← DataFolks
Chapter 5 Seedling 7 min read

When Datafolk Are Copied

Your datafolk escapes. This chapter follows what happens during leaks, breaches, identity theft, and deepfakes, why 'anonymous' data so often isn't, and why a digital mistake can outlive the moment it was made.

A physical object can only be in one place at a time. Steal someone’s bicycle and they no longer have a bicycle; the theft is at least honest about itself.

Data does not work this way, and almost every strange thing in this chapter follows from that single fact. When your datafolk is “stolen”, nothing leaves. The original sits exactly where it was. What the thief takes is a copy, perfect, weightless, and indistinguishable from the source. You can be robbed and lose nothing you can see, which is precisely why you so often don’t notice until the copy turns up wearing your name.

A copy is as good as the original. That is the whole problem.

The Boundary Breaks, Not the Data

Up to now, your datafolk has at least stayed roughly where it was put, in the bank’s system, the app’s database, the government’s registry. A data breach When data escapes the place it was supposed to stay — through a hack, a leak, a misconfigured server, or an employee with a USB stick. is the moment that boundary fails.

The failure is rarely cinematic. The popular image is a hooded genius breaking encryption in the dark. The reality is usually duller and sadder: a server left open to the internet with no password, a database backup uploaded to the wrong place, a contractor with more access than they needed, a phishing email that one tired employee clicked at the end of a long shift. The data itself never resists. It simply finds itself on the other side of a wall that was supposed to hold.

India has had its share, and one example is worth stating carefully because it became a national debate. In 2018, The Tribune reported that, for a few hundred rupees, reporters were able to obtain access that returned demographic details for Aadhaar numbers, the database that anchors over a billion datafolk.3 The authority disputed the framing and the severity, and the precise mechanics were argued over for months. But the episode taught the public a lesson that no official statement could un-teach: the danger of putting everyone’s identity in one system is that one failure copies everyone at once. Centralisation is convenient in exactly the way it is dangerous.

”Anonymous” Is Usually Temporary

Here is the reassurance you have been given a hundred times: don’t worry, the data is anonymised. Your name was removed. You are just a row of numbers now. No one can tell it’s you.

It is, unfortunately, one of the most over-promised words in all of technology.

The problem is data linkage Joining two datasets by what they share — a date, a pin code, a device. Each one alone tells you little; together they can tell you everything. . A dataset stripped of names is not anonymous; it is merely waiting. The moment you line it up against one other dataset that shares even a little, a timestamp, a pin code, a pattern of behaviour, the names snap back into place. The researcher Latanya Sweeney demonstrated the bones of this decades ago: a striking majority of people could be uniquely identified from just three “harmless” facts, their date of birth, their sex, and their postal code.1 None of those is your name. Together, they usually are.

It gets worse the richer the data. When Netflix released a giant “anonymised” set of film ratings for a competition, two researchers showed that by matching the rating patterns against publicly visible reviews elsewhere, individual subscribers could be picked back out, along with the films they had quietly watched.2 Nobody’s name was in the data. Their behaviour was, and behaviour turns out to be a fingerprint.

This is the chapter’s second hard lesson: anonymous data is often just data that has not been re-linked yet. Re-identification Putting a name back onto data that had its name removed — usually by linking it to one other dataset. is not a rare exploit. It is the default fate of detailed data, given one more dataset and someone with a reason.

Stealing You No Longer Requires Stealing From You

The classic con was to take something you had, your card number, your OTP, your password. That con is alive and well in India: the “your KYC will expire today” message, the fake bank call that walks you through your own UPI PIN, the SIM-swap that quietly moves your number, and your OTPs, to someone else’s phone. These work because they copy one crucial fragment of your datafolk and use it before you notice.

But the frontier has moved somewhere stranger. Increasingly, a criminal does not need to steal from you at all. They can assemble a synthetic identity A fake person stitched together from real pieces — a genuine number here, a real address there, a face generated by a model. : a person who never existed, built from a real leaked address, a real-looking document, and a face that no human owns because a model generated it. The fake is hard to catch precisely because most of its pieces are true.

And then there is your face and your voice, which you have always assumed were yours alone. A deepfake Audio or video of a real person doing or saying something they never did, generated by a model trained on footage of them. is your datafolk learning to perform. Trained on a few minutes of real footage, a model can produce video of you saying things you never said, or a voice clone convincing enough to call a parent and ask, in your voice, for money in an emergency. India has already seen deepfaked celebrities used to sell scams and deepfaked politicians deployed during elections. The technology does not care whose face it wears. Your likeness, it turns out, is just one more kind of data, and data can be copied.

Data Does Not Forget

Run all of this forward and you arrive at the property that makes digital harm different in kind from the physical sort.

A house fire is a catastrophe, but it has an end. The thing burns, and then it is gone. A leak has no such mercy. Once a copy of your datafolk is loose, it cannot be recalled, deleted everywhere, or burned. It is downloaded, re-uploaded, merged into other databases, traded on forums, and quietly stored on machines you will never find. A breach is not an event that happens and finishes. It is permanent in a way a fire is not.

This is why a mistake in a digital system can outlive the moment it was made by years. A password you reused in 2016 surfaces in a breach in 2024 and unlocks an account you forgot you had. A photo you deleted persists in someone’s backup. A “private” message becomes a screenshot becomes evidence. Your datafolk, as we said in the very first chapter, doesn’t forget, and now we can see the sharp edge of that: neither does anyone who has ever copied it.

Why This Matters

It would be easy to end here in pure dread, and this is exactly the point in the genre where most books do. This one will not, because dread is not literacy and it is not useful. Yes, your datafolk can be copied, and yes, the copy is permanent. But understanding how the copying happens changes what you do about it in concrete, undramatic ways.

You stop reusing the one password. You treat “your KYC will expire” with the contempt it deserves. You assume that “anonymised” means “not yet re-linked”, and you share accordingly. You believe a panicked voice on the phone slightly less, and call back to check. None of these are heroic. All of them work, because most copying succeeds not through brilliance but through our assumption that a copy must announce itself. It doesn’t. It just shows up later, wearing your name.

In the next chapter, finally, the datafolk fights back. We turn from the ways it is taken to the ways it can be defended, the locks, the disguises, and the quiet mathematics of keeping a secret in a world built for copying.


Next: Shields, Locks, and Disguises, where your datafolk learns to protect itself, with encryption, anonymity, and the underrated power of saying no.

Reference

Glossary

Data Breach
When data escapes the place it was supposed to stay, through a hack, a leak, a misconfigured server, or an employee with a USB stick and a side income. The data does not break. The boundary around it does.
Re-identification
Putting a name back onto data that had its name removed. The uncomfortable discovery of modern privacy: 'anonymised' is usually a temporary state, undone the moment the dataset is linked to one other dataset.
Data Linkage
Joining two datasets by what they share, a date, a pin code, a device. Each one alone tells you little. Together they can tell you everything. Linkage is how harmless fragments become a person.
Synthetic Identity
A fake person stitched together from real pieces, a genuine Aadhaar number here, a real address there, a face generated by a model. Hard to catch precisely because it is mostly true.
Deepfake
Audio or video of a real person doing or saying something they never did, generated by a model trained on real footage of them. Your face and voice are now copyable like any other data, and they have been.

Reference

Sources

  1. 1

    Sweeney, Latanya. 'Simple Demographics Often Identify People Uniquely.' Carnegie Mellon University, Data Privacy Working Paper 3, 2000.

    → source
  2. 2

    Narayanan, Arvind, and Vitaly Shmatikov. 'Robust De-anonymization of Large Sparse Datasets.' IEEE Symposium on Security and Privacy, 2008.

    → source
  3. 3

    Khaira, Rachna. 'Rs 500, 10 minutes, and you have access to billion Aadhaar details.' The Tribune, 4 January 2018.

    → source

SEARCH