fbpx

[This article is originally published in fastcompany.com written by KATHARINE SCHWAB - Uploaded by AIRS Member: Wushe Zhiyang]

You’re probably sick of hearing about data and privacy by now–especially because, if you live in the United States, you might feel like there’s very little you can do to protect yourself from giant corporations feeding off your time, interests, and personal information.

So how do you walk the line between taking advantage of the internet’s many benefits while protecting yourself from the corporate interests that aim to use your data for gain? This is the push-and-pull I’ve had with myself over the past year, as I’ve grappled with the revelations that Cambridge Analytica has the personal data of more than 50 million Americans, courtesy of Facebook, and used it to manipulate people in the 2016 elections. I’ve watched companies shut down their European branches because Europe’s data privacy regulations invalidate their business models. And given the number of data breaches that have occurred over the past decade, there’s a good chance that malicious hackers have my info–and if they don’t, it’s only a matter of time.

Mozilla

While the amount of data about me may not have caused harm in my life yet–as far as I know–I don’t want to be the victim of monopolistic internet oligarchs as they continue to cash in on surveillance-based business models. What’s a concerned citizen of the internet to do? Here’s one no-brainer: Stop using Chrome and switch to Firefox.

Google already runs a lot of my online life–it’s my email, my calendar, my go-to map, and all my documents. I use Duck Duck Go as my primary search engine because I’m aware of how much information about myself I voluntarily give to Google in so many other ways. I can’t even remember why I decided to use Chrome in the first place. The browser has become such a default for American internet users that I never even questioned it. Chrome has about 60% of the browser market, and Firefox has only 10%. But why should I continue to use the company’s browser, which acts as literally the window through which I experience much of the internet, when its incentives–to learn a lot about me so it can sell advertisements–don’t align with mine?

Firefox launched in 2004. It’s not a new option among internet privacy wonks. But I only remembered it existed recently while reporting on data privacy. Unlike Chrome, Firefox is run by Mozilla, a nonprofit organization that advocates for a “healthy” internet. Its mission is to help build an internet in an open-source manner that’s accessible to everyone–and where privacy and security are built in. Contrast that to Chrome’s privacy policy, which states that it stores your browsing data locally unless you are signed in to your Google account, which enables the browser to send that information back to Google. The policy also states that Chrome allows third-party websites to access your IP address and any information that the site has tracked using cookies. If you care about privacy at all, you should ditch the browser that supports a company using data to sell advertisements and enabling other companies to track your online movements for one that does not use your data at all.

Though Mozilla itself is a nonprofit, Firefox is developed within a corporation owned by the nonprofit. This enables the Mozilla Corporation to collect revenue to support its development of Firefox and other internet services. Ironically, Mozilla supports its developers using revenue from Google, which pays the nonprofit to have Google Search as Firefox’s default search engine. That’s not its sole revenue: Mozilla also has other agreements with search engines around the world, like Baidu in China, to be the default search engine in particular locations. But because it relies on these agreements rather than gathering user data so it can sell advertisements, the Mozilla Corporation has a fundamentally different business model than Google. Internet service providers pay Mozilla, rather than Mozilla having to create revenue out of its user base. It’s more of a subscription model than a surveillance model, and users always have the choice to change their search engine to whichever they prefer.

I spoke to Madhava Enros, the senior director of Firefox UX, and Peter Dolanjski, a product manager for Firefox, to learn more about how Mozilla’s browser builds privacy into its architecture. Core to their philosophy? Privacy and convenience don’t have to be mutually exclusive.

Instead, Firefox’s designers and developers try to make the best decision on behalf of the user, while always leaning toward privacy first. “We put the user first in terms of privacy,” Dolanjski says. “We do not collect personally identifiable data, not what you do or what websites you go to.”

That’s not just lip service like it often is when companies like Facebook claim that users are in control of their data. For instance, Firefox protects you from being tracked by advertising networks across websites, which has the lovely side effect of making sites load faster. “As you move from website to website, advertising networks essentially follow you so they can see what you’re doing so they can serve you targeted advertisements,” Dolanjski says. “Firefox is the only [major] browser out of the box that prevents that from happening.” The browser’s Tracking Protection feature automatically blocks a list of common trackers in private browsing mode and can be enabled to run all the time, something you need a specific, third-party browser extension to do on Chrome.

The “out of the box” element of Firefox’s privacy protection is crucial. Chrome does give you many privacy controls, but the default for most of them is to allow Google to collect the greatest amount of information about you as possible. For instance, Google Chrome gives users the option to tell every website you go to not to track you, but it’s not automatically turned on. Firefox offers the same function to add a “Do Not Track” tag to every site you visit–but when I downloaded the browser, the default was set to “always.”

Firefoxs privacy protection

Because Chrome settings that don’t encourage privacy are the default, users are encouraged to leave them as they are from the get-go, and likely don’t understand what data Google vacuums up. Even if you do care, reading through Google Chrome’s 13,500-word privacy white paper, which uses a lot of technical jargon and obfuscates exactly what data the browser is tracking, isn’t helpful either. When I reached out to Google with questions about what data Chrome tracks, the company sent me that white paper but didn’t answer any of my specific questions.

One downside to using Firefox is that many browser extensions are built primarily for Chrome–my password manager luckily has a Firefox extension but it often causes the browser to crash. However, Mozilla also builds extensions you can use exclusively on Firefox. After the Facebook and Cambridge Analytica firestorm, Firefox released an extension called the Facebook Container, which allows you to browse Facebook or Instagram normally, but prevents Facebook from tracking where you went when you left the site–and thus stops the company from tracking you around the web and using that information to build out a more robust personal profile of you.

Mozilla Firefox released an extension called the Facebook Container

Firefox isn’t even Mozilla’s most private browser. The nonprofit also has a mobile-only browser called Firefox Focus that basically turns Firefox’s private browsing mode (akin to incognito browsing on Chrome, but with much less data leakage) into a full-fledged browser on its own. Privacy is built right into Focus’s UX: There’s a large “erase” button on every screen that lets you delete all of your histories with a single tap.

Firefox’s private browsing mode also has a feature called “origin referrer trimming,” where the browser automatically deletes the information about which site you’re coming from when you land on the next page. Focus also blocks any analytics services that would take this information. “The user doesn’t need to think about that,” Dolanjski says. “It’s not heavily advertised, but it’s the little decisions we make along the way that meant the user doesn’t have to make the choice”–or even know what origin referrer trimming is in the first place.

Firefoxs private browsing mode

Many of these decisions, both in Firefox and in Focus, are to guard against what Enros calls the “uncanny valley” of internet browsing–when ads follow you around the internet for weeks. “I buy a toaster, and now it feels like the internet has decided I’m a toaster enthusiast and I want to hear about toasters for the rest of my life,” he says. “It’s not a scary thing. I’m not scared of toasters, but it’s in an uncanny valley in which I wonder what kinds of decisions they’re making about me.”

Ultimately, Firefox’s designers have the leeway to make these privacy-first decisions because Mozilla’s motivations are fundamentally different from Google’s. Mozilla is a nonprofit with a mission, and Google is a for-profit corporation with an advertising-based business model. To a large degree, Google’s business model relies on users giving up their data, making it incompatible with the kind of internet that Firefox is mission-bound to build. It comes back to money: While Firefox and Chrome ultimately perform the same service, the browsers’ developers approached their design in a radically different way because one organization has to serve a bottom line, and the other doesn’t.

That also means Firefox’s mission is aligned with its users. The browser is explicitly designed to help people like me navigate the convenience versus privacy conundrum. “To a great degree, people like us need solutions that aren’t going to detrimentally impact our convenience. This is where privacy is often difficult online,” Dolanjski says. “People say, go install this VPN, do this and do that, and add all these layers of complexity. The average user or even tech-savvy user that doesn’t have the time to do all these things will choose convenience over privacy. We try to make meaningful decisions on behalf of the user so we don’t need to put something else in front of them.”

When GDPR, the most sweeping privacy law in recent years, went into effect last week, we saw firsthand how much work companies were requiring users to do–just think of all those opt-in emails. Those emails are certainly a step toward raising people’s awareness about privacy, but I deleted almost all of them without reading them, and you probably did, too. Mozilla’s approach is to make the best decision for users’ privacy in the first place, without requiring so much effort on the users’ part.

Because who really spends any time in their privacy settings? Settings pages aren’t a good UX solution to providing clear information about how data is used, which is now required in Europe because of GDPR. “Control can’t mean the responsibility to scrutinize every possible option to keep yourself safe,” Enros says. “We assume a position to keep you safe, and then introducing more controls for experts.”

Firefox doesn’t always work better than Chrome–sometimes it’ll freeze on my older work computer, and I do need to clear my history more frequently so the browser doesn’t get too slow. But these are easy trade-offs to make, knowing that by using Firefox, my data is safe with me.

Categorized in Internet Privacy

Android still tends to be the default platform although iOS versions are usually available after a short delay. The issue of platform support is more important that it might appear. Even if you don’t personally use an iPhone, say, the fact that your favoured contacts do will render any app that doesn’t support both platforms useless if the same app is needed at both ends. Some apps integrate with third-party applications, for instance email clients. That can be important for businesses – can the app support the preferred communications software used by an organisation and will it work across desktop as well as mobile? Some can, some can’t.

Not WhatsApp 

Facebook-owned WhatsApp is to incrementally introduce two-factor authentication to all of its users as an optional added layer of security.

Two-factor authentication essentially means verifying your identity twice – and in this case users will choose to access their account through a six-digit number. WhatsApp users will need to enable the feature through their settings and once switched on, the passcode will remain on the associated account, no matter which device it's being accessed through.

The feature first appeared in beta late last year, and the app will require users to enter the passcode about once every week. Users will be able to set up a backup email in case they forget the passcode.

It's unlikely to inspire enormous confidence in WhatsApp as a secure platform, but it is a small nod towards security for personal use.

Earlier this year, a Guardian report claimed that a security vulnerability in WhatsApp meant Facebook – WhatsApp’s parent company – could read encrypted messages sent through the service. Security researcher Tobias Boelter told the paper that WhatsApp is able to create new encryption keys for offline users, unknown to the sender or recipient, meaning that the company could generate new keys if it’s ordered to.

And although Facebook insists that it couldn’t read your WhatsApp messages even if it wanted to, critics have been suspicious since the buy – since Facebook’s entire platform depends on data and advertising, and its own Messenger service is infamously intrusive.

In terms of security, it’s important to distinguish pure secure messaging apps from apps that happen to have some security, for instance the hugely popular WhatsApp and SnapChat. Many use encryption but operate using insecure channels in which the keys are stored centrally and hide behind proprietary technologies that mask software weaknesses.

As it happens, earlier in 2015 Facebook’s WhatsApp started using the TextSecure platform (now called Signal – see below) from the Open Whisper Systems which improves security by using true end-to-end encryption with perfect forward secrecy (PFS). This means the keys used to scramble communication can’t be captured through a server and no single key gives access to past messages. It was presumably this sort of innovation that so upset British Prime Minister David Cameron when in early 2015 he started making thinly-veiled references to the difficulty security services were having in getting round the message encryption being used by intelligence targets.

In April 2016, the Signal protocol was rolled out as a mandatory upgrade to all WhatsApp users across all mobile platforms, an important moment for a technology that has spent years on the fringes. At a stroke it also made Open Whisper Systems the most widely used encryption platform on earth, albeit one largely used transparently without the user realising it.

It's fair to say that police and intelligence services are now worried about the improved security on offer from these apps, which risks making them favoured software for terrorists and criminals. That said, they are not impregnable. Using competent encryption secures the communication channel but does not necessarily secure the device itself. There are other ways to sniff communications than breaking encryption.

Most recent apps will, in addition to messaging, usually any combination of video, voice, IM, file exchange, and sometimes (though with a lot more difficulty because mobile networks work differently) SMS and MMS messaging. An interesting theme is the way that apps in this feature often share underlying open source technologies although this doesn’t mean that the apps are identical to one another. The user interface and additional security features will still vary.

For further background, the Electronic Frontier Foundation (EFF) published a comparison in 2014 of the of the sometimes confusing levels of security on offer from the growing population of apps on the market. All mobile messaging apps claim to use good security but this is a useful reminder that definitions of what ‘secure’ actually means are starting to change.

The future? There are two trends to watch out for. First, business-class secure messaging systems have started to appear, including ones that operate as services or using centralised enterprise control. A second and intriguing direction is the morphiing of static messaging apps into complete broadcasting systems that can distribute different types of content and then erase all traces of this activity once it has been read. This latter capability is likely to prove another contentious development for governments and the police. 

Best secure mobile messaging apps - Signal 

Signal (formerly TextSecure Private Messenger) is arguably the pioneering secure mobile messaging platform that kickstarted the whole sector. Originally created by Moxie Marlinspike and Trevor Perrin’s Whisper Systems, the firm was sold to Twitter in 2011, at which point things looked uncertain. In 2013, however, TextSecure re-emerged as an open source project under the auspices of a new company, Open Whisper Systems since when it and has gained endorsements from figures such as Bruce Schneier and Edward Snowden.

We call it a platform because Signal is more than an app, which is simply the piece that sits on the Android or iOS device and which holds encryption keys. The App itself can be used to send and receive secure instant messages and attachments, set up voice calls, and has a convenient group messaging function. It is also possible to use Signal as the default SMS app but this no longer uses encryption for a host of practical and security reasons.

Signal was designed as an independent end-to-end platform that transports messages across its own data infrastructure rather than, as in the past, Google’s Google Cloud Messaging (GCM) network. The Axolotl protocol underlying the platform’s security is also used by G Data (see below) as well as Facebook’s WhatsApp, which isn’t to say that Facebook’s implementation won’t have other vulnerabilities – as ever use with care.

Using the app is pretty straightforward. Installation begins with the phone number verification after which the software will function standalone or as the default SMS messaging app after offering to import existing texts. The most secure way to use it is probably as the default messaging app, so that an insecure message doesn’t get sent by accident.

Interestingly, Signal just launched encrypted video calls, stepping up its current level of encryption. The app previously supported voice call end-to-end encryption but this update will ensure video capabilities hold the same level of security as its chat functionality.

Additional security features include an app password and with a blocker that stops screen scraping. It is also possible to control what types of data are exchanged over Wi-Fi and mobile data. Obviously both sender and receiver need to have the app installed, which worked simply by entering the phone number of any other registered user.

Security: based on OTR protocol, uses AES-256, Curve25519 and HMAC-SHA256; voice security (formerly RedPhone app) based on ZRTP

Pro: Android and iOS, handles voice as well as messaging, Edward Snowden said to use this app

Con: None although service reportedly not always the fastest

Next: Secure Chat

Best secure mobile messaging apps - G Data Secure Chat

Built on Whisper Systems’ open source Axolotl protocol (see above), the recently-launched Secure Chat is a well-designed free app with the drawback of being Android only for the time being. Despite its open source underpinnings, the app won’t operate securely with anything other than another Secure Chat app at the other end.

The app sets out to replace your existing messaging and texting apps, offering to import and encrypt existing messaging data for safe keeping. As with Signal, enrolling users (including in groups) happens by firing up the app and performing number verification for each account. One feature we liked about the app was the simple way users could switch between secure chat (free messaging across secure infrastructure), secure SMS (across carrier infrastructure at the user’s cost) and insecure SMS. Conventional phone calls can also be launched from inside the app – this really does aim to replace the communication functions in one go although it can also be used more occasionally for the odd message if that is preferable.

So that receivers can be sure that a message comes from the genuine contact, the app provides a QR ‘verify identity’ code which the other contact can scan (they san yours, you scan theirs). What happens if the users are far apart from one another? We’re not sure.

The app blocks screen scraping by external apps and can be secured behind a password. One interesting feature is self-destructing messages activated by clicking a small icon on the composition screen, which open on the receiver’s phone with a countdown timer of up to 6- seconds after which each is deleted. The user can also have hidden contacts that are accessed with a password.

Security: Not disclosed but will be similar to Signal, Germany-based servers

 

Pro: incredibly easy to set up and use – very similar to Signal but lacks the voice support that has now been added to that product

Con: none really although this is oriented towards messaging only

Next: Telegram

Best secure mobile messaging apps - Telegram

Launched by two Germany-based brothers in 2013 Telegram’s distinctiveness is its multi-platform support, including not only and Android and iPhone but Windows Phone as well as Windows OS X and even Linux. With the ability to handle a wide range of attachments, it looks more like a cloud messaging system replacing email as well as secure messaging for groups up to 200 users with unlimited broadcasting.

There are some important differences between Telegram and the other apps covered here, starting with the fact that users are discoverable by user name and not only number. This means that contacts don’t ever have to know a phone number when using Telegram, a mode of communication closer to a social network. The platform is also open to abuse, if that's the correct term, including reportedly being used by jihadists for propaganda purposes, which exploit its broadcasting capablity. This is not the fault of the developer but does bring home how such apps can be mis-used in ways that are difficult to control.  

The sign up asks for an optional user name in addition to the account mobile number, and requires the user verify the number by receiving and entering an SMS code. The app is polite enough to ask for access to the user’s phone book and other data, which can be refused, and handily notices which contacts within that list already have signed up for the app.

Security: uses the MTProto protocol, 256-bit symmetric AES encryption, RSA 2048 encryption and Diffie–Hellman secure key exchange

Pro: multi-platform support including desktop computers, access files from anywhere

Con: More a cloud platform than an app, also reportedly been abused by violent jihadists which could spell an image problem for the app

Next: Ceerus

Best secure mobile messaging apps - Ceerus

Ceerus is a new secure Android voice, video and messaging app from UK startup SQR Systems, one of a small group of mostly early-stage firms of that participated in the Cyber London accelerator, separately covered by Techworld. This makes the app sound immature but its origins go back to the company’s origins in 2010 as a University of Bristol research project funded by the UK Ministry of Defence.

Designed to secure voice and video as well as messaging, Ceerus is a step up in from some of the free apps looked here in that it can scale to departmental, enterprise, and government use and can cite a British defence giant as a trial customer. It costs £10 ($15) per month after a free trial period of one month has expired which implies a different level of development and support.

We encountered a hiccup getting it running on one of our test smartphones, a Nexus 5 running Android 6.0, so will have to report back when we’ve done full end-to-end testing.

Features: enrolment is more involved than for a free app because the user is setting up a fully account - a name and password (not easy to reset for the time being so don’t forget it) is required for each SIM/number. Key exchange uses the UK CESG-approved Mikey-Sakke scheme with compression applied to banish latency issues that have plagued encrypted real-time communications from mobile devices. An API is also available to allow integration of the underlying technology with third-party applications.

Security: undisclosed but includes end-to-end encryption with perfect forward secrecy

Pro: designed for business users, adds compression, handles video and voice as well as messaging

Con: aimed at businesses rather than individuals, no iOS version yet which could be an issue in mixed environments, not yet compatible with Android 6.0

Next: Pryvate 

Best secure mobile messaging apps - Pryvate

Launched in November 2015, Cryptique’s Pryvate is intended for use by businesses as competition for high-end mobile security such as the Blackphone/Silent Circle which embeds software inside a secured version of Android. As with that service, Pryvate is another do-it-all voice, video, messaging, IM, secure file transfer, and secure storage app (integrating with Dropbox, One drive, BOX) and will integrate with third-party email clients for added convenience.

On the subject of Silent Circle, the underlying voice and IM protocol used by Pryvate is Phil Zimmermann’s ZRTP perfect forward secrecy encryption. Other features is IP shielding whereby uses can bypass VoIP and IM blocking without giving away their real IP address – the app tunnels across the Internet using Pryvate’s own UK Jersey-based servers.

The mobile service costs £4.68 (about $7) per month as a subscription but can be used after the one-month trial in the form of PryvateLite, which allows full secure IM and picture sharing with unlimited phone calls up to a duration of 1 minute. We’re not sure how practical that would be to use but it’s an option. A version including desktop capability is available for $9.99 (about $14) per month.

We weren’t able to organise a subscription in time for this article but will test this app more thoroughly in future and update this feature.

Security: 4096-bit encryption, with AES 256-bit key management. Complex mini PKI design with perfect forward secrecy design.

Source: http://www.techworld.com/security/best-secure-mobile-messaging-apps-3629914/6/

Categorized in Internet Privacy

Two years ago, Google introduced the mobile-friendly label. Then we witnessed ‘mobilegeddon’, where Google began prioritizing these mobile sites. Now, they are cracking down on mobile sites offering a substandard user experience.

On January 10th 2017, any sites with intrusive interstitials may lose ranking juice. The key question then is, what counts as an intrusive interstitial? Essentially, it’s any extraneous content that appears over the majority of the page proper. Call them silly, but Google assumes visitors enjoy seeing the information they clicked for.

At this point you may well have further questions; fortunately, I am here to answer them. In this post, I will help you decide exactly what will and won’t count as an intrusive interstitial by Google. Let’s get straight to it!

What Is an Intrusive Interstitial?

Intrusive interstitials are essentially popup ads. They tend to block most or all of a page, leading to a bad user experience for desktop and mobile users alike.

google examples of intrusive interstitials

Google’s own examples of intrusive interstitials.

These types of ads make it frustrating at best to access the page as intended. The general exception to the rule is when there are legally required (or ethically advised) notifications, such as popups for age verification.

The kicker is that while popups are moderately annoying on desktops, there is even less screen real estate to work with on mobile devices. In these cases, it can completely ruin the user experience. Here are a few examples of how this goes wrong:

  1. The interstitial covers most or all of the content on a page.
  2. The interstitial is not responsive. That means it is difficult or impossible to close it on a mobile, rendering the page useless for mobile users.
  3. The interstitial is not triggered by an action, such as “Click here to subscribe.” Rather, it pops up on its own without prompting, creating an unpleasant surprise for the mobile viewer.

As you can see, the issue is not only the annoyance of popups but their role in ruining the user experience. If you find an interstitial on your own site that you’re not sure of, we find it best to err on the side of a pleasing experience for the user.

Why Are Intrusive Interstitials Being Targeted?

Our first clue that Google was shifting from banning app interstitials to allinterstitials was August 2015, when Gary Illyes confessed to the world that he’d love to use them as a negative ranking factor one day. Back then, he said, “But we don’t have anything to announce at the moment.”

By now, you already have a bit of insight into Google’s decision. For a better understanding of what exactly is under scrutiny as January 10th races towards us, we can look at the factors that play a role in the market.

As frustrating as users find popups, companies continue to use them because they are effective. In one recent study of 1,754,957,675 popups, there was an average 3.09% conversion rate, with high-performing popups performing on average at 9.28%.

However, mobile traffic is growing, and Google seems to be leaning into it hard. In 2015, Google reported that access via mobile was higher than desktop searches in ten countries. Meanwhile, it’s worth noting that 56% of traffic on major sites comes from mobile.

HubSpot’s Senior Product Marketing Manager, Marcus Andrews, recently gave us a friendly reminder that “Google is very focused on the user.” He notes, “Marketers are always looking for hacky ways to increase traffic and conversion rates, and every once in a while, Google needs to make a correction to improve the user experience.”

It’s no surprise then that Google is focusing its resources on mobile, rather than desktop. It’s where the majority of users are — that’s just good business. Between this and its Accelerated Mobile Pages (AMP) project, it’s fair to say Google wants webmasters to offer a seamless user experience for mobile users.

It’s important to note that Google is currently only looking at interstitials that show up when the user first lands on the website from a search result. This means the important part is ensuring that any traffic coming from Google isn’t served these interstitials until the user has clicked further into the site.

“What we’re looking for is really interstitials that show up on the interaction between the search click and going through the page and seeing the content. What you do afterward like if someone clicks on stuff within your website or closes the tab or something like that then that’s kind of between you and the user,” John Mueller from Google Webmaster Central announced during an office-hours Google+ hangout.

How to Identify Intrusive Interstitials

Google has already decided that all interstitials ruining the user experience will negatively impact that site’s ranking signal.

What you need now is a blueprint to check your own site against. How can you tell which interstitials are okay, and which aren’t? Keep reading!

Intrusive Interstitials That Will Be Penalized

The examples of penalized interstitials provided by Google are relatively straightforward. So far, we know of three types of interstitials that will be problematic.

The first is a regular popup, or a modal window blocking the content of the page. These often come with a dark semi-transparent background dimming the rest of the content. These are perhaps the most traditional popups, in that they appear to literally pop up over the rest of the page.

An example of an intrusive popup from Google

An example of an intrusive popup from Google: a regular popup, or a modal window blocking the content of the page.

You can see how the background dims to a dark gray for the modal popup:

example of an intrusive popup
A real-life example of a regular intrusive popup.

The second is a standalone, full-screen interstitial that sits above the header of the website. These interstitials typically force your browser to scroll up to see it before letting you see the rest of the content.

An example of an intrusive standalone interstitial from Google

An example of an intrusive standalone interstitial from Google: a standalone, full-screen interstitial that sits above the header of the website.

The last is also a standalone, but essentially a full-screen modal window blocking the content.

Another example of an intrusive standalone interstitial from Google

Another example of an intrusive standalone interstitial from Google: essentially a full-screen modal window blocking the content.

Its functionality is like that of a regular popup, but you get no preview of what content lies below. In practice, they look exactly the same as the previous standalone popup. Here’s a real-life example:

a real-life example of an intrusive standalone interstitial

A real-life example of an intrusive standalone interstitial that blocks the content.

However, in some cases, it doesn’t seem so cut and dry. For example, what if you have a live chat box that automatically appears to help the guest? This isn’t a direct advertisement, but it does still ruin the user experience if all they want to do is read the content they came for.

In these cases, think about the popup in its purest form — a box that appears over the actual page content. If it’s not a necessity, there’s a good chance it’s going to be penalized.

Intrusive Interstitials That Shouldn’t Be Penalized

It’s important to remember that not all interstitials will be an issue. Depending on your website and country, you may have legal or ethical reasons to display interstitials. Google knows this, and isn’t planning to punish you for it.

Google provides two predominant examples of these legally required interstitials, the first being legally required age verification blockers. These help create a shield for age-sensitive content such as websites featuring alcohol or adult content. The second example is cookie consent notifications, as they are required in the EU.

Finally, and perhaps most importantly, any banners taking up a “reasonable amount of space” should be safe. Though an exact size is not provided, it is better to play it safe and assume less is more. If you keep it to 15% or less, even landscape mode devices will still have enough room to read several lines of text.

This goes to show that you can still keep your ads, but you may need to switch up your approach by respecting the user’s screen space first and foremost. Try redesigning interstitials you can’t part with so they take up a small amount of the page, perhaps reducing them to a link that leads to a separate page entirely. In a last-ditch effort, you could change them to be inline ads. If you’re not sure what works best, try A/B testing to find an effective middle ground.

All this said, there is no guarantee of what will or will not be counted against you. Google only notes that these, when used responsibly, will not be affected.

Conclusion

As the deadline draws near, we urge you to check your interstitials and ensure they follow Google’s new guidelines. Though it’s not clear how strong this new ranking signal will be, Google shows a definitive preference for mobile. We recommend that you don’t underestimate its power.

It is relatively straightforward to identify your intrusive interstitials and take action:

  1. Review required interstitials, such as age-verification popups and cookie notifications. You’ll leave these live, but ensure they are easy to use on mobile devices.
  2. Find the interstitials on your site, leading directly from Google search, that act as advertisements.
  3. If these are so effective that you can’t justify getting rid of them, try modifying them to take up a small amount of screen space for mobile devices. Otherwise, we recommend removing them entirely.

What are your fears about the new intrusive interstitial ranking signal? Ask any further questions you have in the comments section below!

Author:  Aleh Barysevich

Source:  https://www.searchenginejournal.com

Categorized in Internet Privacy

Since the the revelations of Edward Snowden, we’ve all become a bit more paranoid about digital security and privacy. Snowden himself hasn’t owned a smartphone since he blew the whistle on the NSA’s illegal tracking actions in 2014 for fear of being tracked. Still, as Joseph Heller wrote in Catch-22, “just because you’re paranoid doesn’t mean they aren’t after you”.

To that length, Snowden has now partnered with hardware hacker Andrew “Bunnie” Huang to build a case for your iPhone 6. Once installed, it will alert you if the phone is broadcasting when it shouldn’t. The primary purpose is to protect journalists who are reporting in dangerous parts of the world like Marie Colvin who, in 2012, was killed by artillery fire. The Syrian military has been accused by Colvin’s family of targeting her using her mobile device.

Snowden’s device is not yet on the market, but there are still ways out there that make it easier to protect yourself and your phone from snooping.

1. Hardware Level Encryption

Screen Shot 2016-08-26 at 10.31.14 AM.png

iOS has long supported hardware level encryption, and every new version seems to support more features. Android encrypts your storage by default ever since version 5.0 Marshmallow. In both cases they encrypt your data and can only be unlocked by the hardware in your phone.

However, it’s only as strong as your key. Setting up a lock code more complex than ‘1234’ or your birthday is one of the best security devices you can have.

2. Biometric scanning hardware

Screen Shot 2016-08-26 at 10.01.52 AM.png

Why have passwords and codes to unlock your phone when fingerprint readers are on the newest iPhones and flagship Android phones? Securely unlocking your device is as quick as pressing a button. Iris scanners are the new biometric scanner toy, and is currently a unique feature on the Samsung Galaxy Note 7. It’s far more secure than fingerprint scanning, but early reports indicate that it’s slower and more inconvenient. Even so, thieves will have a hard time replicating your iris in order to access your data so iris scanning might be your best option.

3. Smartphone technology

Screen Shot 2016-08-26 at 10.03.32 AM.png

You can put your phone in Airplane Mode or you can hold the power button and turn it off. However, Edward Snowden rightly believes that malware can be installed on your device to simulate those features while still reporting your location. The only way to be sure your phone isn’t talking to the wrong people is to yank the battery.

Phones like new LG G5 are doing some things to work around that. The flagship smartphone was redesigned to take advantage of LG Friends products, which are modular accessories that add special features to your phone. The accessories haven’t really taken off, but it gives the G5 the unique ability to pop the battery out with the push of a button. It also has a fingerprint reader and the newest Android with encrypted data protection built in.

When it’s turned off you can’t use the camera, microphone, or notepad features that make a smartphone so useful when acting covertly. You’ll have to check how safe you are, then with a quick pop the battery is back in and you can get recording.

4.Encrypted Instant Messenger

Screen Shot 2016-08-26 at 10.16.02 AM.png


There are dozens, maybe hundreds of Instant Messaging apps out there. We all have our favorite, and our friends have theirs (which we have too just to use just to stay in contact). If you want to be sure that only you and your recipient will be able to read your conversation, you need to use Signal (available for iOS and Android).

 

Once you install it, the app checks your contacts and immediately connects you to anyone else who has the app installed. There are no animated stickers here. The design is minimal and fits right in with Android or iOS’s design specs.

If your friends are unwilling to part with their IM app-of-choice, you have to do your research. WhatsApp supports encryption using the same algorithm used in Signal, but they were acquired by Facebook in 2014 and that makes some users uncomfortable. Google’s forthcoming Allo app will replace Hangouts, but only enables end-to-end encryption with Incognito Mode conversations and are deleted when the conversation ends. Apple’s iMessage and FaceTime both support end-to-end encryption as well. Just make sure to encrypt your backups because all your conversations will wind up there.

5. Anti-Virus Software

Screen Shot 2016-08-26 at 10.33.17 AM.png

No sooner than someone says an operating system is virus-proof than someone tries to write a virus for it. While not the plague it was for desktop computers in the 90s, viruses are still a very real possibility even if you only download from the official Apple or Google app stores.

To that end, there are several anti-virus apps that sit in the background and scan every app that comes through the doors. Lookout Security & Antivirus is one of the grandaddies on the mobile platform. It’s available on Android and iOS for free and remains one of the highest ranked antivirus apps. Additional features are unlocked for $2.99 a month or $29.99 annually.

6. Password Safes 

Screen Shot 2016-08-26 at 10.19.05 AM.png

Thinking up a new password for every email address, e-card site, and cat video portal is exhausting. Eventually, you start to recycle passwords. It then only takes one hacked Sony or LinkedIn to expose your accounts on every site where that password is used. Password managers like 1Password and LastPass securely store your passwords, and release them only when authorized by a master password or fingerprint reader.

While they can store your weakly generated and repeated passwords, password safes can also randomize unique passwords for each site. Securely storing ‘passw0rd123’ is good, but no hacker will guess a 16-digit random collection of letters and numbers. Since they will automatically populate username and password fields in your browser or apps, you’ll never need to type it in either. Both 1Password and LastPass can be installed on your desktop browsers so you have full access to those secure sites everywhere.

7. DTEK by Blackberry

Screen Shot 2016-08-26 at 10.20.02 AM.png

You’ve set a secure password on your lock screen, you’ve turned off Google’s tracking, you disable WiFi when outside the house, but there’s still lots of work to do. Just one year ago privacy experts found that simply having Uber installed on your phone could send buckets of your data to their servers, even if you weren’t using the app.

Enter DTEK by Blackberry. It will scan all potential security breaches on your phone. If an app decides to turn on your microphone, DTEK flashes you a warning. Most of the time it will probably be okay, but that one time it’s not you’ll appreciate the warning.

DTEK keeps a log of the access each app receives and reports back to you how many times it has, for example, read your contacts. It even has Factory Reset Protection, which stops thieves from wiping your device to prevent you from tracking it. All this security sounds like a lot of work, but that’s the beautiful thing about DTEK. The clean interface makes it all very simple for the casual user.

Sadly, the DTEK app requires deep access to the phone’s OS. That’s only possible for Blackberry on their own devices; the Blackberry PRIV and DTEK50. Both are Android phones with hardware features comparable to other high-end and mid-range Android flagships. If Blackberry decides at the end of the year to get out of the hardware game, the DTEK software may be opened to other devices.

8. Tracking software

Screen Shot 2016-08-26 at 10.21.42 AM.png

Sometimes, tracking your phone is a good thing. Your phone goes missing, and all your photos, notes and interview recordings are on there.

For at least a few years, both iOS and Android have had tracking software built into your phones in case they get lost or stolen. Using iCloud.com (link), iPhone users can locate their device, lock the screen, lock the activation (so it can’t be resold and reactivated), or remotely wipe the device clean.

When logged into your Google account, a simple search engine query of “Find my phone” will bring up a map for any of your registered devices. From the web-based interface you can force it to ring (even if the sound is off). Useful for when you just can’t find it around house, or when you know the thief is nearby and you want it to send up a flare. From here you can also reset the password, or completely lock out the device.

 

9. VPN

A Virtual Private Network sits between you and the Internet. It’s like a butler that goes out, gets the newspaper, and returns without anyone knowing you like reading supermarket tabloids. VPNs can be used to keep your information anonymous when visiting web sites, place you in different countries (so you can watch Netflix’s BBC lineup), and most importantly, encrypt your data transfer.

Avoid free VPNs. If you don’t know how they’re making money, then they might be making money on you. Spring the few bucks a month it takes to secure all your connections in and out of your smartphone with a service like NordVPN. Is one level of encryption not good enough? NordVPN offers Double VPN which runs AES-256-CBC encryption on your data transfers two times at the expense of some speed. The feature is optional and can be enabled for those times when you’re feeling as paranoid as Edward Snowden. The service is $8 per month, or $69 for the year.

Source : https://www.pastemagazine.com/articles/2016/08/9-ways-to-secure-your-smartphone.html

Categorized in Internet Privacy

airs logo

Association of Internet Research Specialists is the world's leading community for the Internet Research Specialist and provide a Unified Platform that delivers, Education, Training and Certification for Online Research.

Get Exclusive Research Tips in Your Inbox

Receive Great tips via email, enter your email to Subscribe.

Follow Us on Social Media

Book Your Seat for Webinar - GET 70% OFF FOR MEMBERS ONLY      Register Now