The Hidden Cost of "Free": Is giving data for services worth it?

Is data really free? Or is the hidden cost worth it.

Data. Our world is driven by data. Want to buy something? You need a name, phone number, email address, credit card number, physical address; the list goes on. Have an exciting new event coming up? Provide your email address. Need to get in touch with an old friend? Share your phone number. The commonality of giving out personal data has become de facto, and many of us don't even think about the repercussions of sharing personal information.

Common Personal Information

Consider the common personal information scenario listed above. You are scrolling through Instagram when an effective ad pops up showing something you were just talking about 3 minutes ago... and you click on it. What are you greeted with? Subscribe to our newsletter! or something similar to that. You now sign up to receive an email (name, email, etc.) and get bombarded with emails every week. If you are anything like myself, you have a junk email account (equivalent to that “junk drawer”) where you never read those emails, don’t have time to unsubscribe, and just leave 1.2k emails unread... In another scenario, you read something cool and subscribed to it from that fancy-looking website. After two months of reading them, you get really busy and stop reading them, but they still email you. All these cases have one thing in common: you give them some sort of common personal information, like an email address, and they store that information in some database to email you.

Consumer trust

In the above situations, you gave them your trust. Granted, they have some sort of Privacy Policy something nebulous you never read but just trust it is some standard document you’ve seen before: “We won’t sell your data...we will keep your data secure...blah blah blah." How do you know they uphold their part of the deal? You don’t know the inner workings of their company. What would you do if you got an email from that company saying their databases were hacked! Oh no, change your email passwords, and so on, or be like most people, well, another hacker did it again, hope nothing happens to me. Another case: you give them an email and password. You hope they are using some sort of technology that will keep the password secure, and not plain text. You use the same password, or a variant of password for the new account hoping that they don’t get hacked. This blind trust can be naive or well-intentioned, but as an end user, you have no idea.

Repercussions of personal information

What are the repercussions of giving out personal information? If it's just an email address (which could even contain your name!), you hope there isn’t much harm there. What if it’s more - a phone number or house address or credit card? (I know, I’m randomly ranking these as more than an email address...interesting right?) Let’s just take the case of an email address. If you give an email address to a company but have that email address associated with other services, someone could use that information to try other services. What about a phone number? Two-factor authentication uses that to validate yourself, and known hacks exist using 2FA and the security problems associated with it. Combine an email address and a phone number - even more useful information. How about a password? Assuming you are security-conscious, you use a different password for each account. However, not all are like that and now they might have a password or variant that could prove useful. Address, credit card information, the list goes on - this personal information becomes more and more useful for nefarious things.

Data Rot

Then there’s data rot. This thing that people don’t quite understand until they move...yea that event that seems to have more strings attached than Pinocchio before he was a little boy. Letting people know about your recent move means updating every account you have ever used. You have hopes you got all of them only to realize you just ordered something and sent it to your old house address...let’s just hope they don’t have next-day shipping. Data rot is a real thing. You get a new phone number and all of a sudden your 2FA is sending your 6 little numbers to some random person, and you can’t change your number (let's hope you kept your “emergency keys!”). Or a new email address...who am I kidding? No one shuts down an email address...unless its your work email. What about a new credit card? Your HBO subscription has expired. Enter your Credit Card..."Take my money, let me watch my shows!" All these things are data rot and take time to rectify. I’m still getting letters in the mail from the previous resident of the house I currently rent.

Conclusion

So, we give up personal information in hopes of getting something in return, whether it’s some Chuck Norris throw blanket or an Instagram startup advertisement that looks cool. In doing this we hope our data is secure and won’t make it into the wrong hands, or we hope that the 3-year-old account we made has all the updated information. All this in turn goes to a company that hopes you don’t use your banking password (you know who you are) on their site - and who knows if they have the best practices for storing a password. At the end of the day, who is responsible for the data? When was the last time you subscribed to something to get something for “free?” Annoying right? We seem to think these things are free but who are we kidding? Is it really free?