It’s that time of year again! Black Friday, Cyber Monday, Boxing Day and all the other gift shopping days between now and the end of the year. (Already missed Singles Day, though.) But you need to make sure that you’re not giving away your gift recipient’s privacy or giving hackers a means to rip off your loved ones. So let’s explore some of the best and worst gifts for 2018!
Worst Gifts for Privacy & Security
Let’s get these out of the way first. If you’re thinking about getting someone one of these gifts, you might want to think again.
Worst Gift: DNA Analysis Kit
DNA analysis kits have gotten very popular: send away a little spit sample and get back a detailed analysis of your heritage. Some tests even claim to provide you with insights into your future health issues. But you need to understand why these services could be a privacy nightmare. First of all, there may be relatives out there that you don’t want to know about – or have them know about you. I’ve personally been told a horror story about a paternity secret that was revealed after being kept secret for decades. (The analysis kit was given as a gift, by the way).
You also have to realize how much deeply personal information is contained in your DNA. What if that date were to be stolen? We’ve seen how even the most secure organizations have failed to keep their secrets safe. It’s well worth noting that the privacy policies for companies like Ancestry.com and 23andme.com are pretty creepy. We’re just beginning to discover how to unlock the secrets in our genes and these services may analyze your data forever. The privacy policies seem to allow them to share your data with others, as well. Even if they claim to share your data anonymously, it’s your DNA… it is you. I wouldn’t count on it remaining anonymous.
Finally, you should be conscious of the fact that you’re sharing other people’s DNA, too. Every blood relative (known or unknown to you) shares some portion of your DNA.
Second Worst: Facebook Portal
I admit it. I have several Amazon
Bugging Echo devices. They’re just so handy! Many people that know me are shocked by this fact. How can a privacy nut voluntarily bug their own house? As a software engineer, I’ve actually worked on building products with voice recognition technology – so I know how they work. They’re not actually sending all your audio to “the Cloud” – that’s impractical and unnecessary. These devices are hard-coded to listen for a “wake word”. Only when this magic phrase is given does the device come alive and send the next second or two of audio out to be processed. I’m also certain that security researchers are monitoring these products like hawks. If they start sending all your audio to the ‘net, we’ll know about it.
But why would anyone trust a device from Facebook that contains both a microphone and a camera? You couldn’t pay me enough to put a Facebook Portal in my house. Just say no. (And you should really just consider deleting Facebook all together.)
Generally speaking, you should be wary of any device that’s connected to the Internet. Even the best of intentions can have unintended outcomes. There’s a huge rush to get all our things online, and security is often missing or woefully inadequate. When it comes to privacy, many of these devices are deliberately tracking you and monetizing your data.
Case in point: the new Kinsa smart thermometer. This digital thermometer connects to a handy smartphone app so you can keep historical data… and presumably other interesting stuff. Of course, Kinsa also collects that data itself – anonymously, so they say. And as is often the case in these situations, the company has found a way to monetize that data. Clorox paid to get the data so that it could tell, in real time, where people were getting sick. Why? So they could target ads for things like disinfectant wipes to people in flu-ridden regions.
Another trend that disturbs me is the clamor for turning kids’ toys into smart toys. It’s one thing to put a microwave oven online; it’s quite another to put a WiFi chip in Barbie dolls.
But there are things you can do to mitigate the security and privacy risks of these devices.
Mitigating Security and Privacy Risks
Connecting everyday “dumb” devices to the Internet to make them “smart” devices is generally referred to as the Internet of Things (IoT). And as I love to say: the “S” in “IoT” is for security! We’ve connected thermostats, light bulbs, refrigerators, outlet switches, web cams, even toasters to the Internet. Unfortunately, these devices (like most tech devices) need to be as cheap as possible. And one of the easiest places to save some money is on security. Hackers know this and conscript your not-so-smart devices into zombie armies.
Some of the smart features are actually very cool and useful. I’m a gadget freak – I have literally dozens of devices in my home that are connected to “the Cloud”. But I also know how to mitigate the risks they pose. First and foremost, if you don’t need the smart features, don’t enable them. Specifically, don’t connect the devices to the Internet. It’s almost impossible to buy a TV that’s not “smart” these days, but most of us don’t actually need these features. So when it asks you to set up WiFi, you can just skip that step.
The next best option is to put all of these IoT devices on a different WiFi network. Almost all modern WiFi routers have the ability to set up a second “guest” network. The guest network can get to the Internet, but can’t “see” the devices on your main network. This compartmentalizes things neatly. You should not only direct your house guests (and their questionable devices) to use this network, but you should put your likely-insecure IoT devices on that network, as well. (See this article for more info on how to do this.)
Finally, you need to lock down your devices and keep their software up to date. Not all devices even allow this (which is just crazy). But when they do, you need to take steps to beef up their security. This is particularly true for your WiFi router itself.
Best Gifts for Security
Now that we’ve covered what not to give someone, let’s talk about some products and services that can actually enhance your privacy and security!
Choosing an Antivirus Program
If you’re giving someone a computer, I would not bother to buy them a subscription to an antivirus service. Since many Windows PC’s come with free trials, I would also recommend you just delete them immediately. I wrote about it extensively here, but in summary, these products tend to be overly aggressive and can actually do more harm than good. Windows computers come with Defender, which is free and plenty good for most people. For Macs, try the free home versions from Sophos or Avira. But your best protection is just safe surfing habits.
Protecting Your Data is as Easy at 1-2-3
Everyone should be backing up their files – certainly anything they can’t replace like family photos, home videos, historical documents, etc. For these special digital files, we should all be following the 3-2-1 rule: three copies of every file – the original plus two backups, one of which should be offsite. So ideally, you would have a cloud backup service (offsite) and a little USB external hard drive for local backups. I personally like Backblaze for most people – it’s dead simple to use and the cost is very reasonable. For external drives, I’ve always been partial to the Western Digital portable drives. Both Macs and PCs come with free software to do local backups: Time Machine and Windows Backup, respectively.
Power in the Darkness
I would recommend that everyone with a desktop computer have it hooked up to a good Uninterruptible Power Supply, or UPS. This is basically a big battery that will keep your computer running for a short time when you lose power. It’s not really about being able to use the computer when the lights are out, it’s about giving your computer time to shut down gracefully. Yanking the power from a running computer is really harsh and it could even corrupt your hard drive. Make sure to also connect your computer to the UPS via the included USB cable. This allows the UPS to tell your computer “hey, power is going away soon, shut down now!”
It’s also very handy to have for your Internet modem and WiFi router – allowing you to use the Internet even when the power is off (using battery-operated devices like smartphones, tablets and laptops).
I wrote a long article about preparing for a power outage here, but the short version is you should look at getting a standard UPS like the CyberPower 1000VA UPS or a smaller Lithium Ion device like the Anker Powerhouse. For your smartphones, you might try the Anker Powercore+ charger.
All in the Family
You shouldn’t know any of your passwords. If you can remember it, it’s probably easy for a hacker to guess. And most of us have dozens of passwords to remember, which causes people to reuse passwords on multiple sites. That’s bad. Really bad. The only solution for this problem is to use a password manager like LastPass. This wonderful tool will save all your passwords (very securely) and allow you to generate crazy, random, strong , unique passwords for every account and website – passwords you couldn’t possibly remember but passwords that hackers couldn’t possibly guess. While the base service is totally free, the Family Plan would make a great gift. It allows for sharing of passwords and access in case someone were to die or become incapacitated.
Best Gifts for Privacy
Our privacy is under assault today and most people aren’t even aware of it. Because we don’t want to pay for web services with money, we end up paying for them with our personal information. And that information is bought and sold all over the place. Until the US adopts privacy regulations like the EU’s GDPR, we need to take matters into our own hands. (If you don’t think this is important, you need to watch this TED Talk.)
First and foremost, you should be using the right web browser, complete with privacy plugins. You can also use some kick-butt private messaging services, which are totally free. But since we’re talking about gifts, there are two for-pay services that you could buy for your loved ones (and yourself): end-to-end encrypted email and a virtual private network (VPN).
Truly Private Email
Most of us use one of the prominent free email services. And why not? The service is excellent and it costs nothing… except your privacy. Google is not giving away Gmail altruistically. They’re collecting vast amounts of information on you and using that info to target you with advertising. What could I find out about you by scanning all your emails? Probably quite a bit. And even if they say they will never abuse your data, that doesn’t mean hackers won’t just steal it. If you’re ready to put a stop to this rampant data mining, then you’re going to have to pony up and pay for your email. There are several secure email services out there now, including Tutanota, Hushmail, Mailfence, and others – but I personally like ProtonMail. It’s easy to use, reasonably priced and they’re expanding their services all the time. You can try their free tier first to see if you like it.
Blinders for Prying Eyes
Virtual Private Networks allow you to shield your Internet traffic from prying eyes – whether it be everyone else in the coffee shop or airport, or your Internet Service Provider (who now has no restrictions on snarfing up your data for profit). Choosing a VPN service can be tricky, however. I would avoid free services and find a reputable, long-lived company that focuses on privacy. For non-technical people, you should check out TunnelBear. It’s easy to use and set up. For more avid computer users, I would look at ExpressVPN. Note that ProtonMail now includes a VPN service that you can use if you pay for their email already.
Give the Gift of Knowledge
Last but certainly not least, I personally like to read books when I want to learn about something. Forewarned is forearmed! Here are some great stocking stuffer ideas:
- Data and Goliath by Bruce Schneier. Bruce is a world-renowned security expert, but he’s also a very good writer. This book does a very good job at explaining why data privacy is so important and how our corporations and governments are holding way too much power of us. (Full review here.)
- Little Brother by Cory Doctorow. This book is short and entertaining fiction, but it’s also a treatise on the importance of security and privacy in the digital age. This book is even free, if you want to download the PDF.
- Firewalls Don’t Stop Dragons by me! The entire purpose of my book is to help people protect themselves. The book covers all the tips above – over 150 other tips in all, complete with easy step-by-step instructions and pictures, covering Mac, PC, iOS and Android. If you’re giving someone a new computer, tablet or smartphone, it’s a great companion gift.
We’re finally starting to see independent, third-party reviews of products from a privacy and cybersecurity perspective. It’s a welcome change! Hopefully we’ll see more of this.
- Consumer Reports recently reviewed home webcams and included security in its findings, for example.
- Mozilla (the fine folks behind the Firefox browser) have a new site called Privacy Not Included, where they attempt to review popular products based on how well they protect your privacy.
[Full disclosure: If you happen to buy any of the things here from Amazon, I might get a little kickback. Most of this stuff isn’t on Amazon and that wasn’t why I picked them. But if you’d like to support my efforts here, then clicking the Amazon links might result in a little funding for me.]
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!