It’s the season to go a little overboard with the gift. But this year, give the gift of good security (and privacy) and avoid technology that may have adverse risks or effects. We are not talking about things that bloom overnight or break suddenly, but rather the gifts that may have irreversible or ongoing consequences in the future.
This year has seen some of the biggest hacks involving healthcare and genetic data, a growing ubiquity of consumer surveillance technology that spies on the unsuspecting All and continued unscrupulous data practices that sell your personal information to anyone who wants to buy it. The best solution for some of these is to never bother in the first place.
We have many gift ideas for you to consider. As for what to avoid…
Genetic testing kits like 23andMe can have permanent and unpredictable consequences
Genetic testing is forever. Once you spit into a pipe and send it on its way, there’s no way to get it back. And it’s not just your genetics that you’re digitizing. You also share your genetics with close family members and relatives. What could possibly go wrong?
This year, the profile and genetic information of millions of 23andMe customers was removed from the company’s systems in what is believed to be the largest genetic data leak in years. But 23andMe isn’t the first to leak data, and it won’t be the last.
Even if security wasn’t a concern, the fact that these companies store vast troves of highly sensitive information in the first place makes them an attractive target for law enforcement trying to solve crimes. And while companies like 23andMe and Ancestry have – so far, we stress – resisted law enforcement efforts to access its DNA data according to transparency reports, other companies have taken laissez-faire approach to police access to the genetic data they store.
404 Media’s Jason Koebler I couldn’t have said it better: “Doing 23andMe is an irreversible action that could have unintended consequences not only for yourself, but for your family or potential descendants.”
Video ringtones that they see and hear everything
There may be some utility in seeing who’s at the front door before you get there, but the long-term consequences of putting a video camera on your front door open up a world of surveillance in your neighborhood that you — and your neighbors — may not be comfortable with.
Recording of doorbells everything they see and hear using their camera and microphone, which then streams the recorded material to the cloud for you to read later. But that often makes that material available to law enforcement as well, which can be extremely invasive — especially if Police obtained video from inside a home without the owner’s permission.
End-to-end encrypted (E2EE) cameras maintain the most privacy (assuming the company you purchased cameras from it doesn’t lie to you about its encryption claims) because they prevent anyone other than the owner from accessing their own material, including the companies themselves. That’s a good thing, especially since companies like Ring have been fined in the past for allowing their employees to spy on customers’ unencrypted videos. After Ring settled the charges with federal regulators, Ring now says Its staff will only have access to customer footage in “very limited circumstances”, which, of course, Ring hasn’t specified what those conditions will be.
VPNs won’t keep you anonymous, but they can expose your web data
If you thought a VPN or Virtual Private Network would keep you anonymous on the Internet, think again.
Consumer VPNs can claim to hide your IP address (the set of numbers that identify you to other devices on the Internet) and allow you to access otherwise blocked streams by “appearing” like you’re in this area. In fact, VPN providers are bad for your privacy and should be avoided like the plague.
VPNs allow you to route all of your internet traffic away from your ISP and instead through a VPN provider that seemingly covers your privacy. Your Internet traffic may contain information about which websites you visit and when, and may contain highly sensitive information such as passwords and other credentials. However, some VPN providers don’t even encrypt user data as it flows through their network, despite claims that they do.
VPN providers have to make money like everyone else. Free VPN providers are by far the worst offenders, as they make money by selling or sharing your internet traffic to advertisers (or other malicious buyers). Even premium and paid services cannot promise anonymity if you pay by credit card or other traceable means.
If you want online anonymity, you’ll want to use the Tor browser. It’s a slower experience than standard public internet and not ideal for streaming video, but it’s the trade-off you make for stronger privacy. Otherwise, VPNs run the risk of selling or otherwise leaking your highly sensitive internet traffic. And if a VPN makes sense for your use case, at least consider creating a VPN that you manage yourself.
Tracking your kids with dangerous location tracking apps is a terrible idea
Anyone can appreciate the stress and fears of having children in an age of unknown risk and online harm. It’s no wonder that many parents want to track their children’s phone location. However, child monitoring apps are a security and privacy hot mess, and the data these apps collect rarely stays on the device.
Location data is some of the most sensitive data owned by an individual. Location apps can determine where someone was at a particular time, which can be extremely revealing and invasive. However, over the years we’ve reported on leaked location-sharing apps that expose real-time location data and malicious “stalkerware” apps that leak information to anyone on the Internet. Even one of the most well-known family tracking apps, Life360, got caught selling the precise location data of its users to data brokers.
There’s no reason not to discuss the benefits and pitfalls of monitoring your children with your children. Trust is key, not stealth. If your kids agree to share their location, consider using the family and parental control apps built into most modern phones. Google also has Family Link, and Apple devices let you share your end-to-end encrypted location with other Apple users so no one can access it.
Inexpensive Android tablets can hide malware
Cheaper is (often) not better, and Android devices are no exception. Case in point: This year, EFF’s Alexis Hancock found that a low-cost Android tablet given to her daughter landed preloaded with software considered malware. The tablet also ran Android software that was released five years ago and had an app store designed for kids that was also outdated. Hancock contacted the company that makes the tablet, but never heard back.
As tempting as it is to buy the cheapest devices, it’s not uncommon for manufacturers to include bounty software to offset the price of the device itself. Sometimes this preloaded software can send back data about the device or its user, or worse, have security bugs that could compromise the device’s data.
Before you throw this tablet away, it can be salvaged. Hancock has a great guide on how to secure your child’s android device.
For your real safety, avoid online sex games
Last but certainly not least. There is a general belief in cyber security that any device or gadget that you add an internet connection to will greatly increase the chances of the device being remotely hacked, hacked or hacked. One type of device that should never have an internet connection is anything inside of you.
We’ve seen our fair share of horror stories involving online sex toys. In 2020, we reported on a smart chastity lock with a security flaw that risked a permanent lock. And this year, another maker of smart sex toys exposed its customers’ user and location data thanks to its server leaks, which the company has yet to patch.
If your sex game has a phone app, there’s a good chance that the game (or the app itself) will leak your personal data, either by mistake or by sharing data with advertisers. It’s ok to be kinky, no judgment here! But if you absolutely must use a remote-controlled sex toy, consider a Bluetooth remote-only device, as this reduces the wireless range that someone could maliciously interfere with.
