Judging from targeted ad campaigns on social networks, Mikko Hyppönen argues, these companies know too much about their users, which is a big privacy concern.When you go and look at these services as a customer, you go and buy an ad, you end up in this user interface, for example with Twitter, where you can build a campaign of showing your ads to people who otherwise wouldn’t see them. And you can, of course, target your ads (see right-hand image). That’s how these online ads are so powerful – you can target them. Obviously, you can target them based on geography – you would like to show your ad to people in, I don’t know, Lyon. You want to show your ad to people in Lyon who are female, who are between 30 and 40 years old, who use Twitter with an iPhone, and who are interested in cooking. Of course Twitter can do that for you, because they know quite a bit about their users based on what they tweet about and who they follow. They know your interests.
However, as you build a campaign on Twitter it gets more interesting, because you can start targeting people not just based on what they tweet about; you can target your ads on Twitter based on how many people there are in the family. If you want to show your ads to people who are in a family which has two or three or four children, you can do that. Twitter knows how many kids you have. Or you can target families based on life events, for example if a family is expecting a new child in the next six months. So, Google knows, and Twitter knows, if you are expecting a new child in your family, or if you just got a new child six months ago. They can target grandfathers or grandmothers.They can also target the ads based on how much money you make, so Twitter knows how much money you make (see right-hand image). Or you can target based on your occupation: whether you are a boss or whether you are in the army – they know that as well (see left-hand image). And they can also target the ads based on what kind of credit cards you carry (see right-hand image), as well as your lifestyle trend. They know if you are a hipster; I don’t know how they do that, but they do. And they also can target based on where you donate money for charities, or what kind of purchases you make. I especially like the example here that you can target your Twitter ads on ladies who buy plus size clothes.
And obviously, this information isn’t coming from your tweets. So, where is this information then coming from? Twitter doesn’t know how much money you make or what kind of breakfast cereal you eat based on your tweets. Yet, they have all this information. They have this information because they buy it from data warehousing companies, from companies that you’ve never heard of, companies like CPG or Acxiom or Datalogix. And they gather this information about consumer behavior by buying this from shops, from credit card companies, from insurance companies and from frequent buyer clubs. Then they combine that into databases and they build these profiles of us based on what we buy. And then they sell this information to companies like Twitter.
But we still have a mystery. How then does Twitter know that this profile of this consumer, who carries a MasterCard and likes to buy a lot of Rice Krispies – how do they know that this profile is actually this Twitter user? How do they combine these data? And the answer is, they combine that based on your mobile phone number. This is the reason why services like Google and Twitter and Facebook ask for your mobile phone number. That’s the key which connects your online profile to your real-world profile. And in fact, one of the reasons why Twitter asks for your mobile phone number is actually security. They ask for your mobile phone number so that you can enable two-factor authentication, which actually does give you better security for your Twitter account. But of course then you lose in privacy.And this also might be one of the reasons why Facebook paid $22 billion to buy WhatsApp: because they didn’t just get the chatting service, they actually got the mobile phone numbers of hundreds of millions of existing Facebook users, which means now they can combine these consumer databases, which they can buy, to the profiles of the users they already have. This is why online advertising makes so much money. And this is why it is a real problem of privacy for all of us. It’s not a problem that you tweet or you post stuff to Facebook and it becomes public knowledge. Of course it becomes public knowledge, because you make it public yourself. But we live our lives online today. Whoever controls the data knows us better than our spouses do, because they know what we think. For example, we are more honest with the search engines than we are with our wives or husbands. We ask search engines the kind of questions we would never dare ask anyone else. Show me your Google search history and I’ll find something embarrassing in 15 minutes, guaranteed, or incriminating. Embarrassing or incriminating in 15 minutes, guaranteed. And this is all legal because of this lie (see left-hand image). This is the biggest lie on the Internet. “I have read the Terms and Conditions” – no, you haven’t. Don’t lie to me, you haven’t. We know you haven’t. We actually tested this. Last year we set up a free WiFi hotspot in London, and to get Internet access you had to click through our Terms and Conditions. And in the Terms and Conditions we had included a term that you had to give your firstborn child to F-Secure. And everybody clicked OK, there we go. It’s gotten so bad that a friend of mine, who actually lives in Germany, when he was filing his taxes (see right-hand image), at the end of the online tax filing process the last question on this governmental form was “Would you like to read the Terms and Conditions before you confirm that you have read the Terms and Conditions?” And the default was “No”. So, that’s how bad it is. All of this is completely legal. Google is doing nothing illegal, Facebook is doing nothing illegal, Twitter is doing nothing illegal. We let them do this.
Read previous: Securing our future – Mikko Hyppönen