Privacy and being online

I have an email address that’s old enough to drink. It came to me today when I was discussing data hygiene. I mean, I have an email address that is old enough to drink! And it wasn’t even my first email address, it’s just the one I still have access to.
This realization led me down a path of what things have changed since I got that address.
I remember …
… when things posted on the Internet weren’t around forever.
… when Google bought DejaNews and made USENET archives more available.

… and all those things I thought were gone forever were searchable again.

… when I thought it was good to be anonymous online.

… and trolls were mostly harmless and couldn’t hurt you.

… but there were always exceptions.

… a mailbox with zero spam in it.
… when I could still pretend I had control over my personal data.
We give up a lot of privacy just existing in the modern world. Companies track us and keep data about us. In many cases this is good. I recently had to return something to Home Depot and they could get a copy of the receipt simply by running my credit card through their system. Easy, peasy. Got my money back for that last box of floor tiles we didn’t open.
But it also means that companies can be the weak link and expose us to risk we don’t want or ask for. If there’s anything recent breaches have taught me it’s that my data is at risk no matter what I do. There’s a limit to what I can control and full control means not being able to participate in (almost any) online space.
And even if I am careful, other people use my info and my email addresses to sign up for stuff. One company in the UK is selling my email address associated with the profile “Mrs. Christine Stelfox.” Another UK company is selling a different email address with a different profile. Laura Ashley UK thinks I’m a stay at home mother of 3 in South London. And those are the easy to say “this data is bad and wrong” because they’re the wrong country and the wrong currency.
Brewster.com started spamming me, telling me that they had multiple email addresses and multiple phone numbers associated with me. I didn’t give them that data, someone else did. But now they think they own it and their privacy policy doesn’t cover my data, it only covers the data of the people who handed it over to them.
In terms of privacy, unless you want to stay offline completely, there isn’t much you can do to protect yourself. And even then, there’s nothing to stop companies from collecting data about you and selling that data on. The Target breach tells us even if you don’t do anything online, your PII can be leaked into online spaces. The US government breach tells us that doing things like participating in someone’s security clearance process can leak your data online. Health care breaches tell us we can’t trust our doctors and hospitals to keep our data safe.
All of this tells me that online privacy is difficult, if not impossible, these days. We’ve gotten used to having companies know about us and our habits and expect a high level of personalization. That personalization requires companies keep detailed records of our behavior.
I don’t think we really can give permission for this level of tracking. But I can’t see trusting companies to maintain our data in a safe and secure manner. I hate being tracked and I know that not being tracked means I give up a level of service. These days, though, you can’t even opt out of being tracked. You’re tracked even if you opt out. You just don’t get any of the benefits of being tracked.
Privacy is complicated and we don’t really have a handle on it. The internet is too new, even if people like me do have email addresses that are old enough to drink.