Privacy and Security for Real People

I have started to get people to ask me how they can protect their privacy online much better. The specific instance that was brought to my attention was that a parent made some phone calls to set up dentist appointments and now they are getting ads for toothpaste on Facebook. Of course, my initial suggestion would be to not have Facebook on your phone and if you must have it put it in a Facebook container on Firefox.

What kind of solutions can I present that would be sustainable for people that do live on their phones more than their computers? Is there a way to prevent eavesdropping by tech companies? Is there a way to “jail” applications better?

Any suggestions on how to adapt some sustainable security practices to help protect or harden someone’s mobile would be greatly appreciated.

4 Likes

Unfortunately, as you increase security you will find that you have to give up convenience. The first step is to remove any apps that you don’t need. This is a just a small step.

Next, install Firefox as your mobile browser and add the appropriate extensions to help with security.

The ultimate step would be to use an open-source phone like the Pine64 phone. As long as you use stock Android or iPhone, you will continue to be a source of data for big brother.

I am waiting and watching the Pine64 phone myself. IMO, it seems to be the best open-source phone to fit my needs ( so far ).

I’m sure there are many other things than can be done to limit being tracked, but in today’s time it seems that many devices are including data collection and tracking technologies. Everything from smart TV’s, our computers, phones, etc provide convenience for us and a source of additional income for the companies that provide service to them. Voice search remotes for TV’s are a pet-peeve of mine. While I love the Roku line of devices, if they move to including voice enabled remotes they will lose my business.

2 Likes

These are all good and what I do. Now, lets play a game here. How can we “safely” use Facebook? :grin:

I have multiple parents that are asking me for information. My solution of, get a PinePhone, is not going to work for multiple reasons, at least, not yet. So, how can I help them “fix” or mitigate the security and privacy robbing actions of their Android or iPhone devices?

1 Like

Excellent topic!
Nate, you already touched on one aspect which is to try to do as much as you can in the web browser and avoid apps. Firefox is a good choice now that it is available across all platforms.

Another option might be to have multiple browsers - only use FB in a particular browser. You can even create a link on your homescreen from your browser to a particular page and when you open it, it functions like an app only it runs as a web page (a bit like ice SSB - though I’m guessing without the containerisation).

Second, trying to keep it as simple as possible, would be to turn off radios you’re not using (GPS, bluetooth, wifi would be obvious candidates) until you actually need them, but remembering to turn them off when no longer required.

This video also has some interesting tips - didn’t realise encrypted DNS was available in android system settings

2 Likes

Safely use Facebook? Isn’t that an oxymoron? I’ve heard stories of people who have never used FB and upon initial account creation, they find that FB already has a lot of data about them that gets associated with their account automatically.

You can’t really use FB without giving up information. Your early suggestion to only access FB within a FF container is about the best you can do short of not using FB at all. Even that is not enough. Many websites have API’s that FB has access to that is used to collect data. I don’t have a source for this to site, but there was an issue not too long ago where FB got in trouble. I think it was related to one of the mobile manufactures SDK that was providing data to FB without the users knowledge.

The first part of the solution is knowledge of what companies are data-mining from us and how they are using it. For many people, being targeted by is not a big deal to them. They will be the first to tell you that you can’t avoid it.

Personally, I run the no-script extension in FF and I find it interesting that some web-sites are running as many as 25-30 scripts on their page, many from 3rd parties. To me, this is really sad and has turned the internet away from information sharing as a resource into more of a greedy marketing data collection tool. Luckily for us, there is a lot of free information that can be had from other sites.

Ok, enough of that. Back on topic. For parents with younger kids, tracking is a serious issue. There are predators out there and the parents need to understand the importance of data and network security on their mobile devices and within their home network. Here is a perfect example:

Show this video to the parents so that they are aware of how easily and quickly this information can be collected.

3 Likes

Here’s a good source for those that want to take privacy and security to the extreme level ( or just get some get tips along the way ):

https://www.inteltechniques.com/podcast.html

4 Likes

Wow. What a resource.

I guess I see where Nate is trying to go.
But I have to admit I also tried and failed to educate some friends and family members. It is just too complex and like @Mr_McBride said, inconvenient for them.

But I would try the simplest things already mentioned like switching GPS, Bluetooth and even WiFi off if not needed, even the phone and not using insecure connections.
No online banking on phones anyway for me and most importantly switch to Firefox on the phone. Apart from sane defaults you can install important add-ons like uBlock and Firefox Container.
Chrome is full of ads. Whatever you searched, suggestions will pop up on websites with stuff related to your previous searches.
Do not install every app and yes, try to use the browser to view content and not ad infested Android applications.

You also should look at all the options of your device and disable Android or Google tracking you and apps you use. Even Facebook and WhatsApp once installed have some options where you can disable certain tracking of your usage of the apps, searches and ad delivery but really, nobody goes through all that stuff and oftentimes it is hidden.

I think it is a Pandora’s box once you really try to dig into it.

1 Like

Yeah, the convenience factor is the biggest hurdle to get over with the uneducated. Too many people don’t understand the extent to which this goes and some just don’t believe that you can fight it.

There are multiple applications that simply open the mobile version of Facebook inside an app window.
Facebook apps on F-Droid.
I personally use Frost For Facebook.

To browse Facebook relatively safely on a PC, use Facebook Container for Firefox.

If you would like to have a dedicated Facebook app on your desktop that keeps cookies isolated from your normal browser, install Nativefier and run the command

nativefier --name "Facebook" "https://en-gb.facebook.com/login/"

This will give you a fully functioning “Facebook application” that actually works well.

I would still recommend you install the Facebook Container extension in Firefox, since that will keep the Facebook cookies that you are bound to run into on the internet under control.
At the same time, you should probably install some additional containers, such as

It’s a bit like asking how to marry a mob boss without being implicated in their crimes. Sooner or later a body shows up.

Decent suite of long established set-it-an-forget-it privacy extensions:

Facebook Container: https://addons.mozilla.org/en-US/firefox/addon/facebook-container/
or Firefox Multi-Account Containers: https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/

uBlock Origin: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/?src=search
CanvasBlocker: https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
Cookie AutoDelete (tune accordingly): https://addons.mozilla.org/en-US/firefox/addon/cookie-autodelete/
HTTPS Everywhere: https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
Privacy Badger: https://addons.mozilla.org/en-US/firefox/addon/privacy-badger17/

These mitigate tracking but by no means eliminate it. uMatrix (JS blocker) is also not in the list for your use case because it’s hard to use and requires frequent interaction.

You need a well trusted, well used, VPN because IP is a strong identifier.

They need to be mindful that Facebook appends an &fbid=xxxxx parameter to outbound URLs as a unique identifier to get around virtually any conceivable tracking protection. Not sure if there’s a trustable extension to get rid of it but they can always right-click, copy the link address, paste it where they want and remove the &fbid= part manually.

Then there’s browser fingerprinting mostly by JS:

(Off the top of my head) make sure the computer is using a well used screen resolution like 1920x1080. Use a window decoration with a commonly used border pixel width for your OS. Use an OS that produces a commonly used useragent (you can spoof a useragent but some trackers have ways to tell which increases traceability even more). Encourage using the browser in maximized mode and varying the browser window size throughout usage (you could make a chron that occasionally changes it by a few pixels).

Full suite of fingerprint tests (just click each link): https://browserleaks.com/
Basic fingerprint test: https://panopticlick.eff.org/

Some data mining companies are FAR more aggressive with browser fingerprinting than others so your mileage may vary. Ebay (though not a data miner) used 1st party Javascript to port scan their user’s host machines for example and intermittent averaged load tests can reveal CPU speed.

All of this is completely ridiculous of course. The answer is divorce. Change you hair, go find someone new, that Mastadon guy on the FOSS side of town seems pretty nice. Mitigation is good, tracking is a certainty, reduce how much it can be linked to.

1 Like

Yeah I’m with
Ulfnic
On this one Divorce man I deleted Facebook at least a couple of months ago ? Couldn’t be Happier If I need to know something My Parents let me know if something going down within my Family circle. Which is very nice of them.

These are all very good ideas, but keep in mind that they only address tracking from the client-side. Tracking also occurs inside of back-end apps. And, while I cannot prove it, I’m sure that when I buy something on Amazon it somehow gets shared with FB and possibly others.

I have a co-worker that conducted an experiment. He was a Windows server admin. He bought a brand new Windows laptop and turned it on and setup his account. Before he did any other configuration, he said out loud Niagra Falls and sure enough within a couple of hours he started seeing ads for vacation packages ( hotels, etc ) about Niagra Falls. This could easily apply to a mobile phone as well.

I been around long enough to see a trend where software companies used to ask to make changes / install updates. Now, updates are sometimes forced upon us. Some companies don’t even ask anymore. This makes one wonder what else they are doing without asking or even informing us about.

2 Likes