How Valuable Is Your Data?
By Quan Nguyen
September 22, 2021
As our lives increasingly integrate with the internet, the risks of exposing our personal data also rises. Most of your online interactions such as clicks, purchases, and social media likes are valued in the market and often used to exploit your online habits. Data collection may help businesses and search engines work to bring you better ads or search results, but malicious users, like hackers, may seek your data to personally profit.
Such cybercrime has increased 600% due to the COVID-19 pandemic. New technologies, such as Alexa and smartphones, often pass along more of a user’s personal data than they are aware of. With this vast storage of data for sale, someone could become an American citizen for approximately $6,000. Let’s further look at how much your data is worth.
What Is Data and Why It Valuable?
You may think of data as simply numbers and computer files. While this is true, most data collectors prefer customer data from the general public, or Personally Identifiable Information (PII). PII most commonly includes:
- Full legal name
- Date and place of birth
- Social Security Number
- Login Credentials
- Driver’s license number
Furthermore, your data from social media and online activity is highly valuable for the information it can reveal about you. According to Teaching Privacy, no US state except for California requires companies to disclose the collected data they share with other parties. It is commonly agreed upon by experts that if some product or service is free, your data is the compensation.
“It doesn’t matter what it says in the policy. Nobody reads them.” – Mikko Hypponen, CRO of F-Secure
Many companies practice disguising data collection in lengthy privacy policies. For example, agreeing to the terms and conditions on Facebook grants them permissions to your device, which allows them to track your app use and more. These types of data may be sensitive and preferred to be kept private. And as always, your data is stored on the internet forever.
Who Wants Your Data?
It is obvious that social media collects a large amount of data from you for advertisement. Senator Mark Warner claimed on HBO that “ If you’re an avid Facebook user, chances are Facebook knows more about you than the U.S. government knows about you.” It is seemingly a time where the government is no longer the main source of privacy-scares. Social scientists use this information from social media to study social trends and how users react to certain media posts.
Business networks like Big Tech stand out due to people’s consistent dependence on their services like Facebook, Amazon, Netflix, etc. Unfortunately, this makes users’ data all the more valuable in upkeeping the services. Internet Service Providers also collect data for internal research and optimizing user experience. They own IP addresses and allow employers to track employees’ activity so as to protect company trade secrets or legal/security concerns. Such employee monitoring also helps employers gauge productivity and better support the company financially.
On the dark side of the web, there are bad actors that steal PII for personal gain. They prey on users that weakly protect their login credentials or have been leaked by data breaches. You can see where your data might have leaked using https://haveibeenpwned.com/. With a sufficient amount of money, cybercriminals can obtain enough information to impersonate you and potentially steal more money than your credentials are worth. These cybercriminals rarely get caught since their presence is virtually invisible.
What Is Your Data Used For?
Back to the idea that if you are not paying for a service, your data is the product. For digital ad brokers like Facebook and Google, this is especially true since they are practically free to use in exchange for your data. To give perspective, Alphabet reached almost $183 billion in revenue in 2020 with more than 80% of that coming from ads alone. This is because Google creates a virtual persona for users in their ad settings, displaying customized ads designed to target relevant consumers. Social media can predict gender, age, sexual orientation, and even ethnicity by the content a user views. Ads are then customized so that they are more desirable based on this identity.
The majority of hackers are looking to profit by monetizing your data. They might do so through first gathering your personal data by various hacking methods or scams like phishing or SIM-jacking. From there, hackers have the option to encrypt the data on your device. This so-called “ransomware” means your data will not be unlocked unless you meet the hacker’s monetary demands, essentially making your data worth as much as they want. Alternatively, your data may be used against you as an act of ‘hacktivism’ by vigilantes. Most are likely to sell your data to brokers since this is less risky for hackers and immediately profits them.
Someone that has your IP address not only knows your location, but also has the door open to receiving other personal information. Similar to impersonating you, such a bad actor may use your IP as a scapegoat for downloading illegal content so the hacker is not traceable. IP addresses are surprisingly easy to retrieve and can be found within seconds when someone borrows your device. It may even appear on your emails or when you click on links.
How Much Is Your Data Worth?
The big question is how valuable is your data? The concrete value is difficult to determine as several factors come into play. Some factors are:
- Age and ethnicity – Middle-Eastern and 18- to 24-year-olds’ are the most valued
- Social and financial status – celebrities and government officials are more valuable than average users
- Hobbies and interests
- History of lifestyle, purchases, and web searches
- Possessions, ownership/membership, and much more
Your data’s worth is quite variable depending on who you are and to whom it is worth. It is also difficult to discern since no business is going to reveal how much their customers are worth. Remember that once someone has access to your texts and emails, they have access to almost everything with the use of “forgot my password.” This makes seemingly insignificant personal info very valuable yet contrarily priced.
If you are looking for numbers, there are some general statistics you can use as reference. While not directly reflective of your data, companies will pay on average $54.91 for each click on their paid listing. These ads are posted at the top of Google’s search results page to attract consumers based on their preferences. Privacy Affairs released an extensive list of dark web prices for a variety of personal data. Some notable prices include:
- A forged US Green Card for $150
- A US social security number for $2
- DDoS attacks starting as low as $15
- PayPal Transfer with over $3,000 for $180
- A Cloned Mastercard with PIN for $25
Here is an example of what stolen listings look like on the dark web:
Within your time on the internet, you almost undoubtedly have exposed your personal data to some degree. It is critical to act and prevent data loss for the protection of your identity. Information that is stored on the web has the potential to be stolen and used against you. humanID offers an alternative login that is anonymous and does not store your PII. After authenticating with your phone number, we assign you a unique, hashed identifier that cannot be traced back to your number. The phone number is then deleted from humanID’s database. With anonymous SMS authentication, your experience is more convenient and more private, reducing the chance to leak personal data.