Consumer Reports has developed a new free app called Permission Slip. They made this tool to help the average person understand where their personal data is collected and sold, and take back some control over that information.
To use this app, you do have to sign up and hand over your personal info. CR promises to not sell it or abuse it. You’ll also have to legally agree Consumer Reports can act as your “authorized agent”. It’s some serious stuff, but they ask for this so that they can advocate on your behalf.
What This App Offers
If you cooperate and agree to the app’s requirements, you can then:
Review numerous big companies and understand what personal data they are collecting and selling.
Have Consumer Reports send an official letter (on your behalf) to any of these companies, telling them Do Not Sell My Data.
Use an easy Delete My Account function, so that the company gets rid of any and all data they have about you.
You could do these sorts of things yourself. You could visit company websites, one at a time, comb through their pages and processes for the correct forms to fill out (most companies make this deliberately difficult). Permission Slip streamlines all of that nonsense for you. Once you’ve got the app up and running, it is quick and easy to browse the companies, telling each one in turn to not sell your data.
Also, amongst the recognizable companies, you’ll notice a few data brokers, like Merkle. When you spot one of them, definitely order them stop selling your data!
Permission Slip is relatively new, so its full benefit has yet to be realized. And when you ask a company to not sell their data, they may or may not comply. But I still think this tool is worth a try, as it is offered by a trustworthy nonprofit company, and using it sends a message to these companies that are profiting off of our personal data.
Also, you might feel a bit of schadenfreude when you realize that these big companies are suddenly having to deal with millions of privacy requests.
Folks are asking me to sound off on the Saturn app. If you have Saturn concerns, please consider this blog post:
The Saturn App
Saturn is an iOS app, intended for high school students. Saturn can help kids manage their schedules, and it also has social media functions, too. Teen users may enjoy using Saturn to announce their activities, coordinate with their peers, share their schedules and communicate quickly with their schoolmates. Students are allowed to input user photos and other personal info, as well as link to their other social media accounts (TikTok, Snapchat, even Venmo).
Saturn has been around since 2018, and was started by a couple of college kids. But they acquired a significant chunk of money from Jeff Bezos, Ashton Kutcher and other investors, and their company took off. The app seems to be popular and work very well, but shows no signs of arriving on the Android scene…
In past and present years, parents and school officials have raised concerns over Saturn. Does this app expose our kids to online threats? How bad are the risks for letting my children onto this app? Should we limit or ban this app?
These questions are legitimate. Sharing personal info online always carries some amount of risk. But let’s not make snap decisions about it. If Saturn concerns you, I’d like you to learn more about the app, consider the current state of its security, and make your own personal judgment call on it.
One worrisome piece of news emerged this month, from a parent who claimed he’d installed the app and crossed some privacy boundaries with it. He said that by fudging some sign-up data, he was able to see other students’ schedules and pictures. This parent didn’t want to do anything harmful! He was instead demonstrating the lax security of the app, and encouraging more mindfulness about our teenagers’ online safety. Thank you, sir!
In response to this news, Saturn developers quickly changed the app, and announced their security improvements. It was no longer possible to do what the concerned parent had done. Presently, Saturn users have a stricter sign-up and verification process. If you don’t “get verified“, you can still use the app for calendaring, but verified users and their data will not be shown to any unverified users.
Testing the New Security
So I did similar to that concerned parent. I installed the app and tried to use it, even though I do not have a highschooler in my home. Here’s what I encountered:
Saturn asked for my birthdate. I lied. I put in some DOB that suggested I was 40-something years old. It accepted it and moved on.
The next requirement was my mobile number. I had to give it a way of texting me an access code. So I cooperated and then Saturn welcomed me in. But I would not have gotten any further without giving it a real textable number.
Then I immediately set about trying to see other people’s info. Could I see someone else’s calendar? Could I start chatting with other students? No, I met with these screens:
I tried to get verified as if I were a student. The next screen asked me to sign in with my school email. I didn’t have one of those, but I sure have plenty of Microsoft and Google emails, so I tried using some of those. Saturn quickly rebuked me:
At this point, I stopped trying to gain access. For me to penetrate these defenses, it was pretty clear I would have to go beyond the pale. I would have to compromise other systems in order to gain access to Saturn’s sensitive info. Stopping here, I could only see and use my own calendar space in the Saturn app.
Take all of this with a grain of salt. I cannot possibly advise every parent on how to best run their household and their technology. Please take what you want from all of this and use it any way you see fit.
I look at Saturn and I see some amount of risk. I look at all online social apps that way. Sharing personal info of any kind on the internet can be both useful and hazardous. Rather than admonish people to never do it, I have to be more practical and urge you to be mindful of where and when you do it.
Mindful = judgmental. When I judge Saturn, with just this small amount of testing and probing, I think it’s got some good security in place. Is it perfect? No, a determined bad guy could get in and cause harm. But that goes for any social-technology construct. Facebook. Snapchat. Discord. When I start comparing Saturn against all of the other apps that I see young people using, I judge Saturn to have above-average security. My opinion is that your teens are in far more danger using Facebook and Instagram. It is far easier to game the system and cause harm on the other platforms we use.
Whether you allow or prevent your teen from using Saturn is up to you. But after you make that choice, I encourage you to think about all of the other ways your son or daughter uses the internet. We can’t afford to be hyper-focused on one app with the larger issue of Internet Safety looming over our heads. There are many online resources to keep your child educated and safe on the internet. Perhaps the Saturn app is here to deliver a teachable moment amongst the many lessons in your child’s digital upbringing.
Smartphones offer you an important tool for hiding photos on your phone. Whether you have an Android or an iPhone, you should consider using this function!
For Android users: Google gives you the ability to securely stash photos in the Locked Folder, in the Google Photos app. Here’s a simple Google article on how you would use it.
For iOS users: Apple offers the same sort of tool, but they call it the Hidden Folder. Apple offers this article to explain on its use.
Once you’ve placed anything in this special folder, you should know:
These items are well-protected, and you’ll have to enter your passcode or thumbprint every time you enter the folder.
When you move a file into the Locked/Hidden Folder, that file is removed from its location in your photo library. That also means it disappears from the normal cloud backup and any other devices that it synced to.
The contents of this protected folder won’t turn up in any searches performed on your phone.
If you still want an important photo to be backed up or synced, make a copy of it and move the copy into this folder.
With a little imagination, you’ll find a variety of uses for this tool. Perhaps you have some delicate photos that shouldn’t be seen by anyone who borrows your phone. Maybe you need a safe place for some critical evidence you’ve photographed. My favorite, though, is keeping a record of everything that’s in my wallet.
It’s true, I could lose my wallet and my phone at the same time. So I’ve also recorded my wallet contents elsewhere at home. But let’s say I’m travelling and my wallet decides to travel somewhere without me. I’ve socked away a photo of each card in my wallet. I can immediately go to my Locked Folder, refresh my memory of all the cards I carry, and start calling the associated banks and companies. It would make a tough situation a little easier to resolve.
Nextdoor is a social networking website with a focus on neighborhood connections and local resources. If your neighborhood isn’t already connecting through Facebook groups or other means, Nextdoor might be a useful option for doing so.
Now, if you’re already a Nextdoor user, we should go over their marketing tactics. They’re a little bit sus, in the parlance of the younger generation. To attract new users, Nextdoor commonly mails letters to people. On paper, through the USPS. These letters invite you to join up for free and try out Nextdoor.
But now here’s the sus part: These letters often drop names of people in your neighborhood. They mention your neighborhood by name, as well. They’re a little uncanny, and many people read these letters and smell a scam. There is no scam! But it sure looks sketchy…
We can’t stop Nextdoor from this marketing behavior. But we should be aware that Nextdoor may use your name or other PII on their marketing letters to others! Unless, you deliberately opt out, and here’s how to do that:
On a computer
Visit the Nextdoor website and sign in.
Click the account bubble to the upper-right, and then click Settings.
On the left, click Privacy.
Scroll down to the Invitation letters section, and turn off the toggle next to “Allow Nextdoor to mail letters on your behalf”.
In the Nextdoor app
Open the Nextdoor app and sign in.
To the lower-right, tap More.
Scroll down and tap Settings.
Tap Privacy Settings.
Scroll down to the Invitation letters section, and turn off the toggle next to “Allow Nextdoor to mail letters on your behalf”.
I hear from many people who are grumpy about all the personal information that Google and Microsoft are collecting. And I won’t deny that those companies are making money off of your web searches and use of their software. But I want to challenge you to think in a different direction. Did you know that your ISP is doing the same thing?
The company selling you your internet connection (Shentel, Xfinity, Verizon, Spectrum and more) collects data about you. Everything you do over their internet connection is fair game. And while they are sworn to protect your privacy, they are also allowed to use their collected data to advertise to you, or sell your data to 3rd-party companies.
The FCC made an attempt to limit this practice in 2017, but did not succeed. The FTC has been studying ISP Data Collection Practices, but it remains to be seen what good will come of their reports.
So what can you do about this? I don’t have a perfect answer or silver bullet for you, but here are some ideas:
Contact your ISP and use any tool they offer to opt-out of their data collection practices. While the law allows them to hoover up your data and make money off of it, they are also legally obligated to give you a way to opt-out!
You could use a VPN. Or Private Browsing mode. Or the Tor browser. But none of those are great solutions, and I don’t recommend them. ISPs may still gather info about you, despite your use of these tools, and they’ll cost you money or time as you try them. The root of the problem (the law) is not addressed by these tactics.
Communicate with your state legislators, and ask them to promote laws that deal with this issue. Some states have legislation in the works that may clamp down on ISP Data Collection. Let your government know how you feel about your personal information and what ISPs are allowed to do with it!
Most searches on the internet are carried out through Google Search. But not everyone wants to use Google, Bing or the other big search engines. These companies usually track you through your searches, and use that information to better advertise to you.
If you’re looking for a search engine that respects your privacy more or collects less of your data, here are some safe & easy alternatives to try:
These search engines may still rely on Google search results or other big engine technology. But if you read their promises, they’ll still gather less info on you, and prevent the big companies from studying you as you search the web.
Last month, I posted the basics about Private Browsing, but I skipped mentioning one of its important uses: Bypassing paywalls. When a website insists that you pay for access, Private Browsing can sometimes get you in without payment or logging in.
This most commonly works for news websites and other pages that offer you “5 free articles this month” before requiring you to sign up and buy a subscription. If you really need to read an article behind a paywall, you can try to right-click the link to the article and open the link in a Private Browsing/Incognito window. Or, you can copy the URL to the article, open a separate Private Browsing window, and paste it onto the address bar.
This works based on the cookies and other temp files placed on your computer by the website in question. When you switch over to a Private browsing window, the website cannot detect or place cookies on your computer. Having no cookie access, the website cannot know if you’ve viewed 1 or 5 or any number of its articles. So it may treat you as a new visitor & just let you in.
I have hesitated to broadcast this, as I don’t want to encourage Not Paying For Journalism. Many news media companies are suffering financially, and I don’t want to add to their financial woes. So I would like to ask that you consider using this tip as comparable to taking a free sample at Costco. If you find yourself returning again and again, for many free samples, please consider paying for what you are viewing. That company you are taking from needs your support!
These days, all web browsers offer a function called Private Browsing. Let’s go over what Private Browsing is and isn’t.
Private Browsing allows you to use the internet so that no traces of your surfing are saved or left behind on that computer. Whatever you do while Private Browsing disappears from that computer as soon as you close the Private Browsing window.
You should use Private Browsing if you are at a public computer. For example: At the library, you should always use Private Browsing! Check your email, use Facebook, etc. and when you close your private browsing window, your logins and other website traces vanish. The next person to use that computer will see no evidence of where you surfed, and your passwords will not be saved.
You might also use Private Browsing if you’re borrowing a computer from a friend or employer. That way, when you return the computer, you won’t have to worry about others seeing your internet history or login information. Also, if you’re doing some holiday shopping and worry that your spouse might get nosy, you can use Private Browsing to hide your tracks.
Private Browsing does not anonymize or conceal your internet behavior, outside of the computer you are using. Your activity is still traceable beyond the computer being used to surf the internet. Most ISPs keep logs on what their users visit and do on the internet, and Private Browsing does not prevent that.
As an example, let’s say someone starts a Private Browsing and commits a crime on the internet. Someone will (hopefully) report that crime. A competent investigator will trace the crime to an IP address, which will lead him to an Internet Service Provider. The ISP will (often quickly) cooperate to offer a physical location for that IP address. And then an officer is dispatched to knock on soeone’s door with questions and possibly an arrest warrant.
At the risk of stating the obvious, I will implore you: Do not commit crime over the internet. Treat other people on the internet as you would in meat-space.
Each browser calls their Private Browsing tool something different. So that you can learn the name and usage for your browser, here are some help articles and details for the most common browsers:
The Chrome browser offers a choice of protection as you surf the net. If you use Google Chrome, you should review your level of protection, and change it according to your needs.
If you go to this website, Google will tell you the steps to follow, in order to check your “Safe Browsing” setting. Make sure to click your device type (Computer, Android, or iPhone & iPad) to get appropriate directions.
Once you find this setting on your device, you have 3 choices: No Protection, Standard Protection or Enhanced Protection. Read the descriptions and make a choice based on what’s best for you.
If you have privacy concerns and don’t want your extra browser info sent to Google, just choose Standard Protection. If you need all the help you can get against malware and bad websites, set it to Enhanced Protection. If you’re a web developer or advanced user, perhaps No Protection will interfere with your work the least.
Are we being surveilled by our devices? I don’t know for sure. Important people at Facebook and Amazon insist their apps are not snooping on us. They swear their apps only access your microphone with your permission, and only when you’re using the app. But I can’t say I’ve ever been 100% convinced by their responses.
And it gets a little eerie when the advertising on our devices resembles what you were just talking about with your friends. One minute you’re chatting about how you miss eating at Outback, and the next minute, your browser is filled with mail-order steak ads. Is Big Tech listening in, 24-7? Or is coincidence combining with constant marketing to create paranoia?
Whatever the answer, you should know that you can review your device’s Microphone permissions at any time. Your computer/tablet/phone will tell you which apps have access to your microphone.
On an Android phone or tablet, try going to Settings -> Privacy -> Permission Manager -> Microphone. For iPhones and iPads, it would be Settings -> Privacy -> Microphone.
With these settings in front of you, you can revoke any app’s permission to use your microphone. And you can give it back, later, as desired. Feel free to experiment with these, if it gives you a little extra peace of mind.