By Simon Elvery
When I decided to record every time my phone or laptop contacted a server on the internet, I knew I’d get a lot of data, but I honestly didn’t think it would reveal nearly 300,000 requests in a single week.
On average, that’s about one request every two seconds.
In this instalment of the #DataLife project I’m going to take a broad look at what all those requests are doing and break down some details about what I’ve found in the data so far.
How much data did your phone and laptop send and receive?
There are a few different ways to answer the question ‘how much’. The easiest to understand is simply the number of times my devices contacted another server — that’s the 300,000 number from above, but that’s not at all evenly spread over the week.
In one hour — between 8am and 9am on a Tuesday morning — there were more than 11,000 requests. That’s more than three per second.
This is what it looks like as a chart covering the whole seven days.
Number of requests per 15-minute block
I’m a little taken aback at just how many requests — and by extension, how much data about me and what I do — gets sent to organisations around the world from my devices. And just how many organisations there are.
Of course not all of these requests are sharing intimate private details about my life, but all of them — every single one — is sharing something about me.
Exactly how that something is used depends entirely on the organisation at the other end of the request and has an unknown, maybe even unknowable, effect on my privacy.
Are your devices sending and receiving data when you’re not using them?
They sure are. The quietest times fall — predictably — overnight. But even while I’m sleeping my devices are pretty busy talking to various companies.
Apple was the company contacted most frequently overnight, but there were plenty of others.
For example, here are the 841 times my devices made contact with 46 different domains between 10pm and 6:30am on the second night of the experiment.
Most of these requests are background updates for things like my email and calendar or synchronisation that various apps like Dropbox or iCloud perform.
But exactly what each of them is doing is quite difficult to tell.
And some of them are a little surprising, like the TripIt app, which seems to be checking in every hour or so, presumably to see if I’ve booked any new flights.
What’s doing the talking?
One of the first things that jumped out at me from the data was the astonishing number of different apps and programs that are accessing the internet from my devices.
The apps at the top of the list are pretty unsurprising:
- Google Chrome appears to account for the top two entries. It’s the browser I used by default (a decision I might review).
- At number three is Airmail, the app I use most for email.
- As a relatively heavy Twitter user, I’m unsurprised to find Tweetbot at number four.
- At number five is Slack, which I use for work chat among other things.
But the full list shows that 298 different pieces of software made requests during the seven-day period.
What companies are getting that data?
The easiest place to start when trying to answer this question is to simply count the number of requests to each domain.
Google is absolutely dominant, with nearly one in five requests being made to a google.com server — and that doesn’t include the many country- or product-specific Google-owned domains also in the data.
Unfortunately, it’s extremely difficult to tell which requests are useful to me and which are simply for tracking my behaviour, interests and habits for commercial benefit while delivering me no benefit at all.
What about tracking? Can you tell how much it’s happening and who is getting that info?
Well, kind of.
One way to sift requests that are tracking my web-browsing or other behaviour from the rest is to identify which domain names are known to be used by tracking tools. And thanks to your help identifying them, along with a few other databases compiled by various privacy preserving products, that’s not too hard to do.
Using their list to summarise the whole week of request data, it looks like up to 72 per cent of all requests are made to a server which is likely to be tracking my behaviour in some way.
Google tops this list for me too, with 23 per cent of requests. The other big trackers identified in my data are Microsoft (14 per cent), Twitter (13 per cent) and Chartbeat (4 per cent).
Of course, a lot of these requests are part of providing me with useful services — search and email, for example — which highlights another problem with how the modern web works. Many of the requests that are tracking our behaviour are also integral to the site/app/service functioning at all.
So many apps and websites are simply impossible to use while also avoiding being tracked.