> How can I be 'less complacent' and 'have my guard up' if I don't even know that companies sell my data behind my back?
By assuming they will, and taking steps to not provide your data to all and sundry. At the end of the day, companies can sell your data because they have it.
>By assuming they will, and taking steps to not provide your data to all and sundry. At the end of the day, companies can sell your data because they have it.
Okay I now assume that all companies will harvest as much data as they can. I will now take steps to prevent this.
I am now offline and there is no way to know if they do.
> Okay I now assume that all companies will harvest as much data as they can.
You say harvest, as if they are taking something. The reality is, people always gave the data. The companies just kept what it was freely given. It's a bit hypocritical if I get upset that you keep something I gave you. The reality is, the problem wasn't with the users who gave the data, or the companies who kept what was given, but rather the people who made it possible to do it so easily in the first place. Browser makers share the majority of this responsibility. We look to them to create secure browsers that can't be hacked, but completely ignore the fact that they created browsers that are easily tracked. And then we adopt Chrome, a browser made by a company built on tracking.
And I find it funny that Brendan Eich's creation is probably the biggest reason we are in this situation in the first place.
People - not the ones here on HN - have no clue what they 'give' away. They also have no clue how often small companies, indie game devs etc make a living by selling said information that was 'given' to them.
These data aggregators can build profiles on people by buying data from as many sources as possible.
How is the average user supposed to know this happens on the background when they load www.nytimes.com? How are they supposed to know that those flashy banners contain entire programs designed to track them?
How should the average user now that the ad banners on acb.com are the same as on xyz.com?
How should the average user know that a FB button on every website also tracks you. As does G+ button, as does Twiter etc...
How are regular users supposed to know how much data they produce online.
Honestly it even scares me to see how many JS is loaded on average websites. Just for tracking, just for profile building.
Right, and the logical conclusion of this is to stop interacting with companies. Any companies. All companies. Always. Because they are all doing it to an offensive degree. GM want to know where your car has been, and what radio stations you listen to. Facebook want everything, Google have everything. The pretty light bulb you bought is both a privacy risk and an attack vector.
Phone apps want to know your location all the time, Google maps constantly nags you to enable constant location tracking. Every other app has dark patterns to accidentally get the land grab on every mis-click, like Facebook's "Accept", "not yet" and no is buried many clicks deep in a new set of check boxes in some 8th level settings page.
Presumably if I had made my career in a different field like medicine or plumbing you would expect me to "educate" myself enough about IT to understand the real implications too, and the ways the tables can be joined. The genius who tunes your classic car should be learning advanced Wireshark to understand the complete fucking liberties and data mugging the weather app his friend recommended is taking multiple times daily.
It doesn't occur to you that this is ever so slightly asymmetric? Each individual should "take steps" whilst single-handedly going up against the combined might of regulation-free corporate America, where we learn everything can be sold and probably already has been. So what steps if it's not "go live in a cave and buy nothing made since 1999"?
Next week how Vatican City can successfully invade Russia and USA at the same time.
I was thinking more along the lines of don't post stuff online you don't want anyone to know, but sure you could make a whole big deal arguing against a straw man too if that's your bag. There's also some fundamental industry practices that want changing but if you want to do anything more practical than stomping your feet, avoiding posting personal info is a good start.
By assuming they will, and taking steps to not provide your data to all and sundry. At the end of the day, companies can sell your data because they have it.