12 December 2017

Bad guys are tracking you. Here is how to stop them.

Most of the world is aware that there are various mechanisms in standard web browsing that allow a company to track you on the web. These mechanisms allow companies to know your location, your operating system, your web browser, what sites you have recently been to, your computer address and all sorts of other exciting details -- all without you being any wiser. Unfortunately, that power is also being used by criminals.

As a refresher, here are some popular corporate examples of tracking:
  • Google compiles tracking datas anonymously for ad sales and for delivering focused ads individually.
    • Google rightfully got into hot water recently when it was determined they could know location data through tracking mechanisms, even when users had turned location notification off. Naughty!
  • Facebook uses this to track just about every possible thing they can about every Facebook user, including having it monitor every website you visit.
    • In particular, I must spotlight how nasty their phone/tablet messenger, Facebook and Instragram apps have become at trying to track everything you do on your phone. A conversation for another day. Very naughty!
  • Amazon also tracks everywhere you go and everything you do so they can make certain they are getting Amazon ads and emails to you.
    • Their requirement of installation of the Amazon store app that tracked countless phone elements of phone usage to get access to Prime Videos is an egregious example. Top of the naughty list!
When you purchase or download a product from a company, they will do whatever they can to track everything you do so they can make your information their new product. They all do this: Microsoft, Apple, Google and even your neighborhood Big Pie Pizzeria.

Web or phone application tracking happens because you personally decided to visit that website or install that software. Email tracking can occur without you making any conscious choice at all. They simply put a transparent image or tiny script in an HTML (web style) email so that, when you open that email, it sends countless details about you back to their database. By the time you delete the email, they already have what they wanted.

On the company side, I recommend picking one (Google or Apple or Microsoft) for all of your primary information and then lock down everything else. I genuinely trust Google, Microsoft and Apple to mostly do the right thing with only occasional lapses in judgment.

While we might have concerns about Facebook or Comcast holding our information, they are "just" evil by corporate standards. Unfortunately, the big problem is that criminals are starting to collect all of this same data so they can deliver you personalized theft.

Criminal Email Tracking
A bad guy might send you a piece of junk mail occasionally that you delete. Unfortunately for you, your email program is displaying HTML emails so it is collecting all of that information for them. In a matter of a couple of weeks, they can know everywhere you go, what you are using, what you are doing and numerous other details. Since they know your name, email address and device usage locations, they can pin down where you live through countless online databases, or by purchasing that information from another source (Comcast, Verizon, etc.) to know where you live. They can know when the boss is in the office or out with a client. They know when you are far away on holiday. They could know your computer type and what phone you are carrying.

What can they do with that? Well. Whatever they like:
  • You are on holiday, so why not rob your home?
  • The tech guy is out, so I am going to call the office and get login information.
  • They are using Windows, so maybe I will call because I know they have a virus.
  • I see you use Bank of America, so I am going to send you a phishing email.
  • Heck, I know so much about you, I can call a company and break into your account.
  • ... Or I might just rob your identity.
And, frankly, my imagination for criminal activity is limited to what I have heard might be happening. The best criminals are going to think of ways to use this that no one even considered. All from occasionally sending you a piece of junk mail.

Now, perhaps you think this all sounds like the menu at a tinfoil hat restaurant. Reasonable conclusion. You might also run Microsoft Windows without antivirus and not worry about clicking links in emails, too. Maybe you will be okay.

For those of us that like to play it safe, here are some suggestions to reduce your potential harm from these tracking techniques:
  • Turn off all images and HTML scripting in emails.
    • You may need to turn it off in multiple locations:
      • Website access (if applicable) - Example: Gmail
      • Software application - Example: Outlook
      • Phone - Example: Gmail App, Built-In Mail Application
  • Never click a link in an email to view it since that will activate the tracking mechanism.
    • If you do click a link in an email and it wants you to enter information - close that website immediately. Manually browse to the company site and ask for support directly.
  • Need to see email images? Install an application to block tracking:
  • Always ask to receive "Plain Text" emails from vendors - not HTML.
    • Turn off email notifications from any company that only has HTML emails.
    • Amazon Examples
      • Advertising Preferences
        • Select "Do Not Personalize Ads from Amazon for this Internet Browser"
        • Do this for each device you use.
          • This is an example of antagonistic approach toward customers.
      • Your Browsing History
        • Clear your browsing history.
        • Switch "Turn Browsing History On/Off" switch to OFF.
        • Do this for each device you use.
    • Facebook Examples
      • Turn off all email notifications from Facebook.
      • Avoid installing Facebook Messenger, Instagram and Facebook on your phone.
      • Better yet - if you can do it, just don't use Facebook.
  • Use an internet service provider (ISP) you trust.
    • Your gateway to the internet (Comcast, Verizon, AT&T, T-Mobile, etc.) has the ability to track enormous amounts of data and some have stated (Comcast, Verizon) that they may begin using this information for financial gain.
    • If you do not trust your ISP, try to use only HTTPS sites.
    • Even better - use a VPN service to hide your traffic.
  • Do not trust/use any company that supports eliminating Net Neutrality.
This are just a few of the ways you can start protecting yourself from online tracking mechanisms. Even if you do nothing, at least you are aware that this is a potential problem. Good luck!