Shadow Footprints

The term shadow footprint is a composite of the terms “shadow profile” (A process observed  after a data breach at Facebook in 2012 revealed that they had data about individuals who weren’t signed up to Facebook) and “digital footprint” (where an individual’s life and movements on and offline can be tracked using their personal data).

Shadow footprints are the trail of data, collected and constructed without your knowledge or consent, that tells the story of you and your daily life. Your likes, interests, beliefs, choices, movements, and vulnerabilities.

This is the data, drawn out of the void – the data you don’t knowingly give up, or that is extrapolated into existence through processing and analysis  techniques – that contributes to your overall digital footprint in ways that aren’t transparent.

This includes all of the data that is increasingly traceable across all of the platforms you use and profiles you have, all of the data that is collected consensually as you engage with these platforms, and all of the data that is collected when consent is not required. Sometimes there is also data collected that you have made clear you do not consent to sharing, but certain processes make it possible to collect this data regardless.

This also includes all of the data that can be discovered about you through processes like data aggregation (drawing together data from different sources to create new data), and demographic sampling (drawing inferences based on data from other people similar to you).

Shadow footprints are dynamic, responsive to changing information, and able to draw on a wide range of data sources and their interactions.

When all this data comes together to form a shadow footprint, intimate aspects of daily life become revealed in extraordinary ways!

A highly accurate picture of an individual’s entire life could be developed without that individual
ever signing up to an online service, and never having provided their consent.  

How can Shadow Footprints be used?

Coupled with psychological techniques, these shadow footprints can identify and target people:

  • likely to behave in certain ways
  • likely to think certain things
  • likely to hold certain beliefs of views
  • who are susceptible to certain types of nudging

 

This can be used to:

  • encourage specific behaviours
  • guide your everyday habits
  • manipulate your purchasing activities
  • prejudice your beliefs
  • prompt civic activities (like protests)
  • influence elections

Data Transparency

Knowing this information about ourselves could be really useful, It could guide us to make changes in our own lives that help us improve, and to develop habits that lead toward the positive changes we would like to see in our lives. But a lack of transparency about this information and who has it, means that it could be used against us, to our own detriment, to the detriment of our communities, and to the harm of civil and democratic society.

Who is collecting this data and creating these digital footprints?

Many groups and people can benefit from having this information about you:

Companies (who can use it to influence your spending and financial transactions)
Governments (who can use it to influence and manage their own citizens or influence citizens and public affairs in other countries)
Wealthy individuals (looking for power and influence for themselves or their companies)

Who they get it from? 

We tend to discuss data collection in terms of three strands:

First-party data data which is collected directly from users
Second-party data  data shared by another organization about its users (another organisation’s first-party data)
Third-party data  aggregated, rented, or purchased data from organizations without a direct connection to your company or users

What Kinds of Data can they get?

Identity (Who you are)- data that can be used to identify you, like your name, birthday, address, email address, photo, biometrics, demographic information (service registration details, fingerprints)

Attitudinal (How you Feel) -Opinions, preferences, motivations. (ie Causes you’ve supported, or opinions and reviews you post online)

Behavioural (What you did) Transactions, activities (purchase histories, abandoned shopping carts, social media likes comments and shares)

Engagement (How you did it)- Records of interactions (how much time you spent playing a video game/on asocial media site, how much you clicked on certain links or emails, website bounce rates)

How they get it

What are some of the ways companies can find out about you?  Asking, Tracking, Purchasing, and Analysing

    Data you willingly provide eg. When you sign up to a service and provide personal information for your login and profile, or when you make posts online.
    Data as you utilise specific services eg. Social media data collection and tracking, purchase histories, use of loyalty cards at shops/eshops.
    Data as you move about online eg. Cookies, tracking pixels
    Data as you move about offline eg.  Location data when you leave on location services and you are moving around while carrying or wearing a device (GPS tracking), Signal trackers, Satellite Imagery from publicly available sources like google earth and google maps, licence plates, facial recognition cameras, In-store wifi activity
    Data other people provide about you. Eg. By tagging you in posts, posting photos of you, and discussing you.
    Data that can be purchased from data companies. Eg. Information you provide to other services or sites (on or offline, from credit card companies, to social network sites) that is available to buy.
    Data from analysis eg. Data aggregation (putting together information set they acquire to develop new information), demographic sampling (When data companies use data from people with shared demographics to draw inferences and construct information about you) 

Counter Measures: What can you do?

We need to be practical and strategic about managing these issues. And we can take actions for the Immediate, Medium, and Long Term.

Immediate Refuse to take part in services or on platforms that do not care for or respect your data. Strengthen your security settings on all your devices, browsers, emails, and firewalls. Do not share charging ports.

Medium Term Learn about Phronesis (good critical decision making grounded in care for others), and new data management and security techniques by following trusted data-protection organisations on social media, and having through-driven conversations with educators and information security specialists.

Long Term Advocate for stronger data protection legislation, and support regulatory bodies that protect your information. Speak to your government representative about the urgency and value of data protection. And keep learning!

Good data practices are everyone’s responsibility, and it’s important to remember that by helping others safeguard their data, we are also helping keep ourselves safe. Working together on these issues is key.

More Information

For more in-depth information about shadow footprints, that has undergone peer-review, please see my academic work in The Journal of Digital Social Research

For an explanatory blog post, you can visit the digital civics blog post about Shadow Footprints

Other Links:

Information Comissioner’s Office (UK governmental) https://ico.org.uk/

European Data Protection Supervisor (Europe governmental) https://www.edps.europa.eu/_en

Center for Democracy & Technology (USA based non-profit) https://cdt.org/ 

It’s also worth noting that the law firm DLA Piper provide a country by country listing for “Data Protection Laws Around the World” (This site is operated by a Business) https://www.dlapiperdataprotection.com/index.html

Image Credits