Your data is out there

October 2019 Home Security, Cyber Security

With the advent of GDPR and in-depth privacy settings, you would be forgiven for thinking that you have more control over your data than ever. But despite the familiar site message asking if you’re willing to accept cookies, many don’t realise what this entails – and it can be hard to keep track of what data you’ve given away.

A new tool from vpnMentor highlights the data different major websites holds on you, as listed in their privacy policies. With over 7,2 billion accounts held across the services studied, including platforms like Google, Facebook, Amazon, and Tinder, how many are aware of the finer details of the privacy policies that many automatically accept?

Your data, their rules

While it’s unlikely to come as a surprise that sites you’ve signed up for will hold the details you’ve given them, for many sites this isn’t all they track. With Facebook and Instagram being the biggest offenders, seemingly tracking as much as they can about their users, is it time that we thought twice about what we’re accepting within the terms and conditions? Some of the surprising details tracked include:

• Location – Of the 21 services within the study, 18 tracked your current location at all times when using the app. Some of these, such as Tinder, continue to track this even when the app is not in use, while Facebook and Instagram both not only track your location but also the location of businesses and people nearby, as well as saving your home address and your most commonly visited locations.

• Your messages – Think nobody will ever know about you sliding into someone’s DMs? Think again. Facebook, LinkedIn and Instagram use the information you share on their messaging services to learn more about you, while Twitter and Spotify both openly state they have access to any messages you send on their platforms.

• Device information – Seemingly harmless, but many services and apps track more of your device information than appears to be needed. Facebook and Instagram, for example, both track your battery level, signal strength, nearby Wi-Fi spots and phone masts, app and file names on your device and more. Meanwhile, Google and Amazon both keep hold of voice recordings from searches and Alexa respectively, and Apple Music confusingly tracks phone calls made and emails sent and received on the devices the service is used on.

No profile? Still a problem

On top of this, even if you don’t hold an account with these services this won’t stop your online moves being tracked. Google keeps track of your activity on third-party sites that use Google features like adverts, while Facebook partners (an enormous 8,4 million sites across the web) send both it and Instagram data collected through Facebook business tools like the ‘like’ button – regardless of whether or not you have a Facebook account or are logged in.

And for those among us who have taken the action to set up the ‘Do Not Track’ option offered by some browsers, which was created to stop sites tracking your information, this won’t help you either. Almost no major sites respond to the signal given, instead continuing to track you regardless. In fact, it’s not just third-party sites these companies are storing your data from, Facebook also holds any data provided about you from others – including if they upload your contact information without your permission.

Online data-ing disasters

With the technological takeover hitting all aspects of life, even dating, more of us are turning to online dating to find ‘the one’. In fact, there are over 2,6 million accounts held across the seven dating services vpnMentor reviewed – but how do they treat your data?

One of the key discoveries revealed that those dating sites within the umbrella (, Tinder, OKCupid and Plentyoffish) all share any data shared with one service with all of the others. On top of this, all of these services, with the addition of dating app Hinge, also have access to your private messages to potential suitors. Notably, Hinge also states that user data is accessible on a need-to-know basis by Hinge personnel, rather than completely anonymised.

Overall, the best dating app for those looking to keep their private data private appears to be Happn, which was the only service to note that it does not keep track of where users have travelled or where they are regularly. Instead, it only keeps track of when members are in close proximity and where they were when they crossed paths with another user. Happn also makes a point that messages are not accessed except by legal request, including by anonymised engines. This is markedly not the case with many other dating or social apps.

Internet security expert Gaya Polat from vpnMentor said: “The amount of data held online about users should make them wary about how their personal details are used. While the majority of this data usage is benign or necessary for services to function, knowing which companies hold which data about you is the only way to track your privacy, and how secure you really are.

“We recommend always reading the privacy policy to ensure you know what you’re agreeing to by signing up – but we hope this project will give something of an insight into what it all entails.”

For more information on what data major businesses hold on you – even if you don’t have an account – have a look at the full study on vpnMentor (

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Kaspersky uncovers zero-day in Chrome
October 2019, Kaspersky Lab , News, Cyber Security
Kaspersky’s automated technologies have detected a new exploited vulnerability in the Google Chrome web browser.

Cyber-securing your surveillance infrastructure
CCTV Handbook 2019, Genetec, Hikvision South Africa , Editor's Choice, CCTV, Surveillance & Remote Monitoring, Cyber Security
When it comes to cybersecurity, understanding the risks and the solutions as well as engaging in open communication helps everyone.

Keeping your things to yourself
October 2019, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Three experts spoke to Hi-Tech Security Solutions to offer advice on keeping your IoT working for you and not for cyber criminals.

IoT in security
October 2019, Duxbury Networking, Technews Publishing , Editor's Choice, Cyber Security, Integrated Solutions, IT infrastructure
Using the Internet of Things is not really optional these days, but securing the Internet of Things is compulsory, no matter what industry you operate in.

NFa2p security certification
October 2019 , News, Cyber Security
Advisor Advanced obtains the highest level of certification to the NFa2p Electronic Security Standard for a complete security system.

SOAR an essential part for security operations
October 2019 , Editor's Choice, Cyber Security, Security Services & Risk Management
MJ Strydom, MD of cybersecurity specialist company DRS discusses the challenges around the security incident response lifecycle.

Reductor malware hijacks HTTPS traffic
October 2019, Kaspersky Lab , Editor's Choice, Cyber Security, News
Kaspersky researchers have discovered new malware that hijacks victims' interaction with HTTPS web pages in the process of establishing encrypted communication between the user and the website.

SA among top 20 countries targeted in new phishing influx
October 2019 , News, Cyber Security
Recent Fortinet research has revealed that South Africa was among many countries targeted by a phishing actor or group using the same techniques.

Only birds in the sky
October 2019, Kaspersky Lab , Home Security
Kaspersky has launched a new solution designed to help organisations and property owners defend themselves from unauthorised trespassing by civilian drones.

IoT under fire
October 2019, Kaspersky Lab , Home Security, Cyber Security
Kaspersky has detected 105 million attacks on IoT devices coming from 276 000 unique IP addresses in the first six months of the year.