I have written about security vs convenience in the past and today I am going to talk about privacy. There is an excellent analogy to privacy written by Glenn Greenwald where he offers his email address to people who have no interest in the privacy argument and asks them to send him all their usernames and passwords so he can rummage through their online life. No one has taken him up on the offer.
There are ways to protect your privacy online but the more privacy you wish to have the more hoops you will have to jump through. So once again we are back to convenience if it’s convenient then it’s not private. You may want to assess your privacy needs and to do this I suggest you start by deciding how much privacy you want. I will share with you what I mean below:-
The level of privacy that I am willing to accept will be different than yours but here is an example. I want to prevent my identity being stolen, I do not want the hassle of being cloned and the financial problems that causes. I want my transactions to be secure and feel safe when purchasing things online. I want to prevent embarrassment, I want to ensure that all my medical details are secure. I also want to avoid being bombarded with advertising supposedly tailored to my needs. I want organisations to mind their own business and not use me as a product. I am not happy that government agencies can spy on me, as not only is that an invasion of my privacy but they tend to lose confidential information all the time, therefore it isn’t secure.
So I have investigated ways on using the Internet to be able to come to a compromise on what level of privacy I can obtain. The only way to obtain full privacy online is by not going online with any device you own and not entering any information into any computer anywhere. It would be a bit like a Jason Bourne movie were you would be hoping from Internet Cafe to Internet Cafe and only searching for information. In this day and age that isn’t very practical!
So now you have decided what level of privacy you require here is how to obtain it. The following information is based on Glenn Greenwald’s recommendations.
I’m going to start with Android devices as I’m currently using my tablet to type this portion of this article. Let’s be clear Android is basically Google so some of your data (information) is going to escape. What I am talking about here is limiting the damage.
The less apps you have the better. (The Battery will last longer too)
When installing an App on any Android device you are going to give the App permissions. So before pressing the install button, take into consideration what permissions are required. You would expect a social media app like Facebook to need permission to access your photos but you wouldn’t expect an App which sells itself as a torch to access photos too. So check permissions before installing any App.
Also taking Facebook as a classic example, it is a large App so takes up storage space, it asks a lot of permissions and it’s very intrusive. Did you know that once installed it reports about almost everything you do online, even when you’re not using the App. However you don’t need to install the App at all, as Facebook is available in any web browser. You can also avoid installing messenger too as it’s part of the Web version of Facebook. Just remember to sign out before you close the incognito browser.
I don’t see any need to install an App which has a website, in fact some poorly written Apps just open a Web page inside the App giving you the impression you’re using an App. Some of the biggest leaks of data (information) will come from Apps which complement other Apps. So an App which gives you the best hashtags for twitter and posts them for you is probably a bad app from a security standpoint.
So my advice is to set aside an hour or so and, well don’t uninstall Apps, reset your Android device and only install the minimum amount of Apps you’re happy with. Ensure you have turned off the restore app feature in settings first.
So let’s start from a factory reset of your Android Device.
Before installing any new apps, delete the apps which come with your flavour of Android which you wouldn’t be using. (Known as crapware)
Next up is to encrypt your device and SD card if your device has one. (Security Settings)
This ensures that if your device is lost or stolen and is pin or password protected your data can not be read. (Unless you’re GCHQ) A lot of newer devices are now encrypted by default.
Add a Pin or Password, lots of people use the pattern as a way of locking their devices this is a weak form of security. Facial recognition / Fingerprint is good too!
Avoid having apps and notifications on your lock screen as this can give potential hackers clues. I even recommend removing the camera app button as this is a weak point too!
Setup your device’s lock settings, power button locks device, lock timer and on most Android devices there is a setting to do a factory reset if there are too many wrong passwords or pin numbers tried.
Make sure locate device or find my phone settings are on so you can remotely wipe your device, locate your device or just make it ring. The Android app “Device Manager” is excellent at this, so if you device doesn’t have it by default you can use Device Manager.
Make sure “unknown sources” is set to off or not allowed.
The majority of Apps from the Play Store aren’t going to cause you too many problems, apart from stealing your data (information). Apps from outside the Play Store are going to be a nightmare, they are not in the Play Store for a reason. However saying this there are apps which will never be in the Play Store but can be useful, the rule here is that you need to be 100% sure.
This is a good idea and doesn’t cause any inconvenience, so worth doing.
As far as the basic security settings for your device go that’s it, other than ensuring you update everything as an update becomes available. Security Certificates need to be set to automatically update as does the Android operating system.
So we can now download apps?
Yes! I would however download apps in a particular order. Security related apps first followed by all the others.
I use malwarebytes to keep a check on, well malware, viruses etc. So I would download this first and whilst I’m at it, run it. This gives the App a chance to see your clean install of Android and set a baseline to detect threats.
I will continue this series on security over the next few months. If your interested in security and my travel adventures then pop your email address in the subscription section at the bottom of the page.Continue reading