When talking about violations of our privacy, I've found that most people don't care because it is a thing that happens “far away” (who in that huge enterprise cares about me, my browsing habits, etc.?). I can see where those people are coming from, it looks as if you are anonymous because there are just so many people whose data is collected.

Let's bring it closer: if you are connected to your work WiFi, your employer can—and probably does—monitor your traffic. This sounds a lot “closer”, but maybe not enough. What if a co-worker showed you a screenshot with all the connections that the devices connected to the WiFi were doing? That happened to me, I could see my phone in there, with the URL I was visiting a couple of minutes ago. I could also see other co-workers’ phones (“Someone's iPhone”, “Someone's Samsung Galaxy”) also followed by URLs. Those URLs were harmless, so that particular screenshot wasn't particularly dangerous. However, my superiors knew everything I was doing on the work's WiFi1. Not that I had anything to hide, but I also had no intention to give up my privacy, so I started using Tor when connected to the WiFi. They would probably never know I was using Tor (just that I was accessing a certain IP address), but even if they did, I didn't really care, there's nothing wrong with using it.

It seems as people are fine with having their privacy violated when it's from someone “far away”, but they are not okay when someone “closer” does it. Another example of this is email. Most people wouldn't give away their email password to anybody, but they are okay with the fact that their email provider is reading all their emails. The same happens with most internet services.

One can have the feeling that they are anonymous because they are one in a million, but the reality is we are not. Thanks to technology and data analysis, we are able to process all that data and profile people based on it. It happens on such a great scale that real-time bidding is a thing. When you visit a webpage, there is a real-time bid between advertisers to publish their ad in the designated spaces, and companies bid more or less depending on the profile they have made of you. In less than a second companies retrieve your profile and bid for you, every time you surf the Internet!

You are one of many, but you are definitely not anonymous because of it. Targeted ads might not sound too terrible. However, today companies are bidding for your attention, can you ensure tomorrow they won't use that information for other purposes? Today you may trust a big company, but the information they have will last for very long, can you trust the future leadership not to use it for other purposes?

Just like you don't go around giving everyone access to your browsing history or emails, you shouldn't do the same with companies. You might have nothing to hide, but why would you give such private information away?

  1. Not everything. When connected through HTTPS, traffic monitoring can only see the domain you are visiting, not the actual URL. ↩︎