How to: use your smartphone without leaving a trace

Cover up your digital footprints.

 

By David Nield of Popular Science

Every time you grab your phone to participate in a group chat, watch a YouTube video, or search the internet, you leave a digital trail of activity. This footprint can compromise your privacy the next time a friend borrows your device. It also puts your personal information at risk should your phone fall into really unscrupulous hands.

In this guide, we’ll explain how you can prevent your device from logging and storing data where other people can easily stumble across it. We will focus on cleaning up your phone’s local storage, as opposed to limiting the information that apps send to the cloud.

Go incognito

The web browser on your phone, like the one on your computer, offers a data-limiting incognito or private mode. When you open a session in this mode, the app will forget the pages you visit and the keywords you search as soon as you close the window.

However, private browsing doesn’t make you invisible. For instance, if you log into Facebook’s web portal in incognito mode, the social network will record your activity. Your internet service provider (ISP), will also see your browsing, and it may log your online behavior as well.

To hide your browsing from your ISP, you’ll need to rely on a Virtual Private Network (VPN) (more on that in this roundup of security gadgets and apps). But if you simply aim to clean up the record left on your phone’s local storage, then this mode tidies up after itself very effectively.

The process for using this mode will depend on the browser app you prefer. For example, to launch incognito mode with Chrome, tap the Menu button (three dots) on the top right of the page and choose New incognito tab. If you forget to browse incognito, you can still clear your saved data. Just hit Menu > Settings > Privacy > Clear browsing data.

ForiPhone users who rely on Safari, tap the Show pages icon (two squares) on the bottom right of the screen and choose Private. Now, when you tap the Plus button to open a new window, it will be an incognito one. To erase data collected outside of private mode, open the Settings app and select Safari > Clear History and Website Data.

Erase messages

Unless you use a chat app with self-destructing messages, it will keep records of your conversations. Of course, most people like to check back on their old communications, but you don’t need to preserve every moment of a years-long thread. You can delete these old conversations manually, or try a less time-consuming option: Automatically erase chat history after a set period of time has elapsed.

On iOS, open the Settings app, go to Messages > Keep Messages, and set messages to automatically disappear after 30 days. Within the app itself, you can manually erase conversations from the front screen: Swipe left on the thread and then tap the Delete button.

Unfortunately, not all chat apps offer this auto-expunge function. To leave no trace of conversations on your phone, you may have to turn to manual deletion. This may be time-consuming, but it isn’t difficult. For example, in Android’s default SMS app, Messages, you delete a conversation by long-pressing on it and then tapping the Trash icon on the top right of the screen.

Some apps make it easier to purge your entire history all at once. In the case of WhatsApp, open the app and head to Settings > Chats > Chat history > Delete all chats. Then make a note to regularly check back and re-erase your latest messages.

Another solution is to only send the aforementioned self-destructing messages. Apps with this option include Telegram Messenger, Facebook Messenger, and Snapchat. For more information, check out our guide to self-destructing message apps.

Limit app logging

Each of the apps on your phone will take a slightly different approach to logging your activities. Some of them let you avoid their gaze by using incognito mode, while others will stop tracking you if you ask.

For example, the Android version of YouTube (this is not yet available in the iOS version) just added an incognito mode, which doesn’t track the videos you watch. To activate this mode, open the app, tap your avatar on the top right of the screen, and pick Turn on Incognito.

On the other hand, Google Maps will track your location by default, which lets it accumulate a lot of data about your real-world movements. To stop it, head to the settings: Launch the app, tap the Menu button (three lines) on the top left of the screen, and hit Settings (on Android) or the cog icon (on iOS). Within the settings, select Personal content and turn off the location history feature.

There are millions of apps on the market, with no hard and fast rules about how to keep them from recording your behavior. But in general, a good first step is to check for the aforementioned settings—incognito mode and stopping tracking.

If you don’t find these options, you’ll have to clear your activity manually. This process will vary depending on your operating system.

In Android, open Settings > Apps & notifications, pick an app from the list, and hit Storage > Clear storage. This wipes all the data that the app has stored locally. Afterward, the app will behave as if you’ve installed it from scratch, so you’ll need to log in again, set up your preferences, and so on.

On iOS, you won’t find an identical option, but you can achieve the same effect by uninstalling and reinstalling an app. Open the Settings app, tap General > iPhone Storage, and select one of your apps. Then choose Delete App to wipe all of its data. Finally, re-install the program from the App Store.

It’s not very practical to do this for all of your apps every day. But you might choose to run a manual clean-up at set intervals (say once a month), before you go traveling, or whenever you want to make a fresh start.

Delete search history

Many mobile apps store data locally and in the cloud, so they can sync your information to other devices. That means, to clear search logs from your phone, you’ll have to wipe the records across multiple platforms.

For example, your Google account will store the history of searches you’ve run from your Android phone. To wipe these records, you actually have to access them from the web. Open your browser and head to your Google activity history page. Click the Menu button (three lines) on the top left, then Delete activity by. Set the time span and content type—to erase everything, those should be All time and Search, respectively—and click Delete. This will wipe your search history across all the Google-linked products you use, including Android and the Google search engine.

On iOS, you won’t find a comparable activity cleaner. However, you can prevent Spotlight from betraying your past searches by displaying them as suggestions. To turn off this feature, head to the Settings app, tap Siri & Search, and toggle off the Suggestions in Search switch. Now, when you lend your phone to your mother to look something up, she won’t see all your past search terms.

 

How do you cover your tracks on your smartphone? Share your workflow in the comments below!

Weekly Round Up 6/15/18

 

Um, anything more sophisticated than the Self-Check out lines in Walmart will be hard for the American Public to master, guys.
No more grocery checkout lines: Microsoft may rival Amazon with tech that cuts out the cashier

 

Well, if nothing else is working….
Using tech to stop phone-wielding drivers

 

We don’t hear enough good things about Tech these days….
6 ways tracking tech is changing the world for the better

Whatever happened to just going to camp and being a kid?
NDSU summer tech camp designed to encourage young girls to pursue a career in technology

My favorite story of the week…
Apple closing tech loophole police use to crack iPhones

Please God, No. Make it Stop.
Drone swarms are the new fireworks lighting up China’s skies

 

Trump will never be able to wrap his tiny, barely used brain around this….
The Guy Who Created Oculus Has Now Made Surveillance Tech That Acts As A Virtual Border Wall

Literally what they do best….
Apple Shuns the Tech Industry’s Apology Tour

How to: reboot your router following urgent FBI warning about viruses.

Hundreds of thousands of Routers could be infected.

 

By Daniel Paez of Inverse.com

Even if your internet is running smooth and speedy, you still need to restart your router. On May 25, the Federal Bureau of Investigation issued a public service announcement to everyone with a router in their home or office warning that an unidentified group of cybercriminals may have mounted a large-scale attack on networked devices across the globe.

The FBI advised people to reboot their routers to “temporarily disrupt” the malware that could be infecting your device. The government agency also recommended you make sure your device is fully updated, secured using a strong password, and is encrypted.

Here’s a breakdown of what the FBI said happened and how you can reboot or reset your router, just in case your network was compromised.

 

In its warning, the FBI said that the agency didn’t yet know how or where the initial infections began, but the scope of that attack has grown significantly. Hundreds of thousands of home and office routers have been infected with malware known as VPNFilter.

“The actors used VPNFilter malware to target small office and home office routers,” stated the announcement. “The malware is able to perform multiple functions, including possible information collection, device exploitation, and blocking network traffic.”

Cybersecurity firm Symantec recently published a list of devices that are known to be more vulnerable to this type of attack. It went on to say that most of the devices that are targeted are known to use default passwords or have not been updated to the latest version of its firmware.

If you’ve ever had problems connecting to the internet and have called tech support, the person on the other end of the line likely had you unplug your router. Rebooting — or power-cycling — your router gives it a fresh start and is generally one of the first steps recommended when troubleshooting your network device.

The FBI states power-cycling could interrupt VPNFilter, though Symantec states that this type of attack can persist even after a reboot. If you own one of the devices that are known to be susceptible to VPNFilter, you might want to reset your router to factory settings. This will require you to set up your WiFi all over again, but better safe than sorry.

 

How to Reset Your Router to Factory Settings

  • Rebooting: Unplug your router from its power outlet, don’t just turn it off. Wait about thirty seconds before plugging it back in. Finally, give the device a couple of minutes to turn back on.
  • Reset: You’ll find a small button on the back of your device that is labeled “Reset.” Holding this down will remove all customizations including passwords, usernames, and security keys, effectively wiping everything other than the latest version of firmware from the device. This will restore your router to its factory settings. From there you’ll need to follow your router’s set up instructions or call your internet service provider for assistance to get back online.

 

How do you feel about the FBI’s warning? Do you have tips on protecting your router and home network? Sound off in the comments below!

App of the Week: Malwarebytes

 

 

 

By
Neil J. Rubenking of PCMag

There’s something strange ‘neath your PC’s hood. Antivirus failed, and it don’t look good. Who ya gonna call? Malwarebytes! For many years, Malwarebytes has been the go-to solution when other antivirus products drop the ball. It’s been a few years since the program’s last update. During that time, the company has focused a lot of its energy on preventing pcs from getting infested with malware in the first place, but Malwarebytes 3.0 Free is still available to clean up malware’s messes. It’s still an excellent tool, although it didn’t perform as well as the last version in my testing.

The main reason version 3.0 took so long was a total makeover of Malwarebytes 3.0 Premium$39.99 at Malwarebytes. That product now includes all the various scanning and detection technologies that previously represented separate products. Ransomware protection is built in. Exploit protection is no longer a separate product. Real-time protection watches for known malware and for malicious behaviors, and Web protection steers you away from dangerous sites. With all these layers of protection, Malwarebytes now promotes the premium edition as a suitable replacement for your existing antivirus, though it’s also designed to work alongside other products. I’ll review the premium edition shortly.

The main window of the free software looks quite a bit different from that of the previous version. A simple menu runs down the left side, and a right-hand panel reports protection status. All of the premium features are listed, but disabled and marked “Premium Only.” The dashboard tab reports your security status, with a big button to launch a scan. The layout is still simple and straightforward. Most days, you’ll just load it up and click the Scan button.
Little to Learn From Lab Results

According to my contact at the company, Malwarebytes is designed to whip malware, not to pass tests. For example, if a particular sample has zero recent sightings among the horde of Malwarebytes users, the company may remove its signature, to keep the product nimble. A test that uses that dated sample will make the product look bad. Malwarebytes deliberately doesn’t participate in testing by most of the labs that I follow for that reason.

In addition, the tests available when a new product comes out are almost invariably based on the previous version of the product. That’s not so bad for products undergoing slow evolution, but the big changes in the latest version mean that the paltry results we do have may not be meaningful.

West Coast Labs awarded checkmark certification to the previous version of Malwarebytes Premium. Note that this lab works with vendors who don’t pass certification, so that they eventually succeed. It’s a different model from the labs that assign ratings to products based on their success rate.

MRG-Effitas takes a tough stance with its all-types malware test. A product that completely prevents every single sample from installing on the test system earns Level 1 certification. A product that lets some samples install, but remediates almost all of them within 24 hours gets Level 2 certification. All others fail, and there’s no distinction between missing all samples and missing just a couple. Cleanup-only products don’t have the opportunity to block installation, but if the on-demand scan completely remediates the malware, they earn Level 1 certification.

Along with three less well-known products, Kaspersky took Level 1 certification. Five other products managed Level 2. Almost half of the products failed to reach even Level 2 certification, Malwarebytes among them. Digging in to the test data behind the certification, I found that while the other three cleanup-only products received Level 1 certification, Malwarebytes failed to remove 40 percent of the samples.

That doesn’t sound great, but there’s just not enough information to assign an aggregate lab score to Malwarebytes. Even if I had more data, with the major update in version 3 I couldn’t swear the result would still be valid.

Four of the five labs I follow include Kaspersky Anti-Virus$29.99 at Kaspersky Lab in their testing, and its aggregate lab score is an impressive 10 of 10 possible points. Norton earned 9.7 points, based on tests by three labs. And Bitdefender Antivirus Plus 2017$19.99 at Bitdefender, tested by all five labs, averaged 9.3 points.

Diminished Malware Protection

 

The free edition of Malwarebytes is a cleanup-only product, with no real-time malware protection. My usual malware blocking test is no use for such a product. And yet, with no real help from the independent labs, I had to do something to see the product in action. To that end, I launched the samples in batches, gave each batch time to finish installing, and then launched Malwarebytes to clean up the mess.

Giving the samples time to run proved a bit problematic. One ransomware sample had time to do its dirty deeds before the scan removed it. There’s nothing a cleanup-only product could do to prevent that. Unfortunately, it encrypted the data file used by my program that checks for known traces of my set of samples. That’s awkward, but of course I had a backup.

After each batch of malware samples, I ran my hand-coded detection tool to verify that the malware traces were present. Then I ran a standard Threat Scan with Malwarebytes. On my test system, this scan routinely finished in two minutes or less. In almost every case, it requested a reboot after the scan, to complete the cleanup process. After reboot, I ran my detection tool again to see what the cleanup did.

The results were disappointing. F-Secure and Webroot SecureAnywhere AntiVirus$18.99 at Webroot detected 100 percent of these samples in my malware-blocking test, and Webroot completely eliminated all of them, scoring a perfect 10.
Malwarebytes didn’t even recognize 33 percent of the samples. My contact at Malwarebytes pointed out that if the samples are old and no longer in the wild, Malwarebytes won’t necessarily catch them. I obtained all of the samples from live malware-hosting URLs earlier this year, but looking at the details I did find that some of them had originated several years ago.

On the plus side, Malwarebytes completely wiped all traces for 44 percent of the samples. For another 13 percent, it detected and removed some of the traces, but left behind some executable files. The samples in the remaining 10 percent are the ones that bother me the most. In these cases, I found executable files in the quarantine list that were still present in their original form. I pored over the logs, verifying that Malwarebytes thought it removed them. My company contact couldn’t immediately explain this behavior.

Mitigating Factors

Like the lab tests disdained by Malwarebytes, my hands-on test doesn’t precisely simulate the product’s actual use-case. Normally you’d bring in Malwarebytes to handle an infestation that got past your existing antivirus, or that prevented installation of a more traditional antivirus. The aggressive behaviors and technologies that such an infestation requires should be a red flag for Malwarebytes. A less-dangerous sample that’s manually loaded on a test system doesn’t raise the same concerns.

Even so, the product has fared better in the past. Several years ago, I ran a test that challenged Malwarebytes and other products to remove entrenched malware from a dozen badly-infested systems. At that time, Malwarebytes outscored all competing products, with an overall detection rate of 89 percent. I hope that the current version proves effective against such real-world threats. But I can’t demonstrate that as a fact.

Keep It in Your Toolbox

All things considered, Malwarebytes 3.0 Free remains a very useful tool, despite the issues I uncovered in testing. If you carry a thumb drive full of tools, it should definitely be one of them. But remember, use it along with Bitdefender, Kaspersky, McAfee AntiVirus

Plus$19.99 at McAfee, or another antivirus that provides real-time protection. Bring it out when the going gets tough for your regular antivirus, or consider going for the full-scale protection of the premium edition.

In this modern world of ransomware and data-stealing Trojans, a cleanup-only antivirus can never be your first line of defense. You need layers and layers of protection, like what you get with the premium edition of Malwarebytes. I’m no longer declaring an Editors’ Choice award for cleanup-only antivirus, though Malwarebytes remains my first choice.

Malwarebytes is available for Windows, Android and Mac OS.

 

What Malware protection do you use on your device(s)? Sound off on the comments below!

Tales from the Orchard: Apple addresses iOS source code leak, says it appears to be tied to three-year-old software.

 

 

 

By Brian Heater of The Verge

Earlier this week, iOS source code showed up on GitHub, raising concerns that hackers could find a way to comb the material for vulnerabilities. Apple has confirmed with TechCrunch that the code appears to be real, but adds that it’s tied to old software. 

The material is gone now, courtesy of a DMCA notice Apple sent to GitHub, but the occurrence was certainly notable, given the tight grip the company traditionally has on such material. So, if the code was, indeed, what it purported to be, has the damage already been done?

Motherboard, which was among the first to note the code labeled “iBoot,” reached out to author Jonathan Levin, who confirmed that the code certainly looks real and called it “a huge deal.” While the available code appears to be pretty small, it could certainly offer some unique insight into how Apple works its magic.

“Old source code from three years ago appears to have been leaked,” the company said in a statement provided to TechCrunch, “but by design the security of our products doesn’t depend on the secrecy of our source code. There are many layers of hardware and software protections built into our products, and we always encourage customers to update to the newest software releases to benefit from the latest protections.”

Much of the security concern is mitigated by the fact that it appears to be tied to iOS 9, a version of the operating system released three-and-a-half years ago. Apple’s almost certainly tweaked significant portions of the available code since then, and the company’s own numbers show that a large majority of users (93-percent) are running iOS 10 or later. But could the commonalities offer enough insight to pose a serious potential threat to iPhone users?

Security researcher Will Strafach told TechCrunch that the code is compelling for the information it gives hackers into the inner workings of the boot loader. He added that Apple’s probably not thrilled with the leak due to intellectual property concerns (see: the DMCA request referenced above), but this information ultimately won’t have much if any impact on iPhone owners.

“In terms of end users, this doesn’t really mean anything positive or negative,” Strafach said in an email. “Apple does not use security through obscurity, so this does not contain anything risky, just an easier to read format for the boot loader code. It’s all cryptographically signed on end user devices, there is no way to really use any of the contents here maliciously or otherwise.”

In other words, Apple’s multi-layered approach to keeping iOS secure involves a lot more safeguards than what you’d see in a leak like this, however it may have made its way to GitHub. Of course, as Strafach correctly points out, the company’s still probably not thrilled about the optics around having had this information in the wild — if only for a short while.

Do you think this code leak warrants concern? Sound off in the comments below!

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: