Your Image in the Cloud

In this lab, you will learn about your digital privacy.

On this page, you will consider what information is available online about you and reflect on your online data sharing habits.

IOC-1.F.11 bullet 3, IOC-2.A.5
IOC-2.A.1

Personally identifiable information (PII) is information that can let others figure out who you are and possibly get more information like your Social Security number, age, race, phone number(s), medical information, financial information, or biometric data (such as your thumbprint or face scan).

Personally identifiable information about you can easily get to people you don't want to have it. Posting a picture of you and your friends to a website reveals information about where you were and what you were doing. This may violate both your own privacy and that of your friends. If your phone is lost or stolen, someone else might get access to pictures or messages you thought were private. That's why data on cell phones is normally encrypted so it can't be recovered without your password. Having to type your password is a trade-off between convenience and security. But some recent research has shown that cell phone apps are often written to collect information about you and your contacts and location without your knowledge, mostly to sell targeted advertising.

IOC-2.A.8, IOC-2.A.9, IOC-2.A.12

Having PII shared online can have benefits. For example, it can be used to show you personalized movie recommendations or simplify online purchasing by suggesting things you are likely to buy based on previous purchases. Shared PII also has risks: It can be used for identity theft, harassment, kidnapping, fraud, etc.

Don't be too afraid of the criminal possibilities. Sharing information online is like crossing the street: Don't be afraid to do it, but do it carefully.
  1. Talk with Your Partner Discuss: What kind of digital information is out there about you?
    • With a partner, list the kinds of information someone might be able to find out about you by searching on the Internet.
    • Which of these things are information that you voluntarily put online?
    • Which of these things would you prefer to keep private?

One reason you are asked to choose a username when you get a Snap! account is to give you the freedom to express political or personal issues without tying those conversations to your actual identity.

Brian, look up CA law. -bh

Brian, I cut the following because that symbol appears very rarely in the curriculum, and it was a lot of reading for something we hardly use. Instead, I just used the word next to the icon in the displayed yellow box below. All students need to know is that yellow is optional. --MF, 8/19/21

When you see this symbol in a yellow box:
Read More
it means that what's in the box isn't something you have to read right now to be able to complete the lab, or to pass the AP exam, but it's something we think might be interesting to you. Click the link to see the text. Don't confuse that symbol with this other one:
Write In Your Journal
which means we want you to write something in your journal.
The point of this yellow box is to distinguish a yellow box for good students (these ones) from a yellow box for struggling students (hints). The reason it's not widely used in the curriculum is that I've barely begun the process of adding this symbol everywhere it belongs. -bh

I think that's a problematic distinction. Who decides who a "good" student is? Kids get labeled as "good student" or "bad student" and then are treated differently for it and take it on as an identity rather than everyone treating it for all it really can be: someone's observation of how well they have been studying lately. And any student can benefit from a hint from time to time. We should discuss this in a meeting sometime. I might not mind what you are trying to do here, but I do mind that characterization. --MF, 8/20/21

Read More What laws exist to protect PII?

United States law says that websites must have a privacy policy that spells out what the site will do with the information you give them. This is a pretty weak protection; the privacy policies are typically really long, and written in ways that make it hard to find out what information is collected and what is done with it. In Europe, there is now a General Data Protection Regulation (GDPR) that defines what counts as PII, and limits what websites can do without your affirmative permission—a definite "yes" from you, not just not saying "no"—regardless of what they put in their privacy policies. These regulations also state that the website cannot deny you otherwise free services because you refused to permit the use they want you to agree to.

The GDPR is new enough that its implications are still being worked out. For example, to get a Snap! account, you must provide an email address, your own or your parent's depending on your age. That's the only thing Snap! knows about you: not your name, not your home address, just your email address. Is that PII? Some lawyers think it is. Other lawyers think that your email alone isn't PII, but it is when combined with certain other information. If it's PII, then Snap! must ask if you're in Europe; if so, must collect more information, such as your name, age, and address, to satisfy some GDPR requirements. Your age matters because the rules are different for children and adults. (In Europe, the cutoff age is 16; in the US, we must ask for your parent's email if you're below 13.) We need that other PII because if you ask to have your account deleted, we must do so at once, so we have to be able to make sure that it's really you, or your parent, asking, not somebody wanting to delete your account as a prank.

  1. Think of some website on which you have an account. It can be one of the huge ones, such as Google, Facebook, or Amazon, or it can be a site associated with a store, a TV show, or a game.
    1. How do you connect to that site when you're using a computer?
    2. How do you connect to the site using your cell phone?
    Compare your answers with other students.

From a privacy point of view, using a browser is much better. If you're like most people, when you are on a computer you use a web browser (such as Chrome, Safari, Edge) to connect to all websites you visit. But on your phone, you may have a separate app installed for some sites (such as Instagram or Facebook).

Read More Why does it matter how you connect?
  1. Talk with Your Partner Discuss these questions, and write down answers with as much detail as possible.
    1. What does Google know about you?
    2. What does your cell phone carrier know about you?
    3. What does Facebook know about you?
    4. What does the US government know about you?
IOC-2.A.7

"What does organization X know about you?" is kind of a trick question because many these companies and institutions share the information they collect about you. This kind of data sharing is important—and problematic—because different kinds of information, while possibly unimportant by themselves, can become a serious privacy problem when combined. For example, your cell phone carrier knows every place you go and Google knows what people or businesses live at every address; in combination, these two kinds of information can reveal whether you've visiting a divorce lawyer, an AIDS doctor, or other possibilities that could be embarrassing (or worse) if revealed.

There are even companies whose sole business is to collect information about you from other companies, large or small, that you use online. (One of the authors looked himself up at Acxiom, one of those companies, and here's what he found. The information circled in red is incorrect.) But the biggest data gatherers are Google, cell phone carriers, Facebook, and governments, such as the US government or the Chinese government.