Why Searching for Dog Toys Online Might Increase Your Home Insurance: The Importance of Internet Security

Column by new Root Striker Michael Gurnow.

Exclusive to STR

As I was vanity surfing one afternoon, out of sheer boredom I opted to click on one of the many seemingly innocuous web hit listings supposedly offering my personal data for a price. In most cases, these sites merely provide a name, estimated age, and then the option to buy additional information: Current location, phone number, email address, Social Security number, etc. However, to my amazement, this website freely presented an extremely detailed biography: My age, every place I had lived throughout my life (with almost spot-on precision), the jobs I have and have had (with nearly the same accuracy), my spouse, her age, and how long we’d been married. To add insult to injury, alongside my present address was a picture of my home.

I contacted the website’s administrators and requested my profile be taken down. I believed that this was a wasted effort but, interestingly enough, was sent an opt-out link. Less than 48 hours after submitting my request, my profile disappeared.

I later learned that the site complied due to federal law.

I proceeded to attempt to cull all of the collected online personal data I could find. I filled out one opt-out form after another from such organizations as beenverified, mylife, whitepages, radaris, pipl, zoominfo, intelius, lookupanyone, instantcheckmate, plussaddress, 123people, peekyou, peoplesmart, rapleaf, emailfinder, freephonetracker, and phonedetective. As I was doing so, realizing that the number of similar sites could be endless (atop the fact that in many of their FAQs, they explicitly state that there is no guarantee that the information will not reappear at a later date), I asked myself where these businesses were getting their information. It turns out that the various “people location service” sites are merely middle-men: Many such online firms have purchased their information from what is referred to as “data collection / mining / brokerage / analytics” agencies.

Data collection agencies—multimillion-dollar corporations—make it their business to obtain personal data from a multitude of sources: Social networks, public records, seemingly secure personal paperwork such as bank loans, as well as through a person’s own Internet browsing habits. The most well-known data broker is Acxiom, based in Little Rock, Arkansas. Similar companies are Datalogix, Euclid, AddThis, Federated Media, Epsilon, Digital Advertising Alliance, BlueKai, and Network Advertising Initiative, among others.

How do these businesses go about collecting such exacting information about you? Aside from merely taking what a person freely offers through social networking sites and public records, they cast an invisible electronic net over the Web using what is referred to as a cookie.

A cookie is information sent from a website that is then stored on your computer. When you return to the website, the cookie alerts that webpage of your previous activity. This type of data exchange is called a first-party cookie interaction. A cookie log file reveals what websites a person has been on, the order visited, and for how long. Then there are third-party cookies. If you arrive at one website that has an advertisement, a third-person cookie is set. If you then go to another website which has another advertisement by that company (because you are checking out which store has the lowest prices on curtains), this sends a notice of your repeated interest to the advertiser—or web analyst hired to collect the data. Companies then begin sending you home improvement ads in both your electronic and snail mailbox because they assume you are remodeling. This is also how and why the ad for the shoes you were looking at three websites ago is suddenly, “coincidentally” appearing as a sidebar in your online weather report. The accuracy of this type of online predation has been found to be scary. A data mining company uses cookie information—time; date; your IP address, which reveals your location—to establish a consumer preference list, which is then bundled and sold to whoever is willing to pay. There are a lot of people who want this information. However, people location service websites are not data miners’ biggest clients. Advertising agencies, insurance companies, banks, marketing firms, and corporations stand to make a lot more money by acquiring your information.

Insurance companies actively purchase this type of data and check it (this is part of the underwriters’ jobs). Even if you don’t disclose on your medical insurance paperwork that you are prone to severe headaches or put on your home loan applications that you have a German Shepherd, because you have repeatedly checked online to see if Store X or Y has a sale on Tylenol and you have requested dog food coupons via the Internet, the insurance companies’ data collection files tell them this (which is ironic in that insurance companies require a professional assessment when deciding claims but, when issuing premiums, everyone’s unspoken web-browsed diagnosis is freely welcomed and accepted). The problem arises when your daughter, who wants a dog, has consistently searched for cheap dog toys over the past few months in order to sweeten her appeal for a puppy. Because your insurance company has “reason to believe” you now—or will in the near future—own a dog, they add this expense into the policy without telling you (because it would be too costly to send a field agent and they do not trust the client to reliably relay such information). They don’t care if their assessment is not 100% accurate because, when in doubt, they add in whatever would financially benefit them under the ruse of protecting their investment. This is how third-party cookies can increase interest rates on home loans and create higher medical deductibles.

The main issue is not these companies’ right to collect personal data, which they are dubiously permitted to do by law. The concern is what they do with the information. In short, because they are willing to sell it to whomever is willing to pay and there is no oversight as to how this data is distributed, we find people—such as myself—whose personal privacy and security are at the whimsical disposal of whoever has a credit card or, it would seem, merely an Internet connection.

The question now becomes, since nothing guarantees that once you are removed from an online profile listing that it will not later reappear because nosy corporations will continue to hire data collection agencies to violate your privacy, what can be done? The simple solution is to not offer data, personal information, and preferences in the first place.

First, wipe yourself from social media outlets. As Facebook recently made clear, it owns whatever you place on its servers. It is not as if Facebook hopes of one day using your uploaded photographs to publish a calendar. It does so in order to retain the right to sell your information and, by tagging your photographs, we just make it easier for the analysts to do their jobs. We can readily assume all social media outlets are following suit. The obvious solution is to cancel these accounts. However, some websites make it more challenging than others, while a minority makes it virtually impossible. Luckily, accountkiller.com is there to guide you through the process of canceling the accounts of many of the more popular online programs. Ironically, as with several data collection agency opt-out forms, some sites will audaciously request you create another account or provide a current email address “for confirmation purposes.” Accountkiller rightly directs you to fashion a dead-end dummy email account, preferably using the name “Account Killer.” This way you can confirm the cancellation request and, since the account will not correspond to you through cross-referencing because no authentic personal information was provided on the email application, there is no way they can track you.

Second, put up blocks to keep your browsing secure. Though their titles imply this is what they are doing, Explorer’s Inprivate and Chrome’s Incognito features only wipe one side of the computer: Yours. Likewise, encrypted Google still records where you are going and where you have been. In order to keep companies from cataloguing your search preferences, not only via search engine inquiries but through the particular websites you access, download the Ghostery or DoNotTrackMe add-ons. Be sure to go through the set-up process and mark what you specifically want blocked. You can also manually disable third-party cookies in all major browsers. As if first and third-party cookies weren’t enough, a more recent data collection invention is the Flash cookie, also known as the Supercookie. This evades typical security blocks and protocols. At this time, only Firefox provides a defense against this type of intrusion via BetterPrivacy. If you would like a second-by-second report of who is tracking you, as well as how much they are making as a result, there if Privacyfix.

The most startling revelation as to the extent to which companies go to collect data using third-party cookies can be seen by visiting http://www.aboutads.info/choices. This website reveals which organizations have a regular tracker set on your computer. It offers a supposedly all-inclusive opt-out feature. I had over 100. For the few non-responders left over, I had to go to their websites and submit individual opt-outs requests.

Third, encrypt your cell phone. This is why retail outlets go to the seemingly arbitrary expense of offering free Wifi: If your phone can access a Wifi network, the network can likewise access your phone (and all its data). By encrypting your phone, corporations cannot read any information you have on your phone. If you don’t do this, you might find that you “Liked” a store you were in via Facebook without having actually done so. Obviously, the corporation has automated protocols in place to do this once it has gained access to your phone.

This secures your phone’s memory but it does not automatically make for safe browsing because you will still be at the Wifi network’s mercy. (This is why you might be unable to access competitors’ websites when in some retail outlets—the store’s Wifi is restricting your access). To protect against this, use the encrypted rerouter conjunction of Orbot and Orweb.

It is worthy to note that whenever you use your cell phone, it is possible to triangulate your location from the signal strength of the receiving cell tower. If you are running background data, i.e., email alerts, your phone is constantly receiving communication from the nearest tower. If this weren’t scary enough, when you take a picture with your cell, the GPS and phone’s make and model are embedded in the photo’s code. Obscuracam removes this personal information.

Fourth, turn the GPS off of your various devices. This should go without saying but it is worth adding that a person’s location can also be determined when one is within Wifi range. Turn off Wifi when in public if this is a concern.

Fifth, use Startpage or Duckduckgo as your search engine. It is completely anonymous browsing but I’ll let the latter speak for itself. However, if you don’t have information blockers installed on your browser, once you click on a return from these search providers, the individual website you are visiting has access to your computer.

Sixth, download and exclusively use the Tor browser. Tor’s completely anonymous browser has everything blocked that a data collection agency, marketer, or advertiser would want to know and, for good measure, it reroutes your IP address so websites have no idea who (or were) you are.

Seventh, only access secure sites which offer encryption. A website with a Secure Socket Layer, or SSL, guarantees to only be communicating between you and the site. This is done through encryption. Most websites use the standard “http” prefix. However, SSLs will house the “https” prefix.

Eighth, be weary of (free) email services. Gmail and Yahoo scan both incoming and outgoing emails and insert related advertising content within the window frame (thus confirming whether or not they read your emails). This means even if you use another email client, when you send an email to someone with a Gmail or Yahoo account, they retain the right to infiltrate the contents because it is crossing their domains. Likewise, business email accounts—even Outlook extensions—are legally viewed as property of the client, in this case, your employer. As such, your employer has the right to read your email. (The same applies to a business-issued cell phone and all its contents.) A truly anonymous email account can be made using the Tor browser so long as the email provider uses encryption and does not include your IP address in the email header (Hotmail clients beware). Remember to use an alias and not disclose any personal information when creating the account. Only access this account using Tor.

Extra secure measures. Remember, these tips help to protect your phone and Internet privacy, but banks and corporations still track (and record) purchases made with a debit or credit card. Admittedly, almost all businesses insist upon direct deposit, thus banks will know what you make, but it doesn’t mean they need to know what you are buying. For those desiring near complete personal anonymity, paying in cash or using a money order leaves no trace.

Related point of interest: “Seated Between Pablo Escobar and Mahatma Gandhi.”

Your rating: None
Michael Gurnow's picture
Columns on STR: 1


Jim Davies's picture

Welcome Michael, and congrats on a valuable report and fine research.
Odd, that insurers would judge that a dog would add to their risks. Yes if the dog is to be insured (against cat attacks?) but no if he deters burglars. I'd have thought maybe owning a dog might decrease one's premium.
To get serious privacy seems a costly business. Personally, I don't mind advertisers knowing about me. It means the time I use scanning ads is less likely to be wasted - it's better targeted, as you show, to my interests. Smart marketing.
What's much more worrying is that people who can do me harm (instead of just making an offer I don't have to accept) can gain access to the profile data. Only government can do that, but apparently the collectors will sell to government.
How to stop them doing so?  I don't know. Government isn't going to write a law forbidding collectors to sell it data, and even if it would, we don't call for laws to be written. Perhaps some kind of boycott might work; do no business with companies that sell data to government.
The only sure fix I can see is to abolish government.

Suverans2's picture

So, why haven't you abolished government already? What are you waiting for, a majority of the world's population to graduate TOLFA and join you in that endeavor? You appear to be intelligent enough to know that that is NEVER, EVER, GOING TO HAPPEN. Remember how Albert Einstein reportedly defined insanity, "doing the same thing over and over again and expecting different results". And, what about all those individuals who don't want to abolish government?

There is, perhaps, a more practical "sure fix", Jim Davies; YOU could withdraw from membership in the group, i.e. secede from all of the political associations, and waive all of their member-only benefits; throw that chattel number' in the trash, erase all memory of it, never use it again; YOU could take full responsibility for your own life, liberty and justly acquired property.

Quit the insanity, change your modus operandi, teach by example, Jim Davies.

Jim Davies's picture

And a gracious good morning to you, too, S2.  I trust you had an enjoyable Independence Day and arrive here refreshed by an eager anticipation of the end of the government era.
Thank you, too, for your kind compliment about my intelligence. I so very much regret being unable to return it.
Government will end when, and only when, all its employees have quit - for it consists only of those who work for it. Fortunately, that is so obvious as not to require more than a minimal level of smarts, so I do trust you can grasp it.
The forty million in this country alone aren't going to do that all at once, so a method of persuading them one by one, systematically and gradually (though as fast as feasible) must be found. In TOLFA, such a process is in play. I know of no other.
That's the only factor that actually matters, though others of lesser importance are very numerous and in some cases carry a moral content. Draft resistance would be one such. But all of them have to to with one's personal self-respect, not with the task of abolishing the state. Refusal or acceptance of government "benefits", to which I think you allude, would be another; and if refusing them gives you a good feeling, enjoy the very best of luck in doing so. The money you let government keep will help pay for another child-killing missile over Pakistan, but don't let that worry you too much; if you had taken the benefit instead, they would have printed up some more. And meanwhile, you can revel in the status of martyr and receive appropriate adulation. Except, of course, from the parents of the dead child.

Michael Gurnow's picture

Mr. Davies,
The motive behind insurance companies increasing rates if a canine resides on the residence is the risk of property damage and medical liability (most home insurance policies cover injuries incurred on the property).  
Certain breeds also raise rates even more due to their reputation for aggression:  German Shepherds, Pit Bulls, Rottweilers, Dobermans, in some cases Akitas and Mastiffs.

mhstahl's picture

It has been some time since I was in the insurance business, and then I mostly dealt with commercial insurance, but I can verify that some insurers do, in fact , charge higher premiums on homeowners insurance for dogs. Sometimes this is rated according to breed, sometimes not. Some companies also offer discounts for "guard" type dogs, like German shepards-this is especially true of commercial policies, but I believe some companies do this on homeowners as well. There are no absolutes when it comes to insurance, all companies offer different policies, and there are a huge number of companies.

Insurance companies collect huge amounts of information-literally everything that they can get their hands on. If you've had an accident or a ticket, you auto insurer will know, etc. That said, I question if they would use unverified data such as searching for dog food online in order to increase an individual premium, I'd have to see some specific examples in order to buy that. They WILL use such information in statistical analysis when evaluating overall premiums.

In any event, an insurance policy is a contract between you and an insurance company-it is not one sided, you get to see everything in it, if you are being charged for a dog you don't have either complain or go shopping. As I said, there really are an amazing array of insurance providers-it is an ugly business that relies upon government to be viable in its current form(though it started as a true free market industry-in a coffee shop with NO limited liability), but there is vicious competition between companies.

For myself, I've decided I really don't care about "privacy", anything I really don't want anyone to know about doesn't go online, I assume everyone knows everything else.

Anyway, welcome Michael.



Glock27's picture

Why not. Money is God! Look at your once upon a time 1/2 gallon of ice cream, or candy bars, potato chips--same size bag but bigger price and reduced quantity. It is all a government run device, it is "Hope and Change".

Michael Gurnow's picture

As part of Snowden's disclosers, it is reported that any data passing through the following programs is collected and stored:  Bing, Dropbox, Explorer, Facebook, Flicker, Gmail, Google Chrome, Google+, iCloud, Instagram, Linkedin, Outlook (Hotmail), Paypal, Safari, Skype, Tumblr, Twitter, Yahoo, Yahoo Mail, Yahoo Wallet, and YouTube.

Jim Davies's picture

Even Paypal; et tu, Brute. Thanks for the list. Today I read that they even scan, photograph and store the envelopes of regular mail (showing metadata like destination and return address) thanks to the USPS. See Wiki article here and a good one here in Forbes.
I believe Ixquick is a search engine with privacy, and see that the splendidly named prizm-break.org shows ways to "stop reporting your on line activities to the American government."