Privacy takes a hit while digital data is scooped up, passed around
September 6, 2015 12:00 AM
By Deborah Todd and Chris Potter / Pittsburgh Post-Gazette
If privacy is being crippled by masses of digital data being collected through an ever-growing swath of Internet-connected devices, experts say individuals should start providing themselves a crutch.
At the moment, finding out exactly how much digital data makes its way from smartphone apps or an Internet-connected PC to data brokers and digital advertisers is an uphill battle. Information from cookies — digital trackers used to collect data from browsers — are often sent to multiple digital advertising companies, many that go on to sell the information to thousands of companies seeking out their targeted audiences. Outside of legal data collection, there’s also the threat of cybercriminals finding back doors into hard drives or mobile devices and taking anything from credit card numbers to fingerprint data.
To address the issue on mobile devices, a cottage industry of apps and programs designed to monitor those monitoring an individual’s digital footprints has emerged. Apple’s current operating system alerts users when an app seeks location, contact information and other data from within the phone and allows consumers to block them from the data. Android’s next operating system is expected to give users similar control.
Privacy protection products
The market has responded in droves to consumers seeking to protect digital data on mobile devices and PCs.
Although products such as TOR, which allows users to anonymously browse the Internet without being traced, requires a degree of computer savvy to install and use, others such as company DuckDuckGo are free and user-friendly.
Here are some of the more popular products to protect digital privacy:
Pretty Good Privacy: encrypted email
Hushmail from Hush Communications: encrypted email
Diaspora: privacy-respecting social network
iTwixie: privacy-respecting social network for tweens
Wickr: disappearing instant messages
Ghostery: identifies trackers, can block them
Adblock Plus: blocks trackers
StrikeForce: Keystroke encryption for mobile devices
Seecrypt: Uses unique encryption codes for each new phone call
eBlocker: Protects users from being tracked and profiled on all devices in a home network.
Electronic Frontier Foundation’s Privacy Badger: browser extension that blocks tracking
— Deborah M. Todd
However, some of the most comprehensive actions consumers can take to protect smartphone data are basic information that security experts and tech companies have been pushing for general computer security for more than a decade, according to Kevin Swartz, marketing manager at Oak Park, Ill.-based mobile security firm NowSecure.
Mobile device security
“Smartphone sales have advanced so quickly, it’s difficult for people to keep up on what they should be doing and what are the best practices,” he said. “What they might not know is there are several ways to help somebody stay more secure — and they are easy, actionable things.”
Using passcodes to protect phones from intrusion, logging into unknown and potentially malicious Wi-Fi networks and failing to immediately install operating system and app updates were items Mr. Swartz said consumers ignore all too often to their peril. Additionally, those who use passwords often fall into old traps of repeating the same password across multiple formats and failing to use two-factor authentication (a typed password and a fingerprint, for example) to secure smartphones.
Another old computer security trick that should be implemented within smartphones is a simple firewall, said Karen Paullet, assistant professor of computer and information systems at Robert Morris University.
“I can ask a room of 100 people how many people have any type of anti-virus or malware software on their computer. … I would bet that everybody would raise their hands. [If I ask] how many people in this room have any anti-malware software on their mobile device? Around three to five people raise their hands,” she said.
As for tips specific to smartphones, he said, turning off Bluetooth and location services functions when they’re not being used helps. He also said downloading mobile apps from sources outside of Apple’s App Store or Google’s Google Play was high on the list of risky behaviors. But even within those stores, one must be cautious. NowSecure co-founder Andrew Hoog said in a paper that 15 percent of all apps leak sensitive data over their network and 48 percent of apps had at least one high-risk security flaw.
“It’s important for people to understand that the apps we have on our phones are what we see as a key issue in security today,” Mr. Swartz said.
To hammer the point home, he said users can log out of apps when they’re not being used, and can take pains to know what information is being collected from each app and how that information is being used. The NowSecure mobile app shows users when an app is collecting data from a phone and explains whether those data are being sent securely to other sources.
If all else fails, he said, there’s no harm in deleting apps that seek information that goes far beyond their functional uses.
“Use your best judgment. What should an app be doing and what is it asking permission to do? If it’s a flashlight app and it’s asking for my location information, that’s invasive and unnecessary,” he said.
Your plain old computer
Even your staid old desktop computer faces new threats.
“There are thousands of companies collecting detailed profiles of who you are,” said Casey Oppenheim, co-founder and CEO of software firm Disconnect. “Your data has become currency.”
Among those banking on it are criminals who make use of tools like “malvertising”: ads that serve as Trojan horses for implanting dangerous code.
“Technology companies have made it easy to target people based on their finances, the operating system you’re running — a whole range of personal information,” said Mr. Oppenheim. “Cybercriminals love that, because it allows them to target people in specific locations, with specific vulnerabilities.”
Surrendering your privacy can also cost you when dealing with legitimate businesses.
Firms like Google log your search history, and the websites you visit are replete with so-called “cookies” — small text and graphic files that can track your computer and build a profile of your Internet activity.
As a result, there are real concerns that “when you go on a retailer’s site, you can see individualized prices” based on algorithms that weigh your ability to pay, said Gabriel Weinberg, founder and CEO of DuckDuckGo. Tech firms “collect everything and say ‘trust us,’ but they’ve proven not to be trustworthy.”
Mr. Weinberg’s firm operates a search engine that doesn’t keep tabs on your search habits.
It hosts advertising on the basis of the search terms you’re entering, rather than relying on a profile compiled from terms you’ve used in the past.
Once you click on a search result, though, you’ll need other means of protecting your privacy.
The Disconnect browser extension, a free version of which is offered by Mr. Oppenheim’s firm, blocks thousands of trackers from monitoring your Web behavior. The Electronic Frontier Foundation, a leading privacy-rights advocacy group, offers its own free online tools at eff.org.
Among them is Privacy Badger 1.0, a browser extension that watches out for, and blocks, potential trackers.
“If a third party is sending a cookie that can identify you, and if that cookie is on multiple sites, Privacy Badger will block it,” said EFF staff technologist Cooper Quintin.
On their own, none of these tools offers total protection against corporate trackers or renegade hackers, let alone government surveillance. And it’s unclear whether technology can solve problems that technology created.
While the EFF is wary of governmental action — legislation tends “to not keep up with the technology and is likely to do more harm than good,” Mr. Quintin said — not everyone agrees.
“Tracking is an arms race” between rival technologists, Mr. Weinberg said. “That’s why I think there needs to be regulatory action: because arms races are never good.”
• • •
Tomorrow: Pennsylvania lags in privacy protections, but surveillance concerns are rising in Harrisburg.
On Oct. 5, the Post-Gazette’s PGU is offering readers a two-hour in-person data privacy workshop. For more information, visit post-gazette.com/pgu.
Deborah M. Todd: dtodd@post-gazette. com or 412-263-1652. Chris Potter: firstname.lastname@example.org or 412-263-2533.
To report inappropriate comments, abuse and/or repeat offenders, please send an email to
email@example.com and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner.