Online Privacy: How Companies Rate Your Health, Work, Love Life

Imagine you're an employer, looking to hire me for a job. You subscribe to a Web site that gives you background information, and this is what you find. Jessica Rose Bennett, 29, spends 30 hours a week on social-networking sites—while at work. She is an excessive drinker, a drug user, and sexually promiscuous. She swears a lot, and spends way beyond her means shopping online. Her writing ability? Superior. Cost to hire? Cheap.

In reality, only part of this is true: yes, I like a good bourbon. But drugs? That comes from my reporting projects—and one in particular that took me to a pot farm in California. The promiscuity? My boyfriend of five years (that's him above) would beg to differ on that, but I did once write a story about polyamory. I do spend hours on social-networking sites, but it's part of my job. And I'm not nearly as cheap to hire as the Web would have you believe. (Take note, future employers!)

The irony, of course, is that if this were a real job search, none of this would matter—I'd have already lost the job. But this is the kind of information surmisable to anybody with a Web connection and a bit of background data, who wants to take the time to compile it all. For this particular experiment, we asked ReputationDefender, a company that works to keep information like this private, to do a scrub of the Web, with nothing but my (very common) name and e-mail address to go on. Three Silicon Valley engineers, several decades of experience, and access to publicly available databases like Spokeo, Facebook, and LinkedIn (no, they didn't do any hacking)—and voilà. Within 30 minutes, the company had my Social Security number; in two hours, they knew where I lived, my body type, my hometown, and my health status. (Note: this isn't part of ReputationDefender's service; they did the search—and accompanying graphic— exclusively for NEWSWEEK, to show how much about a person is out there for the taking.)

It's scary stuff, but scarier when you realize it's the kind of information that credit-card companies and data aggregators are already selling, for pennies, to advertisers every day. Or that it's the kind of data, as The Wall Street Journal revealed last week, that's being blasted to third parties when you download certain apps on Facebook. (Under close watch by Congress, Facebook has said it's working to "dramatically limit" its users' personal exposure.) "Most people are still under the illusion that when they go online, they're anonymous," says Nicholas Carr, the author of The Shallows: What the Internet Is Doing to Our Brains. But in reality, "every move they make is being collected into a database."

This, say tech experts, is the credit score of the future—a kind of aggregated ranking for every aspect of your life. It's an assessment that goes beyond the limits of targeted advertising—you know, those pesky shoe banners that follow a visit to Zappos, made possible by tracking devices we know as "cookies"—by making use of the data in ways that are more personal and, potentially, damaging. Think HMOs, loan applications, romantic partners. Let's say you've been hitting up a burger joint twice a week, and you happen to joke, in a post on Twitter, how all the meat must be wreaking havoc on your cholesterol. Suddenly your health-insurance premiums go up. Now imagine your job is listed on Salary.com; your vacation preferences linked to Orbitz. Think how this could affect your social standing, or your ability to negotiate a raise or apply for a loan. Finally, what if you could know, based on Web history and location tracking, that a prospective mate had a communicable disease. Wouldn't you pay to find out? "Most of us just don't realize the potential consequences of this," says Lorrie Cranor, a Web-privacy expert at Carnegie Mellon University.

Think it sounds shady? It's perfectly legal—and happening already. In 2009, a Quebec woman who was receiving sick leave for depression had her disability benefits revoked after her insurance company discovered photos on Facebook—her profile was public—where she looked like she was having fun. At the time, a spokesperson for the Canadian Life and Health Insurance Association told reporters that such information is fair game. Credit-card companies use social media to determine what kind of offers might work the best on your social group—or to get insight on whether you'd default on a loan. Ultimately, it's safe to assume that every Web site you visit—yep, that means NEWSWEEK, too—reserves the right to install tracking technology on your computer, eating up information about your tastes, guilty pleasures, and everything in between. Each company can then decide where that trove of data ultimately ends up—and, for data gold mines like Facebook, there's very little incentive to keep it to themselves. "It's not only Global 2000 and Fortune 2000 companies who want this information," says Michael Fertik, the founder and CEO of ReputationDefender. "Eventually, it's going to be every person in your life." The ultimate paradox? It doesn't matter if the information is wrong—or, in my case, comically incomplete.

To learn even more about the personal life of this author, follow her on Twitter.