Stop Snoops with Private Browsing and by Clearing Your Web Browsing History: IT Services in Los Angeles

With so many of us working at home these days, it’s worth remembering that spouses, children, and housemates may have easy physical access to your Mac. And, particularly if you share a Mac with them, you might want to consider how you protect your browsing privacy. Even if you wouldn’t be embarrassed if your spouse were to see what sites you visited, you might not want a nosy pre-teen or housemate’s snoopy friend scrolling through your browser history. Or you may just want to keep research into someone’s birthday present a secret.

All major Web browsers provide two features to help you protect your privacy from people who can access your Mac: private browsing and clearing your browsing history.

After you invoke private browsing, the browser doesn’t store the URLs of visited pages in your browsing history. This makes it so others can’t go back through to see where you’ve been. Private browsing also avoids recording your searches so they don’t pop up for future search suggestions, doesn’t store the names of downloaded files, and more—the specifics vary a little by browser. In short, if you ever anticipate visiting a website that you wouldn’t want someone else with access to your Mac to know you had visited or don’t want to be embarrassed by a search suggestion when someone is peering over your shoulder, use private browsing.

What if you forget, or realize only after you’re done that your browsing history might reveal something you’d prefer stayed private? In that case, you’ll want to clear your browsing history, a feature that all browsers provide.

You should keep two important facts in mind when using these features:

  • Both of these features are focused on reducing privacy worries related to someone accessing your Mac. They do not, for the most part, keep your activities private from your ISP, the organizations whose websites you access, or advertisers (through ad trackers).
  • Neither of these features is meant to protect state secrets, sensitive journalistic research, or important business plans. If you’re interested in that level of security, contact us for personalized advice about what apps and devices to use.

Invoke Private Browsing

The hardest part of invoking private browsing is merely remembering to do so. In Safari, Firefox, and Brave, simply choose File > New Private Window to get a new browser window with private browsing enabled. Slightly different are Google Chrome, where you choose File > New Incognito Window, and Microsoft Edge, where the command is File > New InPrivate Window.

In all cases, the browser alerts you that you’ve enabled private browsing, are in a private window, or have gone incognito. Safari is the most subtle (top left, below), whereas Firefox (bottom left, below), and Chrome (right, below) make it painfully obvious and provide links to additional information about precisely what is protected and what’s not.

Additional tabs you create in that private browsing window are also private, so you don’t have to keep making new windows as you browse, although there’s no problem with opening multiple private windows at once. The main annoyance of using private browsing is that websites won’t recognize you or know you’re logged in.

To leave private browsing, simply close that window.

Clear Browsing History

How you clear browsing history varies by browser. Although they all let you choose how far back to go, only some give you choices about what type of data to clear.

  • Safari: In Safari, choose History > Clear History. A pop-up menu lets you clear your history from the last hour, today, today and yesterday, or all time. Happily, Safari also clears your history from other devices signed into your iCloud account.
  • Firefox: In Firefox, choose History > Clear Recent History and select the information to remove. You can clear data from the last hour, two hours, four hours, within the last day, or everything.
  • Google Chrome: With Chrome, choose Chrome > Clear Browsing Data. You can switch between two modes: Basic and Advanced, the latter of which gives you more control over exactly what you’re removing. Chrome provides the most flexible time periods from which to remove data: the last hour, the last 24 hours, the last 7 days, the 4 weeks, or all time.

The history clearing interfaces in Brave and Microsoft Edge are similar to Chrome since those browsers are based on the same underpinnings. However, both add an On Exit mode that removes the specified types of data every time you quit. Firefox also offers the option to clear cookies and site data every time you quit, but remember that doing so will sign you out of all websites.

In the end, don’t get too caught up in a Spy vs. Spy scenario with your browsing history. There’s nothing wrong with keeping your birthday present research private or working to avoid an embarrassing situation with a search suggestion, but it’s better to have and build trusting relationships than to worry constantly about someone discovering what you’re doing.

(Featured image by Robinraj Premchand from Pixabay)


Here’s How the Exposure Notification System from Apple and Google Protects Your Privacy

Apple recently released iOS 13.5, incorporating a new Exposure Notification API in response to the global COVID-19 pandemic. We’ve seen a few people freaking out about this, but seriously, calm down, folks. At best, the Exposure Notification API could lower contact tracing costs, reduce the spread of COVID-19, prevent life-changing health consequences, and save lives. At worst, it won’t prove particularly effective. In neither case does it pose any threat to personal privacy.

Why have Apple and Google—two companies that normally compete tooth and nail—formed this unprecedented partnership? Contact tracing is one of the key techniques employed by public health authorities in slowing the spread of COVID-19. It involves gathering information from an infected person about those they’ve been in contact with, enabling authorities to learn who might have been the source of the infection and who they may have infected. It’s a slow, laborious, and error-prone process—do you know or even remember all the people you’ve come in contact with over the past few weeks?—but it’s helpful nonetheless.

To speed up this process and make it more accurate, Apple and Google are building exposure notification capabilities into their respective smartphone operating systems. A large percentage of the population carries a smartphone running either iOS or Android, and since these phones have the capability to detect when other phones are in their vicinity via Bluetooth, Apple and Google realized they could use technology to alert people when they had been exposed to a person who later tests positive for COVID-19.

Their solution comes in two phases. In the first phase, Apple and Google are releasing the Exposure Notification API, and that’s what just happened with iOS 13.5. This API, or application programming interface, allows apps written by public health authorities to work across both iOS and Android devices, something that’s never been possible before. The first key fact to understand is that only public health authorities will be allowed to write apps that leverage the Exposure Notification API. It cannot be incorporated into sketchy social media apps.

Unfortunately, it seems likely that many people will never learn about or download those apps. So in the second phase, Apple and Google will build the exposure notification technology directly into iOS and Android, so it can work without a public health authority app being installed.

The second key fact to understand is the entire system is opt-in. You must explicitly consent to the terms and conditions of the program before it becomes active on your phone. That’s true whether you get an app in the first phase or rely on the integration in the second phase. And, of course, if you change your mind, you can always turn it off in the app or the operating system settings.

How does it work? Apple and Google have developed an ingenious approach that ensures that those who opt-in to the technology can use it without worrying about privacy violations.

Your phone creates a Bluetooth beacon with a unique ID derived from a randomly generated diagnosis encryption key. The system generates a fresh diagnosis key every 24 hours and stores it on your phone for 14 days, deleting all older keys. Plus, the unique Bluetooth beacon ID that your phone broadcasts to other phones in your vicinity changes every 15 minutes. Similarly, your phone reads the unique IDs from nearby phones and stores them locally. This approach ensures privacy in three important ways:

  1. No personal information is shared. The ID is based on a random encryption key and changes constantly, so there’s no way it could be traced back to your phone, much less to you personally.
  2. No location information is stored. The only data that’s generated and transferred between the phones are these unique IDs. The system does not record or share location information, and Apple and Google have said they won’t approve any public health authority app that uses this system and also records location separately.
  3. No data is uploaded unless you test positive. As long as you remain uninfected by COVID-19, no data from your phone is uploaded to the Apple- and Google-controlled servers.

What happens if you test positive for COVID-19? (Sorry!) In that case, you would need to use a public health authority app to report your test results. You’ll likely have to enter a code or other piece of information to validate the diagnosis—a requirement necessary to prevent fake reporting.

When the app confirms your diagnosis, it triggers your phone to upload up to the last 14 days of diagnosis encryption keys—remember, these are just the keys from which the IDs are derived, not the IDs themselves—to the servers. Fewer days might be uploaded depending on when the exposure could have occurred.

All the phones enrolled in the system constantly download these diagnosis keys from devices of infected people. Then they perform cryptographic operations to see if those keys match any of the locally stored Bluetooth IDs captured during the period covered by the key. If there’s a match, that means you were in proximity to an infected person, and the system generates a notification with information about the day the exposure happened, how long it lasted, and the Bluetooth signal strength (which can indicate how close you were). A public health authority app will provide detailed instructions on how to proceed; if someone doesn’t have the app yet, the smartphone operating system will explain how to get it. Additional privacy protections are built into these steps:

  1. No one is forced to report a positive diagnosis. Just as you have to opt-in to the proximity ID sharing, you must explicitly choose to share your positive diagnosis. Not sharing puts others, including your loved ones, at risk, but that’s your decision to make.
  2. Shared diagnosis keys cannot identify you. The information that your phone uploads in the case of a positive diagnosis is limited to—at most—14 encryption keys. Those keys, which are then shared with others’ phones, contain no personal or location information.
  3. The matching process takes place only on users’ phones. Since the diagnosis keys and the derived IDs only meet on individual phones, there’s no way Apple, Google, or any government agency could match them up to establish a relationship.
  4. The notification information is too general to identify individuals. In most cases, there will be no way to connect an exposure notification back to an individual. Obviously, if you were in contact with only one or two people on a relevant day, that’s less true, but in such a situation, they’re likely known to you anyway.

Finally, Apple and Google have said they’ll disable the exposure notification system on a regional basis when it is no longer needed.

We apologize if that sounds complicated. It is, and necessarily so, because Apple and Google have put a tremendous amount of thought and technical and cryptographic experience into developing this exposure notification system. They are the preeminent technology companies on the planet, and their knowledge, skills, and expertise are as good as it gets. A simpler system—and, unfortunately, we’ll probably see plenty of other apps that won’t be as well designed—would likely have loopholes or could be exploited in unanticipated ways.

You can read more about the system from Apple and Google, including a FAQ and the technical specifications.

Our take? We’ll be installing the necessary app and participating in this exposure notification system. It’s the least we can do to help keep our loved ones and others in our communities safe. In a pandemic, we all have to work to help others.

(Featured image based on an original by Dennis Kummer on Unsplash)


Do You Know Who Can Track Your Location? It’s Worth Checking Periodically

Sharing your location works well when you’re out with friends or family and want everyone to be able to see where everyone else is. It’s easy to enable in various spots in iOS 13—in Messages, in Contacts, in the Find My app, and so on. You can share your location for an hour, until the end of the day, or indefinitely, but beware of this final option. If you’re with a group for a weeklong trip, for instance, sharing indefinitely makes sense, but it’s easy to forget to turn it off, at which point those people can see where you are at all times. We recommend that you periodically audit the list of people with whom you’ve shared your location. To do so in iOS 13, open the Find My app, tap the People button in the bottom toolbar, and look through the list. For anyone you want to delete, swipe left on their name and tap the trash button.

(Featured image by Adam Engst)

Set Your Preferred Name and Photo for Messages in iOS 13

In your list of conversations in Messages, you probably have lots of people who have generic icons next to their names or numbers. You likely look like that to other people as well, but a new feature in iOS 13 lets you share your preferred name and avatar picture with other iMessage users (blue-bubble friends). In Messages, first tap the ••• button and then Edit Name and Photo. Then, in the activity view that appears, tap Edit under your photo to select a new photo and set your name as you want it. Make sure Name and Photo Sharing is enabled before tapping Done. From now on, for any iMessage conversations, you’ll see a little banner at the top that asks if you want to share your name and photo. Do so and your recipient will get a prompt to replace whatever they’re seeing for you. (And if, as a recipient, you don’t want to accept the new photo, tap the X button at the right of the prompt.)

(Featured image by Daniel Frese from Pexels)

Exercise (Some) Control over How Much Your Location Is Tracked

The New York Times recently published a bombshell article revealing just how completely our every movement is tracked by companies in the business of selling our locations to advertisers, marketers, and others. Anonymous sources provided the Times with a dataset from a single location-data company that contained 50 billion pings from the phones of more than 12 million Americans over several months in 2016 and 2017. 

This data enabled the Times reporters to track numerous people in positions of power, including military officials, law-enforcement officers, and high-powered lawyers. They were able to watch as people visited the Playboy Mansion, some overnight, and they could see visitors to celebrity estates. Once they identified any particular phone, they could track it wherever it went. Imagine what that data could be used for in the wrong hands.

No one intends to let unknown companies track their locations constantly. But code built into smartphone apps does just that, often without our knowledge. Many of the apps that request access to location services have an entirely legitimate reason for doing so—for example, Google Maps can’t provide navigation directions unless it knows where you are. But others want location access for less practical reasons—do you really want to let a coffeeshop app know your location at every moment in exchange for the occasional free latte? And some apps—notably weather apps—may have a legitimate need for location information but use that data for far more than users expect.

Even if you’re not too perturbed about companies you’ve never heard of knowing your exact whereabouts at all times (mostly to serve you more targeted advertising), there’s no guarantee this data couldn’t fall into the hands of foreign governments, organized crime, or hackers willing to sell your movement patterns to an aggrieved employee, corporate spy, or jealous ex-lover.

Steps You Can Take to Protect Your Location Privacy

Luckily, Apple provides controls in iOS that let you limit your exposure. For most people, going completely dark isn’t realistic. Too many iPhone capabilities require location services, ranging from turn-by-turn directions, to geotagging photos, to using Find My to see if your kid has left the soccer tournament yet. 

Nevertheless, going dark is a possibility: go to Settings > Privacy > Location Services and disable the Location Services switch at the top. That turns off location services for all apps, although iOS will turn them back on temporarily if you use Find My iPhone to enable Lost Mode.

Here’s what we recommend instead.

  1. Go to Settings > Privacy > Location Services and scroll down to see a list of every app on your iPhone that would like to know your location. (The same is true on the iPad, but fewer people use their iPads as much while out and about.)
  2. For each app in the list, tap the app’s name to bring up the Allow Location Access screen, which has up to four options:
    • Never: Prevent this app from ever determining your location.
    • Ask Next Time: The next time the app wants permission to track you, make it ask again.
    • While Using the App: Allow the app to track your location as long as you’re actually using it. 
    • Always: Let the app track your location at all times, even when you’re not using it.
  3. Tap one of the options to select it, and then tap Back to return to the list.

We can’t tell you exactly how to configure each app since everyone has a different set and different levels of privacy worry. However, here is some advice:

  • Apps and other entries from Apple are generally safe because Apple has an extremely strong privacy stance and excellent security against hacks. But, down in System Services at the bottom, we’d turn off Location-Based Apple Ads and Popular Near Me—even if Apple is collecting this data anonymously, it’s still being used to sell things to you, not to provide useful services to you.
  • For most apps, change the Allow Location Access setting to Ask Next Time to force each app to prompt you again. If it asks at a point where it’s reasonable that it would need to know your location, such as Yelp wanting to show you nearby restaurants, grant it. If you don’t understand why it’s asking, or if the request seems weak (“To show you which wines are available for purchase in your area.”), deny the request.
  • With apps that obviously need location services, such a parking app that needs to know which area you’re in, change the setting to While Using App and see if that meets your needs.
  • Only if you clearly need to allow a particular app to track your location in the background—turn-by-turn navigation apps are the most common—should you change that setting to Always. Almost no apps should be given such power, and many won’t even provide the option.

There’s one unusual item in the list: Safari Websites. It’s a master switch that lets Web sites loaded in Safari ask for your location. That’s probably not a major privacy concern, but few Web sites provide sufficiently useful location-based features (mostly for finding nearby chain store outlets) that it’s worth bothering.

In the end, go with your gut. If thinking about a particular app or company potentially recording your location constantly gives you the creeps, turn it off and either find an alternative or do without. Legislation may be the only solution in the end, but for now, we can take steps like these to protect ourselves.

(Featured image based on an original by Garik Barseghyan from Pixabay)