— Privacy and security in mobile technologies —
Wearable and mobile technologies are increasingly collecting personal information about location, health and fitness, and interactions across a range of our daily activities. Then, they make the information they collect accessible to a wide range of potential audiences. When you use these technologies (and let’s face it, who leaves home without a cell phone most days?) you need to know the way these technologies work and the range of privacy risks inherent in producing and sharing this highly personal information. Many of the risks you face on mobile technologies are the same as those in the online world more generally, and then there are some, like location tracking, that are more specific to things like cell phones that you carry around on a daily basis. This section talks about a range of risks that occur online, whether you are using a desktop or laptop computer, a cell phone, or other mobile technologies.
— What is wearable technology? —
Things like smart watches and fitness trackers are called “wearables”: technology that you put on and use to make life more convenient. It can be super useful to be able to see a text message flash on your watch without having to pull out your phone. It can be motivating to have a fitness tracker counting your steps and sending encouraging messages — “good job, you’ve reached your goal of 10,000 steps today!” But these devices also need to collect information about you in order to work, and sometimes they may collect more information than they need to work, or they might share information with the company that makes the product or other companies they partner with. There are some concerns, for example, that information from fitness trackers could be used by insurance companies to assess whether you are eligible for health insurance. There are also known security risks with some of these devices that can compromise the privacy of your information. It’s always important to make informed choices when you decide to use these devices. Think about the benefits and risks, and decide your priorities.
— What is location tracking and how might it be used? —
You might be aware that it is possible to track the location of your cellphone through GPS technology — you have probably noticed apps like Google Maps or Waze ask for this information. However, location tracking involves more than just GPS signals — your phone’s Wi-fi capabilities can also be used to determine its location. In fact, locating your phone using Wi-fi signals is much more precise than GPS, and works even in places where GPS cannot, like in the subway. Locating your phone using Wi-fi is somewhat technical and there are several different ways to do it. However, broadly, it is possible to determine your phone’s location using Wi-fi signals because as you move through the world with your phone, it is constantly emitting signals searching for Wi-fi networks to connect to. It is possible to determine your phone’s location by measuring how long it takes those signals to reach a Wi-fi router. This method can also be used by third parties to figure out your location. This information is really valuable to stores, that want detailed information about their customers. Retail establishments can use your phone’s Wi-fi signals to find out when you go into a store, and when you pass them by.
Within the store, they can figure out what displays you stop in front of or what aisles you linger in. They may use this information to inform how they organize their stores or even to strategically send you advertising based on your location in the store. The data they collect could also be combined with information collected by other retailers. For example, a number of stores in a mall could develop a detailed profile of where you went on a shopping trip by combining together the information each collected about you individually. Of course, stores aren’t the only ones who might want to track someone — this kind of information could be used in law enforcement, on one side, or by criminals, on the other.
— What is encryption and why might you care? —
Encryption is essentially a technological method of changing information to make it unreadable, unless you have the key to put it back into its original form. It is a way of keeping information away from prying eyes, and making sure that even if it is intercepted, no one can read it. There are tools that encrypt information you send by default, such as some messaging services. There are also tools you can add to your email to encrypt messages. And places that have a duty to keep your information safe, like banks, use encryption to help them do so. Encryption isn’t always foolproof, and usually it is only content, not metadata (remember metadata from the surveillance section?) that gets encrypted. But it is an important protection.
There has been public debate recently about whether there should be limits on the ability of people to use encryption, or limits to how strong encryption should be, because there have been situations where police or national security agents say it is affecting their ability to collect evidence from devices or through interceptions. This is sometimes called “going dark.” There are some really important things to consider in this debate. First, weakening encryption weakens privacy and security for everyone, everywhere, who use encrypted services in their daily lives. Second, reading information from devices is probably not the only way of collecting evidence, even though it can be an important one. And third, we need to be careful pitting privacy against security in conversations about encryption. It’s really more about conflicts between data security and investigative needs, which are both important to public safety.
Online security threats
When we use our computers and mobile devices to access the internet, we are also putting ourselves at risk of attack from a number of online security threats that can have really damaging consequences not just to our electronic devices but our lives. Below are some examples of the most common security threats so you know what to look out for as you use the internet on all of your devices, followed by some practical tips on how to minimize your risk.
Malware is a term to describe any kind of software that is intended to harm a user or do damage to their computer systems. The following are some specific types of malware.
A Virus is a program that is designed to attach itself to a file or program in your computer so that in can duplicate and infect other computers.
How does it attack? A computer can pick up viruses through normal web activities like sharing music, files or photos with other users; visiting an infected website; opening spam email or an infected email attachment from one of your contacts; downloading free games or software.
How can it harm you? Viruses can wreak havoc on your computer! They can damage programs; delete files; cause permanent damage to your hard disk; replicate themselves and infect other computers; flood networks with traffic and cause lagging with internet activity; use up computer memory; cause frequent computer crashes; send itself in emails to your entire contact list; steal your passwords and record your keystrokes to name a few!
What are the symptoms? Some signs your computer is infected with a virus are slow performance or odd erratic computer behavior; unexplained data loss; frequent computer crashes; or weird emails being sent to your contacts.
How to protect yourself: Use antivirus protection and a firewall and ensure that your protection and operating system is always up-to-date. Increase your browser security settings, avoid questionable web sites, evaluate free software and only download software from sites you trust. Also practise safe email protocol: don’t open messages from unknown senders and immediately delete messages you suspect to be spam, even if the email is from someone you know.
Scareware scares users into purchasing a fake or harmful product to protect them from something terrible happening to their computer.
How does it attack? You may see a false internet advertisement or pop-up on your screen claiming it has found dozens of potential threats on your computer. In reality, these “threats” are either nonexistent or not a threat to your machine, but the scareware tries to convince you to purchase software like an anti-virus to eliminate the so-called threats.
How can it harm you? Not only does scareware trick you into making a purchase with your credit card, the software you download is often designed specifically to damage or disrupt your computer.
What are the symptoms? Generally any pop-ups
or warnings that are designed to instil fear and panic
are likely scareware.
How to protect yourself: Don’t click any ads or download software from companies you don’t trust or don’t know. If you have a real security threat on your computer, do some research about which products are best to treat those threats before making any purchases.
Trojan horses pretend to be programs that you want on your computer, but in reality they are a form of malware that harms your computer system and puts your personal information at risk.
How does it attack? Unlike viruses, trojan horses cannot replicate themselves. In order for Trojans to spread and infect a computer, the trojan horse program must be downloaded and installed by someone who has been fooled into thinking the trojan is actually a desirable program, like a game or screensaver.
How does it harm you? Trojan horses make your personal information very vulnerable to theft because it allows hackers to remotely access and control your computer. Not only can they steal the information stored in your computer, they can also delete important files or install other malware which can cause further damage to your computer and increase your privacy risks.
What are the symptoms? The most reliable way to determine if your computer is infected with a Trojan horse is to instal reliable and well-known malware protection software and run a scan for possible infections.
How to protect yourself: Be wary of downloading and running file attachments that are executables (i.e. files that end with .exe, .vbs, or .bat). Install malware protection and keep it up-to-date.
Ransomware stops or limits a user from accessing their computer’s operating system or
files until they pay a ransom.
How does it attack? You may acquire ransomware by visiting certain websites, clicking on infected ad, opening emails or downloading content containing infected files.
How does it harm you? Ransomware is a way for criminals to extort money from you in exchange for allowing you access to your locked computer or critical files that have been encrypted. In some cases ransomware can also be used as blackmail where cyber criminals will threaten to send personal information, private videos or images to your contacts if you don’t pay up. Even where a ransom is paid, full access to your computer and files may still not be restored.
What are the symptoms? Your computer will display a message or image to inform you that your data has been encrypted or locked, or threaten you with some other type of possible harm if you do not provide the required ransom. Ransom payments also have time limits in which you must comply or suffer consequences. Ransom threats may also be masked as a message from law enforcement agencies requiring you to pay a fine for engaging in your online activities.
How to protect yourself: Avoid opening unverified emails or clicking links embedded in them; regularly update software, programs, and applications to protect against security threats; and back up important files regularly using the 3-2-1 rule — create 3 backup copies on 2 different media with 1 backup in a separate location.
Spyware gathers information about the user without his or her consent. Spyware falls into three general groups, domestic spyware, commercial spyware, and malicious spyware. Domestic spyware is usually purchased by an owner to help them monitor internet behaviours on their network systems. For example, your school may monitor students’ use of school computers. Commercial spyware, on the other hand, is software that companies use to track your internet browsing activities, and this information is usually sold to marketers who then target you with advertisements. Malicious spyware is used by hackers to steal your information and use it to harm you.
How does it attack? You may be exposed to spyware by using a computer on which spyware was installed, visiting websites or clicking on ads or pop-ups that will download spyware to your computer without your knowledge. Sometimes spyware is downloaded to your computer as part of another program or app you have installed.
How does it harm you? Information about you is gathered without your consent, and even without you noticing. This can lead to serious risks for the security of important information that you would entrust in your devices. Domestic spyware could allow system administrators to look at your browsing history or emails. Commercial spyware could collect things like passwords, internet chats, and even your keystrokes and send them to individuals who wish to steal your identity.
What are the symptoms? Spyware can slow down your computer and has been known to increase the chances of computer crashes because it uses your computer’s memory and system resources while it runs in the background. Since spyware will help download advertisements and send information to their “home base,” this activity will use up a lot of your internet bandwidth that could be otherwise very valuable.
How to protect yourself: Be careful about what you download on your computer and resist clicking on pop-up ads. Install and regularly update malware protection software. Take the time to read the terms and conditions of free apps and programs that you install to flag anything that sounds like they are permitted to gather information about you, which could mean the information will be gathered through spyware.
Phishing is not malware, but rather a method of scamming people for their money. People use emails, phone calls, and fake websites to pose as a real company, and trick the victim into providing their credit card, account logins, or other sensitive information. Some phishing scams may look and sound like the businesses they pretend to represent by copying actual images and logos from the real business’ website.
How to protect yourself: Be very careful of anyone who asks you for personal information, particularly banking information, in an email, chat, or over the phone. Banks never contact customers to request your login information this way. When in doubt, visit your bank in person or research the company contacting you to determine if it is legitimate.
Generally, never send highly confidential information over email, or click on links from an email to sign on to your online accounts. Generally if an email, link or advertisement seems too good to be true, it’s probably not real so avoid clicking or providing any information.
Privacy protective technologies and tips
So, there are lots of ways for your information to be threatened. How can you protect yourself? Not all of these methods are right in every situation or for every person. The best thing you can do is to think about what risks exist in a situation and what you’re willing to accept. It’s OK to say, “I want to use a mapping app on my phone to help me find a place I’m looking for so I’m turning on location tracking.” But you might want to turn it off if you don’t need it. It’s probably not smart to say, “I don’t need anti-virus software on my computer.” The PPPP team have put together some lists of pointers to help you protect your privacy and the security of your data on personal devices, with special attention to protecting your location and personal information.
Protect your location when you’re out in the world
- If you’re worried about location tracking, turn it off when you’re not using it.
- Ensure your messages and picture messages do not tag your location. For example, you may not want to give your home address away by including location information with a photo of your cat.
- Be careful connecting to free Wi-fi networks. Most of them are safe, but they are probably all collecting information about you and may also facilitate tracking — if you have a few minutes, take the time to look at the terms of service for networks you might want to use often, such as at your favorite coffeeshop.
Protect your location when you’re browsing online
- There are tools you can use to shield your location.
- Proxy tools can hide your Internet Protocol address or assign a new, random IP number each time you use your computer. Using these proxies allows you to surf the internet with greater anonymity because it prevents websites from knowing your IP number. Do some research to see if one of these tools is right for you.
- A VPN (virtual private network) can provide a secure connection over the Internet between a user and the data they exchange or the websites they visit when connected. They encrypt the data that is exchanged across the connection. You can use a VPN on a computer or cell phone.
Think security! There are several simple things you can do:
- Update your apps, computer, and phone software whenever you have the option. This is because almost all updates include things called security patches that close holes in the software that make it easier for someone to hack you. Make sure you keep your notifications on so you know when to update your software.
- Use two-factor authentication to access your accounts. A typical extra step of security is for your account to send a text message with a special code to enter after you try to login online.
- Clear your cache. Saved cookies, saved searches, and Web history could point to home address, family information and other personal data.
- Use strong passwords and keep them secret.
- Turn off “save password” feature in browsers.
- Put a sticky note on your camera. This might make you seem super paranoid; however, whistleblowers in the past have revealed that many organizations like the NSA can “spy” on American citizens through the front face camera on their computers and phones.
- Use a firewall, which creates a barrier between your computer and the internet and only allows certain types of data to pass. It helps stop any exchange of data from happening between your computer and the internet without you knowing it!
- Think about encrypting your data, and using services that have end-to-end encryption. There are great ones out there: do your research and make choices based on your needs and priorities.
- Think before leaving private data in the cloud! Do some research to find more encrypted storage services with great privacy policies that will make sure your private data is safe.
Cell phones need extra privacy protection.
Here are the PPPP’s TOP 10 THINGS you can do to protect your phone.
Always have a password for your lock screen. (The longer, the better, and never anything too obvious!)
Turn your location service off when you don’t need it
Don’t allow automatic connections. (Things like unknown Wi-fi servers can seriously put your phone and your information into potential danger.)
Always check the privacy settings for your apps and consider whether or not they are worth keeping/installing. (Some apps ask a lot about your personal information- location, passwords etc.)
Don’t store passwords and important information on your phone (Store them in a device that you don’t bring around with you, e.g. computer, tablet.)
Install antivirus software on your phone (Most data leaks are from virus problems!)
Do not download anything from an unknown or not trusted source (Chances are, they aren’t safe!)
Turn your bluetooth off when you don’t need it (You can be tracked from your bluetooth.)
Never lend your phone to anyone you don’t know (risky!)
Be aware of your surroundings, and store your phone in a safe place (To protect both the security and safety of your phone)