Ask HN: How to “scare” teens wrt privacy issues
I'm teaching some high-school teens (~15 years old) about privacy, but they seem to completely disregard the issue, giving away their data without worry.
I'd like to shake them up a bit, show them something creatively "scary" to help them realize the issues that come with giving away data.
Some additional information:
- This is a Western European country (no real issues with privacy since WWII);
- They don't mistrust the government ("Big Brother"-style arguments have little effect);
- They have little financial/working experience (arguments such as "your insurance will cost more" or "your future employer might not hire you" are inefficient);
- They haven't had enough partners to be really concerned about things such as "your future partners will know everyone you went out with".
Some ideas (untested, since not practical):
- Compile a virtual profile with everything publicly available about them, especially photos, which seem to provoke a stronger reaction than factual data such as addresses, names of relatives, etc. Problem: requires too much manual effort.
- Find out their e-mail addresses (if publicly available) and trigger "Forgot password"-style messages, to simulate them being targeted by hackers. Problem: borderline ethical.
- Apply some form of spear-phishing using information publicly available, such as "Hi Jane, this is Mary <family/friend's name found via public information>, I got this link from John <another family/friend's name>, it's quite funny!". Problem: requires too much manual effort.
Otherwise, I'm afraid I'll have to resort to listing some actual cases of teens abused due to exposing their data, which is not as efficient ("that would never happen to ME!"). Please don't try to scare them. That tactic is very often counterproductive. Educating them in a factual way that doesn't appeal to their emotions is a better tactic, in my opinion. Perhaps a research project where they actively find all the publicly available data on themselves that they can, combined with lessons about the impact of data leakage on regular people would be sufficient? I don't know. In the end, teenagers (like everyone else) will make their own decisions about these things. Even if they make decisions that you and I consider foolish, they have the right to decide for themselves. You job is just to ensure that they have the information and understanding they need to make informed decisions, not to evangelize a particular stance. One nice project is Data Selfie. The project is no longer active but may still work, or you can self-host (it is OSS). Watch the video to see how it works. Especially the predictive analytics may be a powerful way to provide insight into how much of ourselves we give away while surfing the web. You can’t scare them. They have lived their entire lives with ubiquitous digital surveillance. They are better equipped to deal with it than you or me because they have been breathing it since birth. It’s not novel. It’s not emerging. There wasn’t a time before Google. Before the gwot. Before cookies. Before credit scores. A fifteen year old has been hearing adults prattle on about this stuff since the day they started school. That’s 2010. That’s Chrome. And Facebook. It’s mature as tech backed by billion$. The ones out of touch are those of us imagining there are still horses in the barn. Or to put it another way, it’s a room full of smart people and everyone should take that seriously. This I learned from talking to my teen. Instead of at them. Don't scare them directly about the data being gathered. Teach them history. Teach them how authoritarian governments operated. They will connect two and two over time. Could you setup a local wifi network with monitoring, showing which URLs get accessed in real-time? These days connections are encrypted so you can only see domain names. Then explain that happens when they connect to any public wifi. How can you trust "<restaurant> free wifi" is really run by that restaurant and not the person at the next table? > Find out their e-mail addresses (if publicly available) That's probably against data protection rules set by the school. Show them how easy it is to catfish online. How easy it is to fake even a live webcam.