9.3. Additional Privacy Violations

Besides hacking, there are other forms of privacy violations, such as:

• Unclear Privacy Rules: Sometimes privacy rules aren’t made clear to the people using a system. For example:

  • If you send “private” messages on a work system, your boss might be able to read them.

  • When Elon Musk purchased Twitter, he also was purchasing access to all Twitter Direct Messages

• Others Posting Without Permission: Someone may post something about another person without their permission. See in particular: The perils of ‘sharenting’: The parents who share too much

• Metadata: Sometimes the metadata that comes with content might violate someone’s privacy.

  • For example, in 2012, former tech CEO John McAfee was a suspect in a murder in Belize, John McAfee hid out in secret. But when Vice magazine wrote an article about him, the photos in the story contained metadata with the exact location in Guatemala.

• Deanonymizing Data: Sometimes companies or researchers release datasets that have been “anonymized,” meaning that things like names have been removed, so you can’t directly see who the data is about. But sometimes people can still deduce who the anonymized data is about. This happened when Netflix released anonymized movie ratings data sets, but at least some users’ data could be traced back to them.

• Inferred Data: Sometimes information that doesn’t directly exist can be inferred through data mining (as we saw last chapter), and the creation of that new information could be a privacy violation.

  • This includes the creation of Shadow Profiles, which are information about the user that the user didn’t provide or consent to

• Non-User Information: Social Media sites might collect information about people who don’t have accounts, like how Facebook does