Has the postman read my email? #45 #cong14

By Sharon Boyle.

I don’t consider myself to be a smartphone addict; I like the convenience of having internet on tap and an easy way to share photos and messages with my friends – but I don’t check my phone every 35 seconds. I’ve always been pretty cagey about my personal information (the last time I was in the O2 store to renew a contract; it took three goes to guess my date of birth – they had to tell me in the end and made me change it to the real DOB).

So, why is it that when I look at app info on my phone and various social media accounts, I find I’ve given them all the information that anyone could need for identity theft? I gave Google my real date of birth, and many of these apps are able to link to my Google account. I rarely log out of my Google or Facebook accounts on my smartphone, tablet or desktop and what’s worse is that this behaviour doesn’t overly worry me.

If I browse through my smartphone’s application manager, it’s quite surprising to see some of the permissions the apps I’ve installed have. For example:

  • read my contacts, this includes my call logs, email communication with specific individuals. This information may be saved and shared without me knowing;
  • call phone numbers without my intervention…seemingly this might result in unexpected charges or calls.

I know that certain apps need these permissions to function, but I can’t help feeling that I don’t look at permissions closely enough when I’m installing an app. If they have access to pretty much everything on my phone, what might they do with that information?

Then I look at my Facebook account – why does Angry Birds need to know my date of birth (luckily I lied to Facebook on this one)? This one did shock me, as I don’t think I ever linked Angry Birds to my Facebook account, maybe someone using my iPad did, and, of course, I don’t log out of my accounts.

Sharon Boyle #45 image 1

Figure 1 Angry Birds Friends settings on Facebook

There’s another “feature” in Facebook’s privacy settings that I haven’t checked before, Apps others use. My friends might be using an app that gives away my personal information, without my direct knowledge.

Sharon Boyle #45 image 2

Figure 2 Apps others use screen in Facebook

The realisation is dawning on me that I’ve let my defences down. Before I had a smartphone or tablet, I always paid attention to what I was signing up for and what information I was giving away. Before I had a Google account and Chrome browser that integrated so many useful services, I always logged out of my Gmail account after checking my emails. 

Did you know that Chrome has a security flaw – deemed a “feature” by Google? Logins and passwords for various services that we use are stored unencrypted if we tick yes to store password. This information is available on all devices that you use. I’m fully aware of this fact and take great care to tick “No” when I’m using Chrome. 

I’m in for another surprise when I check my settings here; see Figure 3 (some info has been blanked out for security reasons).

Figure 3 Chrome saved passwords

The first entry here is not mine, a friend of mine must have gone to a secure website while using my PC. Inadvertently she has stored her login and password information. If I click on Show, I can see her password. The second entry is for a system that I use at work, I was sure that it hadn’t been saved by Chrome, because I would be very careful about any of the systems I use. Yet there it is. The third entry has a pin number that relates to a service I use, and again, I can read the password if I click on show.

I have often idly wondered if Google was reading my emails – and to be honest, I really didn’t care; what could those emails possibly contain that would be of use to anyone, if it makes Google happy to serve up a few personalised ads in exchange for a free email service, what harm could it be? I think many of us have considered our online habits to be of little interest to anyone, why would anyone try to find out our personal information/browsing habits, and what use could it be to them? 

I did a fresh install of Firefox and installed a piece of software called Lightbeam, which tracks first and third party sites on the internet. After performing one Google search for “privacy online” and clicking on a link to Kidpower.org, here is the graph (figure 4):

Figure 4 Lightbeam results in Firefox

The circle in the centre is the website I clicked into. The triangles surrounding it are third party sites that are interested in the fact that I clicked on this site.

Are we going to start taking our online behaviour more seriously? Are hacked webcams a game changer for us? Or should simple things like a stored password on Chrome or an app that knows our date of birth be more of a concern?

Click to Hear




Some Useful links:

Who's watching you online and how to stop them

Who’s watching you online? FTC pushes ‘Do Not Track’ plan 

Mozilla Lightbeam Shows Who's Watching You Online


 


CongRegation © Eoin Kennedy 2017 eoin at congregation dot ie