PSA Newsletter 25: Privacy, Security, Automation!
Guest appearance on SHINE ON!
This newsletter is a bit different from the others in that it's a mashup of several previously covered topics and some new ones. This is an accompaniment to a guest appearance on the SHINE ON! Kacey's Health & Happiness Show podcast. A link to that episode can be found here. Please enjoy hearing about some of the things that keep me up at night.
Privacy
Smart TV’s can spy on what you’re watching, even when you’re not using an app, and uploads that to the manufacturer. A "Smart" tv is any tv that has apps and connects to the internet. NEVER connect your TV to the internet! Don't connect WiFi or wired network to your tv. If you want to watch Netflix or Youtube, get an Apple TV, Google TV, or Firestick. [1]
Google and Microsoft automatically scan the contents of your email to serve you ads and sell that information to data brokers, which are companies that compile profiles on individuals in order to sell that data (largest customer is often the US Government) or to sell you ads. To avoid this collection, use a privacy-focused email service like ProtonMail or Tuta. [2]
Smart phones and smart speakers are always listening. Even without the trigger phrase. An advertising company accidentally confirmed this. To avoid this, enable push to talk to Siri, or unplug your smart speakers when not in use. [3]
Any data stored in the cloud can be accessed by anyone with access, including law enforcement, workers in other countries, etc. without your knowledge. Law enforcement and government agencies utilize a loophole known as Third-party doctrine as an end-run around the 4th amendment. If you're interested in keeping your data private, read the Terms of Service and Terms of Use for any service you sign up for and be very wary of what you're agreeing to. Services like tosdr can summarize Terms of Service and make them easier to understand. For extra peace of mind, patron services that utilize end to end encryption. [4] [5]
It's very easy for a company like Google to fingerprint exactly who you are on the web, even without signing in. They do this using accessible data from your device like battery level, operating system, screen size, etc. This is known as fingerprinting. To avoid this as best you can, switch to a more private browser like Brave. [6]
Security
Hacking tools are now small enough to fit in the heads of USB cables. They can log your keystrokes and broadcast them to a nearby attacker or just store them for retrieval later, install malware, etc. NEVER plug your devices into a USB port you don't know or use a cable you haven't purchased. MagSafe or QI charging is ok, or use a device that blocks USB data connections, such as the PortaPow. [7] [8] [9]
Any car with a mobile hotspot or app-connected remote start is almost definitely uploading connected phone data to the manufacturer. Some companies have been caught logging your driving habits, such as short stops and accelerating too quickly and selling that information to insurance companies. If it can be avoided, don't connect your phone to your car or pair via Bluetooth. If you must, DON'T share your address book or contacts. [10] [11]
Your phone broadcasts a list of every Wi-Fi network you’ve ever connected to when you’re out in public. Bluetooth can also betray when you're in a specific location as well. Companies use this unique list to identify when you’re in a store or location to then serve you ads and sell that information to data brokers. [12]
One way someone can be hacked is to perform what's known as a SIM Swap Attack. It's easier than you think for an attacker to convince mobile service staff to switch your phone number to their phone. Then, that attacker can request codes for services you use and reset your passwords, locking you out. Some ways to avoid this kind of attack are to create a SIM PIN (to prevent unauthorized SIM usage) and establishing a Customre Support Code for when you call your mobile provider's customer support. This is a previously agreed upon code you'll use to identify yourself as the owner of the account when calling. [13] [14]
Sources:
- [1] ArsTechnica: Your TV set has become a digital billboard. And it’s only getting worse.
- [2] Proton Blog: Outlook is Microsoft’s new data collection service
- [3] 404media: Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads
- [4] NBC News: U.S. government buys data on Americans with little oversight, report finds
- [5] Wikipedia: Third-party doctrine
- [6] BBC: Critics say new Google rules put profits over privacy
- [7] ZDnet: How to spot a fake data blocker that could hack your computer in seconds
- [8] Amazon (Paid Link): PortaPow USB Data Blocker
- [9] The Verge: The O․MG Elite cable is a scarily stealthy hacker tool
- [10] (Youtube) Naomi Brockwell TV: DON'T Connect Your Phone To Your Car!
- [11] FTC: FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data Without Consent
- [12] (Youtube) Naomi Brockwell TV: How Your WiFi is Betraying You
- [13] Wikipedia: SIM swap scam
- [14] Verizon: SIM Swapping
