The year after Facebook was founded, privacy advocates complained that an internet company built on tracking user habits was “constantly finding new ways to exploit personal information.”
Except they weren’t talking about Facebook. They were worried about Amazon.
The article, published in 2005 by the Associated Press, addressed concerns that Amazon was amassing too much data about what its customers bought, thought about buying or wished others would buy for them — not to mention credit card information.
For nearly as long as the current crop of internet giants have existed, there has been scrutiny over how much data they collect and how it’s used. And yet we’ve only continued to hand over more and more of our personal information to these businesses as they’ve become more embedded in our daily lives.
Call it the grand bargain. You let a tech company eavesdrop on your searches, contacts and whereabouts. In return, the company directs you to the perfect people, products and experiences, free of charge. Or, as Amazon CTO Werner Vogels put it in the 2005 article: “We collect as much information as possible such that we can provide you with the best feedback.”
Now, the calculus may be changing. News broke this month that Cambridge Analytica, a data firm with ties to President Donald Trump’s campaign, reportedly accessed information from about 50 million Facebook users without their knowledge.
The resulting scandal has sparked a long awaited data awakening among internet users.
“People are digging in and looking at the data that’s been collected on them,” says Ethan Zuckerman, director of the Center for Civic Media at MIT. “In the past, a lot of us have been willing to say we understand we are in this constant dance with commercial providers.”
What’s changed is people waking up to the fact that their data isn’t just used to sell products, but also potentially to affect elections. “It just feels different,” Zuckerman said.
Numerous outlets have published articles in recent days detailing the vast amount of data Facebook has collected on its users. In response to a CNN article on the subject, dozens of readers wrote to the author with questions about what Facebook knows and whether the information is ever really deleted.
It’s not just Facebook. This week, hundreds of thousands of people engaged with a Twitter thread from a web developer sharing the trove of information that Google collects, including web search history, location data and hobbies.
Even some experts were taken aback by what they found.
“I had turned off YouTube history under my Google account settings. Today, I find out YouTube has been keeping my history for years anyway,” Zeynep Tufekci, a sociologist who studies the intersection of emerging technology and society, wrote on Twitter. “I track this stuff for a living. HOW THE HECK IS AN ORDINARY PERSON SUPPOSED TO MANAGE THIS?”
Inside the tech industry, employees have long been conscious of the potential damaging impact that a data breach could have on user trust.
“We were always paranoid about that,” says Wesley Chan, an early product manager at Google who left the company in 2014. “They’re trusting us with their information.”
But there is also an awareness in Silicon Valley that today’s internet users face a “Hotel California” dilemma. They can sign out anytime they like, but they can never leave.
“The problem is with Facebook and Google and even Apple, you’re already bought into the service. What alternative do you have?” Chan says. “You’re switching from Apple to Android or Android to Apple, but you’re unfortunately locked onto one of those systems, or both.”
Case in point: Each of these companies have faced privacy issues before, only to keep adding users and their data.
Years ago, the FTC found Facebook allowed third-party applications to access more user data than they needed to operate. Apple was criticized in 2011 for how it stored user location data. And Google was fined in 2013 for scooping up data from unknowing users while gathering mapping images for its Streetview product.
Critics say that the feeling of being locked in to these services is very much by design.
“Google, Facebook and other companies put a lot of resources into making that the case,” says Gennie Gebhart, a researcher at the Electronic Frontier Foundation, a nonprofit group that advocates for user privacy.
But Gebhart says it’s not too late to change our data relationship with the big tech companies, whether it be through new company practices, more educated user choices, or regulation.
“The surveillance-based business model that runs in most of the popular web is something that’s not inevitable,” she said. “Right now, there is a broader opportunity to rethink and reset that.”