You use incognito/private browsing mode to research a sensitive medical condition. Which statement about this session is true?
AYour Internet Service Provider cannot see the websites you visited
BThe websites you visited cannot log your requests because you used incognito mode
CYour local browsing history won't be saved on this device, but websites and your ISP can still see your activity
DNo cookies are stored at all, making you completely untraceable
Incognito/private mode prevents your browser from saving a local history and clears session cookies when you close it — useful for keeping activity private on a shared device. But it does not hide your traffic from your Internet Service Provider, your employer's network, or the websites you visit. They still receive every request you make. Private mode addresses local privacy, not network-level privacy.
Question 2 Multiple Choice
A flashlight app asks for permission to access your contacts. According to digital privacy best practices, what should you do?
AGrant the permission — apps routinely need broad access to work reliably
BDeny the permission — a flashlight does not need contacts; granting it would allow unnecessary data collection
CGrant it once, then delete the app to prevent ongoing collection
DAccept it, since your contacts are protected by the app's privacy policy regardless
Data minimization means not granting permissions that aren't required for a feature's core function. A flashlight needs camera/flash access — nothing else. Requesting contact access is a red flag for unnecessary collection. Once you grant a permission, the data can be collected and potentially shared with third parties. Denying unnecessary permissions is the most direct way to prevent collection you didn't intend.
Question 3 True / False
Deleting your account with an online service does not necessarily delete all the personal data that service has collected about you.
TTrue
FFalse
Answer: True
True. Many services retain data for legally required periods, have already sold or shared it with third parties, or store it in backups that deletion requests don't reach. Privacy policies often explicitly state what happens to data after account deletion. This is why data minimization — limiting what you share in the first place — is more durable than relying on deletion. You cannot control data someone else already holds.
Question 4 True / False
Using incognito/private browsing mode hides your online activity from your Internet Service Provider.
TTrue
FFalse
Answer: False
False. This is the most common misconception about private browsing. Your ISP sees every connection your device makes to the internet regardless of browser mode. Private mode only affects what your local browser stores — history, cookies, form data. Your ISP, your employer's network, and the websites you visit all still log your activity. For ISP-level privacy, tools like a VPN or Tor are required — and even those have limitations.
Question 5 Short Answer
Explain why 'I have nothing to hide' is an incomplete argument for ignoring digital privacy, and what a better framing would be.
Think about your answer, then reveal below.
Model answer: Privacy is not about secrecy — it is about control and autonomy. You choose different boundaries for what you share with your doctor, employer, friends, and strangers. Invisible data collection erases those boundaries: information shared in one context (a health app) can move to another (an employer via a data broker) without your knowledge. The better frame is: who controls your personal information, and in which contexts can it be used?
The 'nothing to hide' argument assumes privacy is only relevant to people doing something wrong. But everyone practices privacy: you don't share medical records with strangers or salary details with acquaintances. The problem with uncontrolled data collection is context collapse — information appropriate in one setting is inappropriate in another. Once data is collected, you lose the ability to control those contexts. This is why limiting collection upfront (data minimization) is the most effective privacy practice.