Trust is an integral part of our lives. When meeting somebody new, going to a website or dealing with a government agency there is a level of trust involved. It isn’t expected that a person has extra information about the relationship through cyber-stalking, that the website is using tracking technology to see what sites you visit or that the government agency is giving usage data to corporations.

Fortunately, cyber-stalking does not appear to be a large problem in New Zealand although there have been no studies done to ascertain its prevalence. There have, however, been incidences of Police being convicted over cyber-stalking and Women’s Refuge New Zealand have raised concerns.

According to an RNZ article, easily gained information from the Internet can include your,

  • Name
  • Age
  • Address
  • Parents
  • Spouse
  • Occupation
  • Children
  • Shopping habits

And if the person searching has access to business databases then, to quote Radio New Zealand,

That includes information we expect to be held by companies – credit history for instance, but also information about what we search for on Google, how long we stay on certain websites and, if a device has a GPS, where we go during the day.

This is because nearly everything done while connected to a network is tracked. In visiting the top five websites in New Zealand eight third party servers connect to the computer. After an hours browsing it is not unusual to have over one hundred third party servers connect. Most will be legitimate but all gain a small piece of data about the user and by analysing that data assumptions can be made.

Even when some level of privacy is expected the level of information leakage can be surprising. At the time of writing, going to the homepage of the Privacy Commission connects ten third party servers owned by Google and Twitter. Going to the homepage of Women’s Refuge New Zealand connects eighteen third party servers. The Mental Health Foundation Helpline page attaches ten third party servers including Facebook, Google, Olark and Adobe. Olarks privacy policy states for overseas users,

Therefore, our collection and use of your private information is subject to the United States’ laws related to privacy and use of personal data and information. These laws, including what is determined to be “personal data and/or information,” are different and may be less protective than those applicable to you in your country of residence.

It is doubtful that people seeking information about any of the thirty helplines on the page realise their visit has been logged in the United States and that the privacy policy of the company also states,

(3) That you are taking a risk by using the services.

Unfortunately, examples of what should be trusted websites that connect users to unknown third parties are not hard to find. Whether or not they are passing data onto fourth parties is another matter but generally there are either major or minor gaps in their privacy policies that allow them to do so. Privacy policies that most people don’t read as they have no idea they are using their services. How are we supposed to trust them? Why should we trust them? And since they have already breached our trust by connecting to us behind our back, shouldn’t we protect ourselves?