Skip Navigation

Consequences

By this point in the section, you might be wondering why we should even bother with personal privacy. With so much information “out there” and so many different devices collecting it, is privacy a lost cause? In this lesson, we’re going to take a look at several major consequences that could arise from the sharing or release of personal information.

Page Contents

Targeted Advertising

One might scan the contents of this page and believe that this first category of consequence isn’t like the others. If this observation applies to you, then congratulations! The marketing companies have successfully delivered their narrative that somehow the “service” of showing “ads that are more relevant to you” is somehow a benefit intended for you instead of an insidious money-making attempt by them.

Targeted advertising (also known by various euphemisms like “personalized messages”) is a data-driven way to direct specific ads to consumers who are more likely to “convert” (or buy something) in response to those ads. This approach to advertising involves collecting as much information about people as possible, including how they behave, what kinds of interests they have, what their habits are, demographic information (such as race, gender, and income), and so forth. Companies that collect or obtain these data then try to group customers into “segments” that can be selected according to marketing criteria. Ads matching the segment preferences are then displayed to consumers who are identified as being members of these segments, hopefully increasing the conversion rate compared to displaying a generic ad to a broad audience.1

Most consumer devices and Web browsers have facilities built into them that are directly designed for ad targeting. Both Android and Apple iOS contain resettable “advertising identifiers” that are designed to allow different apps and websites to correlate behaviors associated with a single mobile phone to that phone’s user.2 Google’s “Privacy Sandbox” proposal, which has initial availability in the Chrome browser, is an attempt to shift the segmentation of audiences from the data collection and aggregation companies to users’ devices.3 Even Mozilla, which has historically been a champion for privacy on the Internet, enables an ad measurement system by default on new Firefox installations.4

Fundamentally, the use of advertising identifiers, the “Privacy Sandbox,” and supposedly private ad measurement are all privacy theater for one critical underlying reason. Regardless of where the segmentation of people into marketing target groups happens, the underlying premise of targeted marketing is based on pure psychological manipulation. Ads are shown to people who are most psychologically vulnerable to being influenced into purchasing the corresponding product or service, regardless of whether or not they actually need it, and regardless of whether or not they can actually afford it. Worse yet, these kinds of ads can even affect a person’s self-image.5 Thanks to the shrewd work of businesses, our society has come to accept this form of manipulation as part of our consumer-driven economy and is thus completely legal.

Crime

In 2023, around 1 million Americans reported being victims of identity theft, and another 2.6 million reported being victims of fraud.6 Both of these kinds of financial fraud are the result of a threat actor obtaining sensitive personal information about the victim and then using that information to open accounts in the victim’s name, siphon money from an existing account, fraudulently claim a tax return, etc. Threat actors have a number of ways to obtain information about potential victims, including dumpster diving for paper records, sending phishing emails designed to get people to reveal passwords, social engineering, malware, and data breaches, among others.7

Financial crimes are not the only kinds of crime that can be facilitated using personal information. Burglars are known to use social media posts to determine when a homeowner isn’t at home, allowing them to schedule a break-in.8 A common crime directed at younger Internet users is that of sextortion, which occurs when a threat actor is able to obtain explicit images or videos of a person and then use the obtained material to coerce the person into providing more material or into paying money. Historically, a significant amount of sextortion was targeted at teenage girls, with the predator seeking to obtain more sexual content. However, recent trends reported by the National Center for Missing and Exploited Children indicate that 79% of sextortion attempts are now ransom demands. Boys between the ages of 14 and 17 are often targeted for financial extortion by these criminals.9

Prosecution

On the flip side of becoming a crime victim, personal information could also be used to implicate a person in a crime, perhaps falsely. In the previous section, we already saw how personal information derived from OSINT can be used to identify a criminal. However, this same kind of information can also be used to sweep up otherwise innocent people into a net of suspicion. Although one appellate court in the U.S. has ruled it unconstitutional, a geofence warrant is a type of search warrant that compels a company that has user location data to provide information on all users within a specified geographic area in a given timeframe to law enforcement. This type of warrant has been used to collect geolocation data from Google, which stores user location information by default for Android users.10

But what if you aren’t a criminal and therefore have “nothing to hide”? Well, first of all, there is a good chance that you are a criminal in some technical fashion. It turns out the federal government has lost track of how many federal crimes there are, although it is believed to be somewhere north of 10,000.11 It isn’t really possible for any person to claim not to be a criminal when the government can’t even tell us what is or isn’t a crime. Second, you could be falsely accused and convicted based strictly upon circumstantial or otherwise misleading evidence. Government-funded research on cases where DNA is available suggests a wrongful conviction rate of around 11.6%.12

Employment

As of 2018, roughly 70% of employers checked the social media profiles of potential job applicants, and over 50% of employers rejected an applicant based on information found in social media.13 Employers can use this type of open-source search to check for questionable posts (particularly those that advocate for discrimination), explicit content, illegal activity, and violence, among other traits.14 Remember that public social media posts can be archived on other sites and thereby show up with some simple searching. For this reason, it is extremely important to limit both what you post on social media and what your friends post about you. As a practical matter, the latter task is effectively impossible if you have more than a handful of friends, as is typically the case on social media.

Ironically, some employers may view a complete lack of social media presence as a negative, especially if there is evidence that you have recently erased past social media accounts and might therefore be trying to hide something.15 Remember that there are sites and services online that archive information, including social media posts. For this reason, it is best to manage your online presence carefully in the period of time leading up to your career position searches. Keep social media profiles professional, and favor career-oriented social media (such as LinkedIn) over “regular” social media platforms. It may also be wise to develop and maintain a professional website for marketing purposes.

Also remember that social media is not the only source of open-source intelligence (OSINT) that an employer can utilize during the screening process. Checks of criminal backgrounds and public records are common. Also be aware of forum posts, emails that could be leaked, and other information that could function as an indicator in your operations security model.

Insurance

One surprising place where collected consumer data can have consequences is when applying for insurance. Life insurance companies, in particular, are known to utilize all available data when determining the potential risk of an applicant. If you choose to have a consumer DNA test performed, be aware that in most states, a life insurance company can deny coverage if the test reveals that you may be genetically predisposed to a health condition.16 In a Consumer Reports study, all the major consumer DNA testing companies were found both to collect more data than necessary and to share data broadly for commercial purposes.17 One of the major DNA testing companies was also facing bankruptcy in early 2025, creating concern about who might buy the data if the company goes through reorganization or liquidation.18

Given the nature of the insurance industry, it doesn’t require too much imagination to surmise that they will use any and all available consumer data when making underwriting decisions. Your choices of phone apps, fitness trackers, social media, and other digital products and services might have some future bearing on your ability to obtain life, health, or other insurance.

Artificial Intelligence

Finally, we have one last emerging consequence in early 2025, which is Artificial Intelligence (AI). AI algorithms are already in development (and potentially in operation) in applications such as crime prediction,19 credit risk evaluation,20 and insurance underwriting.21 At the current rapid pace of AI product development, it is likely to find its way into other applications as time progresses.

From a digital privacy perspective, AI represents both an existential threat and a significant future unknown. Companies are racing to push AI “features” into products, where the product is obviously designed to collect more data to train the AI algorithms. Microsoft’s Windows Recall addition to Windows 11 is an excellent example of this phenomenon.22 Until the risks of AI are fully understood, and significant regulations and safeguards are in place to contain its effects, consumers will need to be extremely wary of the products they buy and the services they use. Unfortunately, most consumers are not well-informed and will reflexively jump to the latest “shiny” offering they find available. Potentially disastrous effects may be observed in the future.

Notes and References

  1. Stephan Miller. “What Is Targeted Advertising?.” Capterra Blog. October 4, 2023. 

  2. Bennett Cyphers. “How to Disable Ad ID Tracking on iOS and Android, and Why You Should Do It Now.” Electronic Frontier Foundation. May 11, 2022. 

  3. The Privacy Sandbox 

  4. Pranay Parab. “Firefox’s New ‘Privacy’ Feature Actually Gives Your Data to Advertisers.” Lifehacker. July 16, 2024. 

  5. Rebecca Walker Reczek, Christopher Summers, and Robert Smith. “Targeted Ads Don’t Just Make You More Likely to Buy — They Can Change How You Think About Yourself.” Harvard Business Review. April 4, 2016. 

  6. Federal Trade Commission. “Consumer Sentinel Network Data Book 2023.” February 2024. 

  7. Greenpath Financial Wellness. “How Does Identity Theft Happen?.” 

  8. Matt Liebowitz. “Social Media Status Updates Tip Off Burglars, Study Shows.” NBC News. November 7, 2011. 

  9. United States Immigration and Customs Enforcement. “Sextortion: It’s more common than you think.” December 12, 2024. 

  10. Zack Whittaker. “US appeals court rules geofence warrants are unconstitutional.” TechCrunch. August 13, 2024. 

  11. James Duane. “Don’t Talk to the Police.” YouTube: Regent University School of Law. 

  12. Kelly Walsh, Jeanette Hussemann, Abigail Flynn, Jennifer Yahner, and Laura Golian. “Estimating the Prevalence of Wrongful Conviction.” Summary technical report for National Institute of Justice grant award 2013-IJ-CX-0004. September 2017. 

  13. Stop Screening Job Candidates’ Social Media.” Harvard Business Review. September-October 2021. 

  14. Social Media Background Checks: Everything You Need to Know.” Indeed Employer Content Team. October 31, 2024. 

  15. Davis Cotriss. “Keep It Clean: Social Media Screenings Gain in Popularity.” Business News Daily. October 3, 2024. 

  16. Kelly Song. “4 Risks consumers need to know about DNA testing kit results and buying life insurance.” CNBC. August 9, 2018. 

  17. Catherine Roberts. “The Privacy Problems of Direct-to-Consumer Genetic Testing.” Consumer Reports. January 14, 2022. 

  18. Diana Kwon. “What went wrong at 23andMe? Why the genetic-data giant risks collapse.” Nature. January 23, 2025. 

  19. Matt Wood. “AI Algorithm Predicts Future Crimes One Week in Advance With 90% Accuracy.” SciTechDaily. July 2, 2022. 

  20. Julie Lee. “AI-Driven Credit Risk Decisioning: What You Need to Know.” Experian Insights. March 6, 2024. 

  21. Sixfold - Generative AI Tools for Insurance Underwriters

  22. Alex Wawro. “Windows Recall: How it works, how to turn it off and why you should.” Tom’s Guide. September 24, 2024. 

Operations Security

Introduction to Security and Privacy