Who doesn’t like free stuff? I love it! In the wonderful world of gadgets and gizmos, most of us love those slick glossy devices – and especially the ones that will multitask and double job for us.
What about free apps? Facebook, Twitter, Instagram, Tinder, Love Balls and Fortnite? All are free apps on Apple’s App Store and Google’s Play Store – we love these too. We love our shiny iPhones and super cool Apple Watches and we just adore those Android devices and our Fit-bits – and oh how they are making our lives so easy too.
But while these apps are free, have you ever just stopped and wondered what is the actual cost? All you have to do is think about those Fit-bloke yolks, how they record and map out your run route while logging your vital health statistics and at the same time increase our corporate risk. Less than 6 months ago we heard how Nathan Ruser saw Strava Heat Maps mapping our most intimate and secure of places – including our military bases.
If you read the privacy policy on the App Store and Google Play Stores, in most policies you read the following lines…
“The data we process on you may include, but is not limited to: email address, device ID, IP-address, user names and passwords…”
Last week I was installing Fifa’s 2018 World Cup App. As I was eagerly waiting to open the app, I was met with the option of a slide button where I was accepting “Terms of Service and Privacy Policy”. I viewed the privacy policy. The information Fifa was collecting “may include but is not limited to…” meaning almost anything the app can find on your device.
I hear you ask what does Fifa want with your data? Fifa was good enough to tell me (in their policy) that in using their free app “you expressly entitle FIFA to collect and process your information, in particular for such marketing and customisation of the Services.”
How re-assured was I when learned that you may “revoke” your consent by deleting my account (not just the app). Needless to say I didn’t download the app.
What should we be looking out for?
Read the small print. Almost all companies will have privacy policies. Even your local supermarket will gather your data – with reward cards and the likes. Everyone has a Privacy Policy – they are tools used by companies to protect themselves from civil actions.
Ask yourself – “who am I giving my data to?” It is very important to know who is getting your data. In March 2018 we had the Facebook and Cambridge Analytica Scandal. Since then we are (or should be) on high alert.
Have a read of the privacy policies supplied – look out for the buzz words.
“such as” – this term means they are collecting everything and anything. If you see this, it almost certainly means the company is omitting the fact it is gathering information they are not going to tell you about.
“location data” – watch out for this one. Location data has been used to record where exactly you are. This is very sensitive information and should be protected.
“not” – this word is usually used to indicate what the company will not do with your data but there are usually a number of exemptions listed after it e.g. “but we may share your data with selected third parties etc.”
“control” – look for this word – this usually indicates that you have some control over the data setting. It will link to security controls in the particular app e.g. who can see your posts etc.
GDPR – Check the date of issue of the policy. Remember GDPR came in to effect in May 2018. It the policy is not updated, then there is a good chance the company is non-compliant.
Protect Yourself
Protect your personal data. Make it a little harder for the data gathers. Use some of the following:
VPN – a Virtual Private Network to encrypt your data in transit and mask your IP address.
Email Addresses – Use a different email address for all your social media accounts and ensure you set up an email address just for spam.
Withhold your information – just because the salesperson in a shop asks you for an email address or phone number, you do not have to give one. Do as I do – ask them “why?”
GDPR – You are more than likely to have been bombarded by emails in the past 11 months about GDPR. It is all about control of your data. Under European Legislation, since the 25th of May 2018, you are now entitled to a full copy of all data held by companies in relation to you. Don’t be afraid to ask for it and certainly don’t be afraid to ask them to delete it.
Finally
The question we must ask ourselves as we read these multi page documents, other than why do they need to profile your device etc., is, who are your third parties? How safe and reasonable are you and them with our ones and zeros (data)? And more importantly – what information are they getting from our devices?
It is only a matter of time before the next data breach – when another “Equifax-esque” who bought my Angry Birds data – including, but not limited to: my email address, my date of birth and all my passwords, spills its guts and hackers mop it up and sieve through it.
We must be responsible and protect our own personal data. We need to read the small print and question why are we getting this for free. – Be strong my friends – think twice before you accept the free stuff. Read the small print.
Remember if the product is free, there is a good chance that you are the product.
Mr. Rory Harrison MSc.
Computer Forensics | Cybercrime Investigation | Internet Privacy
We offer Workshops and Courses both Nationally and Internationally for Parents, Children and Workplace Staff and Conferences, on Cyber Safety, Parental Controls, Online Addiction, Online Privacy, also Consultancy on Social Engineering and Data Protection, Ransome Ware and much more.
For further information Please Contact Us codainfo@protonmail.com
