Understand the 'Terms of Service'
Who's really in control of the data you put into online tools and the things you create with them?
You, right?
Probably not.
Your use of online tools like Google Docs, Prezi or Many Eyes is governed by a legal contract called a Terms of Service (ToS) (or 'Terms of Use'). If you don't agree to it, you can't use the service. You should read a ToS very carefully since it usually defines the following:
- What you can (or more likely cannot) expect from the service, and what you can do about it if these things are not met.
- The reasons the service provider can stop you from using the service they provide.
- Your agreement that the service provider can collect information about you, and what they can do with that information.
- The rights of the service provider to use and process the content you put into their systems.
At best you share control of your information with the company. At worst, after reading the opaque language and legal terminology in a ToS you are none the wiser about who can do what. It is up to you to figure out whether what they ask from you is worth the benefit you gain from the service.
So here are a few things you need to learn more about:
Understand the information they collect and how they collect it
Most service providers collect information that can identify you personally, such as email addresses, names, and usernames. These types of information usually fall under the category of “required information” that you have to provide to be able to use the tool. Other information falls under “optional” which means that it should not effect your use of the tool.
More information is collected while you use the tool. This can be information about where you are, and how you are coming to and getting around the service. This includes things like your IP address, time and date of access, type of internet browser, sites and pages you've visited. These are gathered by way of technologies such as cookies, web beacons or trackers that the service asks you to install on your computer.
What you can do:
- Make sure you only supply the bare minimum information required to be able to use a tool.
- Don't complete “optional” information fields - these usually have no bearing on your use of the service so providing this information is unnecessary.
- Use a more secure browser and a “proxy” application or service to reduce the amount of location information and user browsing behaviour a web service knows about you.
Related resources:
- Security in-a-Box: Firefox with add-ons - secure web browser
- Security in-a-Box: How to remain anonymous and bypass censorship on the Internet
- Security in-a-Box: Tor - Digital anonymity and circumvention
- TOR – Anonymity Online
- Flossmanual on "How to bypass Internet censorship"
Learn about where they store your information and your location
Providers of online tools like those profiled on this website often state that they have taken technical security measures and management policies to ensure that your information is not lost, misused or altered by their own staff or others.
On top of this, the physical or geographical location of your information is important because it defines what sort of legal protection your information might have. This is important because some countries have data privacy laws which can safeguard your information. On the other hand, countries may have data retention laws or national security laws that can compromise your information.
Things to find out:
- Are the service provider's security measures up to date and based on common standards and practices, and can you verify this?
- Are there policies for reporting security incidents and will you be informed if and when there are incidents so you can quickly take measures if needed?
- Does your service provider indicate where your information resides and/or what laws govern the use of your information?
Related resources and news links:
- Data and security - a tour of a Google data centre
- PC World Article: Iceland Wants to Help Keep Your Digital Secrets
- Open Security Foundation's data loss tracker – reporting companies and other organisations that have lost people's data
Learn about who uses and could have access to your information
Almost all online service providers indicate that they collect information to provide a better user experience and additional services. Most will indicate that they will not rent or sell your information to other individuals and nonaffiliated companies. While this is true, future companies that will be affiliated will have access to your information.
Things to find out:
- Who are the other companies that are “affiliated” right now to an online service?
- When required by law (through a court order) will the service provider respond by providing your information, or will they stick up for your privacy?
- What is the track record of these services in terms of privacy and security?
Related resources and news links:
- American Civil Liberties Union - Court in US says US Government can order Twitter to give up user account details of Icelandic elected official
- The Tableau company removes visualisations made by Wikileaks from its free service
- Google's Transparency Report shows who has asked them for information about their users
- Electronic Frontier Foundation - guide to surveillance self-defense