The last two months of Covid-19 lockdowns have sent our online time soaring. An Israeli startup called Mine tracks “digital footprints” and knows exactly what we’ve been doing.
Based on the input of the company’s 35,000 registered users, Gal Ringel, Mine’s CEO, tells ISRAEL21c that, by far, “the most popular new service that people have signed up for since corona is Zoom.”
Netflix appeared in the third or fourth spot in every country except the UK, where Disney+ was ascendant. Classified advertising sites and online groceries were popular too: eBay and Walmart in the US, LeBonCoin in France, Tesco in the UK and Supermercato24 in Italy.
Around the world, our digital footprint – that is, the amount of data we’re sharing online with companies and service providers – increased between March and May 1 “by an average of 55 percent in the six countries we measured,” Ringel explains.
Here’s the rub: Every time you sign up for a service – whether it’s to pass the time by binging another episode of“Tiger King” or to apply for a loan or subsidy check from a government agency – you have to give the service some personal data.
That might be fine for those services you’ll use over and over, but many others are one-time events: think about buying a facemask from a specific vendor or – in pre-corona times – giving your passport number to a hotel in Slovenia.
Do you know where your data is?
Mine has analyzed some four million digital services to tell its customers precisely which bits of their data are being stored and by which services.
The average user has 350 companies in his or her footprint, Ringel says. (Mine’s software revealed that this reporter’s personal information can be found at a whopping 1,176 online providers.)
Ringel adds that 80% of the sites holding this data are not being used on a regular basis – or ever – by the user. “We find a lot of data that you’ve already forgotten about,” he notes.
The European Union’s GDPR – General Data Protection Regulations –that went into effect in 2018 include a “right to be forgotten” clause.
Ringel and his cofounders, Chief Technology Officer Gal Golan and Chief Product Officer Kobi Nissan, flew to Europe last year and literally “asked people on the street if they exercised any of their GDPR rights,” Ringel recalls. “The majority of the answers were ‘no.’ Which was absurd – this was legislated for them!”
But how do you ask a company to delete your data? Whom do you contact? How do you phrase a request?
That’s what Mine was built to do.
Mine first asks to look into your email – the company promises not to save any personal data on you and not to read your messages, just the subject line. Gmail and Microsoft Outlook are currently supported.
Your Mine dashboard then shows you which companies have the goods on you, organized by category: financial, identity, online behavior and social network data.
If you want to “reclaim” any of that data – that is, remove it from the service – you click a button and Mine sends that company a “personal data erasure request.”
The contacted service will then communicate with you by email until the request has been completed. Companies have 30 days to comply.
Free for now
Mine’s service is free – for now. But you’ll eventually want to pay for it because the free package requires that you do all the follow-up yourself.
The paid version, to be released in the coming months, will cost between $5 to $10 a month and will handle all the back-and-forth on your behalf.
You’ll also be able to create rules on specific companies or certain types of data so that Mine will begin the process of deletion automatically.
“For example, you might want to delete all low-cost airlines where you don’t have any mileage points,” Ringel says. “There’s no reason for them to keep your data. And you can always sign up again at any time.”
There could be good reason to pay monthly. By Mine’s estimates, “every month, you’ll have eight new companies storing your data. And every one of those companies can be risky for you,” Ringel says.
“We found out that the average person is subject to 12 data breaches that they’re not aware of in a five-year period. Many of our users are going back [to check their Mine dashboard] one to two times a month.”
Is it such a big deal that companies have our data? Yes, Ringel says. A little data can go a long way.
For example, the website MyHeritage was breached in 2018. MyHeritage said that only emails and passwords were stolen, but if a hacker got into a MyHeritage user’s family tree, the hacker could access seemingly innocuous data such as maiden name or your grandparents’ names.
“When someone forgets their password and they have to answer a security question to reset it, it’s frequently a maiden name or a grandmother’s name,” Ringel says. With that data in hand, a hacker can easily break into other accounts.
Moreover, companies such as MyHeritage and 23andme are increasingly storing DNA data.
“Our DNA encoding is the most private data that we will ever possess and the ultimate definition of who we are,” notes the website Security Boulevard. “The potential scale of the misuse of this data is without measure.”
Health and wellness sites are increasingly popular these days. Ringel says that Mine’s research has dug up “over 2,500 unique health and wellness services in [our users’] digital footprints – that’s around eight companies on average, 40% of which are from a one-time use and recommended for deletion.”
Mine uses machine learning and NLP (natural language processing) to monitor your email inbox to find companies to track. That doesn’t include the many hundreds of newsletters you may have subscribed to over the years, for which “people don’t usually provide sensitive information other than an email address,” Ringel says.
Precious personal data
Mine was in stealth mode for a year before launching in January 2020 along with the announcement of a $3 million investment from Battery Ventures and Saban Ventures.
The 10-person Tel Aviv-based company has sent more than 300,000 “right to be forgotten” requests. With the new financing, the company hopes to have 100,000 registered users by the end of the year.
While Mine has focused mostly on Europe so far, the company has customers wherever GDPR-like regulations are in place. The United States introduced COPRA (Consumer Online Privacy Rights Act) in 2019, and several US states have particularly strong laws. California, for example, this year incorporated the California Consumer Protection Act and Ringel expects to push Mine in the Golden State soon.
“By 2021, we expect to see the majority of countries will have similar laws,” he adds.
Ringel and Golan served as officers in the IDF’s 8200 cybersecurity unit. Golan went on to work with AI innovator SalesPredict (we recently wrote about SalesPredict founder Kira Radinsky’s new company, Diagnostic Robotics, which is helping Israel track Covid-19 spread), while Nissan spent time as a venture capitalist – including at Saban, which invested in Mine. Ringel worked at Verizon Ventures and was named to Forbes’ “30 under 30” list in 2017.
From their work in cybersecurity, Mine’s cofounders “really understood how valuable and precious our personal data is and how it can be exploited against us, for financial damage or against our reputation,” Ringel says.
“When the GDPR was legislated, we saw that it was a game changer in the history of the Internet. For the first time, it defined personal data as our own asset. But it was missing the proper technology to make it accessible to us as citizens.”
Here’s something to look forward to, then: When we begin to fly again, there’s no reason to leave your credit card details with that cute little restaurant in Bogotá forever. Mine it instead here.