Episode
28

Google Do’s And Don’ts – How To Protect Your Privacy

Did you know Incognito Mode doesn’t really mean you’re invisible to a web browser? Your behaviors could still be tracked and your clicks could still be collected. However, that doesn’t mean you can’t feel safe while browsing privately.

Today, Jason Pufahl and Steven Maresca discuss easy steps you can take to feel more confident about protecting your personal data while using any browser or Cloud-based application.

CyberSound episode 28

Episode Transcript

[00:00:01.210] – Speaker 1

This is CyberSound, your simplified and fundamentals-focused source for all things cybersecurity, with your hosts, Jason Pufahl and Steve Maresca.

[00:00:12.110] – Jason Pufahl

Welcome to CyberSound. I’m your host, Jason Pufahl. And today, it really is just Steve Maresca and me.

[00:00:18.280] – Steve Maresca

Hi there.

Expand Transcript

[00:00:20.630] – Jason Pufahl

Hey. Maybe, it’s because we’re scaring people away with the topic, I don’t know. In a way, as I thought about this, maybe it’s a little bit of a follow up to our Christmas episode, a tiny bit where we really did in a satirical matter, talk a little bit about lack of privacy. And I think today, we wanted to spend some time on how do you use the Internet in a day and age where being tracked is an application? I don’t want to position that negatively.

[00:00:53.770] – Jason Pufahl

In some ways, having your user behavioral activities tracked can provide some value. And I think we chatted a little bit before this around some of the ways to maybe be a little bit more private, some of the ways to make the data and advertisements and things like that, ensure that it’s a little bit more relevant to you, perhaps. So not so much the how do you avoid being tracked, but how do you use your browser, how do you access the Internet and make sure what you’re doing is then ultimately meaningful for you.

[00:01:26.150] – Steve Maresca

It’s a tricky subject. We were talking about Santa and how he finds what gifts to give you and your children. That’s a little different. But Santa used the tools the same way that we might use the tools, but with foreknowledge of implications.

[00:01:42.650] – Jason Pufahl

So the common one that I think — I’ll go on to the limit — I think probably most people are familiar with is probably, Incognito Mode in, certainly, Chrome. I think the majority of browsers now have that concept of incognito, right? And I think we want to be careful. It doesn’t mean fully anonymous. Nobody can ever see or identify what you’ve done, right?

[00:02:01.870] – Steve Maresca

Yeah. So, for those who aren’t aware, browsers have the ability to open a window that is private and largely divested of information that you’ve accumulated while using the browser otherwise. What does that mean ultimately? It doesn’t have your session logged into Google. It doesn’t have you logged into Microsoft online. All the things that you’ve been using, you would need to in that browser, login again as if you were starting from scratch.

[00:02:28.610] – Steve Maresca

Now, that sounds like an inconvenience described that way. But when you’re interacting with a web browser or web search engine, that may actually be an aid to you. The reason we bring it up is that occasionally there’s a benefit to shedding all of the accumulations of behavior that you’ve brought on with your session over the last week, month, day, whatever the time period might be.

[00:02:54.950] – Steve Maresca

Strategies to stay private on the Internet are almost missing the point because you’re not private. Everything you do is being tracked in some capacity. If you’re using a free service, it’s being supported by ads. It’s functioning by using a lack of privacy to even get its revenue. So, what do you do in that reality? Recognize that it’s happening—first and foremost—and understand that how you interact with services changes fundamentally how they deliver content to you.

[00:03:29.600] – Steve Maresca

And I think I want to start basically with a search engine. And I’ll be very liberal with definition of a search engine. I might be referring to Facebook, Instagram, Bing, Google, of course but more generally, anything that you can use to consume media or content. Your viewing history on YouTube is just as relevant as your search groups in Google for this conversation. Those platforms learn who you are, what you like to do, what terms mean to you, and what they do is deliver content that you’re most likely to click in that moment.

[00:04:07.370] – Steve Maresca

And occasionally that’s helpful, right? It helps you identify things that you might not have been aware of, in that moment, but are adjacent subjects, adjacent content. That’s great. Other times, it might deliver content that you don’t mean to actually reach, say you’re searching for a term that overlaps between a variety of fields. Search results might be obscured from you when it already understands that you’re looking for field A, not field B. It’s a real issue in terms of understanding what you’re seeking and trying to get the most meaningful results back.

 

[00:04:46.640] – Jason Pufahl

So, it is a double-edged sword, though, to some degree, right? I’m not a huge Facebook user. I use it to follow some skiing groups, a few other very topical things. But what I have found is the more I look at some of the skiing groups, the more I’m presented by skiing-related information, right? So, you can easily see how being focused during a period of time, all of a sudden, gets you more and more focused. And it’s almost difficult to be diverse now and have the opportunity to go into a direction that you’re just not thinking about because it’s the season, for example.

[00:05:27.610] – Steve Maresca

Right. It’s wintertime. You’re thinking about skiing. You’re getting stuff from Patagonia, from Alpine resorts. They’re trying to get you to spend your money there.

[00:05:35.400] – Jason Pufahl

And overwhelmingly now, that’s what my feed looks like, right? I don’t see a lot of other things that I’m really interested in, which is a problem. I don’t know how to address that because the alternative is, I’ve handed my phone or my computer to my kid, who then also searched for something. And now I’m getting things about Matchbox cars, right? There’s something we talked about earlier. It’s wildly divergent, but it’s difficult to get some of these different interests to be displayed with the algorithms where they are.

[00:06:05.550] – Steve Maresca

And this brings us back to incognito and private mode browsing. If you need to compartmentalize the activity that’s occurring on your system, maybe it’s just because your friend needs to log in to check their email and you don’t want them looking at yours. You open up an incognito browser. If you want to search for car parts later and not get Matchbox car results, you need to separate those activities because otherwise Google thinks your kid looking for something is associated with your interest.

[00:06:36.390] – Steve Maresca

This maps back to protecting your privacy and protecting your interaction with various services because, occasionally, you search for things that you don’t want others knowing about. Simple thing. Some time ago now, I was looking up destinations for a honeymoon. I was planning around proposing to my wife. I didn’t want her to know that I was doing all of that. Yet, we shared the same Internet connection at home, shared some of the same devices, so I had to be very careful about it. This is not an abstract concept. I know of several people who got an early tip-off that a proposal was going to happen because of that type of thing.

 

[00:07:20.470] – Steve Maresca

The same is true across a whole wealth of other subjects. We made jokes back in the holiday time, basically, about kids giving their parents tip-off about things they were interested in because of the crossing of advertisements. But the same thing could happen if you’re looking at something a little more private that you don’t want others to know about. These are mechanisms to avoid that type of thing.

[00:07:46.670] – Steve Maresca

Other ways to go about it, log out of services if you don’t need them. Facebook has a little tracking pixel in every page under the sun, so does Twitter, so does Instagram. You name it. If you’re a little more careful about how you’re logged into those services, you’re—to some degree, to a lesser degree—certainly, than opening a private browser window, protecting yourself if you avoid being logged in.

[00:08:13.150] – Jason Pufahl

I’m curious though. Incognito is one tool that you have. It was long thought that VPNs provided privacy.

[00:08:24.860] – Steve Maresca

Yeah, it’s certainly an active advertising campaign across multiple sources of social media. If you’re at all YouTube consumer-sponsored videos from NordVPN, or you name it. The truth is no. It’s not protecting you at all. It’s just encapsulating your traffic with encryption. But you’re still logged in on those services. You’re just exiting via different point.

[00:08:47.130] – Jason Pufahl

It doesn’t really change anything.

[00:08:48.020] – Steve Maresca

It doesn’t change a thing.

[00:08:48.960] – Jason Pufahl

And, in fact, they don’t even help that much for tricking YouTube, TV, and these other services to say that you’re in a different part of the country. They figured that out.

 

[00:08:57.050] – Steve Maresca

Right. Your browser communicates its time zone, your local language. It knows even if you’re exiting through Vienna, that you’re in, probably Eastern Seaboard U.S., there’s no real subterfuge being achieved. So avoid VPNs unless you have a real reason to use them. But bottom line, just be cognizant of what you’re searching through, what services, through what devices, and what you’re logged into at that time. That will solve three-quarters of the things that we’re talking about.

[00:09:28.930] – Steve Maresca

Maybe, it’s a benefit that you search on Google for a product and suddenly get recommendations on Amazon. That’s not a negative in all scenarios. There are benefits to all of these things, but when you cross those boundaries between subject domains, sometimes it’s a problem. I’m a programmer, but I’m also interested in chemistry gardening. Wildly divergent subjects and a lot of terms tend to overlap between them. You just don’t get the results you want if you happen to be switching so rapidly from one subject to another.

[00:10:07.030] – Jason Pufahl

So, you talked about the tracking pixel. We certainly talked about how search results are used to provide you the future information. One thing I think that we all see now, every time you go to a new company’s website, is the notification around cookie tracking, right? That’s hugely a result of the European Privacy law GDPR. But they’re all worded in such a way as to encourage you to probably accept all of the cookies, maybe spend a second on a few, frankly one, what is a cookie? And then two, is there any harm to say no, don’t accept cookies in those [inaudible 00:10:50]. But you see that banner every major company’s website, certainly nowadays.

[00:10:55.570] – Steve Maresca

So, the usual analogy used with a cookie is that you’re leaving little crumbs behind whenever you visit a site. It’s apropos those strained a little bit. The basic concept is that a cookie is a way of individually, uniquely identifying you for the duration of your interaction with the website. And that’s helpful for a lot of reasons. It enables it to show an image that’s relevant to you so that you know you’ve already logged in, to display content that’s relevant to you and not to a friend or another person entirely. But they enable secondary tracking like we’ve alluded a moment ago, when you visit a website with a Facebook icon on it, it’s basically conveying to Facebook and its marketplace of marketing agencies that you are interested in that website and the topics broadly associated with it.

[00:11:50.310] – Jason Pufahl

So, I want to jump back for one second. As you said, it can track you for the duration of time that you visit that website. As soon as I hear that, I think to myself that’s probably meaning the time that I’m actively looking at it. But that can span…

[00:12:03.380] – Steve Maresca

That’s a fair point. Yeah, cookies are persistent. Many of them expire, some of them don’t. But the point is, it’s something that sticks along with you. And most website creators are inclined to keep them as lengthy as possible because you might return to them or visit a partner website.

[00:12:21.350] – Jason Pufahl

It’s beneficial for them. And frankly, they do make the experience better, because to your point, you do get content that maybe you saw before or returns you to a location that’s relevant.

[00:12:30.630] – Steve Maresca

But getting back to the GDPR context. When GDPR was enacted, of course, many websites basically implemented the freedom to not be tracked components of GDPR by advertising the fact that they were producing cookies relevant to your browsing experience. And you have to accept whether you allow them or not. You can reject them.

[00:12:53.410] – Steve Maresca

Most of those websites present a green button or an okay or a bigger button in the location you expect from typical dialogs of that sort. To accept everything, you actually need to drill down a couple of levels to toggle off the tracking cookies for third-party marketing and so forth. Just be aware of that. It takes a second. It’s irritating, but if you don’t want your browsing activity to be inherently shared with third parties, there are some steps that allow you to use those prompts to at least control what type of activity sites are allowed to do.

[00:13:30.550] – Steve Maresca

I think that it’s relevant because of the broader conversation at large, if you’re browsing on a site and you accept those cookies, inherently it enables them to resell your browsing habits and make a dime off of you. Maybe, that’s okay. Maybe, you’re doing that with eyes wide open, perhaps not. Just be aware of it.

[00:13:52.930] – Steve Maresca

I think stepping way back, the bigger conversation here has to do with the notion of what some people call filter bubble, and it’s a very big term for a problem that has basically been addressed by most of the preamble here. All of the sites and services we use algorithms to adapt to us to provide what they perceive as a more personalized experience. That’s great if you want to find material that is relevant to you and of interest to you. It’s horrendously corrosive if you’re trying to seek divergent opinions or counter positions.

[00:14:35.420] – Steve Maresca

Because if you try to search for something that is the opposite of your own general viewpoint in something like Google, it’s not going to produce results that are in that vein. You need to take deliberate action to enter an incognito or a private window to actually get search results that are generic and objective and removed from that era of customization and personalization.

[00:15:02.810] – Steve Maresca

You can use other browsers like DuckDuckGo, not browsers, web search engines, that are explicitly built around the expectation of greater privacy. They help, but you’re still visiting sites through those searches, so it’s only part of the problem.

[00:15:20.820] – Jason Pufahl

It is interesting to see just how much traction DuckDuckGo is getting. They’re advertising everywhere. It’s clear people are thinking a little bit more about privacy, which I personally find encouraging. The conversation that we’re having now, I start to find myself thinking, is it an exercise in futility to try and take all of the steps that you outlined? I go back to an activity that I did at least a half dozen years ago, where I dutifully unsubscribed to every spam message I could for about a month, and it made a tremendous difference in the amount of spam that I got for two months. And then I had it all back.

[00:16:06.650] – Jason Pufahl

This feels similar to that where you can take a lot of actions: to log out of things, to use incognito, to avoid accepting cookies indiscriminately. It really takes persistence and diligence to achieve what you’re describing, right? And what you’re describing, I feel like, is how do you get the most value from the Internet that it can? This is not so much how-do-you-avoid-being-tracked discussion. There’s a lot of resources out there. How do you make sure that you’re exposed to them? There’s some useful ways to do that, but it takes effort.

[00:16:40.430] – Steve Maresca

Yeah. I think it’s appropriate to think of it that way. It’s a privacy-oriented discussion but reframing as using the Internet in the most effective way possible for you in that moment is probably a great way to look at it. Candidly, I’m as paranoid as they come from a security-oriented perspective. But that doesn’t mean I morph all of my behavior into this zero-sum game because that’s not practical.

[00:17:09.470] – Steve Maresca

For certain activity, I couldn’t care less. I’m logged in for a session that might persist for a month in some browsers. Others, I might deliberately open a window and search for a certain subject so that I am receiving generally objective, generally unfiltered content. It depends upon the situation. And the point is that people need to be aware that these behaviors are beneficial and deleterious at the same time. Behave appropriately for the moment, whether it be searching for gifts, preparing for a proposal, or something a little more private that you don’t want others to know about.

[00:17:48.680] – Speaker 1

So, in the spirit of a little bit of, how to use the Internet effectively? I think one thing that I know about you personally that stands out to me always is you understand how to use Google. You know how to search. You think through the way you craft your searches. I don’t think a lot of people don’t do that, right? They put a very basic search term in. The results are those are going to be the most generic. I think it’s fair to say that a piece of this is you understand how the Internet works, but then also understand how some of the search engines get their results and learn a little bit better how to tailor your searches to get the results that you actually are looking for.

[00:18:28.850] – Steve Maresca

Right. Bing, Google, Microsoft—their tools are blisteringly intelligent.

[00:18:37.580] – Jason Pufahl

And the software products, right?

[00:18:38.900] – Steve Maresca

But they’re dumb at the end of the day. You need to understand that they’re just computer algorithms and give them a leg up if you want to get the results that you intend to actually obtain. And part of that is actually going through clicking the advanced search or clicking the question mark next to those search boxes and learning a little about how they function, asking a question like Scotty Computer. I don’t know what year that was, but the Star Trek movie, mid-‘80s. They still don’t work that way. You can ask the natural language questions and expect a reasonable response even though billions of dollars of investment have been placed towards making that a reality.

[00:19:23.410] – Jason Pufahl

It’s so interesting that you bring that up because I feel… I’ve got two teenage kids and they ask Siri or Alexa or whomever really natural language questions all the time and they never, never get results that are worthwhile. Eventually we’ll get there, right? I mean, there’s no doubt, but we’re not there today and sometimes the last things that are 15 words long and as soon as they get going [inaudible 00:19:51].

[00:19:52.250] – Steve Maresca

I think an adjacent suggestion here is persistence. Because of that reality, the tools we have are imperfect. They’re designed to deliver things that they think or an algorithm calculates is the most likely, most clickable result. That’s not likely the case. It might be delivered with an advertisement that’s deceptively designed to look like a search result. If you don’t see what you’re looking to actually reach, just try again. Restrict your search query, come up with better terms, think how you would ask the question of someone who speaks a language other than your own. And that’s probably how you want to go about interrogating a search engine or something like that.

[00:20:38.470] – Jason Pufahl

Yeah. There’s some good tools out there. The internet certainly has wildly divergent sets of information. Don’t fear. Try to take steps so you’re not getting your information limited to you, right?

[00:20:53.290] – Steve Maresca

Yeah. I think that’s an important message along with… You have no expectation of privacy. You’re using, for the large part, free advertising, supported services. That’s the price of admission. Just walk in with that expectation and or understanding, at least, and there won’t be any surprises.

[00:21:12.380] – Jason Pufahl

Fair enough. I tend to end the same way, right? But in this case, I really feel like, if there are comments on how do you maximize the value of the internet, reach out to us at Vancord at LinkedIn or VancordSecurity at Twitter. I feel like there’s a million directions you can take this conversation.

[00:21:33.900] – Steve Maresca

It’s true. Security is one of those realms that has tendrils into everything and this is a great example of it.

[00:21:38.940] – Jason Pufahl

Yeah, it is. So we hope everybody got some value out of this. Hope you are thinking a little bit differently maybe about the way you approach the Internet. And as always, thanks for listening, and have a good day.

[00:21:51.930] – Speaker 1

Stay vigilant. Stay resilient. This has been CyberSound.

Episode Details

Hosts
Categories