Free*

Providing the whole world access to Millions of songs, podcasts and videos from all around the world, Spotify needs no introduction to us. Available in over 170 countries Spotify currently boasts 155 million premium subscribers and 345 million monthly active users. Spotify is available across a range of devices, including computers, phones, tablets, speakers, TVs, and cars, and you can easily transition from one to another with Spotify Connect.

Spotify, despite having launched back in 2008, was only made officially available’ in Sri Lanka in 2021, after around 13 years. (Android users meanwhile: Tell us something new) This official entrance to the market definitely increased the number of users in the country, also making the privacy practices of the company highly relevant as a result.

The Free version of Spotify is immediately appealing to use, mainly do to the ease of its usage, as you only need to sign up using your email address or Facebook ID, and can gain access to a vast portion of services Spotify offers. On the other hand, if you want all the upgraded facilities, you can opt for the Premium version. Let us now dive into the privacy “playlist” of Spotify and discover what user data they collect and how it can affect you.

Song Number #1 – “Data that you leave me with”

So, there are three instances where the App collects personal data from you which are:

1. When you sign up for the Spotify Service
2. Through your use of the Spotify Service
3. Data provided with additional features/functionality activation.

The type of personal data that you provide will depend on the option you use to sign in or register for the service. If you use the ‘traditional’ sign up, you know what types of data will be collected as they are the same ones that you fill out. However, if you use a third-party services such as Facebook to login, those services will provide the data to Spotify. Generally, the third-party service will notify you on what kind of data they will be providing. (Tip: Take few seconds and read them.)

Secondly, while you use the service, the app will collect several usage data such as type of Spotify Service plan, your interactions with the Spotify Service such as your search queries, URL information, online identifiers including cookie data and IP addresses and mobile sensor data. They will also use Map Data for certain subscription plans such as Premium Family Plan and Premium Duo Plan to make sure that you are really a “family”, or a “couple” living approximately in the same location! As per the statement, the company will not use these map data for any advertising purposes.

Additional data will include but will not be limited to Voluntary Mobile Data, Payment Data, Contests, Surveys and Sweepstakes Data, and Marketing Data. Similar to Netflix, Spotify also allows you to add the subscription cost to your mobile bill. When you do so, they will collect details such as:

• Name
• Date of birth
• Credit or debit card type, expiration date, and certain digits of your card number
• Postal code
• Mobile phone number and
• Details of your purchase and payment history.

Song Number #2 – “This is how we roll (with your data)”

Compared to other apps and services, the Legal department at Spotify seems to have spent some time to give a clear picture about how they use our data, along with a nice table. You can go through that when you have time. If you do not, basically they use User, Usage, Financial and other data to provide, maintain and customize the service. 

Song Number #3 – “Can I have this data forever?”

Firstly, there are publicly available data and private data in the service. “Your name and/or username, profile picture, who you follow and who follows you on the Spotify Service, your recently played artists, and your public playlists” are some of the publicly shared details.

Other personal data will be shared with Third-party services/platforms/apps and Support community, Your Spotify followers and Artists/Record Labels, when you have allowed data sharing on the privacy settings of the app or when you use a service or a feature that is provided by a third-party.

In terms of data retention, the company will keep your personal data only as long as necessary (In numbers please!) “to provide you with the Spotify Service and for legitimate and essential business purposes.”

Data such as playlists, song library, and account information will only be kept as long as you are a Spotify user. (Technically until you delete your account) Depending on your request, the company will delete or anonymize your personal data, so that it no longer identifies you. Does this mean that they will continue to keep the data on their servers, forever!?

You can always take some control of your data using Privacy Settings and Notification Settings. As usual, due to GDPR regulations, users in European countries will get more access over their data compared to Sri Lankans.

And thus, we have reached the end of the “Privacy” playlist and it might be worth saving this one for another listen(or read).

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

When you Netflix and chill, Netflix is also watching you (spoiler alert).

Netflix, serving 180 Million subscribers around the world and dishing out more than 150 Million hours of TV shows and movies per days, has now become one of the most popular, love and additive services of all time. However, like all other apps and social media facility we discuss with you with Free*, Netflix is no exception in terms of how they collect and retain the data of their users. And like all other apps, this helps Netflix to provide you with a better service. It helps them to suggest what you can watch next and keep binging. So press play to find out the data they collect from you and the impact it has on you.

When you register for a Netflix account you have to provide the basic information such as your Name, Email, Address or Postal Code, Payment method(s) and Phone Number. Furthermore, details such as your content ratings, taste preferences and account settings are also linked to your data profile. There are also other data that will automatically be collected when you interact with the app (scrolling, scrolling…. vola!)  and binge on. These will include movies or TV series-es you select (or pass over), which you have watched previously or are currently watching, along with the following details.

• Search Terms 
• Device IDs
• Ad IDs and 
• Details of other “Netflix Capable” devices on your Wi-Fi network

Netflix is available on a number of different devices from Smartphones to Smart TVs (to almost anything that has a screen), and can be accessed at any time, and also includes the Voice Assistance facility. . (Hey Siri, you know what to do). Subsequently, search queries that you make through such platforms will also be collected and linked to your other data, and will be accessible to Netflix.

You might also know that most of your mobile service providers allow you to add Netflix Subscription to your monthly mobile bill. We definitely see this as an advantage, but did you know that details relating to this translation will be collected by Netflix in the process? In terms of data sharing, when you use features such as Add to bill and Voice Assistant Service, some data may be shared with these service providers.

Your location will be determined using your IP address to customize the service and suggest new content. Furthermore, Netflix also gathers data from firms known as Data Brokers who provide them with a variety of data along with your social media data that are publicly available.  (They can technically binge on your data profile). 

And that’s a decent wrap up of the information Netflix collects from you, as one of their users. However, all this information will be used by Netflix to provide and maintain better service, personalize content, and provide security for the service.

So, what can you do in terms of Privacy Protection?

Yes, you can Request Access to your personal data, delete them or download a copy of the same. You can even delete your account if you wish to. However, your watch History does not get deleted even if you delete your account. 
The statement also does not mention for how long the information will be retained even if you do or do not delete the account as well as for being inactive for a long time. (Genre → Mystery)

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

Are you one of those many users who saw a notice to accept the “new” Privacy Policy and Terms when you opened Whatsapp recently? Thereafter, you saw lots of articles on social media with bold headlines (as usual), discussing the consequences of clicking the “agree” button. This has already become one of the trending topics early in the year and has fueled the discussions on privacy concerns, which desperately needed wider attention. However, did you know that the concern about Whatsapp sharing data with the entire Facebook group was started way back in 2016?! We have even alerted you to this on our article on Whatsapp which you can find here. Also, a recently published Wired Article discusses how users have only become aware about this mass data sharing when they saw the notification a few days back.

Then came Musk with the tweet “Use Signal” (yes, that is all) which shows another trend to #BoycottWhatsapp by switching to other apps, Signal and also Telegram. They are the two leading contenders for the “good-guy messenger”, and hence we thought it will be better to understand what makes these apps better (or worse). 

Signal

Probably has one of the shortest privacy policies with just 440 words! However, this is not something your Law professor will recommend at all. The Signal app just requires your phone number for registration and other details such as profile name and picture can be added later if you prefer. And not only the messages, but also all your personal information are encrypted unlike Whatsapp, which only protects messages. 

To find out if any of your contacts are using Signal, they use “a service designed to protect the privacy of your contact”, and information of the contacts “may be cryptographically hashed and transmitted to the server”. Additionally, they have features such as “Registration Lock PIN” to enhance the user data privacy. 

So, how do they share the Information? 

When you use third-party services like YouTube (Owned by Google), Spotify and Giphy (Owned by Facebook, in other words, the company you are trying to escape from) within the Signal app, privacy policies of those particular services will be applicable. 

Furthermore, the company will share the following information,

1. For Legal reasons 
2. To enforce applicable terms and conditions
3. For user and company security reasons

Believe it or not, this is all Signal has mentioned about their privacy practices, which was last updated on the 25^th of May 2018. (long time no see?)

Telegram 

This app has two principles when it comes to privacy, which says that they,

1. Don’t share user data to show ads.
2. Only store the data they need to maintain the features and security of the app.

Compared to the Signal app, Telegram has many features, and hence they have a more complex privacy policy (yes, with many more words).

The app needs your phone number and some basic information such as profile name, picture and about information. Your screen name, profile picture and name will always be public (but doesn’t need to be a human name), but  your real name, gender, age and what you like don’t have to be public. This may lead users to “pretend” to be anyone they prefer on their Screen Name. This may raise ethical questions in addition to the privacy concerns. (Telegram is notorious for the use of illegal activities as well.)

Your email address will only be used for 2-factor authorization, to use the Telegram Passport feature, and if you need to reset the password. “That’s right: no marketing or “we miss you” bullshit” as they say. Since they have different chat modes, the operations vary from one to another.

Cloud Chats – store messages, photos, videos and documents from your cloud chats, with encryption (not clear if it is end-to-end) to enable you to view them from anywhere around the world. 

Secret Chats – offers end-to-end encryption and requires a secret key that only the participants will know. These chats are not stored in the servers, but only in the user devices, and Telegram also does not keep a log of the chat. Media you send in these secret chats are first encrypted and uploaded to the servers, but requires the secret chat key to open them. 

“We (Telegram) don’t know what this random data stands for and we have no idea which particular chat it belongs to”

Public Chats – Also cloud chats that are encrypted but as the name says they are open to the public to see. 

Unlike in Signal, the contacts are synced with Telegram to “notify you as soon as one of your contacts signs up” for which they use the phone number and the contact name. But you have the option to stop contacts from syncing with the app through settings. 

And of course, it says that they use cookies just to operate and provide the service and not for ad purposes. 

How do they use your personal data?

Unlike Whatsapp, Telegram is vulnerable for spamming due to the nature of its privacy policies, hence they need to take actions to prevent any spam attacks. Therefore, they will collect data such as your IP address, devices and Telegram apps you’ve used, history of username changes, and keep them for a maximum of one year. 

BOTS BOTS BOTS

Telegram API allows anyone to create bots in the app to perform actions such as finding a gif or a song. Since these bots are made by third-parties, Telegram privacy policies will not be applicable either. 

Bots can also get the screen name, username and profile picture when you interact with them. Along with the messages you send to them, IP addresses if you click on links or buttons provided by Bots, queries that you type to use a service from a bot, and group activity and messages if a bot is in a group with access to messages.

If you make payments through the app, Credit Card and other information will not be saved on Telegram servers but the particular payment provider’s servers. But users are able to clear all payment related info that are with both Telegram and service providers by using App settings.

Information will be shared among:

1. Other Telegram users
2. Telegram’s Group of Companies (reminds of whatsapp?)
3. Law Enforcement Authorities

But the company allows you a number of rights such as:

(1) Request a copy of all your personal data that we store and transmit that copy to another data controller. 

(2) Delete or amend your personal data. 

(3) Restrict, or object to, the processing of your personal data. 

(4) Correct any inaccurate or incomplete personal data we hold on you; and 

(5) Lodge a complaint with national data protection authorities regarding our processing of your personal data.

How can you Delete Telegram?

If you want to delete the Account, you can do that by going to the Telegram Account Deactivation page. 

If you want to delete messages:

1. Secret Chats – If you delete a message in your device, it will be deleted from the other recipient’s device as well.
2. Cloud Chats – You can “delete for all” within 48 hours after sending. 
3. Bot Chats – Any party can instruct to delete the entire chat history of both participants.
4. Supergroups and Channels – You can “delete for all” but the deleted messages and original version of edited messages will be stored for 48 hours to be shown in the admin log. (almighty admin alert!)

Boom Mode – You can order all the messages in Secret chats to be Self-destructed after viewing, and by default your entire account will be deleted together with all the data if you do not come online for 6 months. You can also go to settings and reduce or increase this account self- destruction “timer”. 

If you are seeing this, Congratulations! We hope that you are now ready to take a decision. 

Tap the Agree button on Whatsapp or Uninstall it and get on board Signal or Telegram. But there may not be anything like a free lunch in the App world.

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

Truecaller is the most widely used app to find that person (or robot) who keeps calling you, without ever accepting their calls and saving you enough patience. The service has come well in handy, and is widely used today. Hence it is worth understanding exactly how Truecaller works, and how they use our information, in order to help us identify spam callers. 

First and foremost, to use the service you need to register by providing basic information such as your name, phone number (obviously) and “optional” details such as gender, address and email. Such information is then “supplemented” by using third party data about us. This will include demographic information and additional contact details (if they are publicly available). So it is understood that once registered with the app, it will not be difficult for Truecaller to find a way to reach you in the future. However, this is just the beginning!

As a primary consequence of using the Truecaller app, it will collect personal information from you as well as any device through which you use the app. It is a long list including Geographical Location, IP address, device type and settings, SIM card usage, other apps on the device, and web browser. 

When you agree to use the app, you accept that they may collect, use, and retain information provided by third-party services (Information more specific than the earlier mentioned demographic details). That is, if you use Facebook or Google to sign in for the app, they may automatically provide Truecaller with information such as your payment handle, Unique ID, content viewed by you, content liked by you and details on the ads you have seen on those services. However, we can be glad that they don’t at least take our passwords of those services.

Further more, by using Truecaller, you will be  providing  access to your contact list, device log and other details such as metadata of incoming and outgoing calls and messages. And what exactly do they collect? As per the privacy policy, Truecaller will not only get the phone numbers and names (even if they are saved as Flash, Arrow, etc.), but also the Google ID’s and email addresses if you have included them under each contact. So technically when you use the app, all of your friends (and foes) in the contact are also giving their information to Truecaller unknowingly (even if they do not use the app). So, I hope you understand that this also means that if at least any one person who has you in their contacts is Using Truecaller, that your details are already included in the Truecaller Diary!

But it is good to remember that you can always delist your number or opt-out to render your entire contact information unavailable for search in the Truecaller database. We will let you know how to do so later in the article. 

Before that, how does the company use this information?

It uses them to deliver us their list of services which is to, provide smart caller ID, display the number associated with the name when manually searched in the database, provide details such as “who viewed my profile”, and “availability”, send push notifications in the app, deliver messages, and finally maintain the spam caller list, also known as the Blacklist.

As usual, they will use the information to “personalize” the services (another way of saying to show ads) and other communications like emails and SMS. 

Talking about messages you send through the app; they will be retained for a limited time in order to deliver accordingly but “unless specifically stated” (which is not explained further) they will not “monitor the content of your messages”

In addition, Truecaller will share the information they have about you for legal aspects as well as with “trusted vendors, service providers and other parties” who assist them to operate the business. 

Press 0 to (almost) opt-out 

As we mentioned before, yes, you can ask the company to make your contact information unavailable to search in their database. But no, it is not easy like ticking a check box off.  You will to go through the process of informing the company on your “wish” through their website or by sending an email to support@truecaller.com, and following the steps.

However, at least it is easy to limit or opt-out of the collection of your personal details and use them to target ads, by going to your app/device settings. 

In summary you need to provide your contact details in order to know who is calling (and spam calling) you. Also, there is no mention about for how long the company will keep your personal data in their servers and databases. Although not available for Sri Lanka, some regions and countries, can have more control over the data that Truecaller collects, due to their strict privacy protection.

So that is what you need to know, 

1. If you are using the app
2. If you are planning to use the app
3. Or if your friend(s) use the Truecaller app. 

Call Ended.

Written by: Rtr. Ashen Hirantha

Edited by: Kalani Siriwardena

Feeling down and need someone to cuddle with? How about a kitten, and you don’t need to buy one for yourself either. Just “Uber” it! Yes, Uber offers the service Uber KITTENS in 7 US cities which gives you the chance to find a pet to spend some time with while donating the proceedings to animal shelters. (Sounds like daily doubles)

After discussing about the home-grown ride hailing app, ‘Pick Me’, we turn towards their biggest competitor in Sri Lanka, Uber. Being one of the most recognized companies in the world, Uber entered the Sri Lankan market in the year 2015, and has expanded its presence aggressively through a number of offerings to their customers. With the recent arrival of UberEATS, they have become one of the mostly used apps, further increasing its impact on Sri Lankans. Therefore, through this article we will dig into the Privacy Statement of Uber, to bring out some interesting facts you might not have known! (You will reach your destination in 5 minutes)

As per the statement, there are three kinds of information that Uber collects about you and their drivers, and we will be mainly focusing on the points that really matter to the users. One such information is the information you provide when you sign up for the service, which includes basic personal details, while if you select to sign up using Facebook or Google, will also include some of your information on those services. Secondly Uber will also collect data regarding when you use the app and while the third and most obvious data points being Location Data. Similar to ‘Pick Me’, they may collect your location data when you have opened the app as well as when it is in the background.

Especially the location data will be collected from the point of you requesting a service until you reach your destination, or the foody cravings are delivered to you. Yes, you can always turn off your location data once you have booked a ride, but since your driver’s location is always tracked, Uber will automatically link that information to your account. (Smooth Criminal!)

They also collect data from a number of other sources which include device data, app usage data and cookies. One feature of the app is that it allows you to contact your driver or the delivery person without revealing your contact details. To provide this feature, it will collect information such as date & time, along with the content of the communication. Of course, that helps you to lodge a complain when that one Uber driver starts to misbehave!

For what do they use these data? Some of the uses are – to help them improve to provide and maintain their services, ustomer Support, Research and Development, Personalize the services (which let you know that you always choose pizza for dinner)

They also want you to know that your “personal” data is not sold for marketing and other purposes.

This information is then shared among a number of parties, including other users, Uber Subsidiaries / Affiliates, Service Providers (Including OGs Google and Facebook) and Business Partners.  

Can you (un)ride Uber? Yes, you always have the options from changing or accessing your data, receive a copy of your data with Uber to delete your account. (Case Solved)

Once your (wish) is granted, it will take around 90 days to completely wipe out your data with Uber, given that there is no issue between you and them.

So, compared to ‘Pick Me’, Uber offers number of privacy options for the users to have control over their data. (But if you use it in USA or Europe you can reach the Privacy Level: Thanos)

We have a cookie a.k.a Bonus fact for you – Did you know that Kottawa Town and University of Jayewardenepura are among the top 5 Uber destination in 2019?

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

Here’s one of the biggest steps taken in the transportation section by any Sri Lankan, and a tool that will definitely come in handy, especially if you are living around the cities and suburbs. Pick Me, the home-grown ride sharing app disrupted the transportation sector in Sri Lanka, by transforming the classic tuk-tuk rides. Even with the growing competition of Uber, this local company has managed to innovate and diversify its business in numerous areas such as passenger rides, food delivery and parcel delivery. In this article we are going to look into the effect of this ride sharing app on your digital privacy. So, let’s hop on!

First and foremost, Pick Me will receive the information you provide when signing up for the service, which includes the usual user name, profile picture and email address. Furthermore, when you use the app to book a vehicle, generally the following information will be also be collected.

1.Location information (obviously)

When you have allowed the app to use your location service, it may collect data when the app is actively running in foreground, as well as in background. Your IP address will also be used to get the approximate location.

2. Contact information

“…may access and store names and contact information from your address book.”

3.Transaction details

Type of service requested, date, time, amount charged and distance traveled are some of the details that will be collected.

Furthermore, other details such as your app preferences, settings, device information, call and SMS data related to Pick Me services and log in data will be collected.

In addition to this, when you integrate other apps such as Facebook with the Pick Me app, some of your information on such apps will also be accessible to Pick Me.

If your organization provides you work travel with Pick Me, they will also collect some information relating to you from your employer. After you complete a journey or any other service form the app, service providers will also write to you, and your user ratings will be sent to Pick Me. (Peer Review mode alert)

This information will mainly be used to provide you with better service, be it ride sharing or food delivery, and to connect you to drivers and service providers. And as with typical tech companies, user data will be used to personalize the offerings. However, in doing so, data may not only be processed and stored in Sri Lanka, but will also be shared with other countries. (“…some of which may have fewer protective data protection laws…”)

Pick Me will share the information;

• with service providers Ex: drivers
• other users, when you use “Share ride”
• with third parties, for promotional and partnerships purposes
• other apps and services that may use Pick Me APIs
• your employer if you are getting the service through your workplace    

What rights do you have?

You can correct or change your account information, but in order to delete or cancel your account, there is no easy way out but to email them at support@pickme.lk. Even after your account is deleted, some information could be retained, in case there are any issues such as outstanding balances to pay on your account, or any fraud and policy violations that Pick Me holds you responsible. Furthermore, depending on the applicable law, your access rights will be executed, and there is no mention about what you can do to delete your location information history with the app, or if it is even possible.

Overall, it seems that given the low level of privacy regulations in Sri Lanka, Pick Me’s privacy statement does not elaborate much and flexible compared to most of the international apps. Hence it is always better to clarify your issues with the company at privacy@pickme.lk, which would be the most effective method we suggest.  

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

Chances are that you are reading this article using a browser named “Chrome”. This is because roughly 7 out of 10 people use this free and fast software provided by Google to make you “Google” better. In other words, Chrome owns around 69.9% of browser market share as at 20^th August 2020. So, it’s worth looking at the impact of this product on your digital privacy!

We all know that, in general Chrome will store information such as;

• Browsing History
• Personal Information / Passwords
• Data Saved by Add ons
• Cookies
• A record of your downloads

Most of the time, these data will be stored in your device, and hence there is the risk on your data privacy. Hold on, I know what you are going to say. “There is an unless; through settings you can change the privacy related permissions and do the classic history wipeout.” This however, has many loopholes.

Did you know that this information will be sent to Google if “you choose to store that data in your Google account by turning on sync, or in the case of payment cards and billing information, choosing specific payment card and billing information to store in your Google Payments account”?

Chrome is known for its browsing speed, and one tool that enables the “need for speed” is called “Prerendering”. This is looking up the links on the web page you are looking at and loading a part or the complete site on that link in the background. If this feature is enabled, the preloaded site can “set and read its own cookies” stored on your device, “even if you don’t end up visiting the prerendered page”

What about Location Data? “Chrome won’t allow a site to access your location without your permission” but it is just as complicated as any other tech promise. If you are using Chrome on a mobile device and the app has permission to use” for the particular site, *drum roll*, Chrome will automatically share your location data with the search engine which is most probably Google.

• The Wi-Fi routers closest to you
• Cell IDs of the cell towers closest to you
• The strength of your Wi-Fi or cell signal
• The IP address that is currently assigned to your device,

Are some of the ways Chrome will collect your Location data.

Google wants to help you, so they have Search Prediction and it is really “helpful” that when you are searching on the search box on Chrome, what you type will be sent to “your default search engine” also known as Google, “even if you haven’t hit “enter” yet.”

Web Pages or URLs you visit will not send your personal information to Google unless you have turned on “Make searches and browsing better / Sends URLs of pages you visit to Google”.  So, take a break and turn that off.

Fun Fact – When you use Chrome on Windows and open it for the first time, it will send information to Google about your number of installed browsers. It’s just to make sure if they are still the number 1. 😉

When you have enabled syncing with your Google Account, your browsing data will be used to “improve and personalize your experience within Chrome”.

Whether you already know it or not, Incognito mode can save the day!

When Incognito or Guest mode is enabled, Chrome will not store information like;

• Basic browsing history information like URLs, cached page text, or IP addresses of pages linked from the websites you visit
• Snapshots of pages that you visit
• Records of your downloads, although the files you download will still be stored elsewhere on your computer or device

So, it is one way to surf the internet with some peace of mind, other than looking for alternative browsers such as Brave.

And if you have some time to spare, and are concerned about the Privacy, you can read the Google Chrome Privacy Whitepaper.

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

Established in 1997 in a rented garage by two people who met on a campus tour, this company has now become one of the most important assets in the world. Yes, you guessed it right! We are talking about BackRub.

Well you might also be knowing it as Google, which is more widely known compared to its official company name, “Alphabet”. With around 86% of Search Market share and 3.8 million search queries per minute, Google Search and its other products have made themselves almost essential today.

Thus, how this company conducts its operations matter to most of us, be it a simple search engine user to Google Cloud user. This is because, except for some products, a majority of its services are provided free of charge. So, how do we facilitate this for them? It’s none other way than simply providing a variety of information about our digital lifestyle.

In this series we will look at most of the commonly used Google services and products and how their privacy practices are conducted. We will start with king of the web search, Google Search.

Whether you have a google account or not, there are a number of information that will be collected when you conduct a simple search. Search Quires or Terms are one of the main information that is collected by the site. This is facilitated by details on your location, IP address, and type of the browser or device you use.

It gets even complex if you take actions through your Search, such as taking a call to a restaurant that you just discovered on the results.

The major concern is that, these details will be saved even if you are offline or not signed into an account!

“Your search and ad results may be customized using search-related activity even if you’re signed out”

If you are using Chrome, which is used by around 71% of Computer users, and have enabled synchronization, then your Browsing history will also be collected and stored along with your profile data. We will dig more into Chrome later in the next article on this series.

Furthermore, the websites and links you click on your search results will also be collected and used to track your movement around the internet. If you are wondering why they need all this information, there are a number of reasons mentioned;

• To deliver, maintain and improve their services,
• Develop new products
• Personalization, including Search results and Ads
• Measure performance
• For Security and Protection

Speaking of personalization in Search Results, the information regarding your previous search terms will be used to curate the current results. This will be done even if you are logged into Google Account or not. (It’s all about Data!)

Ads are more related with the Google Search hence your information will be used to understand your “interests” and they cater Ads you like to see (or Google thinks you like to see) when you move from one site to another.

The vast amount of user data that the company has accumulated help Google Search services, specially Ads, to become the Cash cow for the company with over $98 Billion revenue just from the Search product.

“We use various technologies to collect and store information, including cookies, pixel tags, local storage such as browser web storage or application data caches, databases, and server logs.”

How does Google share our information? Only with the companies that are part of the “Alphabet”, but it is questionable.

This is because they further mention that the information will be shared with third parties when we have given our consent (which is practically done by following default settings), for site administrators, Legal purposes, affiliates, and “may share non-personally identifiable information publicly and with our partners — like publishers, advertisers, developers, or rights holders.”

“Some data you can delete whenever you like, such as the content you create or upload. You can also delete activity information saved on your account or choose to have it deleted automatically after a set period of time.”

However, there are unspecified data that will be retained even after you delete the account “for legitimate business or legal purposes, such as security, fraud and abuse prevention, or financial record-keeping.”

With the increasing concerns on the user privacy, recently Google has changed their policy on Search, Location and Voice command data deletion. Now such data, by default, will get deleted in 18 months. This only applies if you are creating your Google account fin this year and onwards.

Are there any measures you can take to protect your privacy when using Google search?

If you have a Google Account – You can use Activity Control, which is the dedicated page to adjust all things privacy related. This allows you to change search record, ad preferences and also export and delete some of your data either in a particular Google product or the entire account itself.

If you don’t have a Google Account – You have to rely on external application such as Privacy Badger, Tor Browser and Extensions, and alternative search engines such as DuckDuckGo. Simply going “Incognito” will help you to protect your privacy to some extent even if you do not use extensions or other tools.

While it is true that you cannot completely refrain from using Google Search, taking necessary measures can make sure that at least you do not compromise all your digital privacy!

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

We all like to know what others might be thinking about us, but people may not express their comments directly thinking it might be inappropriate. Then a company, or few companies in fact, came up with “solutions” to this issue by creating platforms that allow anyone to comment on their users anonymously.

Among them SayAt.me was a site that grew their presence among social media users in a short period of time. Therefore, in our first article after a break we are going to dive into the privacy practices of SayAt.me and create some awareness about this site.

One of the main “features” of this service is the “anonymity” (At least in terms of personal name) that they provide to individuals who visit a user profile and comment on a user. Furthermore, they have developed their website as a directory for social media users where some information such as Social Media name, photos and number of followers of the registered users are displayed on the site itself. This might make the site look like a meta-search engine for social media users, especially for the “influencers”.

So, what is the basic idea of the site? It is a site to provide comments of “feedback” on questions or polls without revealing your identity. As the company states “The Website is a feedback tool meant to gather honest and constructive feedback from friends, colleagues, acquaintances or others”.

It does seem obvious that the “feedback” will not always be positive or ethical, as the anonymity the site provides can lead people to criticize or even blame others without any real reason behind. Therefore, the company has a major issue of being seen notorious for cyber bullying and hate speech.

What does SayAt.Me terms and conditions say about this possible issue? The company has “developed artificial intelligence to help prevent bullying messages being posted”, and they have blocked some words entirely from the site. Similar to the blurred stories on Instagram for sensitive content, SayAt.me will also visually block comments that they think are abusive or unethical.

However, at the end of the day the company will not have any liability over the possible cyber bullying issues, but anyone who “originated” the content will be held responsible.

“SayAt.me does not have an obligation to monitor or control the User Content in order to discover any unlawful nature therein, and will not take responsibility for it.”

So, what are the kind of personal data that the site uses? Other than details such as username, password and email, they will also use social media ID and the relevant profile picture based on the website you sign up with. All the User Content you create on the website will also be collected, which includes questions, feedback posts, comments, polls and photos that you post to the Website.

Is that all? Well, just like other sites they will use cookies to track details such as your IP Address, referring URLs and actions on the website which can be used to trace your movement across the internet and different sites. (Not so anonymous after all is it?)

And for what use? Other than for providing and maintaining their service, they will also provide your data to their “advertising partners” to show you an ad about the shoe that you just searched but did not buy. It might haunt you for some time!

So, are there no good practices at all? There are. Due to having their operations in the EU region, in Estonia, SayAt.me mentions that they follow GDPR practices which ensure better data privacy and rights. This is one good privacy practice of the company and they require their partner companies or other service providers to follow GDPR as well.

“We remain responsible for your personal data and take all necessary measures to protect your personal data as provided herein.”

Furthermore, the company grants the users number of rights such as;

1. the right of access to personal data held
2. the right to amend and rectify any inaccuracies in personal data held
3. the right to erase personal data held
4. the right to data portability of personal data held

What if you feel like you received enough “constructive criticism” and you need to leave the site? Your profile and what you have posted such as your photos will be deleted automatically, but not the public or anonymous feedback and comments that were sent from your account. The latter, you will have to do manually before deleting the account. As per the statement, personal data may be retained with the company as long as for 10 years.

What is the takeaway message?

This personal dashboard (slash) social media site has mixed results when it comes to privacy and more importantly cyber bullying and hate speech issues. Hence it is important to understand the possibility of malpractices arising from using the site and to know what you can do in order to take actions against it.

P.S: – After all, there are better sources that you can look to receive “constructive criticism” than total strangers on the internet whom you don’t know exists at all.

Written by: Rtr. Ashen Hirantha

Edited by: Rtr. Kalani Siriwardena

File Transferring among various devices such as Personal Computers, Mobile Phones Tablets used to depend on several technologies like Bluetooth, Infrared until recently. Though these services were reliable they were not suitable to transfer large content as the transfer speed was several MB per second. With the development in data transmission techniques, new services emerged promising faster file transfer speeds due to their reliability of techniques such as NFC, WiFi, etc. These apps had another advantage of being able to work across different device platforms be it Android, iOS, Windows, etc. and it helped to increase their popularity in a rapid face. Among such apps, SHAREit can be considered as one of the leaders in the category, which has been downloaded for over 1.8 billion times across 200 countries and have around 500 million active users as well. 

Unlike social media apps, which are notorious for their data and privacy practices, these File transfer apps are not considered to be harmful. But do they really operate with fewer privacy data? We are about to explore this by looking at the privacy disclosure of SHAREit App.

The App collects your personal information if you open an account or use another service like Twitter, Facebook to log in, which includes your basic personal details along with email address, mobile number, etc.

Furthermore, when you use the service, the app may collect Location data related to your device. This does not limit to the usual GPS data, but also data from “WiFi, compass, accelerometer or other sensors in your mobile device”

Therefore it appears that the app may be using a number of hardware in the device you to transfer file and content while gathering several location related data that can affect your data privacy. 

Another controversial point that appears is that the App possibly collects data about the other activities that you perform while you are using SHAREit. 

As per the privacy statement, your personal and usage data is collected to function the services of the App. And they may require to transfer user data to countries such as “the People’s Republic of China or Singapore.” China is known for its controversial personal data monitoring and usage, and this is further enhanced by the fact that the parent company ushareit has Chinese roots.

But the company states that depending on the applicability of laws, the users will be able to request their personal data, restrict or even erase them by sending their request to dpo@ushareit.com

Furthermore, the statement explains that the company will not share your personal data with third parties without consent. But there are certain exceptions such as under the mandatory requirement from government authorities, For the purpose of academic research or the public interest, to safeguard our legitimate rights and interests, etc. 

  “The information that you transfer, send and/or share through the Application, the Services and/or the Site may be intercepted, collected, used and disclosed by third parties” For which the company is not responsible and the users need to take necessary security measures to avoid such incidents.  

Our Verdict: Despite the seemingly safe outlook of the App, ease of use and the transferring speeds, there may be a threat for your data privacy by using SHAREit. Therefore it is advisable to take necessary privacy protection measures in-app and with the support of other apps such as Anti-virus services.