Data Harvesting

What is Data Harvesting?

Data harvesting is the collection of information from various sources into a central database to draw inferences about users. Collected information can include personal information (name, address, email address, phone number, birthday, etc.), payment details, medical information, and more.  Sources of information can include websites, apps, social media, and store membership cards.

Data harvesting has both legitimate and malicious purposes. Companies may utilize data harvesting for marketing to reach a target audience. Pharmaceutical companies use data harvesting to study medical conditions and their relation to other patient variables such as age, ethnicity, and gender. Contrarily, individuals with malicious intentions use data harvesting for fraud and identity theft.

 

How Does This Effect Me?

If it's free, you're the product! What does this mean? Free-to-use websites, apps, and memberships (such as your loyalty card to your favorite grocery store) come at a price: you. That is, information about you: personal information, social habits, spending habits, and more. Individually, these articles of information may not be important or causes of concern. As stated before, most companies use data harvesting to target advertisements of products and services or improve user experience. But collectively, this information can be used in attempts of identity theft, social engineering, and fraud.

 

A common misconception is that only big companies participate in data harvesting. However, this is not accurate. In fact, anyone can harvest data with simply a computer and an Internet connection! Users should be aware of data harvesting for each consented subscription, visited website, and downloaded app. User awareness and action can help protect user data against malicious data harvesters and inclusion in data breaches.

 

Protect Your Data

Apps and Websites

Apps and websites are available and essential to everyday life from checking your email for an attachment to ordering food to your home to buying new shoes online. Of course we have the option to go in person to retrieve that important document, pick-up our take-out, or buy the newest released Nike tennis shoe, but the use of apps and websites allows us to complete these tasks quicker with more convenience. It is important that users understand the privacy policy and terms for the apps and websites they use or visit.

One basic feature to understand is the type of cookies being used on a website. A cookie is a small file used in web environments (websites, apps, etc.) that collects user and/or session information. There are different types of cookies: session, persistent, first-party, and third-party.

Session cookies can only be used by the site that created it. Session cookies are used to track a user while they are actively in the site keeping users logged in, storing selected items/services, and analyzing other metrics. Session cookies can require an explicit log in and are deleted once the browser is closed.

Example: You visit a website and log in. You remain logged in until the browser is closed. When you open a new browser and navigate back to the website, you are required to log in.

Persistent cookies stay on a user's browser to track a user's interaction with a website. Persistent cookies' expiration can be as long as ten years.

Example: You are logged into your email online. You close your browser and restart your computer. You navigate back to your email's website and you are still logged in.

First-Party cookies are created by the website and collects data for purposes like calculating website visitors, number of transactions, and number of views per webpage. Data collected by first-party cookies play a major role in user experience. 

Example:  You return to a website you have previously purchased items from and there are items recommended for you.

Third-Party cookies are maintained by domains that the user did not directly visit but are present on a site the user did visit. Third-party cookies track users' online behavior beyond use of the visited site or app.

Example: You commit a Google search for a new car. You begin to see car dealership advertisements on websites and social media, and you receive unsolicited emails from car salesmen.

 

While not all cookies are recording your information with ill-intent, cookies are the means by which your data is shared with third-party companies or individuals who may (advertently or inadvertently) put you at risk of fraud or identity theft. One way to reduce the gathering and sharing of your data is by reviewing each website or app's privacy policy. User's should also adjust their privacy settings to reflect their required level of privacy. If the desired level of privacy cannot be attained, users should consider using a comparable company/product that will offer more privacy.

 

Social Media

Cookies and social media present as the topic of discussions when discussing privacy on the Internet. Social media, by design, allow users to share pictures, posts, videos, and articles with other users. Over sharing lies with the use of the social media account holder; however, cookies gather information about users that users may not intend to share. Cookies can save the information used to create the account (name, email, age, DOB) and also gather information such as user activity times and user location.  Cookies can also track your social media 'likes' and interactions.

 

How to Protect Yourself

1. Knowledge

Users can protect themselves by being more knowledgeable about data harvesting and how the data can be used. Not all data harvesting puts users at risk. For example, perks or loyalty cards at a local grocery store uses the analytics of your purchased items to determine the best layout of  products and which products are desired more during a defined time interval. However, certain social media platforms harvest data beyond users' use of the app, logging user activity and storing personal information. For example, in January 2023, Ohio banned TikTok on government devices due to security concerns and data harvesting. For more information, refer to Ohio Bans TikTok: What You Should Know.

 

2. Review

Review your current subscriptions, account, and profiles online. Review the privacy policy for each company to determine what information is being harvested and for what purposes. Be aware of purposely vague language and exclusion of data sharing. If you are uncomfortable with the privacy policy or use of your data, determine what privacy options can be adjusted for your account. If no options can be adjusted, consider terminating your account and developing a consumer relationship with a different company.

 

3. Action

Are there any actions you, as the user, can do or stop doing to improve the protection of your data? Consider what steps you can take to better your overall online security. Actions can be small, such as erasing your cookies and cache on your browser more often (weekly or monthly) or opting your accounts into multi-factor authentication (MFA) when possible. Be sure to establish a clear baseline to follow for all online accounts and social media profiles.

 

Penguin Huddle

Pass along the knowledge! Modeled after penguins in the wild, YSU Penguins show a sense of community and self-awareness every time helpful knowledge is shared with a colleague or member of our community. Together, we can protect ourselves and YSU from threat agents.