/ Technology

Are you worried about your data being shared and sold online?

Do you feel you have a complete understanding of how your data is being collected, shared and sold online? If you’re unsure, you may not be alone, writes Caroline Normand…

How many members of the Cabinet, Whitehall mandarins or senior figures at regulators and FTSE 100 companies truly understand the extent of data being collected and bought and sold online? My wager is very few.

Of course, there are some people who understand all too well – most likely to be found flitting between the boardrooms, juice bars and ping-pong tables of sprawling Silicon Valley campuses.

Facebook, Google and other tech giants have been able to take advantage of this knowledge gap to rake in data – and profits – on an unprecedented scale. But at what cost?

Data breaches

Facebook’s CEO has been touring the globe to say sorry for sharing data of millions of users, which was then allegedly used to influence democratic elections.

Meanwhile Google is being sued in the high court for alleged “clandestine tracking and collation” of personal information from 4.4 million iPhone users in the UK.

Both cases raise serious questions about whether these companies can be trusted as responsible custodians of our data.

What we uncovered

Today we released a major new piece of research, giving a very detailed analysis of consumer attitudes and behaviour when it comes to data.

We found people had little understanding of how their data is used – and many were shocked when they learned the truth.

Two-thirds of people told us they are not comfortable with organisations using information they post publicly – such as Facebook photos.

A similar number were not happy with information garnered from methods like browsing history tracking being used, while eight in 10 people told us they are concerned about their data being sold on to third parties.

Do you consent?

Most of us understand that when we sign up to a social media website we will be sharing some data. But how can we really be deemed to be giving meaningful consent when we have no idea of the consequences – good or bad – of the agreement?

We generally have no idea who might use that data later to target us – perhaps to advertisers, political lobbyists or other third parties we would not approve of.

And away from social media, companies such as “data brokers” make money from selling individual profiles of almost all of us, which might feature information including income, home ownership and relationship status. This data might be spliced up with “inferred” information – sophisticated guesswork – to produce a more complete profile.

But when Deloitte asked more than 100 staff in the US to review the data held on them by a leading data broker, more than two-thirds found less than 50% of the information was accurate.

We are concerned about the possibility of such – possibly inaccurate – information affecting access to vital services like credit and insurance.

What we’re demanding

It is time to strike a new deal on data that restores the power balance between consumers and tech companies.

Thus far, transparency and responsibility have largely been optional for the companies that deal in our data and in that laissez-faire climate, ethics and profits have been balanced in an entirely predictable way.

We believe the Competition and Markets Authority should urgently carry out a market study of the digital advertising industry to ensure it has a firmer grip on the prevalence and impact of micro-targeting – and to check whether Facebook and Google’s substantial market power could raise prices for advertisers, which would lead to a risk of goods and services becoming more expensive as a result.

It is also time for a thorough review by the new Centre for Data Ethics and Innovation at DCMS (TBC) of how our data is collected, shared and sold in cyberspace – which should focus on finding a way to promote innovation while also improving oversight and enforcement.

These first steps should help restore consumer trust, which has been so severely dented by recent scandals – and set us on a path to securing a deal on data that works for all of us.

Are you concerned about your online data ‘profile’? Do you take steps to protect yourself online, such as changing your privacy settings or avoiding services that collect a lot of data?

Comments
Patrick Taylor says:
5 June 2018

It is a shame that the Which.net ISP was closed last month as Which? Ltd could have promoted a paid for ethical email service which did not read emails or extract information for adverts. But then Which.net was closed to new subscribers in 2004 which in retrospect looks a very poor decision given the obvious way we are being used.

Linkedin seems amazingly well-informed of the people I email and suggesting that I make friends of them on LinkedIn. I can only make the assumption that Google has been busy passing on information to them – for a price.

DerekP says:
5 June 2018

I believe Linkedin is now actually a Microsoft enterprise. In the past, I believe Linkedin has been guilty of generating automatic membership invitations from data such as the email contacts lists of its members. At one stage I witnessesed this myself, when I regularly received such requests, allegedly on behalf of an HSE Inspector that I know. I thought it was odd that he had never mentioned this at any of our actual meetings.

DerekP says:
5 June 2018

There’s a number of undefined terms and “techno-babble” in the lead article above. This makes scaremongering quite easy.

Before we get too deeply in the specifics of “data capture” it would be useful to see if we can reach any consensus on our expectations for internet privacy, within the context of our current surveillance society.

I think we should also differentiate between consensual sharing – e.g. as in the example of agreeing to let W?C run its cookies on our browsers and less consensual means, including ultimately the theft of data by industrial espionage or by hackers.

I think it also must be said that there can never be any such thing as absolute safety online. Any data that we upload or create by means of online activity will always be subject to some degree of risk.

Also, even if we ourselves post nothing online, we’ll still become “data subjects” through the actions of others. Hence we need to look at the risks and benefits of our on-line activities and then take a balanced view.

There has been plenty of warning that information that we put online can be shared and that information is collected without our consent. I doubt that Which? can do much to help, other than to raise awareness of the problem. Caroline mentions the possibility that the CMA could intervene and I would certainly support this approach.

We are beginning to learn how low the business world is prepared to sink to exploit the public. Sooner or later society must develop proper ethical standards for data use. In the meantime I’m not going to worry. As Derek says, we need to adopt a balanced approach regarding the risks and benefits.

Yes Derek has put realism first which I always agree with thats why I dont put great store in the CMA achieving anything . Look Facebook wriggled out of a Congressional meeting and an EU Parliament meeting , completely ignored the UK government and behaved in a totally arrogant and non committal way ,and got away with it the same as all other US conglomerates due in relation to foreign countries take their money or in this case their data and use it. As far as LInkedin is concerned its also a data gatherer, always was, and I got a whole page blockage by my new blocker telling me -GO BACK !! on their “sign in ” webpage as even though I didnt “sign in ” it still tried to access my data for future use as the URL for linked in is a “known big tracker ” but thats life and I do also agree that this will not be stopped and that with the advent of AI the public will have to make a decision use the facilities on a website for “free ” ? then dont expect the organisation to “do it ” for free. As I keep saying I use Which Convo to post on and in my (some say distorted ) view its a quid pro quo in allowing Which to access my details, I dont mind it here. The latest “innovation ” Facebook not only collects its users data but also FRIENDS of the users who are NOT members of Facebook, I dont want to go on and sound too technical or the depth of gathering done so I will stop there.

This whole issue has become so complex and convoluted, that it is safe to assume that anything put on line can be harvested by those who see a financial interest in gathering it. Thus, from a non-technical, lay point of view (I don’t pretend to understand the mechanisms of the various octopi and their tentacles) I must accept that my data will always be subject to scrutiny. The obvious conclusion from that is that I only put out information that I need not bother about in terms of harm if it is taken and analysed. However, that is easier said than done, since I do purchase things on line, do send e. mails to many people on diverse subjects, and occasionally put a word or two on here. I have become more suspicious and I do now question what comes up on my monitor screen more than I used to do, but there is a limit to the amount of safety checks that can be done, and, in the end life’s too short to get paranoid about this. As I’ve said before, I try and keep it simple and back it up. By doing this, I can limit the damage and, hopefully, have a few tools in the locker to defend against the crooks who roam out there. It is a very sad fact that the extremely useful internet with its many connections, wide knowledge base and consumer convenience is also a rouges playground. Typically, the wonderful net has been polluted by a few and that ruins it for the rest of us. What is even worse, is that the crooks can hide so effectively, that their crime succeeds more often that it fails. Until that balance is redressed the web will always be a mine field and one must tread carefully.

As a post script I would ponder on the definition of crook and crime here. How far in criminality is it for companies and organisations to deal in my data without my permission? Do they actually have the right to use it to target products and advertisement in my direction? Do the government and the credit agencies have the right to store my information without telling me and asking if it is correct? There are a lot of places that keep stuff about me, without telling me. I don’t know where everything is or who has got it. Is this right?

Vynor-The government has legislated the right to keep and use your data along with credit agencies when I repaired telephone systems in secretive locations and watched early computer systems bringing up every customers data in a big city it was an eye opener . Your data under new legislation is transferred to US servers and ,as foreigners, all departments of US government have access to and yes some of it -shall we say – makes its way to third parties who pay handsomely for the privilege. Other data gathers now need your permission to gather your data in the EU but NOT in the USA so if your IP says -America its gathered . Having said that emails sent due to this new legislation by the EU are sly only asking you to “check the data they hold ” -translated means click on it and you are accepting they hold it and continue to do so. There is more but its technical. Your summation is correct.

Michael P says:
5 June 2018

What worries me is that most of the data gathering is driven by American giant companies. Some of these companies effectively have monopolies of computer operating system software through which data is gathered (Microsoft + Apple). Other American giant companies provide valuable information and “free” services, e.g. Google and social media. They have made us frighteningly dependent on them. To top it all now, the USA can no longer be relied on as friendly.

You’ve got that right MIchael ,especially the last sentence, but some people “never wake up to reality ” .

Patrick Taylor says:
5 June 2018

As for domination … this from Connexion explains why France was pretty much untouched:

“This week, millions of people – especially in Ireland, the UK and Germany – were forced to use cash only to complete their payments, or abandon their transactions altogether, as Visa cards failed to work for around six hours.

Yet, although 40 million people in France have a Visa card of some kind, the country was spared most of the problems. This is due to the Carte Bancaire (CB) system put in place in 1984 by then-Minister for the Economy, Pierre Bérégovoy.

This system means that the vast majority of card transactions in France pass through a secure intermediary, the CB group, so French shoppers – even if their cards show the Visa logo – were not reliant on Visa’s operating system to pay. In France, over 90% of cards – some 65 million – bear the CB badge, meaning they use the CB system, and would have been spared the problems with Visa.”

Crofter says:
5 June 2018

I had hoped that the new GDPR regime would usher in a relief from the 60/80 new emails I receive each day. Transfering them to Deleted/junk mail is one thing (and time consuming) but UNSUBSCRIBE is not only a chore but is evaded or ignored by ingenious devices e.g you are not a member; address not recognized.
If the sender had our address to send the message it does not need us to type it into an unsubscribe panel
and should provide a fully effective tickbox
What to DO?

Crofter –I take from the “Heilands ” of Scotland , 60/80 junk emails each day ! OMG ! Look my name is plastered all over the web and has been for years and I dont get your problem because they know I dont use the web for cash transactions and I never click on junk /tracking emails etc . Time consuming ? right get an email CLIENT – Thunderbird> download emails from your email service > click on one email> hold down Ctrl plus click “a” all emails will be selected and coloured green>right click and select delete> box comes up> delete ? > click yes >finished . If you want taken through it step by step I will help also any problems , who/what is your email service as it sounds a rotten one?

DerekP says:
5 June 2018

Crofter – even if you use a simple email program like gmail you should still be able to:

Select mutliple emails and then delete them all together;

Report emails as spam;

Block the sender – so that any further emails from the same sender won’t appear in your main inbox.

I think some spam sources use varying senders’ addresses to try and twart blocking rules. One ultimate response to that is to use an email program with a “whitelist” option, so that only the senders named in your whitelist can reach your main inbox.

I never needlessly give out my main email address, so I get hardly ever get any spam.

I run a website for a charity and since a grant from the Heritage Lottery Fund was announced our enquiries email address has been been used by many companies selling products and services for charities – everything from collecting boxes and Telegraph banner ads to advice on our e-learning strategy, funding bid-writing workshops, and accounts management software. Although the Lottery funding is indirectly helping the aims of our charity and saved us over £200k by paying for work we had planned to do, we have not received a penny from the Lottery.

I just delete all the marketing emails and all their efforts have achieved is for me to put a note on our website contacts page that marketing will be ignored.

Just been told -MY Heritage an Israeli DNA and genealogy testing company has had its 92 million customers email data hacked and hashed passwords. Its not know if the hackers was able to resolve the hashed passwords as there are different methods of hashing but the firm was criticised for not using two factor authentication.

DerekP says:
5 June 2018

Password hashing is generally supposed to be a one-way process, so you can’r recover the passwords from the hashes.

That said, if I’d just hacked someones email database and had secured 92 million password hashes, I could probably use statistical analysis techniques to find the most common hashes. For example multiple instances of 286755fad04869ca523320acce0dc6a4 and
7576f3a00f6de47b0c72c5baf2d505b0 would show that the passwords “password” and “password123” were being hashed with the md5sum code and crucially, without any form of “saltling” being used. Any secure site ought to be using a much more secure hashing method, so that different users would have different hashes from the same password (that’s one possible use of salting).

But, really, users should not use simple, easily guessed passwords, because that might end up compromising security for everyone on a given site.

Hackers will also be hoping that anyone who is reckless enough to use something like “password” on one site (e.g where their email address is their login id), will also use those same credentials on other sites too. So even though those latter sites won’t have been “hacked”, the hackers will still be able to access some users accounts on them.

Further to the Facebook issue- NYT-quote-contrary to the claim made in front of the Congress by Facebook CEO, Mark Zuckerberg Facebook has been involved with data sharing agreements with nearly 60 device companies including Amazon-Apple-Samsung-Blackberry and -yes – Microsoft. The agreements allowed the firms to acquire a wide range of information shared by users, without their consent or permission helping to add Facebook apps like the Like button and address books, there is now a question mark over the compliance level of Facebook,s privacy policies with -2011 , Federal Trade Commission,s consent decree . It goes on at some length but the implied implication is that Facebook CEO “Lied”. For those using Chrome or Edge a malicious Backdoor virus is being used to steal information as well as spy on the user. It’s pretty technical, a Downloader delivering malware payloads based on Java and NodeJS containing VisIT RAT (remote administration tool ) and so forth and applies to Windows 10. Now, what have I been saying for years to cries of-“no it cant be ” I don’t believe you Windows has BACKDOORS –never !! -permanent -head in the sand stance. that’s how Windows is made, backdoors are intentionally there for MS/Redmond to control your Windows 10 system. I listened to cries of BUT this is Windows 10 its very secure now – BULL !!! belief in advertising is not a down to earth option. As I said I won’t bore you with the technical detail but if anybody wants it ?

DerekP says:
6 June 2018

Duncan – thanks for the virus info.

Does this only affect Windows users who open spam emails containing suspicious office documents (i.e. with macros to install the malware)?

If so, the root cause of any “backdoor” in Windows isn’t really new news. Giving ordinary home users easy access to system administrator rights without any need for the user input of a root password has always been a known flaw. (Though I’m sure Windows champions don’t call it that.)

More challenging malware can be written so that only normal user permissions are required. If one were only setting out to steal user data (as opposed to maliciously damaging the OS on the PC), that should be all this were needed…

As ever, users should simply delete unexpected emails – without reading them or opening any attachments.

And, of course, it’s best not to keep sensitive data on any PC that can access the internet.

Derek- its a malicious backdoor Google Chrome and Microsoft Edge browser extension thats doing it to Window 10 systems reported by Trend MIcro . Your right the malware is delivered via a spam email in attachments , its in two parts the RAT part being separate. I am at a loss that anybody even opens spam emails let alone attachments , whats in peoples minds ? It can take over your system . I am looking at the programming installed and there is a lot , for the ordinary user they would need a re-installation as we are talking Registry.

DerekP says:
6 June 2018

Duncan – I think spam emails are easy to send out and even if 99.99% of folk correctly ignore them, some will fall prey to them in moments of weakness.

In safety cases, even the best trained humans are seldom claimed as being more than 99.99% effective (as regards doing the right thing) and software based systems (like ordinary PCs) would not usually be claimed at anything like that standard of reliability.

“The systematic data collection by intel agencies has been facilitated by the business models of companies like Facebook and Google. The internet habits of hundreds of millions are collected by these firms in the interests of targeting ads and this data also provides a high source of intelligence for governments as well as presenting a privacy risk in its own right.

“Tesco probably knows more about me than GCHQ,” as one delegate put it.

Full story here

In today’s news: Facebook confirms data-sharing agreements with Chinese firms https://www.bbc.co.uk/news/business-44379593

I just noticed a new tracking phenomenon, courtesy of Google (who else). Do you notice now that many websites block part of the webpage asking you a question –do you want this or that as well as the usual- will you allow cookies? I have found when you click the X to remove the blocking questions that Double-Click operates owned by — guess who? Now you will say to me no Lucas it’s only counting numbers —uh no!—–its Tracking you — sly. I checked into this to see if I was right and yes I was right. Many won’t believe me so I post just one of the many non-technical web answers https://www.wired.co.uk/article/google-ad-tracking, by the way, don’t believe the -do this to stop it, remember I have a display of what happens on every webpage as far as data gathering is concerned, it took my blockers to stop it.

Serious question, Duncan: why does it worry you?

I hate underhand/devious methods methods – people -companies lying or lying by omission even governments, and as I have said before its not directed at the cognizant but at the general public to warn them . I feel its my duty to tell the public , I am certainly not alone Ian it upsets 100,s of 1000,s of people worldwide, tech organisation after tech organisation detail the latest types of hidden data gatherers . Google even complains its got to come out with more devious collecting of data and as you know they have stated –yes stated it goes to the NSA/CIA/FBI as a matter of course . You told me in the past -there is too much data to bother about so they dont, well they have admitted its gathered for AI use to watch people actions over a wide range of subjects to spot —“terrorists ” but it also goes to third parties as well . Here is what the “Sky Marshall’s” are told to look out for in Donalds “brave new world” when on passenger aircraft – bald headed men- men with beards – men with mustaches- dyed hair any sign of “adverse talk ” of any sort . Official government policy ? Americans do NOT have a natural right to travel on passenger planes so can be prosecuted for minor things and yes many have had their passports confiscated to stop them and no ! they were not “Russian spies” Ian just talked about politics etc. -1984 -well past that now -more like Prison Planet -the Movie .

But why does it worry you? I can see you don’t like it, but it seems more than that.

Maybe we should have a Convo on tracking, covering the advantages (targeted advertising is a benefit according to a friend who provides tracking services to various clients) and disadvantages. I would like to know to what extent business is aggregating information about us and what it might be used for in the future. In view of the fact that many large companies have failed to keep data secure, perhaps it is time to put an end to tracking.

I’ve never seen the problem with being “tracked”, whatever that includes, but if someone gives me a good reason I’ll think again. The same with “targeted advertising”. I am quite capable of making up my mind about what to buy. Those who have particular interests and hobbies for example will have had targeted advertising for decades through their magazines.

So perhaps Which? could find an impartial expert to explain just why tracking is a clear and present danger.

The fact that you don’t see a problem might be where the problem lies. It is well established that marketing works and we are all affected to a greater or lesser extent.

I agree that we could benefit from input from Which? as you suggest, but what I want to know is where this is going and what threats could exist in future. At present my main concern is security of data.

The fact that you don’t see a problem“. Apart from the undoubted influence of advertising, which we all respond to to some extent, my question was about tracking, and to have someone explain why I should be concerned. There is plenty of tracking around through CCTV, phone records, sat nav presumably, credit and debit card transactions, for those who want to know where I have been. Being “tracked” gives rise to scare stories from some quarters, but why should we be bothered? Perhaps someone will tell us.

Read my post above malcolm if you dont mind being constantly tracked –well no problem, but millions dont like it -worldwide. What do you want to know about it ? I have a wealth of data on it .

I think it is the enormous extent of tracking and analytics that have been highlighted with GDPR.

We were under the illusion that tracking was a bit of harmless advertisement targeting. When we agreed to passing our info to 3rd parties, we assumed it was so they could also target us with their products probably through emails.

GDPR has highlighted there is a lot more to it than that.

Do I mind being analysed to the nth degree? When I see the minefield of opt-in/outs that nearly every website now presents you with, YES I do mind, it is too much, and we have no way of knowing what is behind many of those opt-ins.

I received an email from a store I have an account with but didn’t log into. It noted I had been looking at certain things and asked if I wanted to buy them and offered me alternatives. My internet cache would have been cleared many times since the last time I went on that website. If they can do that which is relatively harmless, what else are they doing with our data?

GDPR was supposed to give us control over our personal data. As far as I can see, it has granted companies the control, as unless you spend hours going through those minefields, you just accept their terms and conditions if you want to use their websites.

Some years ago, Flash Cookies were thought to be bad for privacy and security. Macromedia provided a useful utility for removing them and permanently blocking them if you wanted to.

GDPR should have insisted on operating systems installing a utility whereby companies could only leave data on your computer in certain files, and we had the control to list, delete or block them as we saw fit.

Then we might have control over our personal data and how it is used.

It is GDPR that has focused my mind on tracking. To use many sites the easiest way is simply to click on the button whereby you agree to whatever terms and conditions the organisation chooses. I can see the benefits of GDPR and it was very easy for the charities I’m involved in to comply with the legislation but I fear that overall the legislation may soon be seen as a mistake.

“Not liking it” and it causing you a real problem are two different things. Despite scares about tracking most people still go online. My request was to ask an expert where the real personal harm lay in being tracked.

I think it did not go nearly far enough. I don’t think many of us imagined the furtive and underhanded way our data was being mined.

You go on a website and get asked to agree to their T&Cs that will invariably include all their partners. If you go into any of those partners, they can present you with a whole new list of their partners. There could be hundreds just for one website, far too many to look at. We have no idea if we are giving one of them permission to sell our personal data and where it will end up.

So you either agree or leave. If I can still see the page, I usually ignore them, if I can’t, I probably leave and find my info elsewhere.

I seem to remember we called for it to be illegal to buy and sell our personal data. Now we can just give our permission without knowing.

Now that GDPR is in place I might issue unique and previously unused email addresses to organisations that I deal with and that might provide evidence of misuse of my information. I’m almost certain that a well known manufacturer has passed on the email address that I used to register two kettles.

It should certainly be illegal to buy personal data as well as to sell it.

Most people here like Google , I have said many times—they track you but that doesn’t bother them , except the emails/adverts etc . Okay but there must be at least one person who is not happy with Google,s spy network but how would you feel if you turned “off ” their tracking and —“shock/horror ” it didn’t make a blind bit of difference as well as Location history Google Maps -Search ? Want to turn it all off ? its so tricky and sly to do that I started laughing , it was ridiculous
We asked not to be tracked, but we were anyway…
One of the most creepy types of tracking that apps and devices can do without permission is location tracking. I think most people agree that they don’t want their location constantly tracked and documented without their permission.

Unfortunately it was recently in the news that Google is being sued for tracking locations of their users, even when those users opt out. It appears this tracking happens with iPhone users with Google Maps installed, along with Android users.

ZDNet reports “Google now faces a potential class action lawsuit over the revelation that it continues to store users’ location data even if they turn off Location History. The lawsuit was filed on Friday, the day Google updated its help page to clarify that with Location History off it still stores some location data in other services such as Google Search and Maps.”

Apparently even if you disable location history Google still tracks your location when you do things like open Google Maps, or check your local weather. It appears there is a way to stop this type of location tracking, but it takes some extra work to do it.

So how do you stop the tracking? Wired Magazine has done some research and they have the detailed instructions. They say:

“To actually turn off location tracking, Google says you have to navigate to a setting buried deep in your Google Account called Web & App Activity, which is set by default to share your information, including not just location but IP address and more. Finding that setting isn’t easy. At all.

Part two Sign in>then>Google Account>then Personal Info &Privacy>Go to my activity >left -hand click Activity Controls>Web & App Activity > toggle OFF and that is very simplified , Android is even worse to turn off If anybody wants I will post that as well

“Finding that setting isn’t easy. At all.”

Actually, it’s fairly easy to find. They do make it harder to turn it off, however.

The words are from a tech website Ian , some are mine but not those words . I think for the ordinary CPCW laptop buyer who accepts their thumb drive spiel they will not find it easy to do . The Android version includes moving a coloured slider among many other moves.

There’s no argument from me that Google is the tool of the devil. It’s one reason I’m a Mac user and happy that the EU is fairly anti-Google.

DerekP says:
16 September 2018

I think George Orwell pretty much predicted all of this in “1984”.

I enjoyed the scene in BBC’s “Bodyguard” where someone gets interrogated by special branch for the heinous crime of having switched their mobile off, thus allowing them a few hours of surveillance free movement…

I loved the pitch that only subjects involved in unlawful activities would ever choose to switch off their personal trackers (“mobiles”), to evade surveillance by nanny state.

I picked up on that point too, Derek. It was laid on a bit heavy-handedly so I wondered whether it was a dig at modern life or pointing out a disciplinary issue and human rights question whether a police force personal protection officer had to remain connected even when off-duty. Since our hero cannot tell who are the enemy, and he knows he has to survive in case a second series is commissioned, it seemed to me that his action in switching off his mobile was fully justified.

Here is the latest demolition of the Right to Secrecy on the web. As you all know I have been talking about server location IE- if it’s in an EU country or elsewhere except the USA the USA has no international legal right to demand access unless the country hosting that server has a legal agreement to hand over details. Guess what? Digital Rights Ireland in a USA Supreme Court case against the US government LOST out. The US government argued that instead of judging on a countries policy they argued on CLOUD STORAGE saying that whoever owns the cloud storage service if its headquarters are located in the USA then they have the legal right to snoop whenever they want. This was upheld and DRI,s case was thrown out under the Cloud Act (USA) therefore companies like MS can’t refuse no matter what they say. The USA,s snooping is now officially GLOBAL. This relates to ALL emails now viewed by the DoJ as “business records ” of the company holding them. Remember what I said about Cloud storage not being safe? Name me a Cloud Storage that isn’t owned by a US company /headquartered there? An appeal is in progress

While firewalls do a good job generally of stopping many hackers (but not all ) little thought is given to apps or even the system itself relaying your data to the outside world , but outgoing blockers exist some systems like Windows take offence to you doing that as it “telephones home ” all your movements to Redmond . Its also a fact there are many system requirements that MUST contact the outside world , so how do you know what to block ? well the good news there are network indicators by the dozen available , the bad news ? most of the websites you get them from free get their money back by tracking you for data and also most are too complicated for the general user . I have found a simple one that shows in plain text the outgoing source and the remote host , it is so simple its easy to use . It gives you the local IP /remote IP /remote port /remote host /PID/Program even if you dont understand some of those technical details you will understand the names of the remote host , its called Net Activity Viewer -simple , no fancy coloured graphs , no mention of packets etc , only get it from the OFFICIAL website –no other will do. I am looking at the info on the Which ? website and it gives me some info on the routing . Now while I can block all outgoing or some out going using Linux programming to block domains etc , its easier for the non tech user to use an easy to read blocker . One that I have checked on for years but still hasn’t made a version for LInux is Glasswire . This American app is one of the few honest apps with a big US following and a nice forum that is very helpful , a big coloured display shows you all the outgoing traffic in simple terms which you control , there is a free version with NO tracking . The problem ? Windows is not keen on it as you might realise and sometimes refuses to allow it to be either installed or run but that can be overcome with good help from the forum.

DerekP says:
28 September 2018

Duncan – W10 users can use built-in commands to monitor internet activity.

…Task Manager …Resource Monitor …TCP Connections

will show all the programs in use and the external addresses involved.

Derek its obvious that Americans dont find that MS gives you full control over outgoing actions or doesn’t want you seeing data exported from all third party apps but I will get you more of a rational for this app . Its very popular as it shows you outgoings that are hidden normally by MS.

DerekP says:
28 September 2018

Duncan – my point was simply that, right out of the box, W10 comes with traffic monitoring built in, so its users don’t need to be installing extra stuff just to do that.

Traffic control is another matter entirely. In XP days, 3rd part fire walls did a nice job for that.

The Linux app your mentioned looks quite good, but isn’t provided by MX, so I cannot download it from their normal “app store”. That said, there are many others that I have been trying out, so getting the info isn’t a problem.

One related thing I notice recently was how resource hungry the latest Firefox versions seem to be – it seems to want oodles of CPU time – what can it be doing?

Another really bad potential source of spyware seems to be Which? Conversation itself. What on earth are all its trackers trying to do and why are they should they be allowed by default? (I block most or all of them.)

Very interesting post Derek , if you mean Net Activity Viewer I did say its very simple and should work with W10 and is aimed as an intro to more complicated packet indicators . Have you checked out Glasswire ? it acts like an outgoing firewall and when I had it on Win 7 it was beautiful to watch as it gave a live display in coloured graph plus a comprehensive text display of all out going, but that was the problem MS didn’t like that and kept on attacking it . Your dam right about FF very sorry to say its gone “commercial ” and is now the “talk ” on many tech websites . Its getting money from sending your data to third parties while adverts for it say – you are “safe ” with it but on a scale now approaching Google and yes it “reports ” to Google among others like Amazon . It changed its build to do this in an update, I got rid of a lot of “phone homes ” in about :config but even then it started causing problems with my new app which belongs to an independent software designer NOT selling out to Google as it blocks and displays all the trackers in a logger that bolts onto the LHS of the browser web-page so I get live updates , not just cookies but all the other hidden trackers can be blocked , obviously I don’t want to do this to Which ? so I only block Google as I could end up braking the website . I ended up removing FF and I use Waterfox where I am not blocked from installing what I want but even there it was back intio about:config to remove javascript and change setting and remove URL,s to stop contact with Google etc . Sad to say Yandex has “gone ” Google , the new version has blocked that good app and stopped me installing search engines like Startpage , not only that its blocking me from stopping them gaining money from third parties and its a closed system like Windows whereas Waterfox is open. But that is not all I got a “shock ” as you know Arch updates the whole system constantly so you never need to install a new version and in the previous update I had Yandex as default , well the new update BLOCKED Yandex from being default even though I programmed it as “default ” why ?? its classed it as “dangerous ” in relation to the overall safety of of the system because of Yandex going “open house ” in the money making racket . It will only allow Waterfox to be used and it uses it even though I didn’t programme it to do that –even says “Waterfox is not your default browser ” so Arch has overruled me and self selected a safer browser . In addition it doesn’t want me to make any icon on my monitor immediately work in one click says its “dangerous ” to do that due to hacking and takeover , certainly looking after my safety . Ready for a “laugh ” Derek ? you know the amount of put downs relating to certain very down market news papers made by regulars here ? well guess who had the same trackers on its website ?? -Which ? I just started laughing –all this beneath our dignity coming out and there is your own web-site using them . As I keep saying I don’t block Which ? but its the only website I don’t, to me its a quid pro quo.