We hand over our data every time we sign up to a website, connect our social media accounts or approve a cookie pop-up. It’s no secret that companies are collecting this personal information, but once they have it - where does it go?
The MacKeeper team has analysed 56 websites from a range of industries, from banking to social media, to determine where in the world your data is sent.
Instagram is sending your data to more countries than any other site
On average, we spend just short of an hour a day on Instagram.
Every Instagram comment, like and message you have ever posted is kept in an archive file ready for you to download until you deactivate your account.
Instagram tracks your height, weight, sexual orientation and past employment. While this data may be stored securely, where is it actually going?
Your Instagram data gets sent to six different locations around the world, according to connection tracker LittleSnitch. From one remote endpoint, Instagram was sending data to:
- Kansas, USA
- Virginia, USA
- Dublin, Ireland
- Nairobi, Kenya
- Rio Branco, Brazil
Ultimately, these will be the locations of server databases/storage where companies store user data securely. These multiple data points create more opportunities for cybercriminals to exploit and breach your information.
Instagram’s parent company, Facebook, isn’t far off in terms of data sharing.
Not only does it track 70.59% of your available data like your job history, hobbies and interests, but also passes it onto three locations: London, Manchester and Kansas.
Just recently, 533 million Facebook users’ data was leaked from 106 countries, including phone numbers, Facebook IDs, full names, email addresses and more.
The ramifications of this breach means cybercriminals have access to information needed for security systems like banking logins, which require a two-step authentication process.
Kansas is the data capital of the world
Kansas is the data capital of the world with 39 companies sending their information there. Some of these companies include:
- Bank of America
So why does this all matter?
When your data gets sent to different countries across the world, they have different privacy laws to regulate how they handle data breaches and consumer information
Kansas state laws are classed as very weak when it comes to data privacy and cybersecurity. Research into state legislature shows it has a lack of any form of active legislation to protect consumer data. Despite Kansas being the data epicenter, the authorities don’t have a general privacy act in place and, without these laws, individuals don’t have as much control over their data.
On the other hand, California’s consumer data privacy law restricts the use of sensitive data - like someone’s sexual orientation, Social Security number or union membership - and this also makes location tracking less precise.
It’s groundbreaking for Californian residents because it allows consumers to sue companies if the privacy guidelines are violated. Consumers can demand to see all the information a company has saved on them, as well as a full list of all the third parties the data is shared with.
However, this is just one example of a good data privacy law. Once data gets sent around the world, it’s difficult to police it.
Search engines and browsers send your data to five different locations!
As well as specific sites themselves, the browser Google Chrome is one of the biggest undercover spies of them all.
It allows cookies to track the websites you visit so they can build a user profile on your likes, personality and income.
This data is then sent to location stores in four countries around the world.
Search engines like Google and Yahoo send your data to data centers in these cities and countries:
- Kansas, USA
- California, USA
- South Korea
So, what does this mean for you?
There are around 70,000 Google searches each second - about 5.4 billion a day.
That is a lot of data potentially stored in Kansas and California. And a lot of data that could potentially be hacked.
Your preferences, online searches, purchases and location data could all be revealed, which could lead to a whole host of problems like identity theft.
Your porn data is safer than your banking details
Banks have an immense amount of data on their clients through thousands, if not millions of individual pieces of information surrounding transactional histories. With this information, they can monitor spending patterns and personalize product offerings.
But, just how safe is your information with a bank?
Banks like Wells Fargo send your data to four locations around the world:
- North Carolina
Whereas your porn data such as your interests, preferences and email address only gets sent to Kansas. Having your data available in multiple stores puts it at greater risk of being breached, meaning your porn details are safer than any data stored by banks you think you can trust.
Which websites are sending your data across the world?
|Rank||Website||Type of Site||Number of locations data sent to|
|15||Dashlane (Skimresources)||Password manager|
|27||Bank of America||Banking|
Websites should aim to have users' privacy as a priority and should aim to keep your web history private to you. With Mackeeper’s VPN, you can mask your real IP address, keep browsing preferences private and enjoy a safer internet experience. It also includes a tracker blocker app for Mac, which works with the Safari and Chrome web browsers.
The Mackeeper team analyzed 57 websites from different sectors such as banking, social media and retail using LittleSnitch - a piece of software that tracks IP connections and remote endpoints to find out where those websites are interacting and sending data they receive from consumers. All data regarding the locations of data sent by certain websites is taken from the LittleSnitch analysis.
Additional research was taken from security.org regarding varying legislative measures against data privacy in the USA.
Information about time spent on Instagram was taken from a Vox study.
All information was correct as of 13 April 2021.