You, online

An exploration of identity in the digital age.

Due to an irritating law, we have to mention that this website uses ‘cookies’. Cookies are things that websites use for: reasons. Most people do not know what these reasons are, because it is time consuming and boring to think about that—and who has time for boring things? Also, the word ‘cookies’ sounds pretty fun, like there is a party going on. So it’s all good! Do you want to come to our party? Then you have to accept the cookies. Below you can see which cookies we use.

Functional cookies

We use these cookies because they are necessary for the functioning of the website. Thus, the word ‘functional’. They have a function. Move along, people.

Tracking cookies

With these cookies, we follow you on our site and we look at which other websites you visit and what you do there. That way we can better identify you. Totally not creepy. Very handy. For us.

Third-party cookies

Remember what you were told as a kid? If a stranger gives you a cookie, you eat it! That is just good manners. Nomnomnom, tasty. Thank you, kind stranger!

Really though, this just lets other companies, websites, governments, and who-really-knows-who-else track what you do on our and other websites. No worries.

(You can also click on this nearly invisible link to close this pop-up.)

Petra never eats ice cream, but last summer she made an exception—it was just too hot outside to not have some. She explained this to a friend of hers, and they walked to the supermarket together. Satisfiedly licking away at her cone, Petra glanced at her Facebook, where a colorful ad shouted at her from the sidelines: “Strawberry ice cream: made with real fruit.”

Was this just a coincidence, or was the ice cream conversation overheard by her phone? Had the supermarket tagged her as an ice cream lover and immediately sold that information? And will her ice cream buying behavior ensure a higher dentist bill in the future? These are questions that Petra will never get an answer to.

Online services know a lot about our actions, and use complex algorithms to fire targeted advertisements at us;  this probably isn’t shocking news to you. But what exactly do companies and governments know about us, and what happens with that information? What can reasonably be asked of someone to identify themselves online? In this article, we explore identity in the 21st century. We took to the streets of Amsterdam to question people, and investigated how our personal data is being processed. Do we, as citizens, have enough control over this? And is there cause for concern?

To continue, we need the following information from you:


 

Digital identity—that’s an identity made up of ones and zeros. But what belongs to an identity? Everyone has an idea about that: it is for example your gender, your origin, where you live, your height, the color of your eyes, and the fact that you’re named . Your hobbies are also part of your identity, just like the brand of car you drive. So your identity is an almost infinite collection of characteristics, or attributes, that together make you who you are and how you are seen. Etymologically, the word comes from the Latin identitas; ‘sameness’. Following that, identity is all of those personal characteristics that are exactly the same as the characteristics of your person. A circular argument that can drive you crazy, which illustrates how difficult it is to define the concept of ‘identity’.

 

Identity: a loaded concept

Registering an identity can give you rights; you can prove that you can drive a car, and enroll your child in school. Conversely, registration also means exclusion when anyone who is not registered does not have rights. The digitization of your identity goes beyond the collection and reselling of data. Capturing all sides of your identity—whether it’s buying an ice cream, the size of your bank account, or your medical record—affects the space you have to move in our society.

Identity and identification have always been controversial subjects. In the Netherlands, where the Digital Identity Lab calls home, the national passport has existed since 1914, but was only necessary if you crossed the border. There were plans for a compulsory identity card, but they were scrapped in 1940. A year later, the German occupiers nonetheless introduced a personal identification card, inextricably linking identification to war, resistance, and state terror in the public eye. Not long after the war, in 1951, the Compulsory Identification Act was withdrawn; identification was taboo in the Netherlands for forty years thereafter. It was only in 2005 that the Compulsory Identification Law Act in the Netherlands took effect, accompanied by loud social protest from those who asked: Why should someone have to be identifiable everywhere? The law was seen by many as an enemy of privacy and anonymity.

All of this is to show that identity is an evolving concept, with mandatory identification being a fairly recent phenomenon. Now that we are eyeball-deep in the digital age, we have perhaps gained an even bigger enemy: the practice of data hoarding by commercial companies. They seem to want to know us better than we know ourselves. In the past twenty years, that data collection has become a force that is difficult to comprehend; the time of relative anonymity and paper files in a cabinet is over. Thanks to digital profiles, our data is everywhere. And we are constantly, and generously, providing more personal information to them.

Yo, let us know the following and you can continue!


Values

Privacy, freedom, trust, control, transparency: Many of us consider these as values, but their importance erodes with the digital reality. No matter how easy the internet makes our lives, we also want to be able to hold the reins: we want to understand the data that companies collect about us, and we want to be able to decide what can and cannot be shared or used. In addition, digital data can be copied. If someone stole your passport thirty years ago, then one person had your passport. If a hacker with bad intentions now cracks a database with passport scans, they are forever on an online black market.

It is precisely because it makes things so easy that we can no longer ignore the world of the wide web. With all that convenience, an effective mode of digital identification is needed. But identification only works with trust, and creating trust takes time. Moreover, trust is fragile; a crack can easily occur, but it takes a long time to repair it.

When we look at how a relationship of trust develops between a consumer and a provider, it quickly becomes clear why problems occur online. Suppose that, every Saturday, you go to to buy your weekly . The vendor now knows your face and your name, and hopes that you have come to buy a delicious, juicy , as usual. “Well heya there, !” she calls cheerfully. “How do you do, you old you?” You make some nice small talk, and you buy one —heck, maybe even two, or three. This is a relationship of trust that has been built over months, years even; it is subtle, it is based on only necessary or innocent attributes, and it is almost infallible when it comes to mutual identification.

Sometimes you skip the store and buy your online, maybe even on a website you’ve never been to. The subtle identity layer you have at your local store is missing on the internet, so the website asks you to leave a mountain of data so that they can send you a that’s the right color, size, and brandBefore you know it, you’ve already divulged your home address, bank account, full name, and phone number, not to mention your preferences for style and color.

The resulting identity is blunt and scattershot. Often, it doesn’t even agree with reality—maybe you bought that  for someone else. 

But that identity is the basis on which the service tries to create a relationship of trust with you. This is of course a bit different than the  vendor who knows your face, and then recommends their shiniest  to you.

Hey, , fill in your:


The average citizen has numerous digital identities, each of which consists of different but overlapping sets of properties. This is how different companies manage their profiles about you. That is useful for them, because they can target and tailor their advertisements specifically towards what they think will interest you. We seem to have already accepted—at least passively—the advertising model that has evolved online. The services that we purchase are often free, so we can endure a few advertisements and recommendations in the margins, right? And sometimes you are just looking for that perfect supersonic stroller. There are only two problems: firstly, these services are not really free, because we ‘pay’ with our personal data. Secondly, we know too little about the consequences that all those digitized data streams can have on our lives (like going beyond advertising in an attempt to shape our political beliefs or manipulate our moods). We’ve already been rattled by how our own data is used to influence us, and there is no way to be certain about how this will be done in the future.

 

How does a digital identity come about?

There are two ways in which personal data can end up in a profile: actively and passively. Actively fill in your data yourself; these are mainly things that businesses need to be able to carry out a transaction. It is customary for a website to ask you for your name, address, and place of residence. And it is not surprising that FootLocker.com knows: wears a size . How else can they send you the right shoes? At the same time, you may wonder why FootLocker needs to know where you live: that information is actually only relevant to the postal company that is going to ship those new loafers.

The passive creation of your digital identity is all the more worrying, because this data is often not consciously shared with companies, by us. You click on links, order a book, put photos online, or send apps to your friends, but none of that you do, hopefully, with the aim of supplementing the data profiles that companies have about you. Yet powerful algorithms divert all sorts of information from your online behavior. Spotify knows your favorite music genre, Netflix knows that you watch Desperate Housewives until late at night, Google Maps knows where you are on holiday, UberEats knows how often you eat burgers, and whether you want to have cheese and bacon on it.

The internet is no longer just in our computers and telephones, but in the everyday items that are all around us. The Internet of Things makes life easier on many fronts. Think of the car that, upon (or even before) breaking down, can remotely explain to the garage what is going on. But the same car also records your driving behavior: What is your average speed? How quickly do you accelerate? How often do you have to kick the brakes a little too abruptly? These data also come in one of the many data profiles that are about you.

Companies sell these profiles to each other. This way your bank can learn from Zillow that you are on the hunt for a new house, offering you a mortgage. Ah, you might think, let them. But your health insurance could also be very interested in your burger consumption, or your binge watching behavior, because an unhealthy lifestyle may be a reason to add a little extra to that additional premium. And what should the premium for you car insurance be? Let’s have a look at your driving behavior!

These are just a few examples of how this data collection frenzy can cause unintentional or undesirable effects. It is not hard to imagine that a lot of negative things could happen with all that linked and eternally stored information about us. We already know what is technically possible; take the social credit system in China, or the NSA’s domestic and global data gathering operation as revealed by Edward Snowden.

In addition, passive data collection often involves personal data that relate to, among other things, race, religion, political color, and health. For example, if you wrote a couple of passionate Brexit tweets last year, Twitter might know that tends to look a little bit politically .

Banks have it even easier. Based on your payment behavior and other activity on your account, your bank has information about your work, study, friends, interests, leisure activities, whether you have children, a house for sale, a car, how often you exercise, whether you were in the bar yesterday, and whether or not you smoke. They don’t even have to analyze your Brexit tweets: your bank can see which party you support when you make a donation.

Companies are required to be forthright about the information they gather; you can find it in the various privacy statements of companies. The problem is, these are just not written in a very immersive prosaic style. What’s more, every service has a different policy. Who has time for that?

We had time for that. And it became clear to us, among other things, how language is used to keep messages vague. For example, in the privacy statement of the Dutch ING Bank, we read:

“We do not record special personal data […], unless this is absolutely necessary. This only happens in very specific situations, for example when you instruct us to pay membership fees to a political party.”

“We do not store any special personal da…”—oh wait, no, we do. But only in “very specific situations”. For example, if someone pays membership fees to a political party. In the Netherlands, there are 300,000 people in such a very specific situation. Then note the words: “when you instruct us to”. They’re saying: you give us the assignment, we only carry it out, and you’re welcome. That is at least a bit misleading, because it suggests that the bank stores your data because you asked for it.

We checked with the Privacy Office of the ING Bank to find out whether more data would be recorded in this way. The answer was (drum roll…): Yes. For example, an estimate can be made of “the religion you are likely to adhere to,” based on the “number of initials, residences, certain surnames and places of birth”, data that are needed “to execute contracts.” Also your health is interesting for the bank, because, we were told, “some parts of ING also deal with health issues in the context of taking out insurance.”

Send a shiver down your spine, ?

Fill in this information, okay? Thanks:


There is another way

We regularly fill in information online for the purpose of identifying ourselves and buying services or products. But companies ask for too much information, analyze our behavior, and sell that information to each other. This has far-reaching effects that are difficult to estimate in advance. We therefore hope that you will start thinking about what you share, and with whom, and why, but also about how companies have come to see you as a product that can be used for commercial gain.

It is important to determine the rules together. The government also plays an important role in this. Not only are they one of the most important suppliers of your digital identity, they also create the frameworks for them, and must therefore maintain them.

Perhaps that is why it is time for us to say:There is another way!” and to start a broader dialogue with each other. The Digital Identity Lab examines, among other things, how we can best translate subtle offline identification into its online counterpart. Do you have any ideas about that? Or do you want to share a story about digital identity? You can comment on this article on Twitter, or, if you prefer not to publicly state your opinion, please send us an e-mail using the form below.

Would you rather stay offline after reading all this? Then come to one of the events where we discuss and combine different visions on digital identity. Please visit: digitaleidentiteit.waag.org/events/

Whatever you do though, never say out loud that you feel like having ice cream!

 

Binnenkort kun je hier Digitale Identiteit Ganzenbord downloaden

Disclaimer

Hey, with a size shoe, if you are worried about the information you have filled in on this site: we won’t be storing any of it, of course. Once you close this window, all of those attributes of your digital identity that we have collected here will disappear into infinite nothing.

Respond

If you have a reaction to this page, or would like to share your own story, send us a message using the form below or respond via Twitter.





     

    NOTE: This page has been translated from the original Dutch, with slight changes to content and examples. All translated privacy policies and responses from other organizations have been translated to the most literal extent possible. You can view the original Dutch language article here.