What's the risk of using online data visualisation tools?

Data visualisation is a powerful way your to get your message across and this website profiles various online tools to help you do that. In seconds you can be signed up to Google Docs or Tableau Public and be creating visualisations. Great! But hang on a second ...

As with everything in the digital world, these online tools come with risks that you should be aware of before using them. Although the information you're using might not be sensitive, you should still be aware of privacy issues that affect everyone who uses online tools.

Before putting any sort of information into these online tools, how would you answer the following questions?

• Do you give up ownership of your information when you use these tools and online services?
• Do you know in which country your data and visualisations are located, and what laws govern the use of your information?
• Who else has access to the information that you put into these services?
• What happens to your information when you stop using these tools?
• What happens to your data if the company who owns the online tool decides to stop providing this service to you?
• Would interception of your use of these tools put yourself and your organisation in physical danger?
• Do the things you create in these tools put other people in harm's way, for example by showing personal information?

They really shouldn't be hard to answer, but they are. This section aims to give you some ideas about how to answer them. By the end of it, we hope you understand the risks presented by using these tools, and feel confident that you can take simple first steps to address them.

What can you do about these risks?

Understand the 'Terms of Service'

Who's really in control of the data you put into online tools and the things you create with them?

You, right?

Probably not.

Your use of online tools like Google Docs, Prezi or Many Eyes is governed by a legal contract called a Terms of Service (ToS) (or 'Terms of Use'). If you don't agree to it, you can't use the service. You should read a ToS very carefully since it usually defines the following:

• What you can (or more likely cannot) expect from the service, and what you can do about it if these things are not met.
• The reasons the service provider can stop you from using the service they provide.
• Your agreement that the service provider can collect information about you, and what they can do with that information.
• The rights of the service provider to use and process the content you put into their systems.

At best you share control of your information with the company. At worst, after reading the opaque language and legal terminology in a ToS you are none the wiser about who can do what. It is up to you to figure out whether what they ask from you is worth the benefit you gain from the service.

So here are a few things you need to learn more about:

Understand the information they collect and how they collect it

Most service providers collect information that can identify you personally, such as email addresses, names, and usernames. These types of information usually fall under the category of “required information” that you have to provide to be able to use the tool. Other information falls under “optional” which means that it should not effect your use of the tool.

More information is collected while you use the tool. This can be information about where you are, and how you are coming to and getting around the service. This includes things like your IP address, time and date of access, type of internet browser, sites and pages you've visited. These are gathered by way of technologies such as cookies, web beacons or trackers that the service asks you to install on your computer.

What you can do:

• Make sure you only supply the bare minimum information required to be able to use a tool.
• Don't complete “optional” information fields - these usually have no bearing on your use of the service so providing this information is unnecessary.
• Use a more secure browser and a “proxy” application or service to reduce the amount of location information and user browsing behaviour a web service knows about you.

Related resources:

• Security in-a-Box: Firefox with add-ons - secure web browser
• Security in-a-Box: How to remain anonymous and bypass censorship on the Internet
• Security in-a-Box: Tor - Digital anonymity and circumvention
• TOR – Anonymity Online
• Flossmanual on "How to bypass Internet censorship"

Learn about where they store your information and your location

Providers of online tools like those profiled on this website often state that they have taken technical security measures and management policies to ensure that your information is not lost, misused or altered by their own staff or others.

On top of this, the physical or geographical location of your information is important because it defines what sort of legal protection your information might have. This is important because some countries have data privacy laws which can safeguard your information. On the other hand, countries may have data retention laws or national security laws that can compromise your information.

Things to find out:

• Are the service provider's security measures up to date and based on common standards and practices, and can you verify this?
• Are there policies for reporting security incidents and will you be informed if and when there are incidents so you can quickly take measures if needed?
• Does your service provider indicate where your information resides and/or what laws govern the use of your information?

Related resources and news links:

• Data and security - a tour of a Google data centre
• PC World Article: Iceland Wants to Help Keep Your Digital Secrets
• Open Security Foundation's data loss tracker – reporting companies and other organisations that have lost people's data

Learn about who uses and could have access to your information

Almost all online service providers indicate that they collect information to provide a better user experience and additional services. Most will indicate that they will not rent or sell your information to other individuals and nonaffiliated companies. While this is true, future companies that will be affiliated will have access to your information.

Things to find out:

• Who are the other companies that are “affiliated” right now to an online service?
• When required by law (through a court order) will the service provider respond by providing your information, or will they stick up for your privacy?
• What is the track record of these services in terms of privacy and security?

What you can do to reduce your digital security risks?

This section is by no means a comprehensive guide to digital security. Learning how to use technologies safely in your work also means :

• Assessing your risks
• Securing your computers, mobiles and other devices
• Preventing and recovering from loss, damage and theft of your information
• Creating an information security plan
• Using the internet more safely

To learn about these topics and more, head over to Tactical Tech and Front Line Defenders' Security-in-a-Box website.