Stop! Before You Click On That Online Quiz!

You might want to find a new hobby that is not taking quizzes. Still filled with doubt? How about self-protection from cybercriminals?

Are you willing to roll the dice with your personal data?

I am a sucker for quizzes. My online life is almost as rich as my inner life, filled with answers only known to me. If there is a quiz asking What Is Your Favourite Colour? (Purple), or Are You Dog Person Or A Cat Person? (Cat), I’m doing it. BuzzFeed Quizzes are my mood. But why do I, and all the opinions below the quizzes love them so? And did they know their information can be harvested through these acts of fun? I sure didn’t. Not till I got an education from Mutheu Khimulu, specialist in Cybersecurity, Counterterrorism and Crisis Management Law, and the former Central Bank of Kenya in-house lawyer.

Do you or anyone you know love quizzes and why is it, you think, that we are so drawn to them? 

Most people love quizzes for two main reasons:

  • We like to talk about ourselves – Harvard researchers have proven that approximately 40% of the words we say in our lives are about ourselves. We are psychologically addicted to talking about ourselves. Enter, a well-crafted quiz that is asking you what your ideal working environment is, or your favorite colour, car, or food, then gives you options based on your personal preference. By answering these questions, you are self-expressing by disclosing something about yourself, which in turn triggers a biochemical reaction in your brain, making you feel good. Quiz addiction appeals to the egotistic part of all of us.
  • We like to learn about ourselves – The self-help industry in the US alone is an $11 billion a year business. The entire premise of this industry is built on the fact that the better you understand yourself the better you are at navigating life. People are willing to shell out serious cash to learn about themselves. That is why a quiz revealing your personality type is such a strong draw, even if it is just telling you what kind of Disney Princess you are. Notice how most quiz results are super positive. This is on purpose. The one thing we like more than learning about ourselves, is learning good things about ourselves.

What should people who love quizzes like me look out for? I hate to imagine my Enneagram personality – 4w5 since you asked – is being used to harvest my personal data. 

Sadly, most of us cannot detect if an online quiz is from a legitimate source or not. The ongoing global lockdown has seen a proliferation in online quizzes. Cybercriminals know a bored population is a quiz goldmine and prey on what they would normally not access. That is where the danger lies. If quiz sites are run by cybercriminals you are unwittingly giving them access to information they can later use to hack your “secured” accounts. Why? Many accounts have secret questions for you to answer questions like; what was your favorite car, animals, colour, mother’s maiden name, where you lived as a child. All this is information you are readily giving away on the free online fun quizzes, serving it to a cybercriminal on a silver platter the kind of data they need to create your profile and hack your accounts or steal your identity.


Even if the quiz site is not run by a cybercriminal, the companies behind it are most probably data mining your personal information. They collect your information for free to sell at a colossal profit to organisations.”


All this monitoring takes all the fun out of the randomness of quizzes. So which corner of the internet can I go to for my fix?

Even if the quiz site is not run by a cybercriminal, the companies behind it are most probably data mining your personal information. They collect your information for free to sell at a colossal profit to organisations. This is why you see items you may have mentioned in your quiz suddenly flooding your timeline soon thereafter. I would advise just sticking to the traditional quiz books you get at your local bookstore which poses a lower risk factor than the online quizzes where you are at higher risk of your accounts being hacked, your identity stolen or your personal data being mined for profit… unless of course you do not mind that.  

Now that data mining is factoring in this equation, can’t I protect myself online with my anti-virus whether I’m quizzing or not?

Your anti-virus can alert you to malicious websites but you still have the right to override its warning and proceed to a flagged site so it can only work so hard. If you, however, carry out financial transactions online, it is worth having an anti-virus with a VPN to secure your transactions. Do not upload it just on your desktop or laptop but also your phone and any other electronic device you use to go online.

That being said, there is loads you can do to secure yourself online and slow down the cybercriminals access to your data. A few main ones especially as remote workers include:

  • Only connect to your company’s extranet, VPN, or emails using computers and connections that are trustworthy. Free Wifi is a cybercriminal’s stomping ground.
  • Where possible, use encryption to scramble sensitive data. Download encryption software online, but once again make sure it is from a legitimate source. Microsoft Windows for instance, has encryption features.
  • Make sure all your company computers run up to date security software, which, should include a firewall.
  • Make sure all staff have strong passwords that contain both alpha and numeric letters and are a minimum of 12 characters in length.
  • Dual authentication methods for logging on to your office network are another way to secure remote access.
  • Turn off your IoT devices when not in use. They are everywhere in many homes as Alexa or Siri. When connected to the internet, they too are prone to cyberattacks. The next time you have that confidential work teleconference it will be prudent to turn off all your IoT devices or your meeting may have an uninvited guest in the form of a cybercriminal, to your company’s detriment.


Privacy concerns among Kenyans include the arbitrary use and misuse of personal information, unsolicited marketing messages by entities, and the need for identification at entrances of buildings.


But I never consented to my information being used. Why can’t I sue under the Data Protection Act or GDPR?   

The biggest challenge in cybersecurity is not just the fast-evolving nature of the domain but also attribution – being able to trace the culprit and bring them to justice. Cybercriminals could be located halfway across the world. Irrespective of the laws, if you cannot trace the cybercriminal you cannot persecute them. However, if you can find them, which is beginning to happen more and more often these days, albeit still on a limited scale, you can seek legal redress. Even before the enactment of the Data Protection Act, Kenyans with grievances have not hesitated to use judicial means to get declarations on what they felt were breaches of their right to privacy. Privacy concerns among Kenyans include the arbitrary use and misuse of personal information, unsolicited marketing messages by entities, and the need for identification at entrances of buildings.

As regards the question of consent, when you enter a building it is legally arguable you consent by availing your personal data at the entrance. I would also encourage you to read the fine print as they may very well contain clauses enabling the use of your information. It will be interesting to see how business entities will comply with the new Data Protection Act.

(The 2019 Kenya Data Protection Act gives effect to Article 31(c) and (d) of the Constitution of Kenya, 2010 which enshrines the right to privacy. The 2019 Act borrows heavily from the European General Data Protection Regulation (GDPR). The GDPR is the world strictest data protection law, which has caused big tech companies to start exercising some sort of care as regards clients data for fear of the colossal monetary fines associated with non-compliance). 

What other seemingly fun ways can my data be harvested that I do not know about?

Let me first start by saying a free app or software is never truly free. If you are not paying for a product, then you are the product and your data is being harvested. When you use Google’s free suite of services like Gmail, Maps, or YouTube, Google collects information about you to target you with ads. You can go into your Google settings and see what Google thinks it knows about you as specific as the books you like, destinations you have traveled to your personal grooming preferences. However, that is usually not the full extent of the transaction. Google, Facebook, and other data hoarders also collect information about consumer behavior in aggregate, which they can sell to interested parties.

Do you have a story that you think would interest our readers?
Write to us


Please enter your comment!
Please enter your name here
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.