The Price of Free

The Hidden Cost of Free

Every time we install a free app, join a loyalty program, or click “accept all cookies,” we trade something far more valuable than we realise: our personal data. We’ve all done it. Downloaded a game. Tried a free loan calculator. Installed a new social media app just to see what the buzz was about. But few of us stop to ask: what are these apps collecting about me — and where does it go? This post uncovers how “free” services quietly build detailed profiles on you, how data leaks expose you to scams, and why your private life may already be for sale on the dark web.

You Are the Product

If the service is free, you are the product.

Apps and platforms don’t survive on charity. They monetise you by collecting, analysing, and selling or sharing data points about:

• Your identity (name, age, phone, address)
• Your behaviour (what you click, buy, read, watch)
• Your preferences (religion, politics, health, sexuality)
• Your location (in real time)
• Even your messages and photos (in some apps)

What Are Apps Actually Collecting?

Here’s a typical list of what even basic free apps might access:

• Contact list (names, numbers, relationships)
• Location history and real-time movement
• Microphone activity
• Camera and gallery
• SMS messages and call logs
• Email address and inbox metadata
• Device ID, network, and SIM data
• Social media activity (likes, shares, DMs)

Some apps even extract data from other apps on your phone — tracking what you open, how long you use it, and what actions you take.

📍 In one case, a “loan app” installed by an Australian user silently uploaded the user’s entire contact list and photo gallery to a remote server in Asia within minutes.

And It’s Not Just Apps…

Even legitimate websites, ad trackers, loyalty programs, and browser extensions contribute to what’s called your “digital shadow” — a complete psychological and behavioural profile that’s bought and sold without your knowledge.

• Your supermarket rewards card knows your diet.
• Your fitness tracker knows your sleep patterns.
• Your TV streaming service knows your political leanings.
• Your email provider knows where you bank.

Where Does This Data Go?

It depends. Best case? It’s sold to advertisers to target you more precisely. Worst case? It’s leaked or stolen, ending up on:

• Dark web marketplaces
• Phishing lists sold to scammers
• Botnet or identity theft databases
• Password brute-force attack lists
• AI training datasets without consent

🇦🇺 Data breaches in Australia from companies like Optus, Medibank, and Latitude Financial have already exposed millions of Australians’ passport numbers, Medicare IDs, financial data, and even location trails.

How Leaked Data is Used Against You

Once your data is out there, attackers can:

• Personalise phishing scams using your name, DOB, or employer
• Bypass security questions by using leaked personal info
• Target your relatives using your family tree (found via contacts or genealogy platforms)
• Reset your accounts if they have access to your email or leaked passwords

It’s not just one leak that causes damage — it’s the combination of leaks that paints a full picture of you.

“But I Have Nothing to Hide…”

This mindset is dangerous. It’s not about hiding — it’s about not handing over the keys to your life.

• You wouldn’t hand out spare keys to strangers “because your house is tidy.”
• You shouldn’t hand out data “because you’ve got nothing to hide.”

How to Regain Control

✅ 1. Audit Your Apps

• Delete apps you no longer use.
• Check what permissions each app has (especially SMS, camera, and location).
• Avoid apps from outside the official Apple or Google Play stores.

✅ 2. Use a Privacy-Friendly Email Alias

• Use services like SimpleLogin or ProtonMail to avoid exposing your primary email to every newsletter or site.

✅ 3. Review What’s Leaked About You

• Use HaveIBeenPwned to check for past data breaches tied to your email or phone number.
• Consider Firefox Monitor or paid breach monitoring via Norton or Bitdefender.

✅ 4. Limit Permissions and Tracking

• Use a browser like Brave or Firefox with privacy extensions.
• Block third-party cookies.
• Say no to “accept all cookies” unless necessary.

✅ 5. Use MFA — and Not Just SMS

• Prefer authenticator apps or hardware keys for critical accounts like email and banking.

Final Thoughts: The Cost of “Free” is Control

In today’s internet economy, privacy is power — and giving it away cheaply leaves you exposed to profiling, manipulation, and exploitation. You don’t have to quit using free services. But you should start using them on your terms, not theirs.

🔐 In the next post, we’ll venture deeper — into the dark web, where much of this data ends up, sold by the gigabyte and used for everything from fraud to blackmail.

Until then: audit your apps, lock down your info — and take your privacy seriously.

📚 References

• Office of the Australian Information Commissioner (OAIC) — Notifiable Data Breaches Report
• Mozilla Foundation — Privacy Not Included Research
• Have I Been Pwned — https://haveibeenpwned.com
• ABC News Australia — Latitude Breach Coverage abc.net.au/news
• The Guardian — Optus and Medibank Data Lessons theguardian.com

• ← Previous Post
• Next Post →