Managing mobile privacy is complex
Managing Mobile Privacy

As noted previously, the effort to maintain anonymity while using the Internet is a never-ending struggle. We have been quite diligent about hardening our desktop and laptop systems. This included a browser change, the addition of several browser add-ons, the implementation of a privacy-focused DNS infrastructure, and the routine use of a VPN infrastructure. But while we focused upon the privacy of our static assets, our mobile privacy was still under siege.

Yes, we had done a couple of routine things (e.g., browser changes, add-one, and use of our new DNS infrastructure). But we had not yet spent any focused time upon improving the mobile privacy of our handheld assets. So we have just finished spending a few days addressing quite a few items. We hope that these efforts will help to assure enhanced mobile privacy.

Our Mobile Privacy Goals

Before outlining the key items that we accomplished, it is important to highlight our key goals:

  1. Start fresh. It would be nearly impossible to retrofit a hardened template onto an existing base – especially if you use a BYOD strategy. That’s because the factory images for most phones are designed to leverage existing tools – most of which exact an enormous price in terms of their privacy concessions.
  2. Decide whether or not you wish to utilize open source tools (that have been reviewed) or trust the vendor of the applications which you will use. Yes, this is the Apple iOS v. Android issue. And it is a real decision. If it were just about cost, you would always
  3. Accept the truth that becoming more private (and more anonymous) will require breaking the link to most Google tools. Few of us realize just how much data each and every mobile app collects. And on Android phones, this “tax” is quite high. For Apple phones, the Google “tax” is not as high. But that “good news” is offset by the “bad news” that Apple retains exclusive rights to most of its source code. Yes, the current CEO has promised to be good. [Note: But so did the original Google leaders. And as of today, Google has abandoned its promise to “do no evil”.] But what happens when Mr. Tim Cook leaves?
  4. Act on the truth of the preceding paragraph. That means exchanging Google Apps for apps that are more open and more privacy-focused. If you want to understand just how much risk you are accepting when using a stock Android phone, just install Exodus Privacy and see what your current apps can do. The terrifying truth is that we almost always click the “Allow” button when apps are installed. You must break that habit. And you must evaluate the merits of every permission request. Remember, the power to decide your apps is one of the greatest powers that you have. So don’t take it lightly.
  5. Be aware that Google is not the only company that wishes to use you (and your data) to add profits to their bottom line. Facebook does it. Amazon does it. Apple does it. Even Netflix does it. In fact, almost everyone does it. Can you avoid being exploited by unfeeling corporate masters? Sure, if you don’t use the Internet. But since that is unlikely, you should be aware that you are the most important product that most tech companies sell. And you must take steps to minimize your exploitation risk.
  6. If and where possible, we will host services on our own rather than rely upon unscrupulous vendors. Like most executives, I have tremendous respect for our partner providers. But not every company that we work with is a partner. Some are just vendors. And vendors are the ones who will either exploit your data or take no special interest in protecting your data. On the other hand, no one knows your business better than you do. And no one cares about your business as much as you do. So wherever possible, trust you own teams – or your valued (and trusted) partners.
Our Plan of Attack

With these principles in mind, here is our list of what we’ve done since last week:

    Update OS software for mobile devices
        Factory reset of all mobile devices
        SIM PIN
        Minimum 16-character device PIN
    Browser: Firefox & TOR Browser
    Search Providers: DuckDuckGo
    Browser Add-ons
        Content Blocking
            Ads: uBlock Origin
            Scripts: uMatrix
            Canvas Elements: Canvas Blocker
            WebRTC: Disable WebRTC
            CDN Usage: Decentraleyes
            Cookie Management: Cookie AutoDelete
        Isolation / Containers: Firefox Multi-Account Containers
    Mobile Applications
        Exodus Privacy
        Package Disabler Pro
        OpenVPN + VPN Provider S/W
        Eliminate Google Tools on Mobile Devices
            Google Search -> DuckDuckGo or SearX
            GMail -> K-9 Mail
            GApps -> "Simple" Tools
            Android Keyboard -> AnySoftKeyboard
            Stock Android Launcher -> Open Launcher
            Stock Android Camera -> Open Camera
            Stock Android Contacts / Dialer -> True Phone
            Google Maps -> Open Street Maps (OSM)
            Play Store -> F-Droid + APKMirror
            YouTube -> PeerTube + ??? 
        Cloud File Storage -> SyncThing
Our Results

Implementing the above list took far more time than we anticipated. And some of these things require some caveats. For example, there is no clear competitor for YouTube. Yes, there are a couple of noteworthy challengers (e.g., PeerTube, D-Tube, etc). But none have achieved feature sufficiency. So if you must use YouTube, then please do so in a secure browser.

You might quibble with some of the steps that we took. But we believe that we have a very strong case for each of these decisions and each of these steps. And I will gladly discuss the “why’s” for any of them – if you’re interested. Until then, we have “cranked it up to eleven”. We believe that we are in a better position regarding our mobile privacy. And after today, our current “eleven” will become the new ten! Continuous process improvement, for the win!

One thought on “Mobile Privacy Demands Some Sacrifices

Comments are closed.