Privacy Big Picture: 6 ways privacy is changing

It's the end of 2024, and compared to 10 years ago, there's a lot of changes when it comes to privacy. Back in 2014, social media might have been near its worst point, with so many people enthralled with Facebook and Twitter without necessarily understanding how they were being manipulated -- since then, we've seen a bit of backlash and a bit more understanding that you can't always trust what you read -- we know there's active manipulation of facts there.

Here's our take on a grab bag of trends, technologies, and changes in the past decade that impact your privacy.

Biometric Data - voice activation, facial recognition

We've been sold the line that it makes your life so much easier if you can just say what you want Alexa to do around the house - unlock the door, turn on the lights, order something from Amazon. We've been sold on unlocking your phone by simply having it scan your face. While this may be the ultimate convenience, it's also an open invitation for companies to listen in to everything we say, and register our likeness into databases that can easily be used against you if you go against the regime in power.

We were warned about this a century ago, and yet today if you want to opt out of these features, you're seen as a freak, an extremist. If that's the case for you, it probably means you live in good times, at least for your ethnic group and social status -- but if you're an immigrant or somebody who could become pregnant, you might want to think again.

If you can unlock your door by voice, what's to stop a home invader from doing that?

If you can unlock your phone with your face, now a mugger doesn't even need you to be conscious or cooperative to get into it.

Why on earth does anyone think these are good ideas?

And that's not to mention the mischief of kids unlocking your phone when you're asleep, or a podcast you play on your sound system triggering a mass order of dollhouses.

Cookie Consent forms

Firefox standard privacy settings now block social media and third-party cookies by default

Browser cookies in many cases have a bad rap -- in a lot of cases, cookies support making your visit to websites more relevant, a more personalized experience. If you log into any website, it typically sets a cookie in your browser so you can stay logged in as you go from page to page. As a web developer, I think cookies are mostly a good thing.

Where they turn bad has to do with "third party" cookies -- cookies that get set by things embedded on multiple sites. A classic example is a Facebook Like button -- if you are logged into your Facebook account and visit any site that has a Facebook "Like" button, Facebook can see that you visited that site, thanks to the use of cookies. This is a "third party" cookie -- the first party is you with your browser, the second party is the website you're visiting, making Facebook a "third party".

Google continues to pay lip-service that they are taking privacy seriously, putting effort into their own "privacy sandbox" that is supposed to put you in better control -- at least enough to try to satisfy European regulators.

Today there's a whole new generation of cookie consent forms, which can provide far more granular preferences about what types of cookies a visitor accepts using.

Supply Chain attacks

There have been two pivotal "supply chain" attacks this past year -- the "Cloud Strike" outage that took down airlines and many healthcare providers in July, along with the XZ library attack discovered in March had a huge impact on awareness that no matter how careful you are to prevent vulnerabilities in your own code, you also need to be aware of the practices of all of your vendors, and the code they use. While neither of these ended up being a privacy issue, they both illustrate how vulnerable our world is to a malicious attack. Supply chain attacks are not new, and they have been behind some of the biggest privacy breaches in recent years -- but people are paying a lot more attention now.

Artificial Intelligence/Large Language Models (LLMs)

In many cases, LLMs may not be getting trained by simply using them -- where the data is stored is another complex, murky topic. But when you use an LLM, you are certainly sending data to the company hosting it.

In a lot of cases this may not matter -- but if you are doing anything confidential, think twice before using an AI -- and make sure you understand exactly who is hosting the LLM -- there's potential there for your secrets to get revealed to an employee at the company hosting the AI, or possibly to an attacker who has successfully infiltrated an AI, perhaps with a "prompt injection" attack.

If you are using an AI to process content that includes your customers' data, this is something you may need to add to your privacy policy.

Restrictions of rights

How can this be said without veering into politics? Not sure it can be, but here goes: there are a lot more attempts to control people -- for example, pregnant women. As the US Supreme Court starts restricting rights instead of granting them, a lot more people have new reasons to care about privacy. If someone can get a bounty for reporting you for crossing state lines, perhaps you don't want everyone in the world to know where you are. If you're on the political fringes of either side, privacy is probably already a top concern -- but in a world that is getting more and more polarized, regular people are getting impacted as well.

Privacy legislation

The final major trend is the rise of privacy legislation. At this writing there are 8 states with new privacy legislation going into effect in 2025. Each state has different requirements, different fines, different enforcement mechanisms -- but the overall trend is for government to step in and start mandating privacy protections with steep fines for violations. This trend started with the European Union's "General Data Protection Regulations" (GDPR), which went into effect in 2018. Since then there have been thousands of companies fined for violations. Many small American companies have ignored these actions if they don't target Europe specifically -- but meanwhile in the US all of these individual state laws have started imposing similar fines, sometimes as much as $2500 per site visitor from a particular state, enough of a penalty to deter companies big and small.

What can you do about it? See 6 ways to improve your privacy online.

Add new comment

Your name

The content of this field is kept private and will not be shown publicly.

Homepage

Notify me when new comments are posted

All comments

Replies to my comment

Comment

About text formats

Filtered HTML

Web page addresses and email addresses turn into links automatically.
Allowed HTML tags: <a href hreflang> <em> <strong> <blockquote cite> <cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h1> <h2 id> <h3 id> <h4 id> <h5 id> <p> <br> <img src alt height width>
Lines and paragraphs break automatically.

About the Author

John Locke

John Locke is the lead developer and founder of Freelock, LLC. In addition to being a proficient web developer, he is an experienced technical writer, network administrator, and all around problem solver. He has worked with computers since 1984, and currently advises small businesses on open source software.

/ 0 Comments

The scientific method and website effectiveness

/ 0 Comments

What site owners need to know about Analytics

/ 0 Comments

The rising costs of site ownership

/ 4 Comments

Software we're grateful for #3 - NextCloud

/ 0 Comments

Software we're grateful for #1 - Matrix

/ 1 Comments

Progressive Enhancements: Manage data

/ 1 Comments

Progressive Enhancements: Improve data entry and user interactions

/ 0 Comments

What We've Done

City of Federal WaySite Description

The federalwaywa.gov website is the main site for the City of Federal Way in Washington State. This site is a resource for residents, visitors, businesses, and people interacting…