- Chinese-owned app TikTok has software that can gain access to our secrets
- Digital expert Johnny Ryan said: ‘It’s a free-for-all, and the numbers are insane’
By monitoring our every movement hundreds of thousands of times a day, our smartphones, the websites we use and CCTV cameras are harvesting priceless information about our lives – and much of it is stored in China. It is a chilling thought.
A cybersecurity firm showed last week how the Chinese-owned video-sharing app TikTok has software that can gain access to our innermost secrets. It’s the latest and most worrying example of how technology tracks us 24 hours a day, presenting a colossal threat to our civil liberties and national security.
It’s impossible to know how your data is being used. And it’s just as difficult to try to work out how much big business is making out of it all.
Digital expert Johnny Ryan said: ‘It’s a free-for-all, and the numbers are insane. What everyone is reading, watching and listening to, even where they’re standing, is being broadcast everywhere, all the time.
‘We don’t know who is receiving it and we can never find out. Once your data has been sold, it’s gone. We have no idea who is getting it today or where it is going tomorrow.’
Cybersecurity expert Daniel Card said: ‘What happens when your data leaves is a black hole. It’s unfathomable. For an average person, their data could be harvested hundreds of times a day. For someone like yourself, whose life is wedded to the digital world, it could be hundreds of thousands of times.’
One survey estimated that internet companies earned an average of $202 per American internet user in 2018 from personal data – and that was a conservative figure.
Google’s ad revenue shows that in 2001 the average person’s data was worth about £1.45. Within two decades that had jumped to £26 – and it’s rising fast.
With this in mind, I set out to record what my average Sunday shows.
08.00: The sharp buzz of my Apple Watch shakes me from my slumber. The screen tells me the time and weather (it’s dreary), and it also knows my location, down to my street name.
08.02: During the night the watch has taken 30 recordings of my heart and respiratory rate, categorising them into sleep stages. The Apple Health app tells me I have missed my sleep goal of eight hours.
This data is saved in the iCloud but is not shared with third parties. But in a new function, Apple does encourage me to share my health information with research studies. Some 200,000 people have already signed up. ‘You can start making your contribution to health research right away,’ reads the advertisement. ‘Humanity says thank you.’
08.05: As I drag myself out of bed, a notification pops up from Siri, Apple’s personal assistant, offering to play BBC Radio 4. It notes it is ‘often played at this time’.
08.28: I open my fitness app and start a Pilates session. This app also has a record of my sex, weight, height and age. It records my heart rate and calculates how many calories I have burned.
09.03: I make myself breakfast. Families across the country are investing in smart appliances like fridges, hobs and coffee machines that connect to the internet. Experts fear these ‘Internet of Things’ devices could be used by the Chinese government to collect data on millions. A report last year by US-based think-tank New Kite Data Labs found that Chinese-made smart coffee machines collect personal data from consumers in China and probably similar data from customers in the US and Europe.
While all smart devices connected to the internet pose a privacy risk, security expert Daniel Card particularly warns against those with microphones or cameras: ‘To be smart about your privacy, it’s better to have a stupid home.’
09.30: I browse news websites. I notice adverts appear for a fashion website. I click on the advert and arrive at a new webpage where I am asked to accept cookies. The pop-up is irritating, blocking my view, so I quickly approve it. This is a bad habit. My Google account alone has more than 2,000 ‘cookies and other site data’ attached to it, which allows thousands of companies to follow my browsing activity and show me personalised ads. This helps them to manipulate me.
10.03: I walk to the Tube. My Apple Watch and iPhone are automatically monitoring 18 aspects of my movement, including my ‘double support time’, meaning how often both my feet are on the ground. As I walk, 63 apps are also following my route. Facebook says it uses this data to show me ‘personalised experiences’ and ‘better ads’.
10.30: I check the transport app Citymapper to see if my Tube is running on time. This app is also selling my location to other companies for personalised adverts.
10.45: Now I have left my house, the streets are watching me too. I spy a CCTV camera hanging from a pole 6ft above my head. More than half of London’s 32 boroughs use surveillance systems created by Chinese firm Dahua. In 2020, Wandsworth Council and its neighbour, Richmond, entered into a £1.3 million, five-year contract with Dahua for 900 of these cameras, although they claimed last year that the facial-recognition technology would not be used ‘at this point’.
Last week it was also revealed that 18 police forces in England and Wales use CCTV cameras covering public spaces that were made by firms with security or ethical concerns, including state-linked Dahua, as well as Hikvision and Huawei.
‘We are one of the most watched countries in the world, with as many CCTV cameras per person as China,’ said Jake Hurfurt, of Big Brother Watch. ‘Both foreign and domestic data collection threatens privacy but the cybersecurity concerns and links to atrocities associated with some Chinese surveillance companies exacerbate the threat.’
11.01: I tap into the Tube with my credit card. This means the bank knows where I am. This card is linked to an account with Transport for London, which saves a list of my journey history.
12.00: I grab lunch at the local Co-op, where live facial-recognition cameras are filming my every move. Southern Co-op supermarkets introduced facial-recognition cameras made by a Chinese state-owned company to track its shoppers across 35 stores in Southampton, Portsmouth, West London, Bristol and Chichester.
The Co-op said the cameras help tackle crime and the information they collect is not shared with other organisations. But Conservative MP Alicia Kearns, of the China Research Group, said last year: ‘The Co-op must rip this technology from their shops or risk giving the Chinese government a map of each and every one of our faces, endangering us all.’
12.36: I head to the self-service tills with my store loyalty card. This gives me discounts, but it also hands supermarkets detailed information about what I buy and when. They also have my name, address and date of birth. Campaign group Privacy International has warned that the cards lead to ‘the mass exploitation of people’s data’, which supermarkets can use to encourage me to buy more.
13.00: I set off to a friend’s house and notice an electronic billboard. It’s selling me clothes, and I like them. The billboard may have used data from phone masts to work out when and where people like me are travelling. Phone towers in cities pop up every 300 metres, compared with every 2km in rural areas. Companies collect this information by tracking at least ten per cent of phones in the UK, which adds up to more than eight million devices.
During the pandemic, millions of Britons were unwittingly tracked by their smartphones after vaccination to see if their movements changed. Privacy watchdogs called it ‘deeply chilling’.
13.30: My friend spies my arrival on her Ring doorbell. She has also been tracking my journey on Apple’s Find My Friends app.
14.00: Inside, we bark orders at her Amazon Alexa, a virtual assistant. Alexa stores these voice recordings, and experts fear that the devices could be hacked. Other risks are much closer to home. In October last year, a woman caught her partner cheating after finding voice recordings of a mysterious woman on the device.
14.30: My friend’s home is spanking clean thanks to an electronic vacuum cleaner. The device takes pictures inside her house to visualise the floorplan and avoid bumping into walls. The EU has privacy concerns about what Amazon, which has bought robot vacuum company iRobot, could do with these photos. It’s preparing an investigation.
15.00: We stream a TV show on All 4, Channel 4’s on-demand service. During the ad breaks, a hidden auction is occurring behind the screen by companies bidding to show me their promotions. Channel 4 is the first UK broadcaster to use the technology, called real-time bidding, which exposes people’s data 462 times a day on average in the UK. But it also happens on most websites, where, in 200 milliseconds, my data is broadcast to thousands of companies. Google is the biggest broadcaster of this data.
Johnny Ryan, of the Irish Council for Civil Liberties, says it is the biggest data breach recorded. Data is auctioned to companies around the world, including Russia and China, and there is no way to know what they do with the information.
16.30: We set off on an afternoon drive on the M1, where the car’s number plate is recorded by cameras with Automatic Number Plate Recognition (ANPR). Highways England reportedly uses more than 1,000 of these across the UK to monitor traffic flow. The 60 million readings they submit per day are accessible to the police. In May 2020, details of 8.6 million car journeys were exposed on the internet after a data breach.
Electronic billboards are also watching us, analysing the make, colour and age of a car to work out who we are and what they can sell us. The technology was first used in the UK by Bermuda’s tourist board to target drivers of high-end brands such as Porsche.
20.00: After dinner, we listen to the music on the streaming platform Spotify. It has created a playlist ‘picked just for me’ after analysing my previous ‘listening activity’.
22.00: Before bed I scroll through TikTok and social-media apps like Instagram. Both apps have curated a list of ‘interests’ from my data to send me targeted ads. Chinese-owned TikTok is designed to collect more personal information than any other popular social-media app or messaging service, an analysis found last week. Its software can gain access to information about your wi-fi network, Sim card and subscription information, while the app repeatedly asks the user for access to their contacts. Experts fear the Chinese state could leverage this data to target persons of interest, steal identifies and undermine Britain’s national security.
Big tech certainly knows more about my daily routine than my closest friends and family do. I could avoid some of this surveillance if I chose to – ditching my smartphone, for a start, or managing cookies – but as a digital native who cannot imagine an existence without Google Maps, life offline is unappealing. Like billions of others, I choose convenience in exchange for giving away my privacy – and whether I like it or not, it’s probably too late to disentangle myself.