Q&A: Are You Sharing Too Much Online?

May 23, 2025
Illustration of a computer with a lock on the screen

UVA cybersecurity expert Chris Maurer advises sharing as little personal information with apps and websites as possible. (Image generated by Saka Yamaguchi, University Communications, assisted by AI)

What once seemed like the stuff of a dystopian novel is now a reality: Almost everything you do online is being tracked.

Whether it’s advertising companies, government agencies or hackers, someone is paying attention to every like, follow and search. But there are ways to protect your personal information from bad actors, according to University of Virginia cybersecurity expert Chris Maurer.

UVA Today talked to Maurer, associate professor of commerce in the McIntire School of Commerce, for tips on how to keep your private information private.

Q. What kinds of data are collected when using social media or shopping online?

Headshot of UVA cybersecurity expert Chris Maurer

Maurer says companies collect your personal data and create a profile to target ads and make you stay online longer. (Contributed photo)

A. Almost everything you do online is being captured and analyzed. This involves obvious things like, what you click on, like or favorite, and things you type into search bars or text boxes. But it also involves less obvious things, like how fast you scroll, how long you spend on each page/post and where you pause your cursor (or touch the screen of a mobile device). When you create accounts with social media companies and retailers, they can then combine the personal data you willingly share with them with all the data they collect from your online activity to build a profile of your interests and how they might more directly engage with you through content and/or advertising.

Q. How careful should you be about what you share with an AI chatbot?

A. Treat AI chatbots like any other user you may interact with through social media or in an online setting. The content you share with an AI bot can be used to help train future AI products/enhancements and could also be used to help companies target you as a potential consumer through advertising. This is all very similar to how social media companies can currently use the information we share with our social networks to engage us and keep us coming back to their products.

So, if you are reasonably comfortable interacting with others through social media, you can interact with AI bots in much the same manner. But if you are extra cautious about what you share with others online, don’t feel like you can share more with an AI bot because it is not human.

Q. A lot has been made recently about encrypted messaging apps like Signal. How safe are they? Should the average person consider using one?

A. Encrypted messaging apps are very safe and effective in protecting the transmission of sensitive information. Because anything you share through these apps is encrypted end-to-end, even the publishers of the app cannot see what information was sent. Even if there is a data breach or law enforcement issues a subpoena, there would be no way for anyone to see what was communicated through the app. The weakness of these apps, however, is that anyone who has access to the physical device is able to view data in plain text.

The average person probably does not need to use encrypted messaging platforms, given that most of their communication is likely to be routine. However, there is certainly no harm in using these apps, as they would help to shield some information about our personal lives from large tech companies who are always trying to capture as much data as possible.

Q. Are services, like Delete Me, that claim to wipe personal information from the internet worthwhile? Do you need to periodically reuse them if your data gets leaked again?

A. These sites can be effective in reducing one’s digital footprint, but I remain skeptical of their ability to truly remove personal information from the internet.  Each service should list the data brokers/sites that they will scrub your data from, and none of them will be comprehensive of every single site collecting data. The services are also typically subscription-based, so they can automatically scan sites on a regular basis and remove your data again, if you happen to appear in their databases after the initial removal.

‘Inside UVA’ A Podcast Hosted by Jim Ryan
‘Inside UVA’ A Podcast Hosted by Jim Ryan

Q. What are your top tips for someone looking to protect their privacy online?

A. While complete anonymity online may be a lost cause, this doesn’t mean individuals should not be concerned with online privacy. In general, I recommend opting out of as many data collection practices as possible every time you create a new account or install a new app.

Some common settings involve location tracking on mobile apps and activity tracking or usage reporting for websites. Inevitably, some features of the app or service may require you to enable location sharing or other data collection practices. If, while using the app/service, it will not work without you sharing additional data, the app will always prompt you to change your settings. By starting with the least amount of data sharing, you can then make an informed decision as to whether sharing the additional data is worthwhile to you or whether you can live without using that particular feature.

Also, avoid using your social media accounts to log in to other websites/services. Many websites will allow you to use your Google or Facebook account to log in to their site. It might be easier for you, but when you link these accounts, it becomes even easier for companies to synchronize your online web activity across different websites, which allows them to build a more comprehensive data set to describe you.

Media Contact

Alice Berry

University News Associate Office of University Communications

Article Information

May 23, 2025

The Latest From Business & Government