Recent detentions and seizures of phones and other material from travelers to the United States have sparked alarm. Below, ProPublica details what powers US Customs and Border Protection officials have over you and your devices.

A NASA scientist heading home to the US said he was detained in January at a Houston airport, where US Customs and Border Protection (CBP) officers pressured him for access to his work phone and its potentially sensitive contents. Last month, CBP agents checked the identification of passengers leaving a domestic flight at New York’s John F. Kennedy Airport during a search for an immigrant with a deportation order. And in October, border agents seized phones and other work-related material from a Canadian photojournalist. They blocked him from entering the US after he refused to unlock the phones, citing his obligation to protect his sources. These and other recent incidents have revived confusion and alarm over what powers border officials actually have and, perhaps more importantly, how to know when they are overstepping their authority.

The unsettling fact is that border officials have long had broad powers — many people just don’t know about them. Border officials, for instance, have search powers that extend 100 air miles inland from any external boundary of the US. That means border agents can stop and question people at fixed checkpoints dozens of miles from US borders. They can also pull over motorists whom they suspect of a crime as part of “roving” border patrol operations.

Sowing even more uneasiness, ambiguity around the agency’s search powers — especially over electronic devices — has persisted for years as courts nationwide address legal challenges raised by travelers, privacy advocates and civil-rights groups. We dug out answers about the current state-of-play when it comes to border searches, along with links to more detailed resources:

Doesn’t the Fourth Amendment protect people from “unreasonable searches and seizures”? 
Yes. The Fourth Amendment to the US Constitution articulates the “right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.” However, those protections are lessened when entering the country at international terminals at airports, other ports of entry and subsequently any location that falls within 100 air miles of an external US boundary.

How broad is Customs and Border Protection’s search authority?
According to federal statutes, regulations and court decisions, CBP officers have the authority to inspect, without a warrant, any person trying to gain entry into the US, and their belongings. CBP can also question individuals about their citizenship or immigration status and ask for documents that prove admissibility into the country.

This blanket authority for warrantless, routine searches at a port of entry ends when CBP decides to undertake a more invasive procedure, such as a body cavity search. For these kinds of actions, the CBP official needs to have some level of suspicion that a particular person is engaged in illicit activity, not simply that the individual is trying to enter the US.

Does CBP’s search authority cover electronic devices like smartphones and laptops?
Yes. CBP refers to several statutes and regulations in justifying its authority to examine “computers, disks, drives, tapes, mobile phones and other communication devices, cameras, music and other media players, and any other electronic or digital devices.”

According to current CBP policy, officials should search electronic devices with a supervisor in the room, when feasible, and also in front of the person being questioned “unless there are national security, law enforcement, or other operational considerations” that take priority. For instance, if allowing a traveler to witness the search would reveal sensitive law enforcement techniques or compromise an investigation, “it may not be appropriate to allow the individual to be aware of or participate in a border search,” according to a 2009 privacy impact assessment by the US Department of Homeland Security.

CBP says it can conduct these searches “with or without” specific suspicion that the person who possesses the items is involved in a crime.

With a supervisor’s sign-off, CBP officers can also seize an electronic device — or a copy of the information on the device — “for a brief, reasonable period of time to perform a thorough border search.” Such seizures typically shouldn’t exceed five days, although officers can apply for extensions in up to one-week increments, according to CBP policy. If a review of the device and its contents does not turn up probable cause for seizing it, CBP says it will destroy the copied information and return the device to its owner.

Can CBP really search my electronic devices without any specific suspicion that I might have committed a crime?
The Supreme Court has not directly ruled on this issue. However, a 2013 decision from the US Court of Appeals for the Ninth Circuit — one level below the Supreme Court — provides some guidance on potential limits to CBP’s search authority.

In a majority decision, the court affirmed that cursory searches of laptops — such as having travelers turn their devices on and then examining their contents — does not require any specific suspicions about the travelers to justify them.

The court, however, raised the bar for a “forensic examination” of the devices, such as using “computer software to analyze a hard drive.” For these more powerful, intrusive and comprehensive searches, which could provide access to deleted files and search histories, password-protected information and other private details, border officials must have a “reasonable suspicion” of criminal activity — not just a hunch.

As it stands, the 2013 appeals court decision legally applies only to the nine Western states in the Ninth Circuit, including California, Arizona, Nevada, Oregon and Washington. It’s not clear whether CBP has taken the 2013 decision into account more broadly: the last time the agency publicly updated its policy for searching electronic devices was in 2009. CBP is currently reviewing that policy and there is “no specific timeline” for when an updated version might be announced, according to the agency.

“Laptop computers, iPads and the like are simultaneously offices and personal diaries. They contain the most intimate details of our lives,” the court’s decision said. “It is little comfort to assume that the government — for now — does not have the time or resources to seize and search the millions of devices that accompany the millions of travelers who cross our borders. It is the potential unfettered dragnet effect that is troublesome.”

During the 2016 fiscal year, CBP officials conducted 23,877 electronic media searches, a five-fold increase from the previous year. In both the 2015 and 2016 fiscal years, the agency processed more than 380 million arriving travelers.

Am I legally required to disclose the password for my electronic device or social media, if CBP asks for it?
That’s still an unsettled question, according to Liza Goitein, co-director of the Liberty and National Security Program at the Brennan Center for Justice. “Until it becomes clear that it’s illegal to do that, they’re going to continue to ask,” she said.

The Fifth Amendment says that no one shall be made to serve as “a witness against himself” in a criminal case. Lower courts, however, have produced differing decisions on how exactly the Fifth Amendment applies to the disclosure of passwords to electronic devices.

Customs officers have the statutory authority “to demand the assistance of any person in making any arrest, search, or seizure authorized by any law enforced or administered by customs officers, if such assistance may be necessary.” That statute has traditionally been invoked by immigration agents to enlist the help of local, state and other federal law enforcement agencies, according to Nathan Wessler, a staff attorney with the ACLU’s Speech, Privacy and Technology Project. Whether the statute also compels individuals being interrogated by border officials to divulge their passwords has not been directly addressed by a court, Wessler said.

Even with this legal uncertainty, CBP officials have broad leverage to induce travelers to share password information, especially when someone just wants to catch their flight, get home to family or be allowed to enter the country. “Failure to provide information to assist CBP may result in the detention and/or seizure of the electronic device,” according to a statement provided by CBP.

Travelers who refuse to give up passwords could also be detained for longer periods and have their bags searched more intrusively. Foreign visitors could be turned away at the border, and green card holders could be questioned and challenged about their continued legal status.

“People need to think about their own risks when they are deciding what to do. US citizens may be comfortable doing things that non-citizens aren’t, because of how CBP may react,” Wessler said.

What is some practical advice for protecting my digital information?
Consider which devices you absolutely need to travel with, and which ones you can leave at home. Setting a strong password and encrypting your devices are helpful in protecting your data, but you may still lose access to your devices for undefined periods should border officials decide to seize and examine their contents.

Another option is to leave all of your devices behind and carry a travel-only phone free of most personal information. However, even this approach carries risks. “We also flag the reality that if you go to extreme measures to protect your data at the border, that itself may raise suspicion with border agents,” according to Sophia Cope, a staff attorney at the Electronic Frontier Foundation. “It’s so hard to tell what a single border agent is going to do.”

The EFF has released an updated guide to data protection options here.

Does CBP recognize any exceptions to what it can examine on electronic devices?
If CBP officials want to search legal documents, attorney work product or information protected by attorney-client privilege, they may have to follow “special handling procedures,” according to agency policy. If there’s suspicion that the information includes evidence of a crime or otherwise relates to “the jurisdiction of CBP,” the border official must consult the CBP associate/assistant chief counsel before undertaking the search.

As for medical records and journalists’ notes, CBP says its officers will follow relevant federal laws and agency policies in handling them. When asked for more information on these procedures, an agency spokesperson said that CBP has “specific provisions” for dealing with this kind of information, but did not elaborate further. Questions that arise regarding these potentially sensitive materials can be handled by the CBP associate/assistant chief counsel, according to CBP policy. The agency also says that it will protect business or commercial information from “unauthorized disclosure.”

Am I entitled to a lawyer if I’m detained for further questioning by CBP?
No. According to a statement provided by CBP, “All international travelers arriving to the U.S. are subject to CBP processing, and travelers bear the burden of proof to establish that they are clearly eligible to enter the United States. Travelers are not entitled to representation during CBP administrative processing, such as primary and secondary inspection.”

Even so, some immigration lawyers recommend that travelers carry with them the number for a legal aid hotline or a specific lawyer who will be able to help them, should they get detained for further questioning at a port of entry.

“It is good practice to ask to speak to a lawyer,” said Paromita Shah, associate director at the National Immigration Project of the National Lawyers Guild. “We always encourage people to have a number where their attorney can be reached, so they can explain what is happening and their attorney can try to intervene. It’s definitely true that they may not be able to get into the actual space, but they can certainly intervene.”

Lawyers who fill out this form on behalf of a traveler headed into the United States might be allowed to advocate for that individual, although local practices can vary, according to Shah.

Can I record my interaction with CBP officials?
Individuals on public land are allowed to record and photograph CBP operations so long as their actions do not hinder traffic, according to CBP. However, the agency prohibits recording and photography in locations with special security and privacy concerns, including some parts of international airports and other secure port areas.

Does CBP’s power to stop and question people extend beyond the border and ports of entry?
Yes. Federal statutes and regulations empower CBP to conduct warrantless searches for people travelling illegally from another country in any “railway car, aircraft, conveyance, or vehicle” within 100 air miles from “any external boundary” of the country. About two-thirds of the US population live in this zone, including the residents of New York City, Los Angeles, Chicago, Philadelphia and Houston, according to the ACLU.

As a result, CBP currently operates 35 checkpoints, where they can stop and question motorists traveling in the US about their immigration status and make “quick observations of what is in plain view” in the vehicle without a warrant, according to the agency. Even at a checkpoint, however, border officials cannot search a vehicle’s contents or its occupants unless they have probable cause of wrongdoing, the agency says. Failing that, CBP officials can ask motorists to allow them to conduct a search, but travelers are not obligated to give consent.

When asked how many people were stopped at CBP checkpoints in recent years, as well as the proportion of those individuals detained for further scrutiny, CBP said they didn’t have the data “on hand” but that the number of people referred for secondary questioning was “minimum.” At the same time, the agency says that checkpoints “have proven to be highly effective tools in halting the flow of illegal traffic into the United States.”

Within 25 miles of any external boundary, CBP has the additional patrol power to enter onto private land, not including dwellings, without a warrant.

Where can CBP set up checkpoints?
CBP chooses checkpoint locations within the 100-mile zone that help “maximize border enforcement while minimizing effects on legitimate traffic,” the agency says.

At airports that fall within the 100-mile zone, CBP can also set up checkpoints next to airport security to screen domestic passengers who are trying to board their flights, according to Chris Rickerd, a policy counsel at the ACLU’s National Political Advocacy Department.

“When you fly out of an airport in the southwestern border, say McAllen, Brownsville or El Paso, you have Border Patrol standing beside TSA when they’re doing the checks for security. They ask you the same questions as when you’re at a checkpoint. ‘Are you a US citizen?’ They’re essentially doing a brief immigration inquiry in the airport because it’s part of the 100-mile zone,” Rickerd said. “I haven’t seen this at the northern border.”

Can CBP do anything outside of the 100-mile zone?
Yes. Many of CBP’s law enforcement and patrol activities, such as questioning individuals, collecting evidence and making arrests, are not subject to the 100-mile rule, the agency says. For instance, the geographical limit does not apply to stops in which border agents pull a vehicle over as part of a “roving patrol” and not a fixed checkpoint, according to Rickerd of the ACLU. In these scenarios, border agents need reasonable suspicion that an immigration violation or crime has occurred to justify the stop, Rickerd said. For stops outside the 100-mile zone, CBP agents must have probable cause of wrongdoing, the agency said.

The ACLU has sued the government multiple times for data on roving patrol and checkpoint stops. Based on an analysis of records released in response to one of those lawsuits, the ACLU found that CBP officials in Arizona failed “to record any stops that do not lead to an arrest, even when the stop results in a lengthy detention, search, and/or property damage.”

The lack of detailed and easily accessible data poses a challenge to those seeking to hold CBP accountable to its duties.

“On the one hand, we fight so hard for reasonable suspicion to actually exist rather than just the whim of an officer to stop someone, but on the other hand, it’s not a standard with a lot of teeth,” Rickerd said. “The courts would scrutinize it to see if there’s anything impermissible about what’s going on. But if we don’t have data, how do you figure that out?”

Patrick G. Lee reports for ProPublica, a Pulitzer Prize-winning investigative newsroom. Sign up for ProPublica’s newsletter to read more great reporting in the public interest.

Tips on how to protect yourself.

At the American Civil Liberties Union, privacy researcher Christopher Soghoian (TED Talk: How to avoid surveillance … with the phone in your pocket) spends much of his time thinking about how individuals can protect themselves from spying. Last year, he recorded a Facebook Live conversation with his fellow TED Fellow, Will Potter (TED Talk: The secret US prisons you’ve never heard of before) — an investigative reporter who specializes in covering dissident politics and culture. Read on for their tips about how to protect your online privacy and security:

Will Potter: If I don’t have anything to hide, why should I be concerned about privacy or security, anyway?

Christopher Soghoian: I hear this all the time from people, and you know, I think many of us do have something to hide. We may not all be worried about the government, but there are things we may not want our employers or members of our families to know. We have curtains in front of our windows, we wear clothes, we get prescription medications, and we have components to our lives that we don’t reveal to everyone we know. Children may not be worried about the government, but they may not want the principal at their school to know what they’re interested in or who they’re talking to.

The concept of privacy is more nuanced than just, “do I care about my privacy or not?” It’s, “who am I worried about? Who am I trying to protect my information from?” Yes, every once in a while, you find someone who has truly no secrets, but there are plenty of other people who do have things to hide, and we shouldn’t flush privacy down the toilet because a few people are privileged enough to have nothing to worry about.

What are the top few things we should all do to protect our basic information?

There are some general tips that I would recommend for everyone. The most basic one, and the tip that is really the best bang-for-buck when it comes to privacy, is putting a sticker or a Band-Aid over your webcam on your laptop. When I first started researching privacy and surveillance, I was shocked to learn the capabilities of the many software tools that people can buy online and install surreptitiously on someone’s computer. The ease with which someone can take over your webcam, turn on the camera and have it surreptitiously collect video footage even without the light on the camera turning on is really staggering.

And while I hope that one day we will have computers that are secure enough that they can protect us from that, when you put a sticker or Band-Aid over the camera, you don’t have to worry about that any more. Now you’re not trusting the security of your operating system or the security of your computer, you’re trusting the fact that there’s something physical between the lens and you.

Would you suggest covering up the microphone as well?

Certainly there is spying software that is both commercially available and used by governments that can remotely enable the microphone either in a smartphone or in a laptop when it’s not being used. The problem with the sticker approach is that a sticker over the microphone doesn’t actually work that well. The folks I know who are truly paranoid either put hot glue in the microphone port, or they will actually open up their laptop and cut the wire. Now you know, I’m not going to recommend invasive laptop surgery for the layperson. But it’s really hard to protect the microphone on your device. There’s no easy sticker-thing you can do for the microphone.

So if you’re worried about sensitive conversations being picked up with a hacked microphone, the best thing to do is to leave that phone out of your bedroom. If you’re having a private conversation in your office, leave the phone outside. Maybe you don’t need to take that phone into the bathroom. There are places that maybe we shouldn’t have microphones.

Okay, so how likely is it that I’m actually being watched if I’m just a regular person going about my life?

The first thing you really need to think about is, who am I worried about? Depending on where you live, your socioeconomic status and your race, maybe you’re less worried about the police. But there are plenty of law-abiding African-Americans and Latino-Americans who have good reason to be worried about the police, even though they’re just regular, tax-paying, law-abiding individuals.

Then again, maybe you’re worried about your employer watching what you’re doing or what you’re saying. Maybe you’re worried about advertisers tracking you as you surf the web. You visit a page on WebMD because you’re worried about some potential disease you might have, and then two weeks later, you see a popup advertisement for a related medication. Maybe someone harassed you in the past, either in person or over the internet, and you’re now worried this person may be furthering that stalking through technology. The first question to ask is, who is out there that I’m worried about — and then what can I do to limit their access to my information?

You’ve talked about how the encryption tools that are built into certain devices are disproportionately favoring privileged populations over others. Can you explain a little bit more about what that means, and the repercussions that that has?

Sure. In a nutshell, Apple has spent a lot of time and money to build security features into mobile products such as the iPhone and the iPad. Those devices encrypt data by default, which means that if you have a password on your device and someone tries to get into it, they’re going to have a really difficult time, whether that someone is an employer, your partner or a government agency, Apple devices are really, really secure.

Separately, Apple devices automatically encrypt text messages sent by one person with an iPhone to another person with an iPhone, which means if the police are investigating you, and they go to Verizon or AT&T and they say, “hey, last week Will and Chris exchanged messages, can we get a copy of them?” AT&T or Verizon will say they don’t have them, because the messages are transmitted in a way that the phone companies cannot read them.

For Apple’s customers, this is a great thing — but Apple devices are expensive. Not everyone can afford to spend $600 on a smartphone. With its $50, $100 Android phones, Google is really killing it at the lower end of the smartphone market, and unfortunately, the security of Android is really lacking in comparison.

This isn’t just a privacy issue or a cyber-security issue. It’s really an issue of equality and racial justice, because if the poor and vulnerable in our societies are using devices that do nothing to protect them from surveillance, and the rich and powerful are using devices that make them essentially off-limits to the government, that creates a system of surveillance inequality, and further perpetuates the existing problems of inequality that we have in our society.

What advice do you have for teens and young people online today?

I’m not a teenager anymore, and I haven’t been a teenager in a while. I don’t know what it’s like to be a teenager in this modern world, but I have to imagine it’s truly terrifying. But one thing I hear over and over again when I talk to adults is this feeling that young people don’t care about privacy, and how awful that is.

And that’s actually not true, and some amazing research has been done on this by academic experts. danah boyd has a book about how teenagers use technology, and how teenagers view privacy, and her big insight is that yes, teenagers are not concerned about the FBI or the NSA, but they are concerned about their teachers, their principals and their parents. And teenagers are so good at protecting their privacy, they’re so good at hiding sensitive information from their teachers and their parents, that their adults think they’re not taking any actions at all. They’re basically hiding in plain sight.

So if you are a parent, and you’re worried that your kids are sharing more information online than you think they should be, I think you’ll be surprised at how tech-savvy and privacy-savvy many kids are. And I think the massive popularity of services like Snapchat, which delete messages after a very short period of time, demonstrates that kids inherently get the harm that comes from the long-term retention of data. We’ve all been idiotic children at one point, and some of us have done idiotic things later in our lives too. When technology captures that and saves it forever, we can be haunted by those stupid things. I think kids using services like Snapchat are super smart, because they shouldn’t be haunted for the rest of their lives because of something they say or do when they’re 16.

How heavily are social media platforms like Facebook and Twitter used for surveillance by governments and organizations?

There are two types of surveillance of social media that we should be thinking about. One is surveillance of private communications, and one is surveillance of what you might call public communications. So if you have a public Twitter profile, and anyone can follow you, there are still going to be companies and governments that want to see that information. And there are so many people tweeting every day that it’s actually difficult for these large organizations to focus on individual things.

Now Twitter has had a very difficult time making money, and one of the ways that Twitter makes money is by selling access to what’s called the firehose: they basically sell bulk access to every tweet. And then analytics companies come in, mine the tweet stream and sell data to companies and governments that want it. There are companies that say they can predict social uprisings or major, world-changing events before CNN has even reported them. A few months ago, Twitter announced they would no longer sell this data to the CIA. But the Department of Homeland Security is still a subscriber.

So that’s the public surveillance. But all of the tech companies also routinely receive demands for private user data from government agencies in the US and from abroad. To their credit, Facebook, Google, Twitter and all these big tech companies publish an annual transparency report revealing how many requests they’ve received. And I’m not blaming the companies for this. In many ways, if they have data, they’re required to turn it over to governments when those governments satisfy legal requirements. But what is clear from these transparency reports is that governments in the US and elsewhere have an enormous appetite for data.

The last thing I’ll add is that there is an extremely common practice, particularly in schools, for police officers who are posted in those schools to create fake Facebook accounts — friends, students — in order to try and learn what’s going on. They’re not submitting a court order and demanding data from Facebook; they’re tricking the students into sharing their data.

Law enforcement has been using this against political activists as well, increasingly.

For sure. And there are a number of Black Lives Matter activists, Tea Party groups and others who are worried they are being surveilled. It’s really hard when you’re organizing a social movement that anyone can join. How do you know if the person who’s seeking to join is truly an interested individual who wants to change the world, or an undercover law enforcement agent?

Right — how do you be inclusive, while also being safe? So is there any kind of software that might be useful in tackling or detecting unwanted surveillance?

One of the most interesting things for me is that the best practices for security that are followed by experts are so different from the best practices followed by laypeople. So none of the experts that I know, myself included, use antivirus software. We think of antivirus software, essentially, as a scam that’s designed to take money from consumers who don’t know any better. Whereas if you ask the average person what they should do to protect themselves from viruses, the first thing they’ll say is, “antivirus.”

Ask a regular person what kind of password they should have and the layperson would say they’re supposed to have uppercase and lowercase and numbers and special symbols. The expert says you should have a bunch of words, they can all be lowercase. Have a password that’s three or four words long, and the words should have nothing to do with each other. It shouldn’t be lyrics from a song, but it should be easy to type and easy to remember.

We never hear that! A lot of websites now will prompt you and say you have to have X number of numbers and characters and whatever.

And that’s super infuriating. And, you know, we live in a world now where it seems like there are data breaches every week. So if you are using the same password to access multiple websites, it’s only a matter of time before one of your passwords gets hacked. And there’s no way for a human being to remember 50 different unique passwords; our brains don’t work that way.

So I recommend the use of tools like password managers where you install the tool and then it creates random, long passwords for every website you visit. It enters them automatically into the sites you visit, so you don’t have to remember any of that stuff, you just need the one passphrase for the password manager. There are several out there: LastPass, 1Password, KeePass. I don’t really care which one you use, but use one of them.

Okay. So if you don’t do any of this, and then something happens and you get hacked or lose your information, what steps should you take?

It’s really hard to recover after a hack. In the US and in many other countries, laws are really built around data breaches in which financial information is stolen. So you can put a fraud alert on your credit file. You can ask your banks to send you new credit card numbers, and in many cases the banks will know if your card is hacked before you will. But that, in many ways, is a system that is built around the kinds of hacks that we had two or three years ago, where it was just financial information that was being stolen.

Today, you have forums like Ashley Madison, a dating website for people who are engaging in nontraditional relationships, in many cases outside of marriage. Or there are websites for people with some kind of sensitive medical condition. You can get a new credit card number, you can even get a new Social Security number, but you cannot establish an entirely new life, and if the first Google result for your name is that sensitive medical result from a test that got hacked, you’re toast. If you have photographs of yourself without clothing that are hacked and put online, and the first Google result for your name is a nude photo of you, that’s going to haunt you for the rest of your life. Every future job interview, your employer’s going to type your name in and see this information.

We don’t really have a way to deal with breaches of non-financial information, and in many ways, the financial ones are the easiest to deal with — it’s a pain in the butt, you get some new cards. But in all countries around the world it seems like hospitals are moving towards electronic health records, and it’s terrifying. I’ve been in the situation where I’m filling out an intake form at the doctor and I’m wondering how much of my medical history I actually want to disclose. Normally, I want my doctor to know everything possible so they can help me, but now I’m asking myself what exactly I want to tell this doctor, because I’m worried that at some point down the line this doctor might get hacked, and all my stuff will be online.

It sounds like fundamentally we need better education about privacy, technology, and how to be smart from the start.

In the same way that it would be great if we taught financial literacy to young people in schools, I think it would be great if we taught digital security and privacy. I think kids do figure out privacy, but they don’t always get all the details right, and I think the threats that are out there are so real that everyone would be helped by learning a little bit more about privacy and security.

Would we be safer if we used open-source software like Linux or Mozilla?

Open-source software is not always more secure. There’s this idea that the more people who can look at software, the easier it is to find the bugs — and that hasn’t actually shown to be true. Flaws can hide in plain sight for long periods of time. In many cases, what affects the quality of the software, what affects the security of a tool, is more about how many people are working on it. If you have one tool made by a volunteer, it may be less secure than a tool made by 50 people who were getting paid to do it full time. So while the Firefox browser is probably more privacy-preserving, it is actually less secure than Chrome.

It’s unfortunate that we have to choose between which browser is more secure and which browser is more private, that we cannot have one that does both. I mean, Google is the largest advertising company in the world. It shouldn’t be a surprise to anyone that the web browser given away for free by the largest advertising company in the world is not going to protect you from other advertising companies, or companies including Google, online. Chrome facilitates that mass delivery of your personal data to every advertiser when you browse the web. You leave a trail of data behind you when you browse with Chrome. At the same time, the Chrome team does a great job of keeping you secure from hackers. And so you sort of have to pick your poison: are you more worried about being hacked, or are you more worried about online advertisers tracking what you’re doing online?

When you set your security settings on Facebook or on social media to allow only certain people to see what you’ve posted, is that stuff still being recorded or monitored or open to surveillance, despite you trying to stop it from blasting out to the world?

Privacy settings really only control the distribution of information through the platform. The privacy settings do not stop Facebook’s ability to collect and retain data, and they don’t stop Facebook’s ability to turn over your data to the government if the government asks for it. Separately, I think many people think that Facebook is only watching what they’re doing when they’re on Facebook. That is a huge misconception. Everywhere you see a Like button on the internet, Facebook is watching you. Think of the Like button, in many ways, as a pair of eyes. [Editor’s note: At this point in the Facebook Live conversation, all “likes” stopped cold … before starting up again about ten seconds later.]

Newspapers and blogs have Like buttons so that you can like an article. What that means is that Facebook has this view of what you’re doing online. They know which articles you’re reading, they know which videos you’re watching, they know which content you’re looking at. And so they can pool this information, and then monetize it and use it to deliver ads to people that the company thinks are more relevant. But what that also means is that Facebook has truly unparalleled access to information about the kinds of people we are, what makes us tick, what makes us happy, what makes us sad. That’s information that they leverage for advertising purposes. It’s also information that governments or divorce lawyers could come and ask for really at any moment.

To learn something new every week, sign up here for the TED-Ed Newsletter.