How to protect your privacy on a mobile phoneSep 24, 2020
Talk of Internet privacy, surveillance, and VPNs often conjures images of people working on desktops or laptops in offices or public spaces, taking steps to keep their information safe online. But nowadays more than half of all Internet activity takes place over mobile phones. So it's crucial to understand that at the same time as our devices are providing vast amounts of information that allow us to lead our daily lives, they are also collecting data about us in equal or greater amounts.
The fact that our mobile activity can be so easily tracked is demonstrated by the preponderance of information captured by our phones: location, movement, voice, browsing activity, and more. The truth is that for most people, the Internet is something carried around in a pocket. In order to maintain privacy, then, it's not enough to take precautions on laptops and desktops -- we need to stay private on our mobile phones as well.
Our smartphones have a number of characteristics that distinguish them from desktops and other, more fixed devices. While anything connected to the Internet can transmit location data, mobile devices can paint a picture of a person's everyday activity in a way that laptops, smart TVs, and other gadgets don't. Indeed, governments already use location data from millions of smartphones to gain a picture of the habits and movements of their populations.
It's not difficult to imagine how smartphone data could be used as a weapon against ordinary people. Data about where people have been, with whom they've crossed paths, what apps they've used, what they've bought, where and when -- all of this information is easily accessible if mobile privacy is not established and maintained.
What our phones are saying about us
Our phones are continuously transmitting a universe of information about our daily activities. Key among these is location: deploying a range of techniques and tools, from GPS to cell tower tracking to Bluetooth beacons, our mobile service providers can determine our physical locations down to just a few yards. Many people use "Find My Friends" or similar apps to share their locations with friends and family. What many may not realize -- or simply may not think about -- is that regardless of whether they are actively using these apps, their phones are constantly collecting their data.
In addition to location information, our phones know which apps we are using at any given time as well as the calls we make and the texts we send. Our smartphones record any payments made through apps like PayPal or Apple Pay. They share the operating system and browser we are using when we access the Internet. Taken together, all this mobile-based digital information adds up to a highly detailed portrait of a person's activities.
Oftentimes the popular image of Internet surveillance or identity theft is one of hackers in black hats, in shady corners, eagerly hunting for weaknesses through which to pull people's sensitive information. But the truth is less dramatic and more frightening. Our data, once generated, lives in the ether as "metadata," which is used for many legitimate purposes by advertisers and businesses.
When it comes to digital privacy, people are most often betrayed by their own carelessness. For example, based solely on data transmitted "passively" by a mobile device, it would easily be possible to determine that the owner left home at a specific time to meet a friend for lunch -- including how they got to the restaurant and precisely what they ate. This sort of data is being generated and harvested all the time for advertising purposes.
It is possible for anyone with access to our data -- the apps that we browse, the cellular carriers and Internet service providers we use -- to gain enormous amounts of information about the way we live our lives based on the data that is automatically, silently transmitted by our mobile devices. This mass harvesting of data raises real concerns, the most obvious of which is that the information could fall into the wrong hands. There have been more than enough stories of large-scale data breaches to drive home the point that our information is not safe. But there are other risks.
Governments can compel businesses to turn over records of their users' activities -- and even legally monitor them through a form of surveillance known as lawful interception. Many smartphones also store users' biometric information, which includes fingerprints, facial features, and voice characteristics. When we unlock an iPhone using facial recognition, log into a bank account using a fingerprint, or ask Siri for directions, we are using biometric information.
It's important to realize that all of this data is out there, and that this simple fact puts all of us at risk. Once our information is in the public domain, there is very little we can do to regain control over it. The vast amounts of personal mobile data that are available online, and the minute details they can provide about a person's comings and goings, their relationships, even their thoughts, are a gold mine for those who would seek to steal, intimidate, or control.
Many authoritarian regimes, for instance, already use data collection limit opposition and dissent. Facial recognition technology is already employed in some countries to identify, surveil, and arrest people. In more elaborate structures, vast systems of "social credit" have been developed to regulate which privileges are awarded to whom, based partly on the data shared by mobile devices.
How to maintain the right level of privacy on mobile
Fortunately, there are ways to mitigate the privacy risks posed by smartphones. The simplest and most effective is simply to turn off transmitting devices. For strong privacy, people can disable cellular data and wi-fi, swap SIM cards, or simply leave their phones at home. Indeed, these measures may be the only solution in extreme situations. Protesters in many countries may find it safest to simply disable mobile capability altogether in order to avoid identification and harassment by authorities. Journalists working in dangerous locales may similarly find that their only option is to go analog or use a "burner" phone. These are some scenarios in which simply shutting down may be the best solution.
But for most people, most of the time, it is not feasible to go long periods without mobile connectivity. Fortunately, there are measures people can take to minimize the risk that their privacy will be compromised by their mobile devices -- without unplugging completely.
Some basic steps can be taken in the settings of our phones themselves. The first thing people should do to enhance mobile privacy is to turn off GPS when not using it. People should, whenever possible, avoid using social media via their dedicated smartphone apps. Social apps such as TikTok are continuously pulling users' data behind the scenes, monitoring and reporting back many things that aren't necessary for the app to function properly. To short-circuit this, people should use a privacy-focused browser, such as Firefox, when accessing social platforms, rather than their respective smartphone apps.
If apps must be installed, it's important to limit the things we give them access to: contacts or location, for example. Think about what the service really needs to perform its function; does a music streaming platform really need access to your contacts? Most services don't need to know a person's location even when not using the app, or to turn on voice commands. Only grant mobile app permissions if it's essential to the functionality of the app.
People can have stronger privacy without giving up mobile functionality
Beyond the privacy settings on our smartphones, there are tools people can use to strengthen and protect their privacy when they browse the Internet. Key among these privacy tools are VPNs, which route traffic through an encrypted, third-party server, obfuscating its path and making it much more difficult for third parties to identify the nature of web traffic or the identity of the user.
People often picture a desktop VPN when thinking of Internet privacy tools, but many providers have mobile apps as well. And using a mobile VPN -- already a popular way to access messaging and other services in countries where these are blocked -- may be the single most impactful choice a mobile user can make to protect their privacy. In combination with other measures, such as using a browser rather than an app to access social media services, mobile VPNs can enhance privacy by preventing third parties from seeing users' true IP addresses. Since IP addresses are one of the key identifiers of Internet users, obscuring them offers a major boost to mobile privacy.
As with all things privacy related, there is no silver bullet. For maximum security, the best approach is to combine solutions, such as using a VPN provider together with encrypted messaging and video apps. End-to-end encryption is a method whereby the content of a message or communication is scrambled, or encrypted, while in transit between devices, so that it cannot be recognized even by the service provider. The true, unencrypted message only lives on the end devices themselves, so if they are deleted there, they disappear everywhere.
The apps and browsers we use are important as well. Not all web browsers are created equal: some have clear advantages over others when it comes to privacy. It's also possible for individuals to "harden" their browsers by installing extensions and making other changes to their configurations. These changes require at least a moderate level of technical expertise, but they can make it more difficult for third parties to access information about people's online activity.
Orchid, which is a unique decentralized VPN marketplace, is available in both the Apple App Store and Google Playstore. Orchid uses an innovative system of probabilistic nanopayments to connect users to the services of many of the top VPN providers. Users can configure multiple "hops," including between different VPN providers, in order to create as much privacy around their Internet usage as is currently possible. With a VPN service such as Orchid installed, people can have much greater confidence in their mobile privacy.
Giving and taking information
We think of our phones as providing us with information -- and it's absolutely true that the last 15 years have seen a revolution in mobile technology. Each of us now carries around in our pocket a miniature supercomputer, capable of telling us almost anything about anything or anyone, of sharing music and videos, of hailing a ride or ordering dinner. For many of us, it's one of the chief ways we stay in touch and connect with the world. For better or worse, we are a mobile-first world now.
But it's imperative that we understand that our phones also collect reams of information on us as we use them -- and they take without asking. All of the searching, chatting, sharing, moving, and talking that we do is gathered, saved, and shared. Our data acts as the fuel of the digital economy.
Fortunately, with awareness, and the right tools, people can go a long way toward staying safe on their mobile devices. While there is no single way for us to achieve perfect privacy, if we take the right steps to protect ourselves when we use our mobile devices, it is possible to move confidently through our mobile-first digital world. By combining the best solutions and being aware of what the various services we use are doing behind the scenes, we can start to reclaim the mobile Internet as a place to explore freely.
Download the Orchid app today.
If you enjoyed this blog, subscribe here for privacy news, commentary, and product updates from Orchid.