Help us help you (protect your privacy)

Written By Hosch & Morris

Privacy Plus+

Privacy, Technology and Perspective

Help us help you (protect your privacy): This week, we are offering some practical advice about protecting your personal data, advocating for privacy by design and highlighting an announcement by Google’s Project Zero that illustrates the difference security and privacy, and why it is so important that we take steps to protect our personal data.

Protect your privacy – iPhone & Android edition:

We start with protecting personal data on your phone.  We are inspired by an article from Consumer Reports, entitled “30-Second Privacy Fixes,” and a link to that article follows: https://www.consumerreports.org/privacy/30-second-privacy-fixes/

1.    Limit Ad Tracking

 If you did not see it, recently, the New York Times featured an interactive article on ad tracking that is worth the read here:

https://www.nytimes.com/interactive/2019/08/23/opinion/data-internet-privacy-tracking.html

Generally, ad tracking allows your phone to send you targeted advertisements based on your browsing habits.  It follows that those who are sending you targeted ads know your browsing habits, which, in turn, reveal details about your tastes, preferences, and thoughts.

 In a previous Privacy Plus+ post (posted on the first anniversary of the General Data Protection Regulation, a link to which follows: https://www.hoschmorris.com/privacy-plus-news/privacy-plus-may-25-2019), we referenced “the veritable Rosetta Stone” to understanding privacy—it is what we call “Creep Out Point,” and it is when technology crosses the line to the point where it makes us feel creeped out!

When strangers monitor our thoughts, we reach our Creep Out Point.  If you agree, and have a phone, then here is what you do:

First, on your iPhone, go to Settings > Privacy > Advertising. Toggle on “Limit Ad Tracking.” Second, go to Settings > Safari, then turn on Block Pop-ups and Prevent Cross-site Tracking.

 For Android, first, go to Settings > Google > Ads and toggle on “Opt out of ads personalization.” Second, open up Chrome, select Settings from the three dot menu on the upper left, scroll down to Privacy, select Do Not Track and toggle it on.

2.    Limit Access to Location Data

 Next, let’s address (and limit access to) Location Data. In a separate article, New York Times poignantly demonstrated last December that many mobile apps incessantly track users' locations, then share that information with third-parties. Such tracking is "accurate to within a few yards and in some cases updated more than 14,000 times a day." A link to the article follows:

 https://www.nytimes.com/interactive/2018/12/10/business/location-data-privacy-apps.html,

 The pervasiveness of location tracking is alarming. As explained (correctly, we think) by Justice Sotomayor in her concurring opinion in Carpenter v. United States, where the Supreme Court ruled that the government must have a warrant before accessing sensitive cellphone location data, location data provides “an intimate window into a person’s life, revealing not only his particular movements, but through them his familial, political, professional, religious, and sexual associations.” A link to that decision follows:

https://www.supremecourt.gov/opinions/17pdf/16-402_new_o75q.pdf

Hence, location data tracking also crosses our Creep Out Point. If you feel the same, follow these directions:

On your iPhone, go to Settings > Privacy > Location Services. On this screen, you'll find a list of apps that either have requested or have access to your location data. Unless the service that actually needs to know where you are, like a maps app or Waze, switch every individual app setting to "Never."  Otherwise, change it to "While Using the App."

Keep scrolling down to all the way to the bottom and click on System Services.

Your iPhone has a hidden list of every location where you have been— So click on Significant Locations, review the list (you will need to enter your passcode or open this feature with your fingerprint or Face ID), and you should see a list of cities. Underneath each location, you will see a number of locations and a corresponding date.   If, like us, you then shiver beyond the Creep Out Point, go “Back” and toggle Significant Locations “off.”

Location services for Android vary depending on your version of Android and phone manufacturer. Generally, under Settings, you can find Location which you can turn on or off with a slider. For more granular control, under App permissions > Location, you can control which individual applications can access your location data.

3.    Limit Access to Your Microphone and Camera 

You may be surprised by the number of apps that have access to your microphone and camera.  Limiting such access is fundamental to the principle of least privilege, which is the concept that access rights for applications, systems, processes and devices should be restricted and confined to only those permissions required to perform only authorized activities. 

On your iPhone, go to Settings > Privacy > Microphone.  If an app appears on the list that pops up and does not need access to your microphone, don't give it access.  You can grant or revoke access to a particular app by turning it on or off with the slider. 

For your microphone, go: Settings > Privacy > Camera. Again, if an app appears on the list and does not need access to your camera, don't give it access—grant or revoke access to a particular app by turning it on or off with the slider.

For Android, App permissions > Camera is where you can adjust individual applications to have access Microphone and Camera. You can also control access to Body Sensors, Phone, and more. You should review which applications have which access to your information including calendar, contacts, and messaging, all which may surprise you as your review which applications have access to various pieces of information.

Privacy by Default:

On the iPhone or Android, you can control your privacy to a degree.  What we believe, however, is that the strictest privacy settings should apply by default.  Until “they” do, trust only that they are watching, listening and making a lot of money at your expense.

 Google’s Project Zero iPhone hacking revelation:

This week, Google’s Project Zero announced discovery of an “unprecedented iPhone hacking” attack. The attack lasted some two and a half years before finally being caught and disrupted in January 2019.  “Monitoring implants” were quietly delivered onto users’ phones without the users’ knowledge (or any risky behavior such as clicking unknown attachments), simply by the users’ visits t certain affected sites – and once in the users’ phones, badly compromised the users’ key chains (including all passwords), contacts, chats on popular apps, Gmail, and movements.  Google says it reported the attack to Apple on February 1, and Apple released an operating system update which fixed the flaws on six days later.  For more details on this attack, see the following link: 

https://www.theguardian.com/technology/2019/aug/30/hackers-monitoring-implants-iphones-google-says

 We do not believe that hardening users’ privacy settings would have prevented these attacks, because they seem to have worked around the settings. Nevertheless, this attack is a chilling reminder of just how dangerous the world has become, and how important it is that we actually do what is readily available to protect ourselves.  

Hosch & Morris, PLLC is a Dallas-based boutique law firm dedicated to data protection, privacy, the Internet and technology. Open the Future℠.

 

 

 

 

 

 

Hosch & Morris https://hoschmorris.com
Previous

Help us help you again (and read about the related FTC settlement with Google)

Next

Ransomware: We Wish Some Things Weren't Bigger in Texas