6:40 a.m. Instagram
I woke up and sent a direct message over Instagram and scrolled through suggested reels while lying in bed. Instagram uses log in credentials that include my name and email address. These identifiers are unique and persistent and can be used to link my online activity and third-party data back to me.
Instagram also collects data on which posts and reels I stop scrolling to watch and interact with, which ads I click on, and what I search for. It suggests posts and reels based on this information. In addition, it knows what kind of device I’m connecting from, and my location based on the location tags I use and searches for locations i.e. Lake Tahoe and Sacramento.
6:50 a.m. Facebook Messenger
I answered a call from a friend on Facebook Messenger that lasted approximately one hour. While I don’t have the Facebook app downloaded on my phone, my account on Messenger is connected to my Facebook account. Messenger uses the same unique identifiers as log in credentials as Facebook and has access to the same information used to set up my profile including email address, name, date of birth, and location. It also collects data on my calls, messages, mac address, IMSI and IMEI numbers, advertising id, and IP address. It also has permission to use my microphone and camera including photos and files stored on my device.
12:32 p.m. Garmin Watch
At 12:32 my Garmin watch sent me a reminder to relax because my stress level was high. Garmin measures stress as low medium or high based on data it collects on heart rate variable. As the largest companies in the technology sector continue to collect data on over 80% of measured web traffic this article details How Garmin survived the GPS revolution despite Apple and Google. While Garmin Ltd. is a publicly traded company that has not been acquired unlike its competitor Fitbit (acquired by Google in 2019), Google and other countless first and third-party trackers may be accessing health data recorded by the fitness watch and stored on the Garmin Connect website.
This data including step count, sleep quality, heart rate variable, connections (contacts), and many other health and wellness insights can potentially be collected and stored by third-party tracking cookies when the whether the website is accessed through a web browser or when the Garmin Connect app is in use.
4:00 p.m. JustWatch and Instagram
JustWatch is a streaming guide for movies and TV shows that I often use to find out where I can watch movies online for free. I sent this link Terrifier 2 streaming: where to watch movie online? (justwatch.com) over Instagram Messenger so that my friend and I could stream a movie together after work. I noticed how JustWatch automatically selects do not sell my personal information which can be toggled on by the slider.
However, when a link is sent through Facebook and Instagram Messenger the link is opened and downloaded by servers and potentially stored and sold. This is different than JustWatch selling information which is freely collected and stored by external servers according to this article on why you should stop sending links over messenger on Forbes. The data collected not only can be directly linked to me as a unique user but data about the movie genres I’m interested in and the websites I frequent may also be collected and stored.
8:40 p.m. JustWatch and Instagram
I watched the movie with my friend while on an Instagram call. Instagram can potentially access the content of calls including the duration, time, and user profiles.
Reflection
It’s clear that much of the data collected, stored, bought, sold, and the inferences trackers make about is largely out of anyone’s knowledge or control. I don’t access a lot of media in any given day but the Websites I visit, social media apps I use, and my smartwatch all collect and have access to data about me from my interests and contacts to my health data and unique identifiers directly linking this information to me as a unique person. All of this accumulated data can be combined however briefly to create a profile of me complete with inferences. This seems to be largely unavoidable even if I “went analog” tomorrow. The information and inferences could be linked directly to me if I logged onto another device at any given point in the future using unique identifiers.
I think this is mostly unsettling not because of targeted advertising but because the use and misuse of the large a large and growing data profiles about unique users is largely out of anyone’s control and data security breaches can lead to loss of privacy.