Data privacy while hobbying - a guide
Posted: Wed 08-Feb-2023 10:17 am
Cross-posted from TERB:
Thought I'd put together a short guide on some of the preventative measures I take while hobbying to keep myself protect my privacy.
Feel free to add any other points you may have - the hope is that this thread'll help save someone somewhere at some time.
First things first: Google is the enemy
When you dig into how much data Google has about you it's more than a little worrying.
If you go to http://timeline.google.com - you'll notice that you're pretty much low-jacked anytime you have your phone on you.
All your Web / YouTube Activity is also saved anytime you're signed into your phone and you use the browser.
This is the portal you can use to see the different kinds of data Google has about your account:
https://myactivity.google.com/more-activity
You can clear the data from there / disable collection -- but frankly, I don't trust Google that they're not going to change the settings / add some new settings without letting me know.
Tips for being Google-free:
I'm guessing many hobbyists have been killed by this section
The web browser - security by obscurity
Use another browser for the hobby, keep the shortcuts off the desktop and apps section.
Frankly, I'll outline below how to clear your history, etc. but it's just easier if you're not intermingling the data.
Also, if someone is snoopy - they'll tend to trove through your personal browser first, which is super-suspicious when there's no history in there.
I use Brave - it's privacy-forward, built on Chromium and looks just like Chrome when I'm using it.
Again. Do not sign into Google from this browser...
Using Private Browsing / Incognito is good - but we can do better.
Clearing data on close on the desktop
Brave has a nice option for clearing browser data anytime the browser is closed.
This can be found at:
Settings > Privacy and Security > Clear Browsing Data > On Exit
From there, you can select your History / Downloads / Cookies etc. to wipe on close.
It's a little annoying to have to re-sign into everything, but I suggest clearing cookies as well which will wipe your sessions on sites like TERB.
This will clear browsing data - but you'll notice that open tabs will still open on browser re-open.
To clear these you can go to:
Get Started > On Startup > and select 'New Tab'
Clearing data on close on mobile
On mobile, I also use Brave as a browser for similar reasons to the above (I use an Android device).
It also has the ability to clear data on browser close.
You can set this by going to Brave Shields & Privacy > toggle Clear Data on Exit
The problem is when the app is considered 'Exited' on Android.
As long as something is available as a background process (in the multi-tasking drawer) Brave won't consider itself 'exited'.
If you follow this guide to limit background processes and select 'No background processes, the browser won't be kept as a multi-tasking app.
https://www.gadgetsnow.com/how-to/how-to-make-your-smartphone-run-faster-by-limiting-background-process-limit/articleshow/70557178.cms
Bonus: Notifications
I generally disable all notifications.
If you need notifications you can selectively disable them based on the application (SMS / WhatsApp / etc.).
I just find there's more room for error in case you miss something, so I disable them and manually check everything.
Also, just highly recommend using a burner you don't keep at home.
Bonus: Locking apps on mobile
I always recommend wiping your text / call log on your burner device between uses, but what if you forgot?
There's a tool called 'AppLock - Fingerprint' by SpSoft which I like because it allows you to lock your applications, but also pop up an error screen as if the app had crashed.
This is, again good for security by obscurity since it doesn't seem like you have a blocking app installed.
----
These are all good ideas at first glance, but not using Google services makes an Android phone nearly useless. Google Maps GPS won't work at all with location services disabled. At that point, you may as well use a flip /dumb phone that doesn't have the internet on it and stick with paper maps.
Here are some other fairly simple things you can do to increase your privacy/security. I don't know if iPhones / Macs have similar settings.
1. Never leave your phone unattended, even when going to the bathroom at home or work. Don't use it while on the toilet, though because that's disgusting I am constantly surprised how many people leave their laptops, phone, keys, etc in public places. It only takes a second for stuff to disappear.
2. On most Android phones, a setting called Power Button instantly locks. As the name suggests, pressing the power button will instantly lock the screen.
3. Be careful with an Android feature called Smart Lock. It should be turned off by default, but it remembers places like home or work and keeps the phone unlocked for convenience.
4. There are a few different ways to deal with notifications on Android. You can disable them completely or hide their contents on the lock screen. If you choose the latter option, you will still see notifications where they all say "contents hidden" on the lock screen.
4. Setup fingerprints / Touch ID / Face ID on your phone. You should also have a strong password too.
5. Lock the screen on your PC / Mac when you walk away instead of waiting for the screensaver to kick in. You can quickly lock the screen on Windows by pressing the Windows key and L. The Windows key is between the CTRL and ALT keys and is on most PC keyboards. If you don't have a Windows key, you must buy a new keyboard. On keyboards without a Windows key, press CTRL + ALT + DEL on the keyboard and there should be an option to Lock the screen.
6. This is a bit technical, but you can also use a password manager like 1Password, LastPass, Google Authenticator, or Microsoft Authenticator. They will keep your passwords for various sites and allow access using a single master password. As always, the security of such apps will depend on how good your master password is.
7. Set up 2-factor authentication. This is where the website/app will ask you for a pin sent to your phone; You must type the pin after your password. Just about all sites, these days have 2-factor authentication. All banks should have two factors, as does the CRA.
A burner Google account doesn't really help you because it also will keep track of your search and map history. Try using an alternative email account like Proton Mail, which is encrypted.
There are lots of alternatives to Google Maps. I like MapFactor Navigator, which I use while travelling and don't have data access to. There's a free and pro version and offline capabilities where you can download a region before travelling. The only issue with the app is that it does not say street names out loud as Google does. It only says something like: in 100 meters, turn right, which isn't helpful when you're driving. You'll have to glance at the screen to know the street name. I don't think it maintains an online history like Google, but you must clear your search history manually.
A burner phone is interesting, but you have to store it somewhere. You can store it at work, but what happens if you get laid off or fired? Then you have to explain why you have an extra phone when they ship your stuff back to you.
Orginal: https://terb.cc/xenforo/threads/data-privacy-while-hobbying-a-guide.789762/
Thought I'd put together a short guide on some of the preventative measures I take while hobbying to keep myself protect my privacy.
Feel free to add any other points you may have - the hope is that this thread'll help save someone somewhere at some time.
First things first: Google is the enemy
When you dig into how much data Google has about you it's more than a little worrying.
If you go to http://timeline.google.com - you'll notice that you're pretty much low-jacked anytime you have your phone on you.
All your Web / YouTube Activity is also saved anytime you're signed into your phone and you use the browser.
This is the portal you can use to see the different kinds of data Google has about your account:
https://myactivity.google.com/more-activity
You can clear the data from there / disable collection -- but frankly, I don't trust Google that they're not going to change the settings / add some new settings without letting me know.
Tips for being Google-free:
- Don't sign into Google on your phone during setup
- Don't access any Google services from your phone (signing in one place will sign in everywhere)
- Create a burner Google account if you need to download any applications
- Burner phone (+ leave your civilian phone at the office or at home)
- Use a seperate browser on your computer and take the same precations to be Google-free in that browser
I'm guessing many hobbyists have been killed by this section
The web browser - security by obscurity
Use another browser for the hobby, keep the shortcuts off the desktop and apps section.
Frankly, I'll outline below how to clear your history, etc. but it's just easier if you're not intermingling the data.
Also, if someone is snoopy - they'll tend to trove through your personal browser first, which is super-suspicious when there's no history in there.
I use Brave - it's privacy-forward, built on Chromium and looks just like Chrome when I'm using it.
Again. Do not sign into Google from this browser...
Using Private Browsing / Incognito is good - but we can do better.
Clearing data on close on the desktop
Brave has a nice option for clearing browser data anytime the browser is closed.
This can be found at:
Settings > Privacy and Security > Clear Browsing Data > On Exit
From there, you can select your History / Downloads / Cookies etc. to wipe on close.
It's a little annoying to have to re-sign into everything, but I suggest clearing cookies as well which will wipe your sessions on sites like TERB.
This will clear browsing data - but you'll notice that open tabs will still open on browser re-open.
To clear these you can go to:
Get Started > On Startup > and select 'New Tab'
Clearing data on close on mobile
On mobile, I also use Brave as a browser for similar reasons to the above (I use an Android device).
It also has the ability to clear data on browser close.
You can set this by going to Brave Shields & Privacy > toggle Clear Data on Exit
The problem is when the app is considered 'Exited' on Android.
As long as something is available as a background process (in the multi-tasking drawer) Brave won't consider itself 'exited'.
If you follow this guide to limit background processes and select 'No background processes, the browser won't be kept as a multi-tasking app.
https://www.gadgetsnow.com/how-to/how-to-make-your-smartphone-run-faster-by-limiting-background-process-limit/articleshow/70557178.cms
Bonus: Notifications
I generally disable all notifications.
If you need notifications you can selectively disable them based on the application (SMS / WhatsApp / etc.).
I just find there's more room for error in case you miss something, so I disable them and manually check everything.
Also, just highly recommend using a burner you don't keep at home.
Bonus: Locking apps on mobile
I always recommend wiping your text / call log on your burner device between uses, but what if you forgot?
There's a tool called 'AppLock - Fingerprint' by SpSoft which I like because it allows you to lock your applications, but also pop up an error screen as if the app had crashed.
This is, again good for security by obscurity since it doesn't seem like you have a blocking app installed.
----
These are all good ideas at first glance, but not using Google services makes an Android phone nearly useless. Google Maps GPS won't work at all with location services disabled. At that point, you may as well use a flip /dumb phone that doesn't have the internet on it and stick with paper maps.
Here are some other fairly simple things you can do to increase your privacy/security. I don't know if iPhones / Macs have similar settings.
1. Never leave your phone unattended, even when going to the bathroom at home or work. Don't use it while on the toilet, though because that's disgusting I am constantly surprised how many people leave their laptops, phone, keys, etc in public places. It only takes a second for stuff to disappear.
2. On most Android phones, a setting called Power Button instantly locks. As the name suggests, pressing the power button will instantly lock the screen.
3. Be careful with an Android feature called Smart Lock. It should be turned off by default, but it remembers places like home or work and keeps the phone unlocked for convenience.
4. There are a few different ways to deal with notifications on Android. You can disable them completely or hide their contents on the lock screen. If you choose the latter option, you will still see notifications where they all say "contents hidden" on the lock screen.
4. Setup fingerprints / Touch ID / Face ID on your phone. You should also have a strong password too.
5. Lock the screen on your PC / Mac when you walk away instead of waiting for the screensaver to kick in. You can quickly lock the screen on Windows by pressing the Windows key and L. The Windows key is between the CTRL and ALT keys and is on most PC keyboards. If you don't have a Windows key, you must buy a new keyboard. On keyboards without a Windows key, press CTRL + ALT + DEL on the keyboard and there should be an option to Lock the screen.
6. This is a bit technical, but you can also use a password manager like 1Password, LastPass, Google Authenticator, or Microsoft Authenticator. They will keep your passwords for various sites and allow access using a single master password. As always, the security of such apps will depend on how good your master password is.
7. Set up 2-factor authentication. This is where the website/app will ask you for a pin sent to your phone; You must type the pin after your password. Just about all sites, these days have 2-factor authentication. All banks should have two factors, as does the CRA.
A burner Google account doesn't really help you because it also will keep track of your search and map history. Try using an alternative email account like Proton Mail, which is encrypted.
There are lots of alternatives to Google Maps. I like MapFactor Navigator, which I use while travelling and don't have data access to. There's a free and pro version and offline capabilities where you can download a region before travelling. The only issue with the app is that it does not say street names out loud as Google does. It only says something like: in 100 meters, turn right, which isn't helpful when you're driving. You'll have to glance at the screen to know the street name. I don't think it maintains an online history like Google, but you must clear your search history manually.
A burner phone is interesting, but you have to store it somewhere. You can store it at work, but what happens if you get laid off or fired? Then you have to explain why you have an extra phone when they ship your stuff back to you.
Orginal: https://terb.cc/xenforo/threads/data-privacy-while-hobbying-a-guide.789762/