read your and now it essentially owns
mail or come into your house. that data about you. The
When determining when and company is not subject to
how data can be collected the same rules that the
about an individual, what’s government is.
There are not many rules that restrict what third parties can do
with your data. This comes from the 1979 Supreme Court case
Smith v. Maryland, in which the court upheld the third-party
doctrine, which basically says that once you involve a third party in
communication, you lose your legal privacy protections.
102
Lecture 11
Most of the restrictions over develop a comprehensive

what companies can do with privacy program, and have
your data come from the privacy audits every two to
companies themselves. They three years.
must abide by the terms
of service that you agree After the Cambridge
to when signing up, but Analytica scandal broke,
those can change over time. regulators dug into how
When companies violate apps were able to collect
their own terms, people information about millions
may sue. Settlements may of unsuspecting Facebook
result in simply changing users. An investigation
the terms of service to that stretched over two
allow the offending activity, years found that Facebook
or the government may had violated the decree in
get involved. many ways, sharing data
that people expected to be
For example, in 2011, the private. And in 2019, the
Federal Trade Commission FTC punished Facebook with
(FTC) investigated Facebook a 5-billion-dollar fine.*
for telling users their
information would be kept Whether that has any impact
private while making it is up for debate. Facebook’s
public in a variety of ways. stock price actually rose on the
To settle the charges, day the fine was announced.
Facebook agreed to a consent The agreement also did
decree that regulated what nothing to change the core
Facebook could do going model of how Facebook
forward. It said that Facebook monetizes users’ data, leading
had to get consent before many to believe that little will
sharing data with third parties, change as a result.
* This was by far the largest fine the FTC had ever given. But even
such a substantial fine didn’t likely impact Facebook’s operations,
as the company’s net profit was more than 22 billion dollars in
2018.
103
Facebook is not the only This sort of behavior is

company to exploit user data common and suggests that
in questionable and potentially there may be a need for
illegal ways; it is just a large different legal approaches to
and convenient example. govern privacy.
Europe
Europe has always had a The European courts ruled

more user-centric legal in favor of the man, and
approach to privacy and Google had to comply not just
personal information than the for him, but for any citizen
United States. who asked to have personal
information removed from
There were a number of right- search results. However, this
to-be-forgotten lawsuits in was not universal. There were
Europe against Google, where exceptions where Google
citizens claimed a right to could keep the results up.
have information about them
removed from search results. And interestingly, most
One of the most prominent requests were subject to
cases was filed by a man in this exception. Some of the
Spain. In 1998, his home most popular requests for
had been foreclosed on and information to be deleted
auctioned off. By 2014, when came from public officials
you searched for the man’s who wanted to have stories
name, the auction for the published in newspapers
foreclosure was the first result about their misdeeds taken
that appeared. Even though so out of the results. Because
much time had passed that the this constituted something
foreclosure would no longer be that was of public interest, it
on a credit report, anyone who was not covered by the right-
wanted to look for the man to-be-forgotten lawsuit, and
online would find evidence of the pages were allowed to
his past financial issues. stay up.
104
Lecture 11
Older European privacy laws blurring out people, cars,

manifested for Google in and even people’s homes.
interesting ways. For example, Anyone can request that
when Google announced that Google blur their address.
it was going to bring its Street As a result, there is relatively
View technology to Germany, minimal Street View coverage
there was mass outrage. in Germany specifically
While 99 percent of American and Europe more broadly.
streets have been mapped,
allowing anyone to drop The reason that European
in and see a panoramic view citizens are able to
of what that point looks like, accomplish these things is
privacy-conscious Germans because personal privacy is
were opposed to the move. at the heart of European law.
In an attempt to appease In Europe, people own the
the country, Google started data about themselves.
Even if you are in the

US, you have likely seen
some impacts of the
GDPR. Cookie alerts
at the bottom of web
pages are probably the
most visible. This is
because the law applies
to European citizens,
not just European
companies, so if an
EU citizen views a
US-based website, the
US company must still
comply with the law.
105
Before 2018, directives from data to everyone with a

the European Union were Facebook account. You can
implemented in the legal go to Facebook—or, in fact,
frameworks of each member to most social media sites—
country in slightly different and request a download of
ways. That all changed in your data. This includes all
the spring of 2018 with the of your posts and photos
implementation of the General and comments, but it also
Data Protection Regulation includes any background
(GDPR)—a European-wide information that was collected
law that enhanced rights of about you. When the GDPR
European citizens and anyone came into effect and people
who is in Europe to control started downloading this
their own data. Interestingly, information, there was
it is not a regulation of quite an uproar. People
companies that tells them were surprised by just
what they can and cannot do, how extensive the data
but rather a regulation that collection was.
gives rights to citizens that
Under the GDPR, you also
companies have to respect.
have the right to request that
Again, at the heart of this is data about you be deleted.
a principle that states that There are some exceptions
people own the data about to this right. For example,
themselves and have the right your bank may not be able
to control it. Specifically, they to immediately delete all the
have the right to know all information it has about you
the data that a company has because it also has a legal
about them, to request that it obligation to keep financial
be deleted, and to move that records for seven years for
data around. auditing purposes. However,
the heart of the law says that
In fact, when the GDPR you can go to any company
came into effect, Facebook and as long as there is no
started offering the option need for that company to keep
to download personal your data, it has to delete it.
106
Lecture 11
There are also protections significant penalties that the

in place to keep companies European Union can levy.
from making up fake needs Citizens also have the right
just so they can keep data to file lawsuits against the
about you. If companies companies, including class
break these laws, there are action lawsuits.
China
China is a different place China needed a way to assess

economically, culturally, the trustworthiness of citizens,
and legally from the US especially when it came to
and Europe, with different loans, but potentially for other
traditions and values—and things. China’s solution was
privacy laws. the development of the social
credit score. Like the US credit
Whereas one of the score, China’s social credit
types of personal data score is a number assigned to
collected about people each person. It reflects how
in the United States much a person can be relied
is the credit score,** on, but not just to repay
China does not have a loans. While that is how it
credit score, and credit is initially started, it has evolved
used differently there. to essentially be a measure
Many people do not have of social standing—for
credit cards, and loan responsibility or conformity,
debt is tracked and depending on who you ask.
enforced differently. That The system is still being
makes a US-like credit- developed and deployed, but
scoring system a poor fit. parts of it are already in use.
** A few private agencies collect information on how timely US

citizens are in repaying their debts, and that is turned into a score
that is used to assess whether they are lent money, given credit
cards, or qualify for a mortgage.
107
It began as a way to try to For example, they are not

force people to repay their allowed to board most types of
debts. Bankruptcy doesn’t fast transportation, including
exist in China the same way it airplanes and fast trains. There
does in the United States, but are also large digital billboards
the penalty for not repaying set up around cities that cycle
debt was relatively minor. As through photographs of
a result, many people simply people who are on the blacklist
walked away from money and display their name and
that they owed. With the ID number to warn people
introduction of the social about interacting with these
credit score, people who did “untrustworthy individuals.”
not repay their debts and who These pictures and warnings
were taken to court could be are also sometimes shown
given a low score. before movies in theaters.
If your score gets very low, People who are on the
such as if you suffer a large blacklist can also experience
business loss and can’t repay degradations in service, such
your debts, you will be put on as having fewer channels
the lowest tier of the social available on cable television or
credit score system, called having their internet service
the blacklist. People who are slowed down.
on the blacklist have a difficult
time borrowing money and How does the government
opening bank accounts, which know about social
may be expected, but they are transgressions?*** There
also denied all kinds of other are neighborhood watchers
rights, which would be very who keep track of people’s
surprising to people outside behavior and report
of China. it to a central system.
*** Social transgressions that can lower your social credit score
include not stopping for a pedestrian who is trying to cross
the street, not picking up after your dog, playing too many
video games, and buying products the government thinks
you shouldn’t.
108
Lecture 11
Also, China has a broadly companies and the

deployed surveillance system, government, but experts
with cameras in many public believe that the platforms
places. China also has a very are sharing data about users’
advanced facial recognition habits and that the companies
system that is able to identify may be receiving scores
people as they move through in return.
public places.
One thing that people can
The government has also be punished for in the social
partnered with many large credit score system is for
businesses to exchange spreading misinformation
data. Alibaba, a huge online. And the government
corporation that is sort of like decides what counts as
the Amazon of China, plus misinformation, so criticizing
China’s largest ride-sharing the government online—
service and their largest something that already
dating site have partnered is highly monitored and
with the government on the punished—can be tracked
social credit score. It is unclear and used to blacklist anyone
exactly how information who speaks out against
is flowing between these the regime.
So What Can You Do?
This is a space where over their personal data, why

awareness is especially don’t you? Are your rights
important. Each country being weakened in order to
and state has its own privacy help companies make more
laws. Being aware of the laws money? Or are the protective
that govern others provides laws having unintended results
insight both into what rights that are harmful? What about
you could have and how bad places where there are fewer
things could get. If other protections? Is that a world
citizens have more protections you want to live in?
109
Societies are different, so in a society when different

the manifestations may vary legal frameworks are in place
between countries, but with a helps you see what kind of
lack of legal protection, similar protections matter to you and
issues can arise across cultures. what kind of world you may
Being aware of what happens face with or without them.
Assignment
Discover what privacy laws govern you. This lecture addressed

national legislation, but what about your state, province, or city?
Check out your local privacy laws. These may be general privacy
regulations or rules about things like surveillance, drones flying
over private property, or cable companies collecting data about
your viewing habits. Do you have some protections that surprise
you? Were you expecting more protections than you actually
have? This is a good chance to brush up on your rights and to
think about whether there are any issues where you may want to
lobby your representatives.
Resources
Garcia, Smith, and Wang, “Episode 871: Blacklisted in China,”
https://www.npr.org/sections/money/2018/10/26/661163105/
episode-871-blacklisted-in-china.
Gottlieb, The GDPR Guy, https://podcasts.apple.com/us/podcast/the-

gdpr-guy/id1225996374.
Kharpal, “Apple vs FBI,” https://www.cnbc.com/2016/03/29/apple-vs-

fbi-all-you-need-to-know.html.
110
Lecture 12
Navigating the Future of Personal Data
NAVIGATING THE FUTURE OF

PERSONAL DATA
LECTURE 12
What is the future of personal data and privacy? The answer is

hard to come by, not only because there are so many paths,
but because technology drives this and is evolving quickly.
Nevertheless, this question might be answered in a
variety of ways in the coming decades.
111
DNA as Personal Data
DNA represents an interesting In fact, this strategy helped

crossroads of technological, catch an infamous serial rapist
legal, and ethical issues with and killer who had eluded police
personal data. DNA is now for decades.
in the toolbox of every law
enforcement organization to The Golden State Killer**
catch criminals. But in the 30 committed dozens of rapes in
years since DNA started the Bay Area before escalating
being used in the courtroom, to home invasions and murder
science has come a long in the Los Angeles area in the
way in being able to identify 1970s and 1980s. The police
and link people with their had DNA but had been unable
genetic profiles. And this to match it to a known person
serves as an example of how in all that time. Eventually,
technological advances can they turned to familial DNA—
undo privacy guarantees using public, open databases
that were made in the past where people voluntarily
and create new challenges upload their DNA profiles
going forward. to try to find relatives. They
were searching for relatives of
Familial DNA can be used in a murderer.
criminal cases.* If detectives
have an unknown murderer or Law enforcement was able to
rapist, they could identify the eventually narrow it down to
person using the DNA of the one man who they thought was
individual’s family members. the killer they were looking for.
* Essentially, detectives take the profile of a person and look for

whatever distant relatives they can find. Working with other public
records and genealogical data brings them increasingly closer to
their near relatives.
** The Golden State Killer—also known as the East Area Rapist and
the Original Night Stalker—was profiled most prominently in
Michelle McNamara’s book I’ll Be Gone in the Dark.
112
Lecture 12
Of course, they couldn’t But what if it starts being used

rely just on these familial for more petty crimes, such as
records for an arrest, but once a drug crime where DNA is left
those records gave them behind? What if it becomes so
a suspect, they were able to inexpensive that it’s eventually
surreptitiously collect a DNA used to catch people for
sample from the door handle committing relatively minor
of the suspect’s car, and it crimes, such as littering?
matched. The Golden State
Killer was caught. It was And there are other
72-year-old Joseph DeAngelo, applications where the
and he was arrested in 2018. territory becomes more
troubling. For example,
The Golden State Killer was consider the case of anonymous
just the first prominent sperm donation or egg
example in what has become donation. Most of the time,
a string of cold cases that when men and women choose
have been solved with this to anonymously donate in this
technology. Catching killers way, they sign legal contracts
and rapists is good—but there that protect their identity.
are a number of questions that They surrender parental rights,
arise about this use of personal and the contracts keep their
data. In this case, people had identities private and unknown
voluntarily uploaded their to the families that receive
profiles into public databases, donated sperm and eggs.
where one could reasonably
presume law enforcement If donors knew they could be
would also have access to it. identified, it’s likely that many
They may be surprised to know would refuse to participate.
that their profiles could be used Some simply want to keep
to catch their distant relatives their donations to themselves.
for committing crimes. So a reasonable precaution
donors might take is to keep
When using this information their DNA records out of public
leads to catching murderers databases. They may even
and rapists, it seems we’re choose to never get a DNA
firmly on the good side. test at all.
113
However, with even basic to produce. Yet a donor’s

ancestral DNA searches, if that family could decide to pursue
donor has a brother, sister, a relationship after finding a
or parents who upload their DNA match. The donor’s right
DNA, the child that resulted to control the outcome of his or
from the donation would find her donation is taken away.
that immediate relative quite
quickly in his or her search. Sperm banks and reproductive
Then, if the child is working in health facilities are now
a system that allows contact considering how to discuss
with genetic matches, he or with potential donors the
she could reach out to the way that their anonymity
donor’s family. If the donor will be preserved. They may
never told anyone about his simply be unable to guarantee
or her donation, the child has anonymity in the current
revealed a deeply personal and world of DNA testing. But
private piece of reproductive for people who donated in
health information to family the 1990s and 2000s, who
members. This is especially were assured that their
troublesome if the donation identity would be kept private,
violates the family’s ethical or familial DNA search is now
religious norms. potentially taking that away,
and not for any real social
This kind of revelation is severe good, but potentially for
enough that it could destroy the whims and curiosities of
family relationships for some other people.
people, and the donor has a
right to keep that information And of course, the problems go
private. Furthermore, a deeper than this. There is only
donor likely does not want a a small amount of protection
relationship with the child that with respect to DNA profiles at
he or she anonymously donated this point.***
*** President George W. Bush signed legislation that prohibited

health insurance companies from discriminating based on DNA,
but it’s a very narrow law.
114
Lecture 12
It is worth considering whether you want to have your

DNA tested by a company that offers this service.
If you do want it for your own genetic insights or if you
already have had it tested, you can strictly control the
privacy settings on your DNA in the system. You can
also have your DNA profile deleted after you have
obtained the information you want from it.
And there’s a long line of toward heart disease, even

discrimination based on if you are taking all the
medical misunderstandings behavioral steps that help
by laypeople. For example, prevent it, you could still be
Ryan White was barred from barred from getting a job
attending public school in based on discrimination
the 1980s because he was against that factor.
HIV positive.
The lack of scientific
If genetic testing becomes sophistication among the
cheap and easy, there are general public, who is not
no current laws that prevent trained in interpreting and
employers, schools, and understanding genetic testing,
other organizations from means that the opportunities
discriminating against for unfairness are rampant,
people based solely on their and we’re likely to continue to
genetic profiles. So if you see this sort of discrimination
are genetically predisposed based on DNA.
115
Genetic privacy is a complex allow for reasonable law

topic, and it is unlikely that a enforcement and health-
single law could be put in place care use of DNA but protect
that protects people from people as we start moving
unfairness, discrimination, toward more regulation in
and having their privacy this space. Just how to do that
compromised. We want to is uncertain.
The Future of Privacy Regulations
DNA is only one example of The California Consumer

many technologies that are Privacy Act is a state law
evolving to provide more that some people refer to as
insight and invasion into our “GDPR light.” Set to go into
lives. Artificial intelligence, effect in January 2020, it gives
data integration, and massive many similar rights to citizens
data collection all promise of California that Europeans
to lead toward new tech have. It governs large
that can uncover identities, businesses and businesses
attributes, and connections that make most of their money
that we never expected. As by sharing or processing
a result, we likely need to personal data.
think about fundamental
privacy rights that we want The law offers a number of
to establish rather than protections. It requires that
piecing together domain- companies be transparent
specific regulations. about what data is collected
and how they use it. Citizens
US federal regulations are still have a right to control the
largely up in the air, but there data about themselves, and
are interesting developments they have the right to see the
happening on the state level, data that companies hold.
especially in California, that They have the right to request
may offer some insight. that it be deleted.
116
Lecture 12
While this is very beneficial even have to offer different

for citizens of California, protections if people are
it raises the prospect of a simply visiting a state versus
GDPR-like federal law in the living there.
United States. That’s because
California is likely not going This scenario makes it more
to be alone in passing a likely that we’ll see a federal
consumer privacy act. Many law come into place soon that
other states have their own offers similar protections.
privacy laws, and several are This would allow companies
considering bills that will grant to operate under a single
similar protections within US privacy law as opposed
their borders. to operating differently in
each state. If this happens,
Having a bunch of different the US will be following in
state laws that regulate Europe’s lead.
consumer privacy, especially
when those regulations are There are already precedents
not the same across states, for federal laws to protect
makes it very difficult for privacy in the US, such as
a company working with the Children’s Online Privacy
personal data to operate Protection Act and the
in the United States. You Health Insurance Portability
potentially have to handle it and Accountability Act.
differently and offer different These are federal laws
features across 50 states. that allow for consistent
Depending on how these implementation of privacy
laws are written, you may policies around the country.
The Legislative Future of Personal Data
The legislative future is a robust set of laws that covers

not just limited to privacy many different aspects of the
protection laws. The US needs personal data problem.
117
Cybersecurity is a real issue The US needs better

that connects with data cybersecurity laws
privacy. To prevent people that create very harsh
from hacking deeply sensitive penalties for companies
information, we need a strong that do not protect
defense against their attacks. personal data. The US also
That requires comprehensive needs to understand
cybersecurity and strong and discourage massive
incentives for companies to data collection
follow best practices and the without purpose.
latest guidelines.
There is not going to be
Right now, the penalties for any omnibus bill that
poor security practices are addresses all of the issues
relatively weak. Even when surrounding personal
companies are gathering data. Instead, we are
tremendously sensitive going to have to look at
information about people, the the different parts of this
penalties for weak security very complicated problem
tend to be small enough that and come up with steps
their business is not disrupted. that improve each.
One interesting proposal that has been

floated in the US Senate is to require
publicly traded companies to disclose the
monetary value and liability associated
with the personal data they hold about
people. This would serve as a financial
deterrent for saving unnecessary
personal information.
118
Lecture 12
The focus on corporations to step back and ask why an

also carries into the discussion employer has any legitimate
on privacy and surveillance. right to track its employees.
We have considered the Companies may require
rights of consumers and tracking with a variety of apps
what legislation may do to and devices for insurance
protect them from companies coverage or discounts, and
who have their data. But they end up with a lot of
what about the relationship very personal data for no
between people and legitimate reason.
companies when the people
are employees? A lot of the discussion
around privacy rights has
Companies have very few centered on companies and
limitations when it comes to their users’ data. But there
monitoring their employees. should also be a serious and
We likely expect that critical analysis of companies
companies can monitor our monitoring employees and
work emails, even though we legislation that enshrines
hope they are not reading protections for workers as
them regularly just to monitor well. Of course, monitoring
us. But monitoring technology within the workplace may
often extends out of the office be important and legitimate
and out of the bounds of work- and should be allowed. But
related activities. as employers cross into
monitoring the private lives of
We have become so used to workers, the space shifts from
surveillance in workplace one of desired productivity to
situations that we may need desired power.
So What Can You Do?
If you are interested in your representative, on both

learning more about privacy the state and federal levels.
and security legislation across Ask your representatives what
domains, there are a few steps bills they support to protect
to take. The first is to talk to privacy and security.
119
However, it helps to have resource for understanding the

a background in what bills future legal landscape on these
are being considered. For kinds of issues.
that, you might look to
privacy advocacy groups The technology that can collect,
such as the Electronic analyze, and derive insights
Frontier Foundation (EFF), from our data is growing fast.
which lobbies for net neutrality, As a society, we have not
better security, and better figured out how to apply our
privacy laws on the state ethics, values, and protections
and federal levels. The EFF’s in this domain. To address this
website lists bills that are legally, we need to think about
under consideration, where the fundamental rights people
they stand, who supports have over their data. There is
them, and which of your change happening here as well,
legislators you can contact to though the future is uncertain.
try to swing them to support But trends suggest that we may
those bills. It’s an excellent see more protections coming.
Assignment
Check to see what’s going on with privacy-related legislation.

The Electronic Frontier Foundation is a nonpartisan, nonprofit
group that advocates for online civil liberties. The EFF is especially
focused on privacy and security and how to balance these
against legitimate concerns, such as law enforcement uses.
You do not need to agree with all their legislative positions, but
they do a good job of keeping track of the major issues that are
under consideration.
Visit their website, click on Issues, and then on Privacy. Explore
a topic on this page that interests you, such as medical privacy
or cybersecurity legislation. This is a great opportunity to
familiarize yourself with the privacy concerns related to a wide
range of issues and to examine legislation that’s under consideration.
120
Lecture 12
Resources
Electronic Frontier Foundation, http://eff.org/.
Fox News, “Boy Banned from School for Carrying Cystic Fibrosis
Gene,” https://www.foxnews.com/health/boy-banned-from-school-
for-carrying-cystic-fibrosis-gene.
Vincent, “Woman Fired after Disabling Work App That Tracked Her
Movements 24/7,” https://www.theverge.com/2015/5/13/8597081/
worker-gps-fired-myrna-arias-xora.
121
RESOURCES
Allen, Marshall. “With Connected CPAP Machines, Insurers Make ‘You
Snooze, You Lose’ Literally True.” Houston Chronicle, November 21,
2018. https://www.houstonchronicle.com/business/article/With-
connected-CPAP-machines-insurers-make-you-13411742.php.
Companies secretly monitor your CPAP use and send the information
directly to your insurance, bypassing the doctor. It may mean your
coverage is denied.
Bhat, Anjali. “Google Buzz: A Recap of the Controversy and the

Current Legal Issues.” The Columbia Science and Technology Law
Review, February 19, 2010. http://stlr.org/2010/02/19/google-buzz-
a-recap-of-the-controversy-and-the-current-legal-issues/. A look at
the scandal that may have permanently doomed Google in the social
networking space.
Bitcoin. https://bitcoin.org/en/. A cryptocurrency used for many

things, including being the favored currency of the dark web.
Centers for Disease Control and Prevention. “U.S. Public Health

Service Syphilis Study at Tuskegee.” https://www.cdc.gov/tuskegee/
timeline.htm. A history of the terrible Tuskegee experiments.
Chang, Alvin. “The Facebook and Cambridge Analytica Scandal,

Explained with a Simple Diagram.” Vox, May 2, 2018. https://www.vox.
com/policy-and-politics/2018/3/23/17151916/facebook-cambridge-
analytica-trump-diagram. A good primer on a complex scandal.
Dastin, Jeffrey. “Amazon Scraps Secret AI Recruiting Tool That Showed

Bias against Women.” Business News, October 9, 2018. https://
www.reuters.com/article/us-amazon-com-jobs-automation-insight/
amazon-scraps-secret-ai-recruiting-tool-that-showed-bias-against-
women-idUSKCN1MK08G. Using algorithms to make decisions where
humans have traditionally been biased is a bad idea. This article offers
an example of that at play.
122
Resources
Disconnect. https://disconnect.me/. Privacy Pro, offered by

Disconnect, is a tool for identifying and blocking trackers.
Duhigg, Charles. “How Companies Learn Your Secrets.” The New

York Times Magazine, February 16, 2012. https://www.nytimes.
com/2012/02/19/magazine/shopping-habits.html. Article about
Target predicting women’s pregnancies.
Electronic Frontier Foundation. http://eff.org/. A general, nonpartisan

resource for information about legislation related to privacy
and security.
Facebook. “Accessing & Downloading Your Information.” https://

www.facebook.com/help/1701730696756992?helpref=hc_global_
nav. Facebook’s guide to how you can download your data.
Fowler, Geoffrey A. “It’s the Middle of the Night. Do You Know Who
Your iPhone Is Talking To?” The Washington Post, May 28, 2019.
https://www.washingtonpost.com/technology/2019/05/28/its-
middle-night-do-you-know-who-your-iphone-is-talking/. Article about
trackers on your phone.
Fox News. “Boy Banned from School for Carrying Cystic Fibrosis
Gene.” October 18, 2012. https://www.foxnews.com/health/
boy-banned-from-school-for-carrying-cystic-fibrosis-gene. How a
misunderstanding of personal data leads to bad results.
Garcia, Cardiff, Stacey Vanek Smith, and Echo Wang. “Episode 871:
Blacklisted in China.” Planet Money, October 26, 2018. https://www.
npr.org/sections/money/2018/10/26/661163105/episode-871-
blacklisted-in-china. A podcast taking a personal look at the impact of
China’s social credit score.
Ghostery. https://www.ghostery.com/. A tool to block trackers.
123
Golbeck, Jennifer. “How to Keep Your Web Browsing Private.”

Psychology Today, March 29, 2017. https://www.psychologytoday.
com/us/blog/your-online-secrets/201703/how-keep-your-web-
browsing-private. A step-by-step guide on setting up a VPN and
alternative DNS server.
———. “How to Set Up a Virtual Private Network.” Slate, February 3,

2017. https://slate.com/technology/2017/02/how-to-set-up-a-virtual-
private-network.html. A walk-through on VPNs.
———. “Smart People Prefer Curly Fries.” Slate, October 7, 2014.

https://slate.com/technology/2014/10/youarewhatyoulike-find-
out-what-algorithms-can-tell-about-you-based-on-your-facebook-
account.html. Article about predicting personal attributes from
Facebook likes.
Goldstein, Jessica M. “Meet the Woman Who Did Everything in

Her Power to Hide Her Pregnancy from Big Data.” ThinkProgress,
April 29, 2014. https://thinkprogress.org/meet-the-woman-who-
did-everything-in-her-power-to-hide-her-pregnancy-from-big-
data-80070cf6edd2/. Shows just how hard it can be to keep your
information private.
Gottlieb, Carl. The GDPR Guy. https://podcasts.apple.com/us/

podcast/the-gdpr-guy/id1225996374. A podcast series that takes a
deep look at the EU General Data Protection Regulation (GDPR) and
what it means for businesses.
Haskins, Caroline. “Amazon Sent 1,700 Alexa Recordings to the Wrong

Person.” VICE, December 20, 2018. https://www.vice.com/en_us/
article/pa54g8/amazon-sent-1700-alexa-recordings-to-the-wrong-
person. Amazon collects a lot of data from its smart devices and
doesn’t seem to take great care of it.
124
Resources
Jackson, Amanda. “Facial-Recognition Technology Flagged 26

California Lawmakers as Criminals. This Bill to Ban the Tech Is
Headed to the Senate.” CNN Business, August 15, 2019. https://www.
cnn.com/2019/08/13/tech/facial-recognition-body-cameras-bill-
california-trnd/index.html. What happened when facial recognition
was used on legislators.
Kharpal, Arjun. “Apple vs FBI: All You Need to Know.” CNBC, March 29,
2016. https://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-
to-know.html. A primer on all the issues in Apple’s battle with the FBI
over creating a security hole in iPhones.
Lord, Nate. “A Timeline of the Ashley Madison Hack.” Digital

Guardian, July 27, 2017. https://digitalguardian.com/blog/timeline-
ashley-madison-hack. All the dirty details of a major hacking scandal.
Madrigal, Alexis C. “The Mysterious Printer Code That Could Have Led
the FBI to Reality Winner.” The Atlantic, June 6, 2017. https://www.
theatlantic.com/technology/archive/2017/06/the-mysterious-printer-
code-that-could-have-led-the-fbi-to-reality-winner/529350/. How
hidden codes can identify printers.
Matias, Dani. “Spain’s Top Soccer League Fined for Using App to Spy
on Fans in Fight to Curb Piracy.” NPR, June 12, 2019. https://www.npr.
org/2019/06/12/732157537/spains-soccer-league-fined-for-using-
app-to-spy-on-fans-in-fight-to-curb-piracy. Article about spying on
Spanish World Cup fans via an app.
McLeod, Sam. “The Milgram Shock Experiment.” Simply Psychology,

February 5, 2017. https://www.simplypsychology.org/milgram.html.
The classic obedience study that raised serious ethical concerns.
125
Meyer, Robinson. “Everything We Know about Facebook’s Secret

Mood Manipulation Experiment.” The Atlantic, June 28, 2014.
https://www.theatlantic.com/technology/archive/2014/06/
everything-we-know-about-facebooks-secret-mood-manipulation-
experiment/373648/. Facebook conducted its own psychological
experiment on you without telling you or getting permission. This
article explains how it worked.
Netflix Research. “Recommendations.” https://research.

netflix.com/research-area/recommendations. Netflix on their
recommendations system.
O’Neil, Cathy. Weapons of Math Destruction: How Big Data Increases

Inequality and Threatens Democracy. Broadway Books, 2016. A book
about the dangers of algorithms and data, including many bias-
oriented issues.
Perez, Sarah. “Some Apps Were Listening to You through the

Smartphone’s Mic to Track Your TV Viewing, Says Report.”
TechCrunch, January 2, 2018. https://techcrunch.com/2018/01/02/
some-apps-were-listening-to-you-through-the-smartphones-mic-
says-report/. Article about smartphone microphone usage that
instructs how to check where you’ve consented to microphone use in
apps for yourself.
Random Shopper. Tumblr. https://randomshopper.tumblr.com/.

Dariuz Kazemi’s Tumblr, where he discusses his Amazon Random
Shopper bot, including the items it buys.
Rejoiner. “The Amazon Recommendations Secret to Selling More

Online.” http://rejoiner.com/resources/amazon-recommendations-
secret-selling-online/. How Amazon gets huge revenue from
recommending items to people.
Rubenking, Neil J. “How (and Why) to Change Your DNS Server.”

PCMag, May 17, 2019. https://www.pcmag.com/review/364418/how-
and-why-to-change-your-dns-server. Offers information about DNS
servers and lists the best ones.
126
Resources
Stack, Brian. “Here’s How Much Your Personal Information Is Selling

for on the Dark Web.” Experian, December 6, 2017. https://www.
experian.com/blogs/ask-experian/heres-how-much-your-personal-
information-is-selling-for-on-the-dark-web/. How much data is out
there about you, and what would a criminal pay to get it?
Tor. https://www.torproject.org/. Browser that gives you access to the

dark web and some privacy protection.
TweetDelete. https://tweetdelete.net/. A tool to delete your older

tweets automatically.
Vincent, James. “Woman Fired after Disabling Work App That Tracked
Her Movements 24/7.” The Verge, May 13, 2015. https://www.
theverge.com/2015/5/13/8597081/worker-gps-fired-myrna-arias-
xora. Should your employer be able to track you, even when you’re not
working? One business thought so.
What Is My IP Address. https://whatismyipaddress.com/. A tool that

will show you the IP address of your computer and the general location
of it. This information is always accessible, so it can be used by any site
that you visit online.
Whittaker, Zack. “Judge Orders Amazon to Turn Over Echo Recordings

in Double Murder Case.” TechCrunch, November 14, 2018. https://
techcrunch.com/2018/11/14/amazon-echo-recordings-judge-
murder-case/. The case of the murder of Christine Sullivan and Jenna
Marie Pellegrini.
127
IMAGE CREDITS
Page# . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Credit
4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . AntonioGuillem/iStock/Getty Images.
8 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . fizkes/iStock/Getty Images.
13 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Chinnapong/iStock/Getty Images.
14 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . COMiCZ/iStock/Getty Images.
17 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ridofranz/iStock/Getty Images.
18 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vm/E+/Getty Images.
24 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Eva-Katalin/E+/Getty Images.
29 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Daisy-Daisy/iStock/Getty Images.
35 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . fizkes/iStock/Getty Images.
37 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NicoElNino/iStock/Getty Images.
44 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . yucelyilmaz/iStock/Getty Images.
47 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . RobertAx/iStock/Getty Images.
50 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . SDI Productions/E+/Getty Images.
55 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D-Keine/E+/Getty Images.
57 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . izusek/iStock/Getty Images.
65 . . . . . . . . . . . . . . . . . . . . . . . Chainarong Prasertthai/iStock/Getty Images.
69 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . gorodenkoff/iStock/Getty Images.
75 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mark Ramsay/Flickr/CC BY 2.0.
77 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Orbon Alija/E+/Getty Images.
85 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . fstop123/E+/Getty Images.
95 . . . . . . . . . . . . . . . . . . . mattjeacock/DigitalVision Vectors/Getty Images.
102 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . OlegAlbinsky/E+/Getty Images.
105 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . leolintang/iStock/Getty Images.
115 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . metamorworks/iStock/Getty Images.
118 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . anyaberkut/iStock/Getty Images.
Icons . . . . . . . . . . . . . . . . denkcreative/DigitalVision Vectors/Getty Images.

........................... cnythzl/DigitalVision Vectors/Getty Images.
128

(The Great Courses) Jennifer Golbeck - Taking Control of Your Personal Data. 1138-The Teaching Company (2020-02)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

(The Great Courses) Jennifer Golbeck - Taking Control of Your Personal Data. 1138-The Teaching Company (2020-02)

Uploaded by

Copyright:

Available Formats

Topic Subtopic

Better Living Personal Development

Professor Jennifer Golbeck

Copyright © The Teaching Company, 2020

Jennifer Golbeck is a Professor

Lecture 2 The Mechanics of Data Harvesting . . . . . . . . . . . . . . . . . . . 11

Lecture 3 Privacy Preferences: It’s All about You . . . . . . . . . . . . . . . 22

Lecture 4 The Upside of Personal Data Use . . . . . . . . . . . . . . . . . . . . . 32

Image Credits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128

HOW YOUR DATA TELLS SECRETS

The landscape of data collection and analysis has changed many

Artificial Intelligence Algorithms

Personal data can be a When she did, she posted a

You create a lot of data by just But data is collected in many

Huge amounts of data are intelligence algorithms

Machine Learning Algorithms

A machine learning algorithm Each day, it would note the

We build up mental models like in 2012. Researchers used

You may be thinking that you

* On Facebook, you can like all sorts of things—sports teams,

Homophily and Correlations

Most of what you like on social homophily, and it’s basically

Essentially, an algorithm Also, correlations found by

So What Can You Do?

How can you take control over Sometimes it is for relatively

Golbeck, “Smart People Prefer Curly Fries,” https://slate.com/

Netflix Research, “Recommendations,” https://research.netflix.com/

How—and How Much—Information Is Collected

Facebook wants to know people typed in the box, just

During the Women’s World Cup, La Liga, a National Professional

Apps, trackers, and your phone Some of them are tracking us

Even without access to the And even when we do

* Timothy Verrill is accused of murdering Christine Sullivan and

Perhaps you are not criminally the recordings as the man’s

Many researchers study how There’s a lot of information

Even if you have not created Facebook, how do they build

The most obvious information If you are not on Facebook

So now Facebook doesn’t just if Facebook has your street

This information can also friends who do not, Facebook

So What Can You Do?

Check out how much of

By blocking apps from using downloading and showing

Haskins, “Amazon Sent 1,700 Alexa Recordings to the Wrong Person,”

Perez, “Some Apps Were Listening to You through the Smartphone’s

Whittaker, “Judge Orders Amazon to Turn Over Echo Recordings in

When it comes to personal data and our individual privacy

The Privacy Spectrum

One easy and useful way to On question 1, a score of 4 or

3. Existing laws and About 10 percent of people

* The scale was originally developed to measure people’s concerns

Knowing where you fall on Privacy pragmatists

As a society, we have by default made social

Being unconcerned about into the information that

The second group, much more power than an

Types of Data to Control

There are three types of about you in the background

We can be lulled into thinking that even if our posts are public

The easiest group to tackle is First, review the default

Some sites have very technology prevents internet

such as smart refrigerators The final important step in

The one place you do have to hide it from them beyond

So What Can You Do?

Treat social media as a more charge you a small monthly