With so many parties interested in messing with voters these days, it’s easy to see why people would want to shield their privacy. To delve into how they’re going about it, a recent survey conducted by Opinion Matters on behalf of Avira, explores the question of which privacy tools are being used by what percentage of respondents in three nations—the US, Germany, and Hong Kong.
What follows are some of the statistics on who’s using which tools, as well as context on what those tools can and can’t do.
Who’s using what to protect voting privacy
Antivirus: 35% of survey respondents said that they’re using antivirus solutions to avoid election-related risks, which can include phishing links disguised as political messages or campaign fundraising pitches sent in email or posted onto Twitter or other social media feeds. Clicking on such links can give an attacker access to all your personal information, which can arm hackers with the data they need to make unauthorized purchases in your name, move funds from your bank account, or steal your identity to take out loans and open credit cards.
The best defense against phishing attacks is to think before you click. Watch out for strange phrasing, capitalization, and grammar or spelling mistakes. Don’t trust a link just because it’s error-free, though—some crooks know how to spell and can write in fluent English. As well, make sure to keep your AV up to date: there’s a constant stream of new threats, and keeping virus signatures up to date is crucial to fending them off.
Robocall protector: This powerful privacy tool is used by 27% of survey respondents. Avira itself is partnering with YouMail, provider of one such tool. YouMail has a database of over 10 million “bad” phone numbers, from debt collectors to spam telemarketers. The service automatically blocks incoming calls from those numbers, presenting them with an “out of service” message.
If you are in the United States, here’s what won’t work to stop political robocalls: adding your number to the Do Not Call registry. That list doesn’t apply to political calls, so don’t waste your time. For more tips on stopping robocalls, such as checking with your wireless carrier, check out this article from Lifewire.
Using a private browser: 26% of respondents are taking this route. Unfortunately, many of us assume that private browsers protect us more than they really do.
Google Chrome’s Incognito tab, Internet Explorer’s InPrivate Browsing mode, and Firefox’s Private Browsing mode are all examples of private browsing options in some of the most common browsers. While these private browsing modes will delete your cookies, erasing your user names and passwords after you log out and preventing third parties from collecting your data, they aren’t entirely private in that they don’t block your IP address from tracking data. Nor will they stop routers, firewalls, and proxy servers from tracking your online activity.
Privacy in Google’s Chrome browser has been particularly dubious, given that sites—and researchers—have repeatedly figured out how to detect, and block, Incognito Mode. The browsers that have been found to protect privacy the most include Mozilla Firefox, Apple’s Safari, Opera, and DuckDuckGo. Opera offers script blocking and frequent updates, while DuckDuckGo doesn’t trace your search terms, website activities, or clicked links.
Watch this space: For its part, Apple is planning to roll out a new set of privacy features for Safari when Big Sur, the new macOS, debuts sometime this autumn. Finally, click here for more tips on private browsing.
Encrypted messaging: 22% of respondents are using encrypted messaging from apps such as WhatsApp, Signal, Viber, Wickr, or Telegram to protect their privacy. WhatsApp, for its part, has been a trailblazer in end-to-end encrypted messaging, with Facebook standing up to the US Congress last year, refusing to weaken encryption with so-called backdoors in spite of politicians’ threats to legislate those backdoors into being.
Unfortunately, holes have developed in these apps’ cones of silence. One was the stupidly simple social engineering hack that the UN said was used—allegedly by the crown prince of Saudi Arabia—to infect Amazon CEO Jeff Bezos’s phone with personal-message-exfiltrating malware, with one, single click. Then too, there was the zero-day vulnerability in WhatsApp that allowed attackers to silently install spyware just by placing a video call to a target’s phone. Finally, in February, WhatsApp and Facebook shrugged off responsibility for private groups being indexed by search engines, thereby rendering them easy to find and join by anybody who knew the simple search string. Not to pick on WhatsApp, but, well, there are reasons that the European Commission told staffers to move off of the app and onto Signal instead.
Moral of the story: do a bit of research on encrypted messaging apps before you trust them to shroud your communications. Here’s helpful blog article that can help you find the best and most secure chat apps.
Proxies or VPNs: 22% of survey respondents say they’re shielding their privacy with proxies or Virtual Private Networks (VPNs). VPNs are supposed to boost your privacy and stop you from being tracked by keeping your IP address hidden. The idea is that if you use a VPN, your data won’t be able to be read by the outside world. Proxies, on the other hand, are simply a way to make it look like you have a different IP address. Unlike VPNs, proxies don’t encrypt your data.
But bear in mind that VPNs aren’t foolproof. How it works: A VPN will keep your traffic private from surveillance as it traverses the public network, since the services use encryption to shield the raw network packets from being sniffed out. But if you’re using, say, a corporate VPN, your traffic won’t be anonymous inside of that virtual tunnel. The VPN itself knows who you are and sees what you’re up to, even if the routers through which encrypted VPN packets travel don’t.
What this means is that you need to put a lot of faith in your VPN provider. Unfortunately, they don’t always merit that trust. Downloading free VPNs can lead to data harvesting, leaks, and logging—for starters. Bear in mind that some VPN services are subject to laws through which law enforcement can demand that they keep logs on certain individuals—demands that sometimes come with gag orders that prevent the providers from telling you if you’re being surveilled.
Another issue with VPNs is that purportedly ephemeral data sometimes isn’t. One example: both Google and Facebook have admitted that sometimes, passwords typed in during login that were only supposed to be held in RAM and then scrubbed after validation had accidentally been sent off in plaintext and saved in logfiles deep in their systems. … in Google’s case, make that “stored unencrypted in plaintext for 14 years.” In July, researchers discovered that VPNs that were supposedly not keeping logs were not only keeping logs but that they were publicly accessible via a misconfigured cloud database.
Moral of the VPN story: do your research before buying a VPN. Check out these 5 things you should know before you buy one, and keep in mind that there may be more eyes watching your movements than what the vendor claims.