Mailchimp gives me more than I want

I discovered a disturbing thing yesterday when exporting my Mailchimp e-mail contacts for IFF. Mailchimp has more personal data than I asked for. When signing up for my weekly digest, all I want to know is an e-mail address. It’s the only thing I need to know for sending an e-mail to a person. I deliberately do not ask for names or other details. The less I know, the better considering the chances of data breaches and GDPR legislation. After exporting my contact list from Mailchimp I found out the service has more data on record than I asked for. For instance for one person who registered for my e-mail subscription list I have a first name, a last name and birthday on record. I’ve never had input fields for that information in my subscription form, so how do those personal details end up in my contact list on Mailchimp?

The only explanation I can think of is that Mailchimp keeps unique ID’s based on an e-mail address. The data that person discloses to a Mailchimp mailing list then ends up in all other mailing lists that person subscribes to using the same mail address. A hint for that explanation are the ID numbers that I also received in my data export from Mailchimp. All users are assigned two ID numbers, a LEID and an EUID. This is Mailchimp’s explanation about these ID’s:

LEID is the unique identifier for a contact, specific to an audience. EUID is the unique identifier for a contact on the account level, across all audiences.

Whatever the reason and mechanics behind Mailchimp’s user ID’s, I’m really shocked to find out I own personal data I never asked for. Even worse, the person subscribing to my mailing list never agreed for me to have that data. A serious breach of trust (and the law).

There is more data in the export file. IP address is logged at opt in and again when confirming ones subscription. Latitude and longitude. And based on that information country and province are logged. I was under the assumption I only asked for an e-mail address and that would be the only thing on record. I was wrong.

My conclusion is that I should never have used Mailchimp in the first place for sending my automated blog digest. I exposed my readers to a data collector. I deeply apologize for that.

I am now switching to a WordPress plugin called Mailpoet. The sign-up data is stored in the database belonging to this blog. The only data I transferred from Mailchimp to my blog are e-mail addresses, as subscribers agreed to when signing up. The only extra information that is logged are IP addresses when signing up and confirming. With that data I can prove consent for signing up to anyone asking (or a subscriber to prove an e-mail address was misused for signing up). I will delete my account for IFF with Mailchimp and remove the export files on my computer.

This case clearly shows how easy it is to collect excess data. Lesson learned.

Door |2020-08-04T15:24:41+02:004 augustus 2020|datadieet, flow|1 Reactie

The curious case of Headspace turning up in my Facebook data

I downloaded my fb data and started digging in the data. The folder ads_and_businesses was my biggest interest. Not very surprising, but there is little data to go through. Five brands under ‘Who Uploaded a Contact List With Your Information’. Seven brands under ‘Your Off-Facebook Activity’. One brand on this list surprised me. Headspace. Headspace is a wonderful service to help me meditate. I’ve been a subscriber to Headspace for six years. It has been a big help to get me through rough patches in life. I pay good money for this service on a yearly basis (just under €45) so I was surprised to see Headspace participating in surveillance capitalism. Also, how could they make a match between my Headspace account and my Facebook account? Time to dive deeper into privacy policies and data collected by Headspace.

Headspace proactively shares data with Facebook, including paying customers

This is what fb logged on my Headspace behavior in the past few months. It does not seem to be a complete list.

Headspace has a well formulated privacy policy. Facebook is mentioned a couple of times.


  • Facebook profile information, such as name, email address, and Facebook ID, if you choose to log in to the Products through Facebook


  • To serve our advertisements to you through third party platforms, such as Facebook or Google, on other sites and apps or across your devices, to the extent that you have provided consent for such uses under applicable law.


  • With third parties, such as Facebook, in order to serve Headspace advertisements on such third party platforms, to the extent that you have consented to such practices under applicable law.

This means Headspace uses my profile information to advertise to me, as long as I have provided consent. I wasn’t aware of my consent, but when I logged in on the Headspace website (I normally use the iPhone app) I got noticed there was a new privacy policy to accept. I clicked through and discovered a section where I can manage my privacy settings. Not a lot of options. Just ‘personalized ads’ and ‘email offers about our partners’. Both were turned on, so I switched them off.

I have to admit after reading Headspace’s privacy policy I felt hugely disappointed. It is fine if they want to track my behaviour on their platform to create a better service, but why do they have to reveal to fb I’m a user of their service? I feel offended that Headspace gives away a tiny sliver of knowledge about me, a paying customer, to a company I’m trying hard to tell as little about me as possible. What makes things worse is that I only know about this information exchange, because I made a data request to fb and dug into the information fb has on record. Strangely enough, Headspace turns up in the data I received through the .zip-file, but there is no mentioning of Headspace on the ads preferences pages accessible when logged in. (By the way, there are more discrepancies between the info in the .zip-file and what available in your profile. That’s for another post.)

I’m already a customer, so Headspace doesn’t have to show me ads on fb. If they want to communicate with me, they have a valid email address to connect with me. The only reason I can think of they want a connection to fb through me is to reach my friends. Well, guess what. I already recommend the service to my friends, by telling them in person. Way more convincing than an ad on fb. But knowing what I know now, they make me think twice about recommending Headspace to my friends. They even make me re-evaluate whether I’ll want to renew my subscription.

In a week or two I will file a new data request with fb to see if new data on Headspace log ins showed up or not. I’ll report back on that in a few weeks, when I have a better answer to the more disturbing question:

How does Headspace know who I am on Facebook?

The curious thing about this case is that I have absolutely no idea how Headspace was able to match my Headspace id with that of my fb account. In this article fb explains how businesses can match their clients with fb users. By uploading phone numbers, which will then be encoded, businesses can serve ads to their clients using fb. Fb implies this is done using email addresses, phone numbers or other personal information. Now here’s the thing. I can’t think of a single piece of information Headspace has on me to match me with fb. I use unique email addresses for both Headspace and Facebook. That can’t provide a match. And as far to my knowledge I never provided my telephone number to Headspace. I use a nickname for my Headspace account, and payment for the service is done through paypal, again using an unique email address. So how does Headspace know what my Facebook account is? In order to find this out I sent a data request to Headspace for my full record. Perhaps they know more of me than they show me in my account information. This story will be continued.

Door |2020-07-03T13:33:02+02:003 juli 2020|datadieet, flow|0 Reacties

Time to tackle obesity, the data kind.

One of the topics I’m currently working on is how to tackle data obesity. Or rather I’m working on helping small companies and individuals stop feeding the very hungry caterpillars in this world. That is not an easy task, but I strongly believe the world will be a bit better when our personal data is treated with the utmost respect. Most people are sort of aware of this notion, but have no idea where to start. That’s the void I’m aiming to fill.

There are two main themes that I need to address: data ownership and social connection. The data ownership part is pretty straightforward. There are good services available to store your data in a self-hosted cloud, including open source tools to collaborate online. Generally speaking these services are very affordable for even the smallest businesses.

But then the social connection part. Connecting to others online without using the hungriest caterpillar of them all is the tricky part. I want to encourage people to stop using facebook. There. I said it. I’m going to climb the Mount Everest wearing shorts and sandals. On the one hand impossible. On the other hand, absolutely necessary.

Over the years there have been so many twists and turns of this company that it’s hard to begin to explain why I feel the need to show others the non-facebook road. To unravel my thinking I started a map. I wrote down arguments, patterns, concerns and everything else that came to mind when I think about facebook. I also started working on a path towards the other world. The world where we take ownership of our social connections and the data that comes with it. That world exists, but the journey there will be through rough terrain. We will lose some weight along the way and even though for some that will feel like losing themselves a little, as a group we will become healthier.

The map I show you here is by far a finished document. There are many things that I need to research before I can write about it. But writing about it I will. A lot. If you want to chip in with ideas or (re)sources, feel free to connect with me. Leave a comment below, or send me an e-mail.

Door |2020-06-24T15:37:37+02:0024 juni 2020|datadieet, flow|0 Reacties

Too dry and too wet (58)

We have an interesting situation in this tiny country at the end of the rivers. Too much water, and too little still. Too much water due to endless showers, too little due to two dry summers.

I was curious what the current situation is. Surely there must be data available. A quick search led me to the site It has the option to show some visualisations of average drought for the last month, quarter, half year and year.

The most recent data available was last Friday.

You can clearly see there are some parts still too dry, despite all the rain that fell. This week has seen even more rain.

When you consider where we come from, it’s good to know that most areas recovered from two extreme dry summers.

At the same time our water authorities in the north are busy pumping surplus water into the IJsselmeer and the Waddenzee and some rivers flow beyond their usual borders. It is a weird mix of news around water management in our country this year. But I’ve accepted there is no normal when we’re talking about weather any more.

Door |2020-02-27T14:22:50+02:0027 februari 2020|366, flow|0 Reacties

Lokke Moerel over online privacy

Vandaag viel mijn oog op een interview in de Volkskrant met Lokke Moerel van vorig december. Heerlijk hoe zij van leer trekt over de cookiemuur van de Volkskrant zelf.

‘Jullie schrijven geregeld kritisch over grote techbedrijven die onze privacy te grabbel gooien. Terecht. Maar dan nu de site van de Volkskrant, die heeft een cookiemuur, waardoor ik alleen op de site kan als ik alle cookies accepteer. De krant plaatst vervolgens tientallen cookies die informatie, zoals welke artikelen ik lees, doorsluist naar externe advertentiebedrijven, waaronder die van Google en Facebook. Na eerdere kritiek hebben jullie nu een cookieverklaring, onderaan verstopt, met een link waar een betalende abonnee de digitale versie van de papieren krant kan lezen, zonder dat tracking cookies worden geplaatst. Zelfs de abonnee die deze optie vindt, moet dus nog steeds naar de website voor het laatste nieuws, en heeft daar geen optie de tracking cookies uit te zetten. Het is in strijd met de wet, maar ik vind het vooral Volkskrant onwaardig. Wél kritisch schrijven over Cambridge Analytica en Facebook, maar ondertussen zelf alle informatie van bezoekers van jullie site klakkeloos doorgeven.’

Lokke Moerel over de cookiemuur van de Volkskrant, ín de Volkskrant.

De rest van het artikel is ook zeer de moeite waar om te volgen. In het kader van sterke vrouwen, hier is er weer één.

Door |2020-02-03T13:15:46+02:003 februari 2020|flow, vrouw|0 Reacties

On biased data sets & AI

Yesterday, I attended a series of presentations, organized by CCU, on AI and data from a feminist perspective. Or rather, from the acknowledgement that datasets are never neutral.

I especially enjoyed listening to Caroline Sinders and Hannah Davis. They shared interesting thoughts and examples that I’d like to share with you here.

Caroline Sinders

I am a machine learning designer/user researcher, artist, and digital anthropologist obsessed with language, culture and images.

Caroline Sinders

Caroline referred to the library of missing data sets, an art project from Mimi Onuoha. It’s a filing cabinet filled with missing data sets in a data saturated environment. I love this project!

She showed a screen capture from a google search. One is on the term “professional haircut” the other from “unprofessional haircut”. You can probably guess which images represent the unprofessional results.

Screen capture from two google searches: “unprofessional haircut” versus “professional haircut”

Caroline’s own project, the feminist data set, is also a very cool project to investigate.

During the Q&A, she got a bit more specific about using AI to counter online abuse on the big social networking platforms. Caroline made a very good point that AI will not offer a solution, since the real problem lies with the content moderators. Every post that is being marked will be reviewed by moderator and does so without context and often based on a different world view than the person marking something as harassment, simply based on the fact that the moderator probably lives in a different country and culture. You can’t blame them for that, they just lack the right tools to do their job properly.

Hannah Davis

I’m a generative musician and researcher based in NYC. My work generally falls along the lines of music generation, composing, machine learning, and natural language processing.

Hannah Davis

Hannah explained that she has been using data sets for her project TransProse, in which she translates literature into music. For instance this is the basic emotion captured in Le Petit Prince:

When she dug into the data sets she found this:

Childbirth is classified as an emotionless event in the data set

Childbirth was classified as without any emotion. This is a very obvious example how data sets are not neutrally created. Hannah raised the question what type of world view a data set creates?

She argues that all data sets are created with bias, especially when you look at data sets that are created at one point in history and then still being used half a century later. Classifications from fifty years ago might not reflect current world views.

The problem with many data sets is that it takes a lot of effort to create them, therefore we use them for a long time, sometimes without proper updating. Hannah pleas for two things being attached to data sets: a list of ingredients (like we have on our food) and an expiration date.

Door |2019-12-13T15:10:13+02:0013 december 2019|flow, vrouw|8 Reacties
Laad meer berichten
Go to Top