Recently I gave a talk at BSidesPGH, a cyber security conference in Pittsburgh. I wish I could send you the full recording, but unfortunately a big hunk of the talk was missed and now the replay isn’t even online 🥲. So I’ll do the best I can to summarize it up in a blog post here. Here’s a nice picture of me on stage though. 🤷♂️
First I told people about myself, a little bit about my education and work history and then also shared that recently I’ve been doing a lot of biking. If you want to see my professional history, feel free to connect with me on LinkedIn. Second I introduced how I got interested in the cyber security and privacy space. For me, it started by learning about big nation-state attacks, but then I also started hearing about massive data-leak style hacks. So while I showed up hearing names like “Fancy Bear”, “Cozy Bear”, “Lazarus”, and “Darkside” (all various hacking groups that are likely affiliated with nations like Russia and China) I ended up staying because I was hearing other names like Vizio, Strava, and VTech. All of which had some big privacy problems in previous years…
I then took a moment or two to talk about “data brokers” – the behind-the-scene businesses who buy and sell your data. If you Google “data brokers” you’ll find a bunch of names you’ve probably never heard of, yet chances are they probably have some piece of your digital footprint within their databases. If you want a nice tidy (and very incomplete) list, you can check out one thats been curated by privacyrights.org.
We all have examples of “creepy” anecdotes that we’ve heard of – for my household, it’s 30 year olds getting ads for erectile disfunction or egg freezing (depending on their sex). You may have also heard about people who had experienced miscarriages receiving baby formula in the mail, an attempt to get them hooked on a certain brand at the right time. And then of course, there are the instances where an item we viewed on one website seems to be following us to anther website (this happened to me yesterday for a product that helps you disconnect). These are all examples of ads targeted at some part of our digital footprint. For the examples above it was age (x2), pregnancy status, and browsing history.
Surveying all I’ve seen above I got angry so I decided someone should do something about this. Unfortunately, we are waging an uphill battle. The best we can do to stay educated and stay away from bad products & services is to read the privacy policies of the companies we transact with. Yet reading all the policies you encounter in a year will take 76 business days! Even if you just pick the 20 most visited sites in the US you’d be signing up for 9 hours of legalese. I decided there had to be a better way…
Amongst the bad news, I did find some good news! The GDPR, a law concerning consumer privacy and rights, has some pretty good measures in it, but that’s in Europe and not here in the United States. However, there is the American Privacy Rights Act which is showing good promise, though let’s be honest, it probably won’t pass before the next election so make sure you vote for candidates who value consumers over business and privacy over commercialism. Additionally, there have been cases where class action suits have been able to get payouts to digital citizens, even if it’s AFTER a breach.
At this point, I realized a few things.
- There’s some icky stuff in the market, spelled out in the privacy policy or terms of service, but no one is actually reading them.
- There’s also been payouts for times when companies have violated their own privacy policies.
Shouldn’t there be one spot where you can audit what’s in policies AND make sure you get what’s yours when companies don’t do things the right way? That’s where we come in: we are AbsolutelyNothing.io and we want to help you reclaim that digital footprint.
Today, we are finding, analyzing, and collecting these policies so we can begin to build a database. As we do that we’re going to create a variety of products in different stages. The stages are as follows…
Step 1: Awareness (You are here)
Before you can solve a problem people need to be aware of it. That’s what this blog is about. We’re writing about problems in the space and even writing specifically about some policies. This portion of the business is free to consumers.
Step 2: Exploration (August 2024+)
Blog? Check! A more fun product for you? We’re working on it! Pretty soon we’ll have a product that will allow you to visualize all of the data we’re collecting on privacy policies. This product will require you to sign in, and will either be super cheap OR we’ll show you contextual (not targeted) advertisements. It will look like the periodic table of elements from your high school chemistry class, but will actually contain the digital data elements of your footprint. For those who don’t get a paid subscription, digital citizens on our site can expect to see other privacy related products like password managers, VPNs, or online monitoring tools. Since these ads will be contextual and not targeted you WILL NOT see that weird random product on Amazon following you to the site trying to get you to put it in your cart, just ads that are for other privacy-minded products.
Step 3: Advocacy (January 2025+)
Once we have a large enough group of people exploring policies we’re going to let you know when someone has broken their own policy and alert you if you can be entitled to a class action payout! This product will cost a few dollars a month, but we believe that the payouts you will receive will be even greater than that!
Step 4: Agency (2026+)
If you want to trust us (and we think you should) we will be your agent on the web. We’ll automatically opt-out of cookies (much to our Chief Barking Officer’s dismay). We’ll alert you when you’re about to sign up for a service with a horrible privacy policy. We’ll fast track you on payouts from class-actions, and if there are parts of your digital footprint you are willing to sell we will help you get the highest price for it. The true mark of ownership over property is the ability to sell it and we want to make sure that you are the one selling your own footprints. This pricing will be the same as the “Advocacy” step, anyone who’s already on the journey with us will see this like a feature update, not a separate line of business.
So that’s where we are going. Are you in for the ride? If so, we’d love if you contributed even $1/month via Buy Me A Coffee. We are small and scrappy so even that $1 goes directly towards covering our costs. Plus, it shows that there’s interest in what we are doing.
In the meantime we’re going to pursue grants in the public and private sector to see if we can get some extra propulsion! Hang on tight. 🚀