Do You Know What Your Tech Toys Are Sharing About You?

Montreal, Quebec
(May 29, 2015)
-

Many PC and smartphone owners only use their devices for basic tasks like accessing email and the Internet, or playing a game, often unaware what apps are running in the background, possibly sharing their information. And yet many people gladly trade their privacy for convenience – a decision that makes raising awareness an uphill battle.

“People – all people – aren’t very good at balancing immediate gratification against long-time risk,” said Indiana University law professor Fred Cate, Director of the Center for Information Privacy and Security.

When setting up new software, Cate said people often get impatient and want to skip some parts of the installation process. But taking the time to customize what they want or don’t want installed, tweaking sharing and tracking settings, and allowing security programs and updates to install properly makes a big difference.

Secure Your PC

  • Let Windows updates download and install automatically
  • Keep software up to date
  • Install a reliable anti-malware application with real time protection. Keep it updated. Run it often

Source: Andy Browne/Lavasoft

“The most single most important thing for a laptop or a desktop is to enable automatic updates,” he cautioned. “So let those security updates download and install automatically so that your machine is protected.”

Once online, managing cookies and passwords can get tiresome after a while.

“If you choose a high privacy setting, very low sharing, for example, you may not be able to accept cookies or you may have to be asked every time a website wants to put a cookie on your device,” said Cate. “And many of us get really annoyed by that … So then what inevitably happens is we lower our privacy settings to enjoy our technology more.”

Secure Your Router

  • Change the router’s default password
  • Disable SSID Broadcast to make it less visible, less susceptible to hacking
  • Configure the router to drop ping requests so that it does not respond to a hacker’s scan when pinging IP addresses
  • Disable remote management to prevent access to the router’s control interface over the Web
  • Use strong encryption such as the WPA protocol
  • Update the router’s firmware periodically to patch any vulnerabilities

Source: Andy Browne/Lavasoft

But that behavior comes with caveats. Web pages often run scripts that connect to third party sites. These scripts, designed to track behavior, build a profile of users’ surfing habits and target them with ads, said Andy Browne, a LavasoftInternet security expert, in an email interview.

Many people “are unconcerned by this or accept it as the nature of the Internet today,” he said. But for those less comfortable with this kind of profiling, there are browser settings that can prevent these scripts from loading.

Firefox browsers have an add-on called NoScript that can intercept and block requests to third-party trackers and disrupt advertisers’ abilities to track users.

In some cases, ad-ons might try to install themselves without permission.

“The likelihood of it doing something that jeopardizes privacy is high,” added Browne. “Such applications are generally prevented from being installed by [anti-virus] applications’ real-time protection feature rather than by configuring a browser in a particular way.”

Flight of fickle mobile data

Data-sharing is a particular problem with mobile devices. And it will get worse as connected Internet of Things gadgets become more prevalent.

Mobile devices often have apps running in the background, some of which might be sharing information. Current mobile devices make privacy-management intuitive, said Browne, although users should watch for apps that request access to their contacts, location and social media accounts.

Prior to installing any apps, he said users should read the developer’s privacy policy and End-User License Agreement to understand in-app privacy options. Most people probably just scroll through or click okay anyway. But Browne said understanding these policies helps users configure their apps to meet their needs or dump them if they don’t.

A lot of times, “data-sharing is something that individual really wants so it makes their phone more useful or more interesting to them,” said Cate.

Those who don’t fancy having their activities transmitted to the world can go to their phone settings and shut down the running apps that might be sharing information surreptitiously.

Many smartphones are very clear about asking for users’ permission before granting or denying access to an app. But “even when people are presented with a simple question, nine times out of 10 they ignore it,” said Cate.

“What ends up happening,” he added, “is they often say yes or they ignore the question without thinking through the longer-term ramification.”

Answer these questions intelligently, he advised. Unless you’re running maps, apps that function correctly without location information should be denied access. If a camera asks for location data, then users have to decide if they want their pictures geocoded.

“If you don’t, just say no and then they won’t be able to get that information,” he said.

In some cases, users can only acquiesce or drop the app that is asking for too much data.

Cate suggested a visit to the settings page at least once a month to review all the apps that have access to location or address book data and decide if they need to continue granting access.

The advantage of mobile devices is that they are present and accessible at all times. But Cate said it is important to recognize that “those are all disadvantages.”

“It’s with you all the time. It can be used to track you,” he said. “It’s pretty easy for someone to infect your phone with malware, to turn on a microphone, to turn on a camera without your consent.”

People don’t always make good decisions. That is why Cate believes that only “stronger laws and more vigorous enforcement of those laws” can offer good protection.

“We need protection even when we make a bad decision,” he said. “And we get that protection in other areas like consumer protection law … You can’t consent to be defrauded. But you can consent to have your privacy invaded.”

Raising awareness is important, he continued, but it’s more “like pushing a heavy stone uphill.”