A Techno-muggle’s Guide to Cyber Privacy

In a time of surveillance, tracking and data breaches, we need to be in control of what information we hand over and to whom

(Image Source: http://pragma.international/article/data-privacy-in-central-america)

Earlier last month Apple rolled out the twelfth version of its operating system for the iPod, iPhone and iPad in its annual World Wide Developers’ Conference (WWDC). In May Google released the ninth version of its mobile OS called Android P. Although the highlights of both the events were not as glittery as those of their respective previous developer conferences, there were some big steps indeed, taken to facilitate the future of operating systems, specifically mobile OS, towards safeguarding personal data.

Out of the many announcements that the two tech giants made, one stood out (for me at least): Enhanced Tracking Prevention for iOS 12 and macOS Mojave. In WWDC 2017, Apple put out a feature called Intelligent Tracking Prevention for Safari (its web browser for macOS and iOS) in which the ability of an app to track us using cookies is dramatically reduced. (FYI: cookies are a short line of text that a web site puts on your computer’s hard drive when you access the web site. They are there for websites to remember information like your browsing activity or any piece of information that you enter into a field.) Startlingly enough, the ‘Like’ and ‘Share’ buttons and ‘Comment’ fields can be used by social media websites to track us, regardless of us clicking on them or not. This year, Apple shut these tracking tools down.

In addition to cookies, data companies use another method called fingerprinting to dig out our data. Just like we can be traced by the fingerprint on our fingers, our device can be traced down by a unique fingerprint constructed by these data companies, based on a set of characteristics (device configuration, fonts, plug-ins, website activity). By including an antidote to this issue in this year’s iOS 12 and macOS Mojave, Apple has made it much harder for companies to create our device’s fingerprint and track it.

A discussion on data privacy is far from being complete without a mention of Google’s policy. While Google does have security and protection tools of its own, incorporated in both of its platforms – Chrome OS and Android – it still is a less reliable ecosystem, since it heavily depends on advertisers to run its own internet industry. Generally speaking, the Android user interface is more like a box of LEGO®; you can tweak and toggle between various settings and have more control over the OS than you would in an iPhone. However, the disappointment sets in when one realises that Google mines way more data of yours than Apple and stores it on the cloud. For a service, say augmented reality, Google uses ‘cloud anchors’ in which data is synced up to the cloud and then back down again, while Apple does it all locally, under the same Wi-Fi network. Google relies on its machine learning algorithms to analyse this collected data on the cloud, which is the reason why its AI, including the Google Assistant, is better than Apple’s AI and Siri. But, in the long run it is our data which travels far and wide in the Googlosphere, even without us knowing at all.

So here’s the ugly truth: businesses are all going online, the flickering sponsored ads on almost every webpage and the ads before every YouTube video are inescapable, still they are cashing upon our attention and consequent clicks. The internet has become a self-sustaining ecological space, though on a virtual plane. Almost like a tenth planet. And the biggest irony, rather hoax, of it all is that nothing is free, even if it is claimed. Even an innocent cyber-voyeurism comes at a price, both literal and metaphoric. Everything is a part of a larger commercial chain.

In light of recent events like the Cambridge Analytica scam, wherein the personal data of more than 87 million Facebook users was allegedly breached for the purpose of electoral campaigning by the Republican Party in the 2016 US Presidential Elections, it has become all the more important for us, the active consumers, to be in charge of our own privacy and security.

To our relief, in April 2016 the European Union (EU) passed a rule called the General Data Protection Regulation (GDPR) which sought to set new rules for how companies manage and share personal data.  Although the policies were initially carved out for the protection of data of citizens within the EU and the European Economic Area, it was put in effect for companies all over the world to observe the new regulations, since their online services are consumed in not just Europe but globally. This regulation was implemented on 25th May 2018, the effect being the recent wave of almost every other company rolling out its updated privacy policy, updating their terms and rewriting contracts. The emphasis of the GDPR is on pseudonymisation (or full anonymisation) of a user’s personal data while storing it and on explicit, informed consent in case the data needs to be made available publicly.

Our vulnerability towards privacy breaching can be lessened by the GDPR and the updated company policies but only to an extent. There are options for privacy control existing out there, waiting to be toggled ‘ON’ or ‘OFF’ by just a single tap of ours. Where to find them and when (or why) to use them is the ultimate fun of this post.

If you have an iPhone, iPod or iPad running iOS 11 or above, you need to head towards Settings and look for Safari. Under the heading ‘PRIVACY & SECURITY’, you would find several decisions to make. Turn ‘Prevent Cross-Site Tracking’, ‘Block All Cookies’, ‘Ask Websites Not to Track Me’ and ‘Fraudulent Website Warning’ to ‘ON’, if they aren’t already. Make sure that the ‘Camera & Microphone Access’ is turned ‘OFF’. Also, put the ‘Block Pop-ups’ to ‘ON’, which is located just above these options. Lastly, go to the Privacy subhead within Settings and tap the last category, ‘Advertising’. Put ‘Limit Ad Tracking’ to ‘ON’ and then tap ‘Reset Advertising Identifier…’ Disable contact, calendar, microphone, camera and location access for the apps that you don’t require.

If you have an Android or a phone with an Android-like OS, go to your Settings and search for (or type) ‘Activity Controls’. Since the Settings menu is different for all the Android phones, you won’t find it in any one corner, hence search by typing. Disable search tracking, voice tracking, your apps’ history (like YouTube) and location tracking for the apps you mostly wouldn’t want. In the settings for ‘Apps’, tap the gear icon at the top and then on ‘App Permissions’. You would find permissions for various sources of information – Calendar, Contacts, Location, Camera and Microphone. Tap each one and disable any dubious apps that you think are not needed. Under ‘Privacy & Security’, disable ‘Accept Cookies’ and enable ‘Show Security Warnings’.

As a general advice for all smartphone users, put a passcode on your lock screen; it’s safe to have lost a phone with a passcode that only you know of. Whenever you charge your phone from new/unknown places offering USB hubs, SWITCH OFF your mobile and then charge. This prevents any hacking malware from entering your phone’s on-board memory.

For ensuring internet privacy on a laptop, similar settings for disabling and deleting cookies, enabling ‘Do Not Track’ option and disallowing websites the access to location, camera and microphone can be adjusted, by going inside Settings for Safari or Chrome. Also, put an opaque cardboard/plastic piece over your webcam to be immune to potential hackers spying on you through your webcam. You can remove it only while having a video call. It is important to keep in mind that blocking all cookies is going to be a problem (like, when using mail), so you can, in fact, enable ‘Allow Sites to save and read cookie data’, but then do enable the ‘Keep local data only until you quit your browser’ option, so that your data doesn’t linger around even after you’ve closed your browser.

I am no software engineer or gadget guru; just a techno-muggle figuring out the binaries and grey areas of the Siliconverse. Although this article does not cover every possible data hygiene practice, it should suffice for safeguarding against a majority of bugs, bloatware, malware, privacy hackers, personal data breaches and data phishing incidences. Follow these suggestions and you shall be good to go (online!). The information assembled here is striven to be made entirely authentic and has been cross-checked. Still, in case of any inadvertent error, please do write your feedback.

 

(By:Syed Mohammed Afnan)