A Day of Data

If you’re interested in keeping up with my writing, sign up for my newsletter!

I figured that since I work for a privacy company, I should try and increase my own awareness of where my personal data goes. I wanted to try and figure out which companies and organizations have, in one way or another, somehow received and processed and stored my personal information.

Of course, this isn’t an exhaustive list of every single company out there that knows me because that would be an overwhelmingly long list. Not only am I leaving out every third-party ad and analytics software that apps and websites use (I just included Google Analytics and Chartbeat in my findings), I’m also leaving out the impossible task of knowing the data-sharing practices of the companies that already have my data in the first place. (Chase, for example, shares data with their marketing partners to send you advertising.)

I’m not trying to say that sharing your personal data is necessarily bad. Your doctor, for example, needs a ton of data from you like past visits, current medications, family history, insurance plan, pharmacy of choice, payment method, test results, and your contact information. The point of all this is to figure out just how much my life is dependent on sharing my personal data, how necessary it is in my day-to-day life.

So what I have below is a 12-hour diary of my online activities on September 5, 2019.

6am

Xfinity can see everything that goes in and out of the network because they provide my Internet at home. They can see all the connections that my phone was making while I was asleep. They know which apps on my phone connects to the Internet to fetch new information like my messages, podcasts, and the weather in the morning.

6:57am

At around 6:57am, I reply to people on Telegram Messenger. Xfinity knows that I use Telegram—including the time when I used it—because it passes through their network. Telegram, on the other hand, knows my contact list, the people I’m talking to, and when I contacted them.

7:21am

At 7:21, I turn on Headspace to meditate. Again, this is something that goes through Xfinity’s network since the meditations are downloaded from Headspace’s servers as needed. Headspace knows the time when I opened the app, the type of meditation that I played, and if I’m a paid subscriber. It also keeps track of all the meditation courses that I ever played, and the number of days I meditated consecutively.

7:36am

I look at my transactions and my budget every morning on a budgeting app called You Need A Budget. This means that they have a running list of all my personal transactions and financial information: How much I spend on different categories, my spending habits over time, where I spend my money, and even the things that I buy. (I put notes beside some transactions to help me remember what I spent the money on. An example would be: “Amazon.com, pressure cooker.”)

Oh, when I say “where I spend my money,” I also mean that literally. YNAB remembers the location of my phone where I manually entered a transaction to make manual entries easier for me. It was creepy when I first noticed it, but I actually find this super helpful.

Like most web apps, YNAB uses Google Analytics to learn about customer behavior and usage. I’m pretty sure that it’s on the website version of the app (which you can block on your browser), but I don’t know if the mobile app uses it so I may or may not have hit Google Analytics.

YNAB also has access to my accounts on Wells Fargo, Ally Bank, and Vanguard so that I don’t have to manually put in all the transactions that I made by hand.

7:57am

At 7:57am, I leave the house, which means my Internet connection switches from my WiFi to my cellular provider, Ting Mobile (which, in turn, uses T-Mobile towers).

And just like Xfinity, this means that they can now see the connections that the apps on my phone make when I’m on the go.

8:33am

On my way to the train station, I text someone on WhatsApp (hello, Facebook). Just like Telegram, they have information on when I texted, who I’m texting, and my contacts list. Even though they don’t have access to the actual text message I’m sending, they still have all that metadata that they can use to learn about connections with people so that they can show me relevant ads.

8:41am

I take the train at 8:41am using a digital keycard which keeps track of all the train stations and bus stops that I go to. You can purchase these cards and reload them using cash if you’d like to have more privacy, but I linked my transit card to my credit card and e-mail address so that I could get a refund on lost cards and be able to set it to auto-renew at the end of each month.

Note: The image above is a bit misleading. I put SEPTA beside Ting Mobile, but Ting doesn’t actually get any direct information on my commuting habits.

9:04am

I go to a popular convenience store called Wawa before heading into my co-working space, and I buy a breakfast burrito using my credit card. Wawa knows that my method of payment is Apple Pay and that payment network is Mastercard, but I’m a bit unclear if they know about the issuing bank (Goldman Sachs).

Update: Gosha sent me an e-mail about the BIN or Bank Identification Number on your credit card. The first 6 numbers on your card will tell you the issuing bank.

What I am sure of though is that Goldman Sachs knows that I went to Wawa, what time I went to Wawa, the location of that Wawa, and how much I paid for that burrito at Wawa.

I also budget on YNAB on my phone while I’m in line for my burrito, so YNAB now knows the same details that Goldman Sachs does. Ting is also now aware that I use YNAB since I needed the Internet to access my budget.

9:08am

I send a text on Telegram as I walk to my co-working space, so Ting also knows that I use that app, too.

9:54am

I connect to the WiFi in the co-working space, which is provided by a local ISP called Philly Wisper. I then log on to the websites that I need for work like Asana, the company chat room, and the company calendar on Fastmail.

Generating digital data is, of course, unavoidable when I’m doing remote work since collaborating, planning, and updating work with my colleagues mostly happen on the Internet.

10:56am

At 10:56am, I play some music on Spotify. This particular day was mostly songs from Tyler the Creator, Tierra Whack, Solange, and The Internet. Spotify, of course, knows my listening habits which they use to generate individualized playlists that I might like. Spotify also has business partners that can place cookies on your device whenever you’re on Spotify. This is used to “deliver advertisements more relevant to you and your interests.”

I also start visiting other websites to find inspiration for data visualization for this very article. The websites that I visit, just like YNAB, use analytics software like Google Analytics and Chartbeat to learn about their readers.

12:02pm

At around lunchtime, I call CVS Pharmacy and ask them to get my prescriptions from Walgreens Pharmacy. So now, CVS knows all the medications that I take, who my doctor is, and who my insurance provider is.

Also, that call went through Ting Mobile, who now knows that I made a call to a nearby CVS at 12:02pm for 6 minutes.

12:14pm

I check the Dark Sky app on my phone to see if it’s going to rain this afternoon. Since it’s a location-specific app, it knows the city that I’m currently in.

12:28pm

I walk outside and get a flu shot at CVS (the same CVS branch that now has my medications). I got the vaccine for free because my insurance provider covers the full cost of it. So now both CVS and my insurance provider know that I just got a flu shot at this location and at this time.

1:46pm

At 1:46pm, I get charged for a recurring monthly bill from my therapist’s office at Thriveworks. They see how often I come in for therapy, who my therapist is, my insurance details (Independence Blue Cross), and my payment details (Mastercard).

2:48pm

I use an app called Transit to see what time the bus will come. This app keeps track of where I am (crowdsourced and real-time data is important to them), the possible routes that I can take, where I’m going, and a list of buses and trains that I frequent. Fortunately, they don’t really know who you are unless you send them feedback.

I then hop on the bus using my SEPTA keycard, so the transit agency knows the time I hopped on, where I was waiting, and the bus number. If you noticed, I only mention SEPTA having data at the start of the trip and not the end when I hop off the train or bus. This is because they don’t scan your keycard when you exit the bus or train.

3:23pm

I got home, prepared a late lunch, and watched some videos on YouTube. YouTube (which is owned by Google) knows the types of videos that I watch to improve their advertising and to make better video recommendations. After all, the more videos I watch, the longer I stay on the site.

4:03pm

My last entry of the day is getting a notification for a recurring donation (what a mouthful) to a charity called GiveWell. Just like Wawa, they know my credit card number and that I used Mastercard. (Again, I’m unclear if they know about the issuing bank part which is Goldman Sachs.)

Goldman Sachs and Mastercard, on the other hand, know where I donate my money and how much I give away.

The charity also knows my contact details like my address, phone number, and my e-mail address.

Pfew.

Visually laying out all the entities that have their hands on my data is a bit mind-boggling, and I’m sure that I’m missing a couple hidden services that run in the background that I’m unaware of. What scares me the most is how often data breaches seem to happen and how reliant I am on all these digital services.

There are some alternatives out there that I can take, but none of them seem to be worth pursuing. I could start paying in cash so that banks and payment processors will have limited information on my whereabouts, but I find it too much of a hassle to carry cash and change these days. I could buy music instead of streaming on Spotify, but then I lose having access to virtually any song that I want for cheap. I could dump my smartphone for a less-capable phone to limit the apps that follow me wherever I go, but then I lose the convenience of having transit data, meditation courses, the weather, and my budget at the palm of my hands.

It looks bleak, but thankfully our values are always changing. People are waking up and realizing that digital privacy in this software-filled world is important, which means that people are starting to look for services that offer privacy. Goldman Sachs, for example, has been a recurring company in this log that I made, but at least they can’t share or sell the transactions that they have on me. DuckDuckGo doesn’t know what you’re searching and it blocks online trackers (like Google Analytics and Chartbeat) from following you around the web. Non-profits like Mozilla are creating a suite of privacy tools to help you understand and protect your privacy online.

Things seem to be going into the right direction when it comes to our digital wellbeing. I hope you enjoyed this visualization of my digital data diary, and I hope we both see a future with a little more privacy.

Where I spent my time during a really long flight

If you’re interested in keeping up with my writing, sign up for my newsletter!

It was my fault, really. I don’t like flying, and I don’t sleep well in planes, but I still booked a 28-hour flight from Manila to New York. I honestly thought I was ready for it. I had melatonin pills, a neck pillow, a sleep mask, a blanket, and a pair of socks. Knocking myself out was my number one goal. That, I thought, was how I would survive this flight. While I did manage to fall asleep, I kept on waking up because some part of me would start to get sore from being confined in a chair for so long.

The first part of the round trip flight was actually a pretty good deal. For $800, I was able to go to Germany (stayed for 12 hours) and to Singapore (stayed for 5 days) before finally flying out to the Philippines. I got to visit countries that I’ve never been to before, and I also got to spend time with friends that I haven’t seen in a long time.

The coming back part, unfortunately, meant that I have to go from Manila to Singapore, Singapore to Germany, then Germany to New York. It was an unnecessarily long trip, and because I kept on waking up, I thought I’d do something fun instead. Like maybe log the activities that I did in the flight.

It’s unfortunately not the most accurate data because some activities overlap like eating while watching a movie. I also didn’t have the foresight to jot down the time when I would stop doing something, e.g., I would log the time when I started eating but not when I finished. But even then, I think the logs were still good enough to learn from.

I didn’t know how to represent the data at first. I wanted something more creative and outside of the usual charts that I’ve made before. But the other day, I ran into a Sketch plugin that created spirals. So I thought that maybe I could represent the data as a snail because of how unbearably long the flight was.

So after a couple hours of trial and error with both the 6Spiral and Looper plugins, I came up with a shell where each spiral represented 30 minutes of activity. Behold, my snail collection!

Since I didn’t log (more like forgot to log) absolutely everything, there is a “miscellaneous” category in there that includes a hodgepodge of things like going to the bathroom, daydreaming, listening to a podcast, brushing my teeth, and changing my clothes.

Looking at the visuals, I’m kind of surprised that I logged 9 hours of sleep. It wasn’t the restorative kind of sleep for sure, but it was still a substantial amount of time. I’m guessing a good part of that was spent tossing and turning in the seat.

Another surprising part is how small the music-listening and watching category are. I went through several albums and TV shows on the plane, but I guess that didn’t really amount to much. Or it could be that I was too distracted to log. We’ll never know.

I’m thinking in the future I could look into animating each spiral similar to this, so I’ll look into that when I have the time. Anyway, I wish you never have to take such a long flight in economy class!

The Sketch file can be found here.

Redesigning a form

If you’re interested in keeping up with my writing, sign up for my newsletter!

One of the projects that I’ve worked on recently is the redesign of a fairly simple form. All it did was gather feedback from people who wanted to report a broken website from within the DuckDuckGo browser extension.

So what you would do was that you’d click on the “Report Broken Website” button on the extension, and then a new tab would open with a form that you would then fill out.

Forms aren’t all that exciting to be honest, but there’s room for creativity in designing them. Just take a look at the thoughtfulness put into Stripe’s payment checkout form or the range of ideas that you can find on Dribbble.

So with this project the main issue that we wanted to solve was friction: Can we increase the number of people reporting broken websites if we made it easier to do so?

Understanding the problem

People already had ideas on possible solutions and user flows before I even started on the project. So my job at the very beginning was to listen and understand the scope of the problem and the goals of the project.

For me that often meant grabbing a bunch of paper from my co-working space’s recycling bin to write down design ideas and to sketch out some possible solutions.

A part of the design process for me is also figuring out the copy and the tone and voice that we want in the UI. We figured that in this case we’d want to show empathy to the person reporting (because it sucks to run into a broken website) and to communicate that we’re not going to be harvesting all their personal information behind the scenes (because we don’t).

After I felt like I had a good handle on what I needed to do, it was time to go on Sketch.

Iterating on the designs

Forms are really just a bunch of input fields. Figuring out what sorts of fields to put in there, however, can take some time to figure out. The first set of designs that I made had multiple elements:

  • A select element for indicating the type of breakage.
  • A textarea element for people describing their problem.
  • A checkbox element for people to opt-in to debugging data.
A screenshot of Sketch showing initial work on the form.

But after a few discussions and a couple of design variations later, we figured that we could reduce the form down to just one element. First, we got rid of the checkbox because the submit button is how people opted-in to sharing their data. (In lieu of that, we added additional information that we weren’t going to get any of their personal information.) Second, we figured that we already had the debugging information so there was no need for people to explain what went wrong.

This greatly simplified the form, and made it faster for people to report a broken website.

A second set of variations that have fewer elements in them.

Another part of the design that I had to look into was how people got into the form itself. What most some people do when a website is broken is that they toggle the extension on and off to see what would happen. We wanted to reach out to these people by asking them if they were toggling because they found a broken website.

Some ideas showing notifications above and below the extension popup.

The initial designs that I made used modals that imitated how smartphones would show notifications. I loved this idea because this sort of notifications could be used to help and guide the user when they encounter different problems throughout the extension. But we agreed that right now it’s a bit of an overkill solution so we went with a simpler inline version that comes up right below the toggle.

A simpler solution that was easier to implement and design.

Coming together

Now that the main parts of the project have been designed, it was time to create a user flow that shows the different scenarios that a user could get into when trying to open up this form. This is great for communicating design to developers and other stakeholders so that everybody is on the same page.

A user flow showing scenarios in the UI like error and success screens.

Then we also asked Matt Anderson to create an illustration for the form and we all ended up liking this broken bike design! At this point, it was time for the developer to implement the designs.

All these changes are now live! So if you ever run into a broken website on the DuckDuckGo extension (I hope not!), you now know how that reporting page came to be.