Tag Archives: data

People are generally clueless when it comes to cybersecurity

WASHINGTON – The scariness of cyber attacks seems like something straight out of the Twilight Zone. Think about it: The world revolves around computers and personal information can be stolen with one click of a mouse. The problem is that most people do not think about cyber threats.

Dr. Marshini Chetty, an assistant professor of Human-Computer Interaction at the University of Maryland, said that people don’t tend to think about cybersecurity unless they are actually in the industry or in some situation where they have to be aware of security.

“We find that if they haven’t heard about it in some big news story or someone hasn’t informed them that there’s been like a big credit card breach or something like that,” Chetty said, “They aren’t really aware of security on a daily basis.”

Chetty said that the media plays a huge role to raise awareness about cybersecurity issues to the general public. “The more educated the public is, the better it is for everyone,” she said.

She noted that the U.S. government is taking great measures to educate people about their online safety. Her government-funded research, which focuses on evaluating people’s behaviors when it comes to completing software updates, is required to have a component that makes educational materials available to the public.

Antoinette Isama, a 23-year-old student from Silver Spring, Md., knows that security threats loom. “I definitely take it seriously, even in regards to online shopping. I don’t save my credit card information. I think it should be taken more serious because it’s easier and easier for someone to steal your information.”

Although individuals can take measures to protect themselves from hackers, there is only so much that can be done. “If you’ve entrusted your data to a third party….it’s up to them to make sure their systems are secure.” Chetty said. She warned of a possible cyber attack that could be targeted at the network system of a company that is not properly protected or equipped to handle a large-scale breach, which could possibly put millions of people’s personal data at risk of being stolen.

“Generally when people are not aware of privacy and security issues they can easily get themselves into trouble,” Chetty said, “Whether that’s sharing information that they didn’t intend to share or having machines that are not protected.”

According to Chetty, individuals can take steps to keep their personal information safe in cyberspace. Making sure personal machines are always up to date, securing passwords and not staying logged in to public computers are all measures that can be taken to protect against a cyber attack.

Isama said that worrying about cyber attacks is wasting time.

“I don’t [worry] because attempts are already happening. It’s a reality now. Now it’s about being preventative.”


Minimizing your digital trail

WASHINGTON — In popular culture, going “off the grid” is generally portrayed as either unsustainable or isolated: a protagonist angers some omniscient corporate or government agency and has to hole up in a remote cabin in the woods until he can clear his name or an anti-government extremist sets up camp, also in the middle of nowhere, living off the land, utterly cut off from society at large.

But is there a way to live normally while also living less visibly on the grid? What steps can you take to reduce your digital footprint that don’t overly restrict your movements?

What is a digital footprint?

Your digital footprint is the data you leave behind when you use a digital service—browse the web, swipe a rewards card, post on social media. Your digital footprint is usually one of two classifications: active or passive.

Your active digital footprint is any information you willingly give out about yourself, from the posts you put up on Facebook to the location information you give to your local mass transit system when you swipe your transit pass.

By contrast, your passive digital footprint is information that’s being collected about you without your express knowledge or authorization, for example, the “cookies” and “hits” saved when you visit a website. When you see personalized ads on Google, for example, those are tailored to you through collection of your personal preferences as inferred through collection of your passive digital footprint.

To assess my digital footprint, I looked through my wallet, my computer and my phone.

The footprint in your wallet

First, the wallet: I have several rewards cards, each representing a company that has a record of me in its database that shows how often I shop and what I buy, which is linked to my name, address, email and birthday—plus a security question in case I forget my password, usually my mother’s middle name.

While I would consider this information fairly benign—they don’t have my credit card information or my Social Security number—these companies can still make many inferences about me from my purchases. CVS, for example, could probably say fairly accurately if I’m sick based on my purchase of medications, whether I’m sexually active based on birth control purchases and any medical conditions I may have based on my prescription purchases.

If I wanted to minimize my digital footprint, I could terminate all my rewards accounts and refrain from opening any more. For me, though, it’s worth allowing these companies to collect my information in order to receive the deals, coupons and specials afforded me as a rewards member.

Next up is my transit pass, which is linked to my name, local address and debit card. The transit authority has a record of every time I swipe my way onto a city bus or train, a record of my movements linked to my name.

A minimal-footprint alternative to a transit pass is single-use fare cards. If purchased with cash, they would leave no record of my travels linked to my name. While this, like the rewards cards, is feasible, it’s far less convenient than the pass —so much less so that again I’m willing to compromise my privacy.

My debit card and insurance card are the two highest-value sources of personal information, but both are utterly necessary—living half a country away from my local credit union, I need my debit card to complete necessary transactions. My medical insurance card, relatively useless to identity thieves unless they have an ID with my name on it, does represent another large file in a database with my personal information—doctors’ visits, prescriptions and hospital stays for the past several years. People with just the physical card, not my license or information, can’t do much with that, but if a hacker gets to that information it could be very damaging.

No driver’s license? No credit card?

To minimize my digital footprint, then, I could pare down my wallet to just the absolute necessities—my insurance card, debit card and my license. You didn’t talk about your license

Computer footprint

If I’m guilty of leaving a large digital footprint, all my worst infractions probably happen across the Web.

Between Facebook, Twitter and Pinterest, I’ve broadcast my name, picture, email, hometown and general movements, if not my specific location, on each of those sites. Of the three, Facebook certainly has the most comprehensive picture of my life for the past seven years—where I’ve been, with whom, what I like and what I’m thinking.

If I wanted to take myself as far off the grid as feasible, simply deactivating the accounts wouldn’t work—Facebook keeps all your information there for you to pick up where you left off. You can permanently delete it with no option for recovery, but some information isn’t stored just on your account—messages exchanged with friends, for example, or any information shared with third-party apps.

If you keep using social networking sites, privacy policies change frequently, meaning that even if you choose the most restrictive privacy settings, you often have to go back and re-set them whenever the company changes its policy. Apps complicate things even further, farming out much of your information to third-party companies with different privacy policies.

Even if you’re vigilant about your privacy settings and eschew apps, your profile is only as private as your most public Facebook friend, said Paul Rosenzweig, a privacy and homeland security expert.

When shopping online, it’s important to check the privacy statements and security policies of the companies you’re using. If possible, purchase gift cards to the specific retailer or from credit card companies and use those to shop, so you don’t leave your credit card information vulnerable to breaches like that of Target.

I know that email is not my friend when it comes to online privacy, but I can’t operate without it.  I use Gmail on Google Chrome for my email, so I installed Mymail-Crypt. It’s one of several “pretty good protection,” or PGP, encryption programs. Using it, my messages appear to be a jumbled bunch of letters until the recipient decrypts it using their private key, which I can save to a key server, like the aptly named Keyserver, where it’s searchable by my email or key ID. I can then link to it on my personal profiles such as Facebook or LinkedIn. People can then send an encrypted email to me using my public key that cannot be read without my private key to unlock it. I’ve also started encrypting my G-Chats using Off the Record chat.

Email can be used against you. Phishers have started to send more sophisticated emails imitating individuals or companies you trust in order to convince you to give up information like your social security number or credit card data. Drew Mitnick a junior policy counselor at digital rights advocacy group Access Now, said you need to be vigilant no matter what you’re doing on the internet.

“Ensure that whoever you’re dealing with is asking for appropriate information within the scope of the service,” he said. In other words, Gap shouldn’t be asking for your Social Security number.

To limit cookies and other data collection during your Internet use, you can open incognito windows in Google Chrome. In incognito mode, the pages you view don’t stay in your browser or search histories or your cookie store—though your Internet service provider and the sites you visit still have a record of your browsing.

Finally, encrypt your hard drive. Privacy laws vary from state to state and country to country so the best way to ensure that you’re protected no matter where you are is to encrypt your computer and be careful not leave it where someone can mess with it, said Mitnick.

Phone footprint

Another source of vulnerability for many people is a smartphone. As long as you have a phone, you’re on the grid—phone companies can triangulate your position using cell phone towers and location services, and they log your calls. Beyond that, though, there are steps you can take to limit information people can access about you using your phone.

First, be judicious when installing apps. Carefully read the permissions an app requires for installation, and if you’re uncomfortable with them, don’t install it! Read privacy policies and terms of use so you know what data the app keeps on you.

Because I have a Windows phone, many of the basic apps (alarms, maps, Internet Explorer, music, and Microsoft Office) are Microsoft apps and use their terms of use and privacy policy, which is pretty good about not sharing my information with third parties. They also delete your account data after you delete their app, though it may take a few weeks.

I have several social apps, such as the aforementioned Facebook and Pinterest, for which the privacy settings are fairly similar to their desktop counterparts—not very private—with the added bonus of them now having access to my location and phone number. It’s entirely possible—and advisable, if you’re trying to leave a minimal footprint—to live without these apps, but I choose not to.

I’m selective about the apps I install on my phone. Aside from the apps that come with the phone and my social media apps, I only have Uber—and that has a lot of access to my phone. According to the app information, Uber can access my contacts, phone identity, location, maps, microphone, data services, phone dialer, speech and web browser. That’s a lot, and not all of it seems necessary—why does Uber need my contacts? Again, though, I chose to compromise my privacy on this one because the convenience, for me, outweighed the risk.

A precaution I’ve always taken is turning off my location service unless I need it. While my cell phone company can still track me, this prevents my apps from accessing my location. I don’t need Pinterest or Facebook to know where I am to get what I want out of the app, so I don’t provide that information to them.

One of the projects Access Now has been working on is “super cookies”—when you use your cell phone, the cell companies can attach unique identifiers to your browsing as you go across multiple sites. Many companies don’t even offer opt-outs. AT&T has now stopped using super cookies, but other companies still do so.

If you don’t already, use two-step verification whenever possible to ensure that no one but you is logging onto your accounts. This process, used by Gmail, has you enter your password and a one-time numerical code texted to a phone number you provide.

Set a passcode to your phone if you haven’t already, and make it something people couldn’t easily guess—don’t use your birthday, for example. I’ve started using random numbers and passwords generated for long-defunct accounts like my middle school computer login that I memorized years ago but that can’t be linked back to me.

Amie Stepanovich of Access Now suggested using four unrelated words strung together for online account passwords—they’re even harder to hack than the usual suggestions of capital and lowercase letters, symbols and numbers.

One final precaution you can take is to encrypt your device. Apple has already started encrypting its phones by default, and Google has promised to do so. Regardless, you can turn on encryption yourself. I have a Windows phone, which does not allow for easy encryption—in fact, I can’t encrypt my SD card at all. To encrypt my phone, I need to log in to Office 365 on my laptop and change my mobile device mailbox policies to require a password, encryption, and an automatic wipe after a number of passcode fails I choose. I then log into Office 365 on my phone to sync the new settings. It’s much more straightforward for an Android—just go to settings, security, and choose “Encrypt phone.”

Off the grid? Not even close

For me – and most people, it’s not feasible to live entirely off the grid. Between my debit card, various online accounts and smartphone, I pour my personal data into company and government databases every day. The trick is to live on the grid intelligently, only providing the information that is necessary and taking steps to protect your devices from unauthorized access.

White House pushes for student data regulations

WASHINGTON — When the educational company ConnectEDU filed for bankruptcy about a year ago, it tried to do what any business would — sell off its most valuable asset: student data.

Millions of students submitted personal information such as email addresses, birth dates and test scores to the college and career planning company.

The Federal Trade Commission eventually stopped any transactions involving the data after noting that they violated ConnectEDU’s privacy policy.

Some student educational records are protected through the Family Educational and Privacy Rights Act, or FERPA. Originally signed into law in 1974, FERPA essentially protects the records schools collect on students and gives parents certain oversight and disclosure rights.

The growing influence of technology in classrooms and in administrative data collection, though, is making FERPA out-of-date.

Teachers, students and parents now routinely submit information to educational services companies, such as ConnectEDU. FERPA does not regulate how these companies use that data. And there is no other federal law that does. The companies’ own privacy policies are the only limit to what the companies can do with the information users provide.

The concern is that ConnectEDU may not be the only education technology company that is trying to sell its data to third parties.

ConnectEDU’s databases, for example, were filled with students’ personally identifiable information including names, birthdates, email addresses and telephone numbers. The sale of that information to other companies is not regulated.

In order to make FERPA up-to-date, President Barack Obama, in conjunction with partners in the private sector, called for a legislation to establish a national standard to protect students’ data in January.

“It’s pretty straightforward,” Obama said in a speech at the Federal Trade Commission. “We’re saying the data collected on students in the classroom can be used for educational purposes — to teach our children, not to market to our children. We want to prevent companies from selling student data to third parties for purposes other than education. We want to prevent any kind of profiling about certain students.”

Dubbed the Student Digital Privacy Act, the White House’s plan is loosely based on a 2014 California law that prohibits third-party education companies from selling student information. While other states have laws regulating and increasing the transparency, regulation and collection of student data, the California law seems to be the most far-reaching.

Because FERPA doesn’t cover third-party use, some private sector leaders have taken a vow to establish clear industry standards for protecting student data through the Student Privacy Pledge.

Created by the Future of Privacy Forum and the Software and Information Industry Association in the fall of 2014, Obama mentioned the pledge as an encouraging sign for the protection of student information.

“I want to encourage every company that provides these technologies to our schools to join this effort,” Obama said. “It’s the right thing to do. And if you don’t join this effort, then we intend to make sure that those schools and those parents know you haven’t joined this effort.”

So far, 123 companies have signed the pledge, including tech and education giants such as Apple, Microsoft, Google and Houghton Mifflin Harcourt.

“There was a lack of awareness, information and understanding about what school service providers did and didn’t do with data and what the laws required and allowed,” Mark Schneiderman, senior director of education policy at SIIA, said. “Rather than waiting for public policy and public debate to play itself out, we figured, let’s just step in and make clear that the industry is supporting schools, is using data only for school purposes, not selling the data, not doing other things that there was a perception out there that maybe [companies were doing].”

The National Parent-Teacher Association and other groups support the pledge, according to Schneiderman.

“It is imperative that students’ personal informational formation is protected at all times,” the National PTA wrote in a statement.

The companies that signed the pledge are not subject to any policing body, but by signing the pledge they show consumers their commitment to student privacy, Schneiderman said.

But many notable educational technology companies, like Pearson Education, have not signed the pledge. Pearson was recently the subject of a POLITICO investigative report that revealed that the company’s use of student data was unmonitored.

According to the report, Pearson claims it does not sell the students’ data it collects.

The College Board, ACT and Common Application are often viewed as integral to the college admissions process, but are also not included in the pledge.

Instead, these education companies point consumers to their privacy policies, which can often be difficult to understand because of the legal jargon and ambiguous terms.

Some groups such as the Parent Coalition for Student Privacy think the pledge and the privacy policies aren’t enough.

“We also need strong enforcement and security mechanisms to prevent against breaches,” Leonie Haimson, one of the group’s co-chairs, said in a statement responding to Obama’s speech. “This has been a year of continuous scandalous breaches; we owe it to our children to require security provisions at least as strict as in the case of personal health information.”

Out of the 12 commitments listed in the pledge, only one deals with preventing leaks or breaches.

The signees must “maintain a comprehensive security program that is reasonably designed to protect the security, privacy, confidentiality, and integrity of student personal information against risks,” the pledge states.

Haimson said the policies are a decent start, but do not go nearly far enough in protecting educational data.

Regardless, a bill for a comprehensive national standard has yet to be introduced despite the White House’s push.

In early February, though, the White House said that it had been working closely with Republican Rep. Luke Messer of Indiana and Colorado Democrat Rep. Jared Polis to introduce a bipartisan bill to Congress.

The bill’s release is expected by the end of the month, according to Messer’s office.MINTZERPRIVACY (9) 2

Have an iPhone? The apps you use may collect unnecessary data, experts say

WASHINGTON—Every time you use an app on you iPhone, the app is collecting data on you– that’s lots and lots of data. And experts say those bytes of information detailing your life, may not be needed to operate the application.

Initially, developers likely didn’t consider what information was needed to run the app,said Alan Butler, senior counsel at the Electronic Privacy Information Center. Instead, they built their programs to collect all of the data they could possibly need.

But that is the wrong approach, Butler said.

Beyond the type of information collected, app developers need to determine how long the information will be stored and how will it be kept secure, he said. The more data that is collected and stored, the great the threat for data breaches, Butler said.

So what data is being collected? Well, it depends on the company.

Some companies, like cell phone providers, automatically collect consumer information such as called numbers, times of calls, locations and cellular data usage.

Cell phone companies are limited in acting on automatically collected data. Companies can choose to archive and never use information or discard it after a certain amount of time said Paul Rosenzweig, author of Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World.

With all of the information collected in addition to how frequently users bring their phones with them, Rosenzweig said, “your cellphone is you.”

Rosenzweig likened the process to something called the mosaic theory. According to the theory a collection of small data points can create a picture more representative than each piece of information individually.

Smartphones play into this mosaic by contributing to the information available about a user, especially one who chooses to use social media.Rosenzweig said a comprehensive image can be created of any individual, in part by just interacting with some of iPhone’s applications.

With data collection comes increased responsibility

The relationship that an iPhone user has with the company’s application is a business one.“Sharing is something we do in kindergarten,” Butler said. But when a user gives information access to apps such as Snapchat, they are doing so under the assumption that their data is going to be used properly.

But when it’s not, what then?

Ensuring companies are using data for the right reasons is not an easy task, Butler said. That’s why EPIC supports a strong consumer bill of rights, guaranteeing consumers online protections, he added.

President Barack Obama has supported such legislation since 2012, but none of his efforts have made it out of Congress.

The administration’s 2015 proposal is scaled back in comparison to its 2012 approach, EPIC said in a March statement.  Not only does the proposal lack adequate consumer protections but may also burden businesses, EPIC said.

EPIC has a code of fair information practices, which is rooted in five principles–no personal record-keeping systems can be kept private, a person must be able to find out information recorded about them, prevent it from being used incorrectly, amend incorrect  information and organizations with collected data must protect against its misuse. EPIC suggests crafting better legislation that aligns  with its code.


In ‘Parks and Recreation,’ a vision for the future of consumer data privacy issues  

On a sunny morning in Pawnee, Indiana, a notification pops up on Leslie Knope’s phone: “Open Your Door.” Looking outside, she finds a drone at her doorstep, floating effortlessly, cradling a box addressed to her.

“Hey, Leslie Knope!” it chimes as it drops its cargo.

People have only been able to use drones for recreational, research or government purposes in the U.S., but the Federal Aviation Administration has proposed rules that would expand drones for any use, especially for commercial purposes. Yet the final season of NBC’s “Parks and Recreation,” set in a not-too-distant 2017, envisions a world in which your internet provider can listen to your every conversation, read every email and text, and use that information to predict your mood and deliver packages to your door. The offending company is Grizzyl, a bubbly, gleefully 21st century Internet and cell phone provider that shamelessly violates its customers’ privacy.

For ardent libertarian Ron Swanson, who destroys a drone and brings it to Leslie, (“This is a flying robot that I just shot out of the sky when it tried to deliver me a package”), the threat of such technology is philosophically horrifying, bringing him together with the liberal Knope to try to stop the behavior. While he originally blames others for making themselves vulnerable to that kind of invasion, he later changes his tune when his own privacy is threatened outside of his control.

For liberal Knope, the concern is more universal, with the actions of a corporation infringing upon its customers rights concerning from a populist perspective. As in many episodes, she sees the government serving as an activist voice, protecting its citizens from harm from an ill-intentioned private company.

By placing characters only two years from now, the show’s creators envisioned a future that’s within our reach. In the show’s view, the future has troubling implications for consumers, with sophisticated technology making it easier than ever for companies to pry into their user’s lives.

Below, we’ve compiled a list of technologies and actions made by Grizzyl. With their predictions of a soon-to-be future in mind, we examine the likelihood of each event coming true, and the current legal structures that govern them.

Use of commercial drones

In the show: After listening to its users phone calls, Grizzyl gathers its customers’ personal desires and sends them gifts they think they’ll appreciate via drone. While Donna receives two honey bears and boxes of sugarplums, coincidentally the pet names she and her fiancé use for each other, the characters on the show catch on to Grizzyl’s unethical business practices.

Today’s laws: Americans have very few options allowing them to use drones for commercial purposes. Companies may apply to the Federal Aviation Administration to authorize use of drones on a case-by-case basis. However, no existing legal framework allows for the widespread adoption of drones on a commercial basis, and the FAA describes its approach to the emerging technology as “incremental,” suggesting that you won’t see pizza-delivering drones anytime soon. The FAA Modernization and Reform Act of 2012 aimed to integrate unmanned aircraft by this year, but a recent government audit found that the FAA wouldn’t meet its September deadline. “There should be an eye toward integrating drones into our national airspace,” Peter Sachs, a lawyer specializing in drone law, said about these proposed regulations.

Tomorrow’s technology: When online retailer behemoth Amazon announced “Amazon Prime Air” last year, it seemed like an elaborate April Fool’s prank. Yet the company is dead serious about using the technology to deliver packages in as little as 30 minutes, sending the FAA a letter pushing for greater reforms. While Amazon predicts that drone deliveries will eventually be “as normal as seeing mail trucks on the road,” time will tell when their vision becomes a reality. However, with the FAA’s proposed regulations, drone operators would be required to stay within “eyesight” of their craft, according to Sachs. With this stipulation, it would be near impossible for vendors to use drones for deliveries.

Consumer data mining

In the show: After the characters receive individualized gift packages delivered by drone from Grizzyl, they quickly realize the only way they would have learned this information about them is through monitoring their calls and texts. Later, when Leslie visits the Grizzyl headquarters in disguise, the Grizzyl vice president of “Cool New Shiz” reveals he knew who she was all along by tracking her location from her phone. He says his company may know Leslie better than she knows herself. He tells her, “There’s nothing scary about Grizzyl. We just want to learn everything about everyone, track wherever they go and even what they’re about to do.”

Today’s laws: Despite the growing fascination with consumer privacy and cybersecurity in recent years, especially in the wake of Edward Snowden’s revelations about the National Security Agency’s program to gather millions of Americans’ phone and email records, no laws have yet to intensely regulate the act of consumer data mining. In Sorrell v. IMS Health Inc., the Supreme Court found that a Vermont statute that restricted the sale, disclosure and use of records that revealed the prescribing practices of individual doctors violated the First Amendment rights of data mining companies hired by pharmaceutical manufacturers. In a powerful feature story for Time Magazine in 2011, author Joel Stein sums up the current state of data mining for consumers: He contacts a range of private companies that gather information about him “in stealth,” creating a detailed picture of his life that’s been culled without his knowing.

Tomorrow’s technology: Though the debate about gathering and use data has typically been about government surveillance of private exchanges, companies such as Google, which could be seen as the real-life Grizzyl, already monitor emails sent over their Gmail network in order to tailor advertisements shown to particular Internet users. As Stein’s 2011 feature shows, companies already have an incredible ability to gather people’s information, something that will likely continue to grow unless Congress passes legislation limiting it.

Consumer agreements

In the show: When Leslie Knope discovers the data mining, she brings a lawsuit against Grizzyl. Leslie’s husband Ben argues that the agreement giving Pawnee free WiFi explicitly banned data mining. However, the company was able to sneak a clause “into the 27th update of a 500 page user agreement,” allowing them to monitor all communications sent over the network through Grizzyl products. As Ben said, “a person should not have to have an advanced law degree to avoid being taken advantage of by a multi-billion dollar company,” a sentiment oft repeated in today’s on-the-grid society. Ben compelled Grizzyl to be “upfront about what you’re doing and allow people the ability to opt out.”

Today’s laws: According to Ira Rheingold, executive director of the National Association of Consumer Advocates, the U.S. has little protection for consumers against how a private company constructs its consumer agreements. A report released by the Consumer Financial Protection Bureau, an independent government agency formed by the 2011 Dodd-Frank Wall Street reforms, showed that consumers often hand over their rights in consumer agreements without realizing it. They found that in 92 percent of credit card disputes that went to arbitration, consumers had signed contracts precluding their ability to sue without realizing it. In effect, even the savviest consumer, like Ben Wyatt, can be thwarted by a legal document that buries its most damaging clauses under pages of legal jargon, something that’s become commonplace in our society.

Tomorrow’s technology: When consumers sign these consumer agreements, they may unknowingly give up their right to sue, effectively stripping themselves of their right to take these corporations to trial in the event of an injustice. Sen. Al Franken, D-Minn., has championed the Arbitration Fairness Act, which works to “restore the rights of workers and consumers” in assuring them of transparency in civil litigation and prohibiting the usage of forced arbitration clauses in consumer agreements. While the bill has unsuccessfully been introduced in Congress since 2011, Franken plans on reintroducing it during this session.


The Privacy Game

In a hyper-connected world where people click through each others’ photos on Facebook, follow each other’s thoughts on Twitter and track each others’ careers on LinkedIn, personal information is everywhere. It was hardly surprising when Facebook Founder Mark Zuckerberg said that privacy is no longer the social norm. Thanks to Zuckerberg, people voluntarily post their photos, relationship status, political views and sexual orientation on an easily accessible website. What may surprise you, though, is what else you reveal about yourself each day–and who’s collecting your personal information. Did you think about the privacy implications when buying coffee with your Starbucks Rewards card, posting your highest score on Angry Birds or logging into Netflix? How much do you reveal in a day? Play The Privacy Game to find out!

Created by Jessica Floum and Ellen Garrison