Sophos Cloud Optix
Losing your grip on personal privacy is easy these days.
The internet is never more than an arm’s length away, and the stores are chocked full of tempting, bite-sized apps.
We all know that privacy is important, but indulgence is fun!
On the other hand, abstinence is drudgery, watchfulness is dull, and doing the Right Thing is a chore.
So, can you maintain your privacy in 2014 without intolerable compromise and inconvenience? We think it’s time to find out.
The answer will be different for each person so we’ve come up with a plan to help you come to your own personal conclusion – The Privacy Plan Diet!
The Diet is a three-step, 30-day challenge. Follow the three simple steps for 30 days and then at the end of it decide for yourself how much you can bear (and please come back to Naked Security and tell us).
The steps are simple but they won’t always be easy. They will add some hassle to your life and remove some convenience but they will also boost your privacy and protect you from data leakage and unnecessary criminal attention.
And since we couldn’t think of a better day to start than Data Privacy Day that means it’s 30 days starting today!
Ready? Here goes…
1. Turn off geolocation, and leave it off.
The diet starts easily enough, just pick up your phone, tablet or laptop and turn off geolocation.
It may seem like a little thing but we can’t think of a more abused and misused feature than your phone’s ability to use GPS and Wi-Fi data to work out where you are.
Whether you’re a Twitter user, a soldier in a war zone or a fugitive from the law geolocation can carry serious unintended consequences even when it’s used on purpose.
Alongside the honest-to-goodness banana skins, users also have to be careful to avoid being tripped up by a steady supply of less-than-honest app writers. Geolocation data has been silently hoovered up and sent home by phone software as diverse as flashlights and mobile apps for kids.
And I haven’t even mentioned software bugs.
2. Turn off Wi-Fi. Turn it on when you need it.
To trim the next few privacy pounds dieters need to turn off Wi-Fi on their smartphones, tablets and laptops. You can still use Wi-Fi but you have to switch it on when you need it and turn it off again when you don’t.
Smartphones with Wi-Fi enabled search constantly for networks to join. Without you lifting a finger your phone will couple promiscuously with any access points it thinks it recognises, legitimate or otherwise.
As it searches for networks to join, your phone will offer up the names of Wi-Fi networks you’ve used previously. Many Wi-Fi networks are named after the places where they’re located, so that your phone’s electronic greeting can read like a history of where you’ve been.
Alongside the networks it’s joined your phone will also broadcast its MAC address almost constantly. Commercial organisations have begun to show serious interest in that little unique ID because it can be used just like a cookie to track and profile your movement in the real world.
3. Log out when you have finished
Number three is the toughest, but it wouldn’t be a diet worth doing if it were easy, would it?
Dieters on the Privacy Plan should log out of any system they’ve finished with. Stopped using your laptop? Log out. Checked your bank balance? Log out. Done updating your Facebook status? Log out.
Logging out is important because if you don’t log out of whatever you’re doing you haven’t really left.
Everything you’ve used but haven’t logged out of is an open back door that leaves your privacy at the mercy of Clickjacking attempts, Cross-Site Referral Forgery attacks, social media tracking beacons and people just sitting at your keyboard when you’re not there.
If you’ve got a few calories left to burn then try our ‘zero sugar’ version of rule #3 and turn on your web browser’s option to clear your history every time you close it or browse using its Private or Incognito mode.
If you want to know why it’s important to start looking after your privacy today then read our Report from the future: Data Privacy in 2044.
See you back here in 30 days!
I’ve been using this Privacy Plan Diet for many years. I can assure your readers that it is easy to follow. Others may laugh at you for refusing to consume things they believe are perfectly safe and convenient, but so what?
The only problem for me in this is the geolocation feature. I use the gps built into my telephone, but to use it, geolocation must be on. I turn it on when I want to use the gps, then, when I’m done, I turn it off again. It’s a pain to have to do that, but it’s the only way to do it safely.
Sometimes I think it might be better to continue finding destinations the way we used to, written directions or paper maps. My 18 year old believes he might slip off the edge of the map, no pun meant, if he doesn’t have that soothing female navigator voice calmly directing his turn and exits from his stupid smartphone.
Damn! I do all of that already 🙁
The other day I noticed on my ASUS/Goggle tablet that the Gmail application had updated and automatically logged me in. Locating the log out link proved futile. The missing link reason was provided by Google’s web site…
When you add a Google Account to your Android device, you are signed in to the Gmail app and your messages are synced automatically. You can’t sign out of Gmail without removing your Google Account from your device, which will also sign you out of your other Google apps.
You can globally protect your tablet as they state…
Prevent unauthorized access to your device by adding a screen lock such as a pattern, PIN, or password.
But, as you have stated, unless you shut off your WIFI these open applications still present a potential threat.
Hmmmm…. does SOPHOS see an application possibility that allows the user to automatically turn off external communications once screen lock is invoked?
There are “Faraday Cage” pouches for mobile phones that will block all wifi and radio etc. signals. Of course this means your phone will not work at all. But you could put the phone in the pouch when you really do not want to be tracked.
Regarding #1 and apps such as Find iPhone: How should one balance personal security against Cyber security when it comes to childern?
Aren’t mobile devices designed for convenience? Recommendation #1 and #2 require more effort and perhaps not as practical as #3.
That’s really the point of the diet – try it for 30 days and *experience* how inconvenient it is *for you*. The level of hassle that each of us is prepared to put up with is different (as you can see there are comments here from people who already do this an have no problems with it).
My guess is that for a lot of people it won’t be as onerous as they expect once they start although I am curious to see if I’ll be proved wrong.
On the subject of convenience – yes, you’re right, they’re designed for convenience but I presume you wouldn’t be prepared to give up all of your privacy for that convenience so there must be a point at which a fair balance has been struck.
Anyway, best of luck even if you just go with #3
M.
I turn off my wifi when leaving the house. I understand the option to be a block on the phone seeking out wifi networks. But with it ostensibly OFF, I still get notices about the availability of known wifi networks. It would appear that OFF doesn’t actually work…
I don’t use geolocation ever, so I score there.
I have the WiFi on my laptop turned off with the hardware switch, so it’s easy to turn on when needed. But, thanks to people in Redmond it keeps trying to connect even though the WiFi hardware is off! Because it’s off I know it can’t connect so I’m safe there too. Score 2.
I have always logged out of every application and every session, it’s no more than good networked computing practice and I’ve been doing it since 1989 (yes, there were networked computers in use then!). Score 3.
But I also turn off the ‘external’ WiFi service on my BT Home Hub, they call it Fon! If that is on then anyone can try to access your connection without your knowledge. Some who are also customers of BT Internet can get on for free! But not if it’s turned off on the Home Hub. Maybe it’s an area Sophos would like to look into as there must be security risks involved there? Do I score 4?
I also turn off my WiFi devices when not in use, they provide connectivity in the house away from the Ethernet wired network (which is fairly safe I suspect as they would have to physically connect cables and I might just notice that!). Do I score 5?
Looking at Google Chrome, there isnt a way to have the browser history clear on exit. I wonder if this makes Firefox more secure than Chrome because it does have that option!
There are numerous extensions that will do that too, and cookie deleting ones too..
I have always turned off all 3, it also extends battery life by a couple of days.
Is the best answer to use a 2G phone if you need a mobile phone?
Privacy seems better
You are less likely to be mugged for it
You can make telephone calls with it
Verizon Wireless just issued an update in the last week or 2 that no longer allows a Samsung Galaxy S3 Android 4.3 phone user to turn off WiFi completely. Sure, you can turn it off, but like Walking Dead, it will turn itself back on as soon as you use the phone.
Thanks for making me feel safer. Nice to know I’m already thinner with out losing any pounds! I’ve done all 3 steps ever since I got my first smart phone… I’ve never tuned on wi-fi on the phone. ..use only mobile network…and turn it on only as I need it. I use Firefox on phone as well and clear all private data with each session. I never use my laptop wireless. My security is my responsibility! I don’t understand why convenience is more important these days than security. Data breech …identity theft is not going away! It’s not going away…largely because convenience rules! I’m a 60 something female…no one taught me about internet security. I have made it my top responsibility to keep informed because I saw from the get go that the world wide web was going to be the enemy’s playground! Thank you Sophos for being that instrument of knowledge for me…You RULE!!
Does the tracking that helps to find a lost iPad demand that location service be always “on”?
I think I’ll go back to a landline and a pager! …..oh and paper maps!