Reasons to trust but verify when it comes to your data

July 26, 2022

Here are a couple of instances of how companies handled user data differently than the perception they created.

The company is mission-driven and is a champion of Privacy

Duckduckgo is well known as a search engine that is a champion of user privacy. In addition, they are known for their anti-tracking stance (see their tweet on google’s Topic tracking methodology). 

When running a security audit of duckduckgo’s privacy browser, a researcher was surprised to discover that although Duckduck blocked google and Facebook trackers. It allowed Microsoft trackers to run (essentially allowing Microsoft to collect data on users who thought they were not being tracked).

Duckduckgo - Zendata

They don’t sell my data. I pay for their service.

Fi offers GPS tracking collars for pets; users purchase the device and pay a monthly subscription for data services (standard business model followed by many hardware companies). The collar requires owners to pair it with their phones and provide access to their precise location (the company claims this is to conserve battery). So essentially, the service knows where you are even if you are not with your pet.

It is understandable to assume that since you paid for the service and did not consent, your information won’t be sold/shared with outside entities for marketing purposes. But a look at their privacy policy and conversation with their rep confirms that they do share information, and the only way to opt out is by terminating the account.

My data is being shared, but it is anonymous.

Differential privacy is a common technique companies use to share aggregated user information and maintain user anonymity/privacy. The technique calls for adding random data to real data. Level anonymity is correlated with noise. Think needle in a haystack vs. needle among 5 strands of hay—odds of finding a needle change substantially.

Apple is a significant user of this technique. However, when looked at closely, it turns out the information being captured/shared by Apple is a lot less private than the user might have assumed. 

What’s the point here? Trust but verify mainly if you need to keep something private. We at Zendata know that it is unreasonable to expect an individual to read through a company's privacy policy or look through all the trackers they allow. Our privacy report on a company and the browser plugin does that at a click of a button for free. You can check it out here: