security meets culture
Can Your Internet Provider See Everything You Do Online?
Is Your Roku TV Spying on You? - Here's How to Put an End to It
by Chris Bayer for zdnet
Your Amazon Fire Stick, Chromecast, and other streaming devices collect your personal data for various reasons. If you're uncomfortable with that, here's how to get peace of mind.
Your Amazon Fire Stick, Chromecast, and other streaming devices collect your personal data for various reasons. If you're uncomfortable with that, here's how to get peace of mind.
Maria Diaz/ZDNET
Whenever I hear about consumer data tracking, my half-century-old brain dredges up that Hall and Oates hit called "Private Eyes" with the refrain "they're watching you."
I don't mean to incite Big Brother paranoia; I know I'm not being spied on everywhere I go, especially not in the seclusion of my home. But while using streaming devices, you can almost guarantee that your entertainment and advertisement preferences are being tracked.
The culprit is better known as Big Data-- arguably less invasive and sinister, but still annoying to some people-- and there are ways to mitigate that on your streaming devices if you're one of them.
While some data collection is necessary for basic functionality, many streaming devices collect more than required; so much so that you essentially lose control of your privacy, fall into filter bubbles-- viewing algorithms that are more narrow-- and receive more targeted ads than expected.
Below are some general strategies for regaining control over your privacy while using streaming services.
1. Check your privacy settings
Most streaming devices have privacy settings that allow you to control what data is collected and shared. Take the time to explore these settings and disable any tracking features that you're not comfortable with.
2. Limit ad tracking
Many streaming platforms allow you to limit ad tracking or opt out of personalized ads. This not only reduces the amount of data collected about your viewing habits, it also limits targeted advertising.
3. Use a VPN
A virtual private network (VPN) can encrypt your internet traffic and mask your IP address, making it more difficult for streaming services and advertisers to track your activity.
4. Be mindful of voice commands
Pretty much every streaming device has voice control capabilities, so you should be aware that your voice commands may be recorded and stored. Consider disabling voice control or just use it sparingly.
5. Disconnect when not in use
If you're really concerned about tracking, consider disconnecting your streaming device from the internet when you're not using it. This will prevent it from collecting data in the background.
Beyond that, here are device-specific steps you can take for some of the most popular streaming services.
Apple TV
I don't mean to incite Big Brother paranoia; I know I'm not being spied on everywhere I go, especially not in the seclusion of my home. But while using streaming devices, you can almost guarantee that your entertainment and advertisement preferences are being tracked.
The culprit is better known as Big Data-- arguably less invasive and sinister, but still annoying to some people-- and there are ways to mitigate that on your streaming devices if you're one of them.
While some data collection is necessary for basic functionality, many streaming devices collect more than required; so much so that you essentially lose control of your privacy, fall into filter bubbles-- viewing algorithms that are more narrow-- and receive more targeted ads than expected.
Below are some general strategies for regaining control over your privacy while using streaming services.
1. Check your privacy settings
Most streaming devices have privacy settings that allow you to control what data is collected and shared. Take the time to explore these settings and disable any tracking features that you're not comfortable with.
2. Limit ad tracking
Many streaming platforms allow you to limit ad tracking or opt out of personalized ads. This not only reduces the amount of data collected about your viewing habits, it also limits targeted advertising.
3. Use a VPN
A virtual private network (VPN) can encrypt your internet traffic and mask your IP address, making it more difficult for streaming services and advertisers to track your activity.
4. Be mindful of voice commands
Pretty much every streaming device has voice control capabilities, so you should be aware that your voice commands may be recorded and stored. Consider disabling voice control or just use it sparingly.
5. Disconnect when not in use
If you're really concerned about tracking, consider disconnecting your streaming device from the internet when you're not using it. This will prevent it from collecting data in the background.
Beyond that, here are device-specific steps you can take for some of the most popular streaming services.
Apple TV
Jason Hiner/ZDNET
Apple's privacy policy states that the company collects information from your Apple ID, including what content you're playing, when you played it, the device you played it from, and where you paused or stopped watching-- so you can resume play on another device. Additionally, the company charts a detailed history of all playback activity for Apple TV channels and Apple TV Plus.
While Apple admits to sharing information with partner companies, it's one of the few services that asks for your permission before allowing apps to track your activity. You can disable that for each app by choosing "No" when the prompt appears.
Apple also provides various privacy settings to help manage how your data is used and shared. To adjust them:
The above steps will limit data collection, effectively blinding Apple to your preferences and viewing habits.
Google Chromecast
While Apple admits to sharing information with partner companies, it's one of the few services that asks for your permission before allowing apps to track your activity. You can disable that for each app by choosing "No" when the prompt appears.
Apple also provides various privacy settings to help manage how your data is used and shared. To adjust them:
- Use your Apple remote control to find Settings in the app.
- Under the General tab, scroll down to Privacy.
- Click on Tracking and turn Allow Apps to Ask to Track on.
- Now, backtrack to the Privacy menu.
- Here, you'll find Analytics and Improvements, where you can turn both Share Apple TV Analytics and Improve Siri and Dictation off.
The above steps will limit data collection, effectively blinding Apple to your preferences and viewing habits.
Google Chromecast
Maria Diaz/ZDNET
Google has a comprehensive privacy policy that encompasses its vast array of products and services. The tech giant garners extensive user data while you're logged in, including search history, location, and online activity. It then leverages this data to power its highly profitable advertising business based on user interests and demographics.
As with all platforms, Google's overt objective is to personalize user experiences, such as by recommending YouTube videos relevant to your preferences-- because Google owns YouTube. Despite this, the company claims the Google Chromecast does not perform automatic content recognition (ACR) while users are viewing streaming content.
No less, you can mitigate your concern about Google's practice of Big Data tracking while watching Google TV. Just follow these steps.
For extra data monitoring protection, you can go to myactivity.google.com to deactivate web and app activity, timeline, YouTube history, and other data-gathering functions.
Roku Streaming Stick
As with all platforms, Google's overt objective is to personalize user experiences, such as by recommending YouTube videos relevant to your preferences-- because Google owns YouTube. Despite this, the company claims the Google Chromecast does not perform automatic content recognition (ACR) while users are viewing streaming content.
No less, you can mitigate your concern about Google's practice of Big Data tracking while watching Google TV. Just follow these steps.
- Navigate to Settings and select the Privacy section.
- Within Privacy, you can adjust settings for Location, Google Assistant, and Payment and Purchases. Here, you can also control App Permissions, Special App Access, and Security and Restrictions.
- Be sure to turn off Usage and Diagnostics to stop sending diagnostic data to Google.
- Finally, select Ads and then Opt Out of Ads Personalization to prevent personalized ad profiles.
For extra data monitoring protection, you can go to myactivity.google.com to deactivate web and app activity, timeline, YouTube history, and other data-gathering functions.
Roku Streaming Stick
Maria Diaz/ZDNET
According to its policy, Roku collects much information from its streaming devices. Your search history, search results, audio information from voice features, accessed channels-- including usage statistics such as time and duration-- content and advertisement interactions, and specific settings and preferences are exempted from privacy restrictions unless you demand otherwise. And, yes, Roku shares data with advertisers.
To restrict or prevent some of Roku's tracking, follow these steps.
Roku confesses to collecting everything from demographic info-- e.g., your birthday and street address-- to information about your stored photos and videos. It primarily uses ACR to do this, and while you can turn ACR off, the Roku Stick may still collect and share data about the apps or other streaming services you use.
Amazon Fire TV Stick
To restrict or prevent some of Roku's tracking, follow these steps.
- From the main Roku menu, open Settings.
- Go to Privacy.
- In Advertising, check the Limit Ad Tracking box. Note that this will not stop other platforms (like Prime, Max, or others) from collecting your usage data or passing that info along to advertisers.
- Now go to Microphone > Channel Microphone Access and then select Never Allow to block all channels from recording your spoken words.
- Finally, find Smart TV Experience to select ACR and uncheck Use Info from TV Inputs.
Roku confesses to collecting everything from demographic info-- e.g., your birthday and street address-- to information about your stored photos and videos. It primarily uses ACR to do this, and while you can turn ACR off, the Roku Stick may still collect and share data about the apps or other streaming services you use.
Amazon Fire TV Stick
Maria Diaz/ZDNET
Amazon Fire TV devices collect data on how often and how long customers use apps on Fire TV, your device's language selection, your TV's display size, and some connectivity options -- doing so to improve its service and devices.
It also gathers data on customers' use of Amazon devices and their features, like home screen navigation and device settings choices. But it explicitly does not collect information on what customers watch within 3rd-party apps on Fire TV.
Follow these steps to quell the amount of data Fire TV collects.
Your Amazon Fire TV device will still show ads, but it will no longer be able to track your data for marketing, view how often and how long you use downloaded apps, or give you targeted advertising.
Streaming devices continue to gain popularity as home entertainment enhancements because they are affordable and offer quick access to a smorgasbord of streaming services, like Netflix, Disney+, Hulu, and countless others. These gadgets undoubtedly provide convenience and entertainment. At the same time, they raise concerns about privacy and security for many people.
I should note that streaming devices are just one of many commonly used electronics that collect personal usage data. Your smart TV and smartphone are also in on the act. If you're serious about your privacy, you must take a comprehensive approach and limit data collection across all your devices.
Why do streaming devices collect my data?
In our era of digital streaming and smart TVs, convenience often comes at the cost of privacy. Your streaming device-- whether it's an Amazon Fire Stick, Roku, Chromecast, or another platform-- is programmed by default to collect and share your viewing habits, search queries, and possibly other personal data. This built-in feature enables companies to target you with specific ads, personalize your content recommendations, or even sell your information to 3rd-parties.
It also gathers data on customers' use of Amazon devices and their features, like home screen navigation and device settings choices. But it explicitly does not collect information on what customers watch within 3rd-party apps on Fire TV.
Follow these steps to quell the amount of data Fire TV collects.
- Go to Settings > Preferences > Privacy Settings.
- Select Device Usage Data and turn this setting off.
- Likewise, turn off Collect App Usage Data.
- Now turn off the setting called Interest-based Ads.
Your Amazon Fire TV device will still show ads, but it will no longer be able to track your data for marketing, view how often and how long you use downloaded apps, or give you targeted advertising.
Streaming devices continue to gain popularity as home entertainment enhancements because they are affordable and offer quick access to a smorgasbord of streaming services, like Netflix, Disney+, Hulu, and countless others. These gadgets undoubtedly provide convenience and entertainment. At the same time, they raise concerns about privacy and security for many people.
I should note that streaming devices are just one of many commonly used electronics that collect personal usage data. Your smart TV and smartphone are also in on the act. If you're serious about your privacy, you must take a comprehensive approach and limit data collection across all your devices.
Why do streaming devices collect my data?
In our era of digital streaming and smart TVs, convenience often comes at the cost of privacy. Your streaming device-- whether it's an Amazon Fire Stick, Roku, Chromecast, or another platform-- is programmed by default to collect and share your viewing habits, search queries, and possibly other personal data. This built-in feature enables companies to target you with specific ads, personalize your content recommendations, or even sell your information to 3rd-parties.
Google Won't Ditch 3rd-Party Cookies in Chrome After All
Ryan Whitwam for arstechnica
Google drops plans for a 1-click prompt to disable tracking cookies.
Google drops plans for a 1-click prompt to disable tracking cookies.
Credit: Getty Images
Google has made an unusual announcement about browser cookies, but it may not come as much of a surprise given recent events. After years spent tinkering with the Privacy Sandbox, Google has essentially called it quits. According to Anthony Chavez, VP of the company's Privacy Sandbox initiative, Google won't be rolling out a planned feature to help users disable 3rd-party cookies. Instead, cookie support will remain in place as is, possibly forever.
Beginning in 2019, Google embarked on an effort under the Privacy Sandbox banner aimed at developing a new way to target ads that could preserve a modicum of user privacy. This approach included doing away with 3rd-party cookies, small snippets of code that advertisers use to follow users around the web.
Google struggled to find a solution that pleased everyone. Its initial proposal for FLoC-- Federated Learning of Cohorts-- was widely derided as hardly any better than cookies. Google then moved on to the Topics API, but the company's plans to kill cookies have been delayed repeatedly since 2022.
Until today, Google was still planning to roll out a dialog in Chrome that would prompt users to turn off 3rd-party cookies in favor of Google's updated solution. According to Chavez, Google has been heartened to see the advertising industry taking privacy more seriously. As a result, Google won't be pushing that cookie dialog to users. You can still choose to disable 3rd-party cookies in Chrome, though.
Maintaining the status quo
While Google's sandbox project is looking more directionless today, it is not completely ending the initiative. The team still plans to deploy promised improvements in Chrome's Incognito Mode, which has been re-architected to preserve user privacy after numerous complaints. Incognito Mode blocks all 3rd-party cookies, and later this year, it will gain IP protection, which masks a user's IP address to protect against cross-site tracking.
Beginning in 2019, Google embarked on an effort under the Privacy Sandbox banner aimed at developing a new way to target ads that could preserve a modicum of user privacy. This approach included doing away with 3rd-party cookies, small snippets of code that advertisers use to follow users around the web.
Google struggled to find a solution that pleased everyone. Its initial proposal for FLoC-- Federated Learning of Cohorts-- was widely derided as hardly any better than cookies. Google then moved on to the Topics API, but the company's plans to kill cookies have been delayed repeatedly since 2022.
Until today, Google was still planning to roll out a dialog in Chrome that would prompt users to turn off 3rd-party cookies in favor of Google's updated solution. According to Chavez, Google has been heartened to see the advertising industry taking privacy more seriously. As a result, Google won't be pushing that cookie dialog to users. You can still choose to disable 3rd-party cookies in Chrome, though.
Maintaining the status quo
While Google's sandbox project is looking more directionless today, it is not completely ending the initiative. The team still plans to deploy promised improvements in Chrome's Incognito Mode, which has been re-architected to preserve user privacy after numerous complaints. Incognito Mode blocks all 3rd-party cookies, and later this year, it will gain IP protection, which masks a user's IP address to protect against cross-site tracking.
Chavez admits that this change will mean Google's Privacy Sandbox APIs will have a "different role to play" in the market. That's a kind way to put it. Google will continue developing these tools and will work with industry partners to find a path forward in the coming months. The company still hopes to see adoption of the Privacy Sandbox increase, but the industry is unlikely to give up on cookies voluntarily.
While Google focuses on how ad privacy has improved since it began working on the Privacy Sandbox, the changes in Google's legal exposure are probably more relevant. Since launching the program, Google has lost 3 antitrust cases, 2 of which are relevant here: the search case currently in the remedy phase and the newly decided ad tech case. As the government begins arguing that Chrome gives Google too much power, it would be a bad look to force a realignment of the advertising industry using the dominance of Chrome.
In some ways, this is a loss-- tracking cookies are undeniably terrible, and Google's proposed alternative is better for privacy, at least on paper. However, universal adoption of the Privacy Sandbox could also give Google more power than it already has, and the supposed privacy advantages may never have fully materialized as Google continues to seek higher revenue.
ChatGPT Remembers Everything About You - Here's How to
Stay in Control
By Amir M. Bohlooli for makeuseof
Roman Smaborskyi / Shutterstock
ChatGPT's memory is getting smarter-- and that might be a problem. It's easy to forget how much we've told it: goals, fears, frustrations. Unlike a human, it doesn't forget or forgive unless you make it. But you don't have to feed the machine. Here's the blunt, everything‑you‑need guide to dodging ChatGPT's memory.
Archiving and Deleting Only Hides the Conversation
You can archive a conversation to remove it from the sidebar clutter. Archiving doesn't remove anything from ChatGPT's actual memory. You'll find your archived chats under Settings > General > Archived chats.
If your goal is to hide a conversation from ChatGPT's long-term mind, archiving is just window dressing. Even deleting a chat isn't enough.
Deleting a chat removes the transcript, but not what ChatGPT has learned from it. The interface itself mentions this when you delete a chat.
Archiving and Deleting Only Hides the Conversation
You can archive a conversation to remove it from the sidebar clutter. Archiving doesn't remove anything from ChatGPT's actual memory. You'll find your archived chats under Settings > General > Archived chats.
If your goal is to hide a conversation from ChatGPT's long-term mind, archiving is just window dressing. Even deleting a chat isn't enough.
Deleting a chat removes the transcript, but not what ChatGPT has learned from it. The interface itself mentions this when you delete a chat.
Project Workspaces - Memories Still Leak
Projects bundle multiple chats and let you attach custom instructions or files-- great for keeping client work separate from your D&D campaign. When projects were first introduced, they couldn't write to memory or read from it. However, recent Projects still feed into the same account-level memory pool, unless you've disabled memory globally.
NOTE: In my case, I have one older Project and 2 new ones. My older project can't access my account's memory, but newer projects can read from and write to it.
Temporary Chats Like Incognito Mode
Temporary Chat is ChatGPT's equivalent of Chrome's Incognito mode. The model can't read past memories and-- crucially-- can't write new ones. Once you close the window, the content is gone for you and the AI, though OpenAI still keeps a copy for 30 days to police abuse.
You can start a Temporary Chat by starting a new chat and then clicking Temporary Chat in the top-right corner, next to your profile picture.
Disable Memory Entirely - The Nuclear Option
The most straightforward way to prevent ChatGPT from remembering anything is to just flip the switch. Click your profile picture, then go to Personalization and toggle Reference saved memories. Disabling it stops both reading and writing.
TIP: The Manage memories link below the toggle shows every fact the model has already stashed. You can delete items individually or wipe the lot.
ChatGPT's interface vaguely titles this feature Reference saved memories-- as if disabling it only stops the model from referencing stored data, not from collecting new info. Who's to say the system truly stops memorizing once you toggle it off? Because there's no independent audit trail, treat this switch as a speed bump, not a brick wall. The next 2 workarounds exist for exactly this reason.
Use ChatGPT Without Logging In - Go Anonymous
OpenAI now lets you ping the model anonymously on chat.openai.com. You're stuck with the older model tier and no plugins, but there's no account to tie data to. Just open a private browser window, skip the login, and start chatting. Pair it with a VPN and you'll be nearly untraceable.
3rd‑Party Wrappers - Outsourcing Your Trust Issues
Tools like HuggingChat, Poe, or any "unified AI" dashboards call OpenAI's API on your behalf. ChatGPT's memory feature doesn't apply over API calls, so OpenAI only sees text plus an anonymized client ID. That shifts the privacy burden to the wrapper service.
In this case, you're essentially swapping OpenAI's tracking for someone else's. Read the privacy policy of any 3rd-party client you use, and avoid social logins unless you want to defeat the whole purpose.
Alternatively, you could use the OpenAI API yourself. Memory won't be a problem, but your conversations will still be tied to your OpenAI account.
Get Help Without the Baggage
Privacy has always walked a fine line. The more someone knows about you, the more useful they can be-- and the more power they have to misuse that knowledge. That trade-off gets even trickier when the "someone" isn't a person at all, but an AI developed by a company with billions of dollars and terabytes of user data.
ChatGPT's memory update pushes this line further. It doesn't just remember your last question-- it remembers you. Your goals, your frustrations, your preferences. And unlike Spotify or Netflix, you've probably told ChatGPT things you wouldn't tell a friend. That's where the difference lies.
There are 2 layers to consider: what ChatGPT itself can do with what it remembers, and what OpenAI, like any Big Tech company, can do behind the scenes. That's a lot of trust to place in a black box, even if it's one that helps you brainstorm recipes and rewrite emails.
The good news is that you're not powerless. You can see what it remembers. You can tell it to forget. You can go incognito, log out, or sidestep memory entirely. ChatGPT can be a helpful assistant, but it doesn't need to be your diary. Control what it knows, and you control the relationship.
WhatsApp's New Advanced Chat Privacy Protects Sensitive Messages
By Sergiu Gatlan for bleepingcomputer
bleepingcomputer
WhatsApp has introduced a new Advanced Chat Privacy feature to protect sensitive information exchanged in private chats and group conversations.
The new privacy option can be enabled after tapping the chat name and is designed to prevent attempts to save media and export chat content.
"Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said.
"When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. That way everyone in the chat has greater confidence that no one can take what is being said outside the chat."
The company added that this is the first version of this feature, and it's rolling out to all users who have updated WhatsApp to the latest version. WhatsApp is also working on adding more protections to Advanced Chat Privacy to make it even more effective.
However, it's important to note that, even after enabling Advanced Chat Privacy, there are still ways to extract sensitive media and information, such as taking a picture of the WhatsApp conversation if screenshots are blocked.
The new privacy option can be enabled after tapping the chat name and is designed to prevent attempts to save media and export chat content.
"Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said.
"When the setting is on, you can block others from exporting chats, auto-downloading media to their phone, and using messages for AI features. That way everyone in the chat has greater confidence that no one can take what is being said outside the chat."
The company added that this is the first version of this feature, and it's rolling out to all users who have updated WhatsApp to the latest version. WhatsApp is also working on adding more protections to Advanced Chat Privacy to make it even more effective.
However, it's important to note that, even after enabling Advanced Chat Privacy, there are still ways to extract sensitive media and information, such as taking a picture of the WhatsApp conversation if screenshots are blocked.
WhatsApp Advanced Chat Privacy (WhatsApp)
The new Advanced Chat Privacy feature is part of a broader effort to make communicating using WhatsApp more secure, which started almost 7 years ago when the company introduced end-to-end encryption.
Five years later, in October 2021, it began rolling out end-to-end encrypted chat backups to iOS and Android devices. In December of the same year, WhatsApp expanded privacy controls by adding support for default disappearing messages to all new chats.
More recently, WhatsApp added support for locking chats using a password or fingerprint, introduced a Secret Code feature to hide the locked chats, and started allowing Android and iOS users to hide their location during calls by proxying the connection through WhatsApp's servers.
Since October 2024, WhatsApp has also begun encrypting contact databases for privacy-preserving synchronization, ensuring that contact lists bind to accounts rather than devices, allowing easy management between device changes or replacements.
Meta announced in early 2020 that more than 2 billion people from over 180 countries were using the WhatsApp video calling and instant messaging platform.
The new Advanced Chat Privacy feature is part of a broader effort to make communicating using WhatsApp more secure, which started almost 7 years ago when the company introduced end-to-end encryption.
Five years later, in October 2021, it began rolling out end-to-end encrypted chat backups to iOS and Android devices. In December of the same year, WhatsApp expanded privacy controls by adding support for default disappearing messages to all new chats.
More recently, WhatsApp added support for locking chats using a password or fingerprint, introduced a Secret Code feature to hide the locked chats, and started allowing Android and iOS users to hide their location during calls by proxying the connection through WhatsApp's servers.
Since October 2024, WhatsApp has also begun encrypting contact databases for privacy-preserving synchronization, ensuring that contact lists bind to accounts rather than devices, allowing easy management between device changes or replacements.
Meta announced in early 2020 that more than 2 billion people from over 180 countries were using the WhatsApp video calling and instant messaging platform.
Your Smart Thermostat is Basically a Nosy Roommate
By Kim Komando
ChatGPT
Charles in San Antonio asked, "Kim, I have one of those smart thermostats. It must collect a lot of my data. Where does it all go?"
Buckle up, Charles, because your thermostat might know more about you than your best friend, your doctor or your cat. If you've got a Nest, Ecobee or any of those sleek little screens controlling your HVAC, they're managing temperature while they basically stalk you, politely and with your permission.
Smart thermostats have evolved. They don't just follow schedules; they predict them. That means they're quietly paying attention to the kind of stuff normally reserved for very nosy roommates.
What it's tracking
All this creepy-cool behavioral tracking gets sent to the cloud to "optimize" your comfort and help you save on energy.
If your thermostat knows your schedule, chances are someone else could, too. That data might be shared with advertisers, 3rd-party companies, or worse, it could be accessed by cybercriminals if your account isn't locked down.
What you can do about it
Turning off these smart features below is a great move for your privacy, but there are a few catches.
You'll lose a bit of the magic that makes your thermostat "smart." Without learning or motion sensing, it won't adjust based on your routines or know when you're home or away. You'll need to set manual schedules.
Disabling data sharing and deleting your history means no more personalized insights or energy reports. You could also miss out on utility rebates that rely on usage tracking.
If you're OK giving up convenience, the trade-off is keeping Big Tech out of your living room. Note: Steps below work for most, but may vary based on your specific model number.
1. Turn off auto-learning
2. Disable motion or occupancy sensors
3. Review your data-sharing settings
4. Delete your usage history
Basically, your thermostat knows when you're sleeping, it knows when you're awake, it knows if you've been bad or good, so be good for goodness' sake.
Buckle up, Charles, because your thermostat might know more about you than your best friend, your doctor or your cat. If you've got a Nest, Ecobee or any of those sleek little screens controlling your HVAC, they're managing temperature while they basically stalk you, politely and with your permission.
Smart thermostats have evolved. They don't just follow schedules; they predict them. That means they're quietly paying attention to the kind of stuff normally reserved for very nosy roommates.
What it's tracking
- The time you leave and return home
- Which rooms you're in the most (thanks to motion sensors)
- How long it takes to hit your ideal temp
- Your sleep and wake-up patterns
All this creepy-cool behavioral tracking gets sent to the cloud to "optimize" your comfort and help you save on energy.
If your thermostat knows your schedule, chances are someone else could, too. That data might be shared with advertisers, 3rd-party companies, or worse, it could be accessed by cybercriminals if your account isn't locked down.
What you can do about it
Turning off these smart features below is a great move for your privacy, but there are a few catches.
You'll lose a bit of the magic that makes your thermostat "smart." Without learning or motion sensing, it won't adjust based on your routines or know when you're home or away. You'll need to set manual schedules.
Disabling data sharing and deleting your history means no more personalized insights or energy reports. You could also miss out on utility rebates that rely on usage tracking.
If you're OK giving up convenience, the trade-off is keeping Big Tech out of your living room. Note: Steps below work for most, but may vary based on your specific model number.
1. Turn off auto-learning
- Nest: Google Home app > Tap your thermostat > Settings > Temperature Preferences > Auto-Schedule or Smart Schedule (4th gen) > Off.
- Ecobee: Menu (3-lines) > General > Preferences > Smart Recovery > Disable.
2. Disable motion or occupancy sensors
- Nest: Settings > Presence sensing > Turn off Allow this home to use phone locations.
- Ecobee: Menu > General > Sensors > Tap each one > Participation > Disable Smart Home & Away.
3. Review your data-sharing settings
- Nest: myactivity.google.com > Activity Controls > Turn off Web & App Activity.
- Ecobee: Account > Donate Your Data > Toggle off Donate Thermostat Data > Confirm.
4. Delete your usage history
- Nest: Visit Google My Activity > Filter by date & product > Select Nest > Apply > Delete results > Delete.
- Ecobee: Fill out a Personal Information form to request data deletion.
Basically, your thermostat knows when you're sleeping, it knows when you're awake, it knows if you've been bad or good, so be good for goodness' sake.
5 Places Incognito Mode is Useful and 3 Where it Isn't
By Andy Betts for howtogeek
Andy Betts / How-To Geek
Every browser offers an incognito mode that provides an extra level of privacy when you're browsing the web. However, it might not be quite as effective as you think it is. There are times when it's useful-- and times when it's no use at all.
Every browser offers an incognito mode that provides an extra level of privacy when you're browsing the web. However, it might not be quite as effective as you think it is. There are times when it's useful-- and times when it's no use at all.
Every browser offers an incognito mode that provides an extra level of privacy when you're browsing the web. However, it might not be quite as effective as you think it is. There are times when it's useful-- and times when it's no use at all.
Incognito mode doesn't save your history or cookies and doesn't keep you logged into sites. It essentially wipes the browser clean of all traces of your browsing session as soon as you shut it down.
It's Useful for Viewing Sites Logged-Out
Your browser isn't the only thing that keeps a record of the websites you visit. Google, for example, saves every one of your searches when you're logged into your Google account.
Again, this isn't a big deal in most cases. But there will undoubtedly be times when you search for things you don't want to save to your Google record. You can clear your Google search history, but it's easier not to save it in the first place.
Incognito mode lets you view any site while logged out. This might be Google, and it could also be shopping sites, social networks, or anything else. It also makes it convenient if you want to log in to a different account, such as a second social media account that you only use occasionally and temporarily.
Use It to Not Ruin Your Recommendations
The main reason I use Incognito mode is for YouTube. If I'm doing a one-off search, like for a guide on how to replace the washer on a faucet, I go incognito because I don't want YouTube recommending similar tutorials for the next 6 months. It's so easy to break the recommendation algorithm if you aren't careful.
The same applies when clicking YouTube video links on Reddit that I don't want to be part of my profile, and when searching for random products on Amazon.
It Helps You Avoid Tracking When Shopping
It's widely thought that some comparison websites, especially in fields like travel and flights, will show different-- and higher-- prices to customers based on what they've been searching for on the site.
By going incognito when using these sites, they can't track you. If you do your research today and then visit again tomorrow, the site will see you as a different person each time and won't be able to adjust its prices. You do need to remember to stay logged out when browsing, though.
It's Useful When You Need to Quickly Disable Your Extensions
I use a lot of browser extensions but sometimes I need to disable them to view certain sites. By default, extensions don't run in Incognito mode. Rather than delving into the settings to switch off an extension temporarily, opening a private tab has the same effect. It's more convenient because you don't need to remember to turn them back on again, either.
Where Incognito Mode Isn't Useful
Incognito mode isn't always useful though, and there are a few areas where it doesn't offer you any help at all.
When You Want to Be Anonymous
Browsing in Incognito mode does not make you anonymous. Although your searches won't be saved to your browser history, others will be able to see your activity.
Your ISP can still see which websites you visited; those sites and services can see your IP address, which is your device's location on the network; and other people who run the network, such as your employer, will also be able to see the sites you're visiting. So don't think you can switch into Incognito mode and start browsing job sites without your boss finding out.
When You Want to Encrypt Your Connection
Incognito mode doesn't add any extra encryption to your internet connection. Most sites now use HTTPS, so your connection is encrypted by default. But if you're browsing on public computers and you want an extra layer of security, Incognito mode won't help. In these cases, you should use a VPN instead.
When You Want to Avoid Malware
Finally, there's a common misconception that private browsing makes you safer online. This isn't true. Put simply, when it comes to malware, Incognito mode offers zero benefit whatsoever. You still need to maintain the same safe browsing habits that you do any other time.
Incognito mode is useful, but its usefulness is limited and often overstated. Its protection begins and ends on your computer or your phone. It's perfect when you don't want to save cookies or a browsing history, or to view sites while not logged in.
But it offers no protection other than that. It doesn't make you anonymous, and there are much better ways to stay safe online.
Chrome Extensions with 6 Million Installs Have Hidden Tracking Code
By Bill Toulas for bleepingcomputer
bleepingcomputer
A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.
These extensions are 'hidden,' meaning they don't show up on Chrome Web Store searches, nor do search engines index them, and can only be installed if the user has the direct URL.
Typically, such extensions are private software like internal company tools or add-ons still under development. Still, threat actors might be using them to evade detection while aggressively pushing them through ads and malicious sites.
Risky Chrome extensions
The extensions were discovered by Secure Annex researcher John Tuckner, who uncovered the first 35 after examining what he claims is a suspicious extension named 'Fire Shield Extension Protection.'
The extension is heavily obfuscated and contains callbacks to an API for sending information collected from the browser.
These extensions are 'hidden,' meaning they don't show up on Chrome Web Store searches, nor do search engines index them, and can only be installed if the user has the direct URL.
Typically, such extensions are private software like internal company tools or add-ons still under development. Still, threat actors might be using them to evade detection while aggressively pushing them through ads and malicious sites.
Risky Chrome extensions
The extensions were discovered by Secure Annex researcher John Tuckner, who uncovered the first 35 after examining what he claims is a suspicious extension named 'Fire Shield Extension Protection.'
The extension is heavily obfuscated and contains callbacks to an API for sending information collected from the browser.
Tracking function in Fire Shield extension. Source: Secure Annex
Through a domain called "unknow.com" contained in the extension, Tuckner found additional extensions containing the same domain that claim to provide ad-blocking or privacy protection services.
Finding more extensions phoning the same external domain. Source: Secure Annex
However, all of these include overly broad permissions allowing them to perform the following actions:
- Access cookies, including sensitive headers (e.g., 'Authorization')
- Monitor user browsing behavior
- Modify search providers (and results)
- Inject and execute remote scripts on visited pages via iframes
- Activate advanced tracking remotely
While Tuckner didn't catch any extensions stealing user passwords or cookies, the excessively risky capabilities, heavily obfuscated code, and hidden logic were enough for the researcher to label them as risky and, potentially, spyware.
"There are additional obfuscated signals in other functions that there is significant command and control potential like the ability to list top sites visited, open/close tabs, get top sites visited, and run many of the capabilities above in an ad hoc manner," explains Tuckner.
"Many of these capabilities have not been validated, but again, the presence of this capability in 35 extensions which claim to do simple things like protect you from malicious extensions is quite concerning."
Excessive permissions secured by the extensions. Source: Secure Annex
Earlier today, the researcher added 22 more extensions believed to belong to the same operation, taking the total to 57 extensions used by 6 million people. Some of the newly added extensions are public, too.
Tuckner says that many of the extensions have been removed from the Chrome Web Store following his report from last week, but others still remain.
One of the risky extensions still hosted on the Web Store. Source: BleepingComputer
The complete list is available here, with the ones with the highest download counts listed below:
- Cuponomia - Coupon and Cashback (700,000 users, public)
- Fire Shield Extension Protection (300,000 users, unlisted)
- Total Safety for Chrome™ (300,000 users, unlisted)
- Protecto for Chrome™ (200,000 users, unlisted)
- Browser WatchDog for Chrome (200,000 users, public)
- Securify for Chrome™ (200,000 users, unlisted)
- Browser Checkup for Chrome by Doctor (200,000 users, public)
- Choose Your Chrome Tools (200,000 users, unlisted)
If you have any of the above installed, it is recommended that you remove them immediately and, out of an abundance of caution, perform password resets on online accounts.
Google told BleepingComputer that they are aware of Tuckner's report and are investigating the extensions.
BleepingComputer also contacted the developer of these extensions with questions about the obfuscated code but has not received a reply at this time.
6 Threats That Incognito Mode Can't Protect You From
By Shan Abdul for howtogeek
Incognito mode isn't as private as you might assume. While it prevents your browser from saving your history and cookies, that's only a tiny part of the tracking it blocks. You're still vulnerable to numerous privacy and security risks. Here are some common threats you should watch out for.
1. Your Internet Activity Isn't Fully Private From Your ISP
Incognito mode isn't as private as you might assume. While it prevents your browser from saving your history and cookies, that's only a tiny part of the tracking it blocks. You're still vulnerable to numerous privacy and security risks. Here are some common threats you should watch out for.
1. Your Internet Activity Isn't Fully Private From Your ISP
SatawatK / Shutterstock
Private browsing doesn't hide your activity from your Internet Service Provider-- ISP. Your ISP can still monitor the websites you visit, the time you access them, and how long you stay since all your online activity is routed through their servers. So, if they choose to, they can monitor your browsing habits.
So, how do you protect yourself? A simple and effective option is using a VPN-- Virtual Private Network. It encrypts your internet traffic and routes it through a secure server, making it difficult for your ISP to monitor your activity. That said, VPNs have limitations and risks, so you must be aware of them.
2. Others Can See Your Downloaded Data
When you download a file during a private browsing session, it's saved to your device just like any regular download. That means even after you close the incognito window, those files remain accessible on a computer. Unless you manually delete them, anyone using the device can view, open, or move them-- putting your sensitive data at risk.
The good news is that your browser won't log these downloads in its history. Still, if you're using a public or shared device, you must manually delete those files once you're done. If you need to keep a large downloaded file on a shared device, consider encrypting it or securing it with a password to prevent unauthorized access.
3. Network Administrators Can Still Monitor Your Browsing
Do you use private browsing at work, school, or on public WiFi and assume your activity is hidden? Unfortunately, it's not. Network administrators-- including IT teams-- can still monitor what you're doing online, even in private mode. So, how can you stay off their radar? As mentioned earlier, one easy solution is a VPN-- Virtual Private Network.
A VPN creates an encrypted tunnel between your device and the internet, masking your activity. However, VPNs are often blocked on such networks. In that case, you can try the Tor Browser, which routes your traffic through several encrypted nodes to help maintain privacy. Alternatively, you can use the Brave browser's private mode with Tor.
4. Browser Extensions May Still Collect Your Data
By default, browser extensions are turned off during private browsing sessions-- but you can choose to enable them. If you've allowed specific extensions to run in private mode, they may collect data about the sites you visit and your actions. So, even if you think your activity is private, these extensions could track you in the background.
In Chrome, you can see which extensions are active in private mode by clicking the Extensions icon near the main menu. To stop an extension from running, go to the Extensions page, click Details for the extension you want to restrict, and turn off the settings that allow it to work in Incognito mode. You can manage this permission easily on other browsers.
So, how do you protect yourself? A simple and effective option is using a VPN-- Virtual Private Network. It encrypts your internet traffic and routes it through a secure server, making it difficult for your ISP to monitor your activity. That said, VPNs have limitations and risks, so you must be aware of them.
2. Others Can See Your Downloaded Data
When you download a file during a private browsing session, it's saved to your device just like any regular download. That means even after you close the incognito window, those files remain accessible on a computer. Unless you manually delete them, anyone using the device can view, open, or move them-- putting your sensitive data at risk.
The good news is that your browser won't log these downloads in its history. Still, if you're using a public or shared device, you must manually delete those files once you're done. If you need to keep a large downloaded file on a shared device, consider encrypting it or securing it with a password to prevent unauthorized access.
3. Network Administrators Can Still Monitor Your Browsing
Do you use private browsing at work, school, or on public WiFi and assume your activity is hidden? Unfortunately, it's not. Network administrators-- including IT teams-- can still monitor what you're doing online, even in private mode. So, how can you stay off their radar? As mentioned earlier, one easy solution is a VPN-- Virtual Private Network.
A VPN creates an encrypted tunnel between your device and the internet, masking your activity. However, VPNs are often blocked on such networks. In that case, you can try the Tor Browser, which routes your traffic through several encrypted nodes to help maintain privacy. Alternatively, you can use the Brave browser's private mode with Tor.
4. Browser Extensions May Still Collect Your Data
By default, browser extensions are turned off during private browsing sessions-- but you can choose to enable them. If you've allowed specific extensions to run in private mode, they may collect data about the sites you visit and your actions. So, even if you think your activity is private, these extensions could track you in the background.
In Chrome, you can see which extensions are active in private mode by clicking the Extensions icon near the main menu. To stop an extension from running, go to the Extensions page, click Details for the extension you want to restrict, and turn off the settings that allow it to work in Incognito mode. You can manage this permission easily on other browsers.
5. Incognito Mode Doesn't Protect You From Malware
When I first started using Incognito mode, I used to believe that I was fully protected from online threats. But if you think the same, that's a big misconception. Incognito mode doesn't shield you from malicious websites, risky downloads, or harmful scripts. If you engage with dangerous content, your device is as vulnerable as in a regular browsing session.
That's why you should follow all the standard security precautions while browsing privately. Scan suspicious files and links with tools like VirusTotal, keep your anti-malware protection active, and don't turn off your browser's built-in security and privacy features. Be as cautious when using private mode as you would during regular browsing.
6. Websites Can Still Track and Identify You
When you browse in private mode, websites can still detect your IP address and collect device-specific information to build a unique profile of you. This means you may still be subject to targeted ads. If you log into accounts like Google or Facebook while in Incognito, your activity can still be linked to your account or profile.
While it's hard to eliminate this kind of tracking, you can reduce it by using privacy-focused browsers like Brave. Also, don't log into your primary accounts while browsing privately. For example, if you just want to watch a YouTube video or view a Facebook or Instagram profile, doing so without signing in won't impact your primary account.
These are some key threats private browsing doesn't shield you from. If you had any misconceptions about being fully protected, now you know better. Follow the tips we've shared to protect your data, privacy, and security. While these precautions won't eliminate every risk, they'll go a long way in minimizing them.
ChatGPT Can Now Remember and Reference All Your Previous Chats
By Samuel Axon for arstechnica
Before, ChatGPT just remembered a few facts. Now it can remember much more.
Before, ChatGPT just remembered a few facts. Now it can remember much more.
OpenAI's ChatGPT is adding major new features. Credit: Benj Edwards / OpenAI
OpenAI today announced a significant expansion of ChatGPT's customization and memory capabilities. For some users, it will now be able to remember information from the full breadth of their prior conversations with it and adjust its responses based on that information.
This means ChatGPT will learn more about the user over time to personalize its responses, above and beyond just a handful of key facts.
Some time ago, OpenAI added a feature called "Memory" that allowed a limited number of pieces of information to be retained and used for future responses. Users often had to specifically ask ChatGPT to remember something to trigger this, though it occasionally tried to guess at what it should remember, too. (When something was added to its memory, there was a message saying that its memory had been updated.)
Users could enable or disable this feature at will, and it was automatically off for specific chats where users chose the "Temporary Chat" option-- sort of ChatGPT's version of incognito mode.
The new improvements announced today go far beyond that.
Now, where there was once a checkbox in ChatGPT's interface to disable or enable memory tracking, there are 2 checkboxes. "Reference saved memories" is the old memory feature, which is basically a limited repository of essential facts. The second is the new feature: "reference chat history." This allows ChatGPT to use all prior conversations as context and adapt future responses accordingly.
Unlike the older saved memories feature, the information saved via the chat history memory feature is not accessible or tweakable. It's either on or it's not.
The new approach to memory is rolling out first to ChatGPT Plus and Pro users, starting today-- though it looks like it's a gradual deployment over the next few weeks. Some countries and regions-- the UK, European Union, Iceland, Liechtenstein, Norway, and Switzerland-- are not included in the rollout.
OpenAI says these new features will reach Enterprise, Team, and Edu users at a later, as-yet-unannounced date. The company hasn't mentioned any plans to bring them to free users. When you gain access to this, you'll see a pop-up that says "Introducing new, improved memory."
This means ChatGPT will learn more about the user over time to personalize its responses, above and beyond just a handful of key facts.
Some time ago, OpenAI added a feature called "Memory" that allowed a limited number of pieces of information to be retained and used for future responses. Users often had to specifically ask ChatGPT to remember something to trigger this, though it occasionally tried to guess at what it should remember, too. (When something was added to its memory, there was a message saying that its memory had been updated.)
Users could enable or disable this feature at will, and it was automatically off for specific chats where users chose the "Temporary Chat" option-- sort of ChatGPT's version of incognito mode.
The new improvements announced today go far beyond that.
Now, where there was once a checkbox in ChatGPT's interface to disable or enable memory tracking, there are 2 checkboxes. "Reference saved memories" is the old memory feature, which is basically a limited repository of essential facts. The second is the new feature: "reference chat history." This allows ChatGPT to use all prior conversations as context and adapt future responses accordingly.
Unlike the older saved memories feature, the information saved via the chat history memory feature is not accessible or tweakable. It's either on or it's not.
The new approach to memory is rolling out first to ChatGPT Plus and Pro users, starting today-- though it looks like it's a gradual deployment over the next few weeks. Some countries and regions-- the UK, European Union, Iceland, Liechtenstein, Norway, and Switzerland-- are not included in the rollout.
OpenAI says these new features will reach Enterprise, Team, and Edu users at a later, as-yet-unannounced date. The company hasn't mentioned any plans to bring them to free users. When you gain access to this, you'll see a pop-up that says "Introducing new, improved memory."
The new ChatGPT memory options. Credit: Benj Edwards
Some people will welcome this memory expansion, as it can significantly improve ChatGPT's usefulness if you're seeking answers tailored to your specific situation, personality, and preferences.
Others will likely be highly skeptical of a black box of chat history memory that can't be tweaked or customized for privacy reasons. It's important to note that even before the new memory feature, logs of conversations with ChatGPT may be saved and stored on OpenAI servers. It's just that the chatbot didn't fully incorporate their contents into its responses until now.
As with the old memory feature, you can click a checkbox to disable this completely, and it won't be used for conversations with the Temporary Chat flag.
You Can Stop Google from Tracking Your Smartphone, But You'll Hate How
By Josh Hawkins for makeuseof
BritCats Studio/Shutterstock
If you think your Android device respects your privacy, I've got bad news. New research shows Google starts tracking you the moment you sign in-- long before you open your first app.
Google Can Track You Before You Even Launch an App
We all know that we're being tracked and that our data is one of the most valuable things companies can collect. While many companies tout increased privacy features-- Google loves to talk about how private Android is-- there are always secrets lurking in the corner.
The secret this time is a pretty big one, too. According to a 2025 study by Professor Doug Leith of Trinity College Dublin, Android devices start sharing data with Google almost immediately, without any notification or consent from you, the device's owner.
That's a huge problem, too. Because it doesn't matter if you never open Gmail or Google Maps, as pre-installed apps like Google Play Services and the Play Store start relaying information to the tech giant as soon as you log in.
One of the key players that Leith uncovered is the DSID cookie. This tracker gets dropped onto your device as soon as you sign in to your Google account-- something you're forced to do to set up your Android phone.
Once on your device, the DISD cookie quietly links your activity across apps and websites to your digital identity, giving Google all kinds of data about you and your browsing habits. But Google doesn't stop tracking you there.
There's also the Google Android ID, a unique device identifier that keeps checking in with Google, even if you later sign out. And it's not just about diagnostics. These identifiers are designed to fuel personalized ads and profile-building, all before you've tapped on a single app icon.
And There's No Way to Opt Out
The real kicker, though-- beyond Google never telling you about any of this-- is that there's no real way to opt out of these tracking features, either.
Google doesn't ask for consent or offer any upfront disclosure during device setup. The DSID cookie refreshes automatically every 2 weeks, and the Android ID is embedded deep in system data and sticks around unless you wipe your device entirely.
Even newer Android features like SafetyCore, which scans incoming images for explicit content and was quietly added in an update in 2024, can be uninstalled or disabled. Though, you'll need to check occasionally to make sure it hasn't been reinstalled during an Android update.
With the DSID cookie, though, there's no way to turn it off once you've logged into your Google account. Google explains in a support document that the cookie is to help you ensure personalized ad preferences are respected even in non-Google services and websites.
However, that doesn't discount the fact that the tech giant is essentially scraping your data without ever notifying you in any way.
This Is the Only Way to Stop Google From Tracking You
If you were hoping that removing these tracking features would be as easy as uninstalling an app from your Android phone, I have more bad news.
If you really want to stop Google from tracking your phone, there's only one surefire method. Factory reset your device and never sign in to a Google account again.
Of course, that's easier said than done, especially since Google forces you to sign in to a Google account to even finish setting up your Android device. And, if you go with a de-Googled Android operating system-- like GrapheneOS-- you'll be sacrificing access to Google services like the Play Store for that increased privacy.
For many, this is probably not an option at all. Installing other operating systems can also be tricky and requires a bit of technical know-how, so not everyone will be comfortable with that solution.
The only other option you have to combat this invasion of your privacy is to mitigate the damage it is doing, even if only slightly. I always recommend heading to Settings > Google Services > All Services > Ads and opting out of the personalized advertising options listed there.
Google Can Track You Before You Even Launch an App
We all know that we're being tracked and that our data is one of the most valuable things companies can collect. While many companies tout increased privacy features-- Google loves to talk about how private Android is-- there are always secrets lurking in the corner.
The secret this time is a pretty big one, too. According to a 2025 study by Professor Doug Leith of Trinity College Dublin, Android devices start sharing data with Google almost immediately, without any notification or consent from you, the device's owner.
That's a huge problem, too. Because it doesn't matter if you never open Gmail or Google Maps, as pre-installed apps like Google Play Services and the Play Store start relaying information to the tech giant as soon as you log in.
One of the key players that Leith uncovered is the DSID cookie. This tracker gets dropped onto your device as soon as you sign in to your Google account-- something you're forced to do to set up your Android phone.
Once on your device, the DISD cookie quietly links your activity across apps and websites to your digital identity, giving Google all kinds of data about you and your browsing habits. But Google doesn't stop tracking you there.
There's also the Google Android ID, a unique device identifier that keeps checking in with Google, even if you later sign out. And it's not just about diagnostics. These identifiers are designed to fuel personalized ads and profile-building, all before you've tapped on a single app icon.
And There's No Way to Opt Out
The real kicker, though-- beyond Google never telling you about any of this-- is that there's no real way to opt out of these tracking features, either.
Google doesn't ask for consent or offer any upfront disclosure during device setup. The DSID cookie refreshes automatically every 2 weeks, and the Android ID is embedded deep in system data and sticks around unless you wipe your device entirely.
Even newer Android features like SafetyCore, which scans incoming images for explicit content and was quietly added in an update in 2024, can be uninstalled or disabled. Though, you'll need to check occasionally to make sure it hasn't been reinstalled during an Android update.
With the DSID cookie, though, there's no way to turn it off once you've logged into your Google account. Google explains in a support document that the cookie is to help you ensure personalized ad preferences are respected even in non-Google services and websites.
However, that doesn't discount the fact that the tech giant is essentially scraping your data without ever notifying you in any way.
This Is the Only Way to Stop Google From Tracking You
If you were hoping that removing these tracking features would be as easy as uninstalling an app from your Android phone, I have more bad news.
If you really want to stop Google from tracking your phone, there's only one surefire method. Factory reset your device and never sign in to a Google account again.
Of course, that's easier said than done, especially since Google forces you to sign in to a Google account to even finish setting up your Android device. And, if you go with a de-Googled Android operating system-- like GrapheneOS-- you'll be sacrificing access to Google services like the Play Store for that increased privacy.
For many, this is probably not an option at all. Installing other operating systems can also be tricky and requires a bit of technical know-how, so not everyone will be comfortable with that solution.
The only other option you have to combat this invasion of your privacy is to mitigate the damage it is doing, even if only slightly. I always recommend heading to Settings > Google Services > All Services > Ads and opting out of the personalized advertising options listed there.
|
|
|
|
You can also switch from closed apps like Google Chrome to more open-source or privacy-focused apps like DuckDuckGo. Switching to DuckDuckGo will cause you to miss out on Chrome features, though, so that's something to be aware of.
It's also important to consistently review app permissions on your Android device to ensure that no new apps are accessing your data without your permission.
Sadly, though, none of these steps will stop the underlying system-level tracking that Google has built into the Android operating system. If you really want to be free of Google's tracking, you're going to need to break free of the company's ecosystem completely.
Is This the World's Most Private Phone That Can Not be Tracked?
Everything You Say to Your Echo Will be Sent to Amazon
Starting on March 28
By Scharon Harding for arstechnica
Amazon is killing a privacy feature to bolster Alexa+, the new subscription assistant.
Amazon is killing a privacy feature to bolster Alexa+, the new subscription assistant.
Credit: Getty
Since Amazon announced plans for a generative AI version of Alexa, we were concerned about user privacy. With Alexa+ rolling out to Amazon Echo devices in the coming weeks, we're getting a clearer view at the privacy concessions people will have to make to maximize usage of the AI voice assistant and avoid bricking functionality of already-purchased devices.
In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally and, therefore, avoid sending voice recordings to Amazon's cloud. Amazon apparently sent the email to users with "Do Not Send Voice Recordings" enabled on their Echo. Starting on March 28, recordings of everything command spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud.
Attempting to rationalize the change, Amazon's email said:
"As we continue to expand Alexa's capabilities with generative AI features that rely on the processing power of Amazon's secure cloud, we have decided to no longer support this feature."
One of the most marketed features of Alexa+ is its more advanced ability to recognize who is speaking to it, a feature known as Alexa Voice ID. To accommodate this feature, Amazon is eliminating a privacy-focused capability for all Echo users, even those who aren't interested in the subscription-based version of Alexa or want to use Alexa+ but not its ability to recognize different voices.
However, there are plenty of reasons why people wouldn't want Amazon to receive recordings of what they say to their personal device. For one, the idea of a conglomerate being able to listen to personal requests made in your home is, simply, unnerving.
Further, Amazon has previously mismanaged Alexa voice recordings. In 2023, Amazon agreed to pay $25 million in civil penalties over the revelation that it stored recordings of children's interactions with Alexa forever. Adults also didn't feel properly informed of Amazon's inclination toward keeping Alexa recordings unless prompted not to until 2019-- 5 years after the first Echo came out.
If that's not enough to deter you from sharing voice recordings with Amazon, note that the company allowed employees to listen to Alexa voice recordings. In 2019, Bloomberg reported that Amazon employees listened to as many as 1,000 audio samples during their 9-hour shifts. Amazon says it allows employees to listen to Alexa voice recordings to train its speech recognition and natural language understanding systems.
Other reasons why people may be hesitant to trust Amazon with personal voice samples include the previous usage of Alexa voice recordings in criminal trials and Amazon paying a settlement in 2023 in relation to allegations that it allowed "thousands of employees and contractors to watch video recordings of customers' private spaces" taken from Ring cameras, per the Federal Trade Commission.
Save recordings or lose functionality
Likely looking to get ahead of these concerns, Amazon said in its email today that by default, it will delete recordings of users' Alexa requests after processing. However, anyone with their Echo device set to "Don't save recordings" will see their already-purchased devices' Voice ID feature bricked. Voice ID enables Alexa to do things like share user-specified calendar events, reminders, music, and more. Previously, Amazon has said that "if you choose not to save any voice recordings, Voice ID may not work." As of March 28, broken Voice ID is a guarantee for people who don't let Amazon store their voice recordings.
Amazon's email says:
"Alexa voice requests are always encrypted in transit to Amazon's secure cloud, which was designed with layers of security protections to keep customer information safe. Customers can continue to choose from a robust set of controls by visiting the Alexa Privacy dashboard online or navigating to More > Alexa Privacy in the Alexa app."
Amazon is forcing Echo users to make a couple of tough decisions: Grant Amazon access to recordings of everything you say to Alexa or stop using an Echo; let Amazon save voice recordings and have employees listen to them or lose a feature set to become more advanced and central to the next generation of Alexa.
However, Amazon is betting big that Alexa+ can dig the voice assistant out of a financial pit. Amazon has publicly committed to keeping the free version of Alexa around, but Alexa+ is viewed as Amazon's last hope for keeping Alexa alive and making it profitable. Anything Amazon can do to get people to pay for Alexa takes precedence over other Alexa user demands, including, it seems, privacy.
In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally and, therefore, avoid sending voice recordings to Amazon's cloud. Amazon apparently sent the email to users with "Do Not Send Voice Recordings" enabled on their Echo. Starting on March 28, recordings of everything command spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud.
Attempting to rationalize the change, Amazon's email said:
"As we continue to expand Alexa's capabilities with generative AI features that rely on the processing power of Amazon's secure cloud, we have decided to no longer support this feature."
One of the most marketed features of Alexa+ is its more advanced ability to recognize who is speaking to it, a feature known as Alexa Voice ID. To accommodate this feature, Amazon is eliminating a privacy-focused capability for all Echo users, even those who aren't interested in the subscription-based version of Alexa or want to use Alexa+ but not its ability to recognize different voices.
However, there are plenty of reasons why people wouldn't want Amazon to receive recordings of what they say to their personal device. For one, the idea of a conglomerate being able to listen to personal requests made in your home is, simply, unnerving.
Further, Amazon has previously mismanaged Alexa voice recordings. In 2023, Amazon agreed to pay $25 million in civil penalties over the revelation that it stored recordings of children's interactions with Alexa forever. Adults also didn't feel properly informed of Amazon's inclination toward keeping Alexa recordings unless prompted not to until 2019-- 5 years after the first Echo came out.
If that's not enough to deter you from sharing voice recordings with Amazon, note that the company allowed employees to listen to Alexa voice recordings. In 2019, Bloomberg reported that Amazon employees listened to as many as 1,000 audio samples during their 9-hour shifts. Amazon says it allows employees to listen to Alexa voice recordings to train its speech recognition and natural language understanding systems.
Other reasons why people may be hesitant to trust Amazon with personal voice samples include the previous usage of Alexa voice recordings in criminal trials and Amazon paying a settlement in 2023 in relation to allegations that it allowed "thousands of employees and contractors to watch video recordings of customers' private spaces" taken from Ring cameras, per the Federal Trade Commission.
Save recordings or lose functionality
Likely looking to get ahead of these concerns, Amazon said in its email today that by default, it will delete recordings of users' Alexa requests after processing. However, anyone with their Echo device set to "Don't save recordings" will see their already-purchased devices' Voice ID feature bricked. Voice ID enables Alexa to do things like share user-specified calendar events, reminders, music, and more. Previously, Amazon has said that "if you choose not to save any voice recordings, Voice ID may not work." As of March 28, broken Voice ID is a guarantee for people who don't let Amazon store their voice recordings.
Amazon's email says:
"Alexa voice requests are always encrypted in transit to Amazon's secure cloud, which was designed with layers of security protections to keep customer information safe. Customers can continue to choose from a robust set of controls by visiting the Alexa Privacy dashboard online or navigating to More > Alexa Privacy in the Alexa app."
Amazon is forcing Echo users to make a couple of tough decisions: Grant Amazon access to recordings of everything you say to Alexa or stop using an Echo; let Amazon save voice recordings and have employees listen to them or lose a feature set to become more advanced and central to the next generation of Alexa.
However, Amazon is betting big that Alexa+ can dig the voice assistant out of a financial pit. Amazon has publicly committed to keeping the free version of Alexa around, but Alexa+ is viewed as Amazon's last hope for keeping Alexa alive and making it profitable. Anything Amazon can do to get people to pay for Alexa takes precedence over other Alexa user demands, including, it seems, privacy.
5 Signs Someone Might be Taking Advantage of Your Security Goodness
Not everyone in a security department is acting in good faith, and they'll do what they can to bypass those who do. Here's how to spot them.
zwolafasola / stock.adobe - darkreading
Wikipedia defines "good faith" as "a sincere intention to be fair, open, and honest, regardless of the outcome of the interaction." A person who acts in good faith must be truthful and forthcoming with information, even if it affects the end state of a negotiation or transaction. In other words, lying and withholding information, by their very nature, make an interaction anything but good faith.
For many security professionals, good faith is the only way they know how to operate. Unfortunately, the security profession, like any profession, has its share of bad faith actors, too. For example, consider a co-worker who is underperforming and introducing unnecessary risk into the security organization. In certain cases, underperformers will look to sabotage others rather than improve the quality of their work. Or, as another example, consider a bad faith actor who is out to gain competitive intelligence or other information that can be used for any number of purposes, including social engineering.
How can good faith security practitioners identify bad actors and understand when they're being taken advantage of? Here are 5 signs.
1. Information hoarding: Ever had a conversation, meeting, chat correspondence, or email exchange that feels more like an interrogation than a two-way exchange information? This is a well-known trick-- and sign of-- a bad faith actor. By the time most good faith actors catch on to the fact that the information flow is entirely 1-way, they've already given the bad faith actor a wealth of information.
2. My way or the highway: As a generally rational bunch, good faith actors understand that life is a give and take. But bad faith actors know only how to take, making it difficult to negotiate. Their only concern is what they want, and they will employ a variety of tactics to get what they want while offering little to nothing in return. Unfortunately, good faith actors often fall for this approach, as they would rather disengage and get back to constructive activities than get dirty wrestling in the mud with a bad actor.
3. False generosity: When bad faith actors seek to manipulate people or situations, they will sometimes make what appears to be a generous offer. Conversely, these offers often come at a tremendous cost. How so? If a good faith actor takes a bad faith actor up on an offer, it could be used against them in the future. The bad faith actor could also attempt to convince others of their "good nature" and "generosity" by pointing to a good faith actor who took the offer.
4. Bait and switch: Bait and switch is one of the oldest tricks in the book. As the Latin phrase so aptly states, caveat emptor: Buyer beware. Bad faith actors will often make promises of something they have absolutely no intention of giving to extract what they want from good actors. Once they have what they were after, they go quiet or become evasive. The chances of a good faith actor ever seeing what they wanted are very slim.
5. Promoting a narrative: One way bad faith actors seek out, persuade, and take advantage of new victims is by surrounding themselves with a chorus of approvers. This "posse," of sorts, may consist of witting and/or unwitting accomplices. In some cases, accomplices were recruited via lies or manipulation. In other cases, the accomplices may have their own motivations for why they wish to partake in certain bad faith activities. In any event, bad faith actors will often promote a narrative to help convince new audiences they can be believed. This can be difficult to navigate and often catches good faith actors by surprise.
In the end, a heaping dose of awareness-- and even a bit of healthy cynicism-- of misleading behaviors can stop bad faith actors from taking advantage and achieving their goals.
For many security professionals, good faith is the only way they know how to operate. Unfortunately, the security profession, like any profession, has its share of bad faith actors, too. For example, consider a co-worker who is underperforming and introducing unnecessary risk into the security organization. In certain cases, underperformers will look to sabotage others rather than improve the quality of their work. Or, as another example, consider a bad faith actor who is out to gain competitive intelligence or other information that can be used for any number of purposes, including social engineering.
How can good faith security practitioners identify bad actors and understand when they're being taken advantage of? Here are 5 signs.
1. Information hoarding: Ever had a conversation, meeting, chat correspondence, or email exchange that feels more like an interrogation than a two-way exchange information? This is a well-known trick-- and sign of-- a bad faith actor. By the time most good faith actors catch on to the fact that the information flow is entirely 1-way, they've already given the bad faith actor a wealth of information.
2. My way or the highway: As a generally rational bunch, good faith actors understand that life is a give and take. But bad faith actors know only how to take, making it difficult to negotiate. Their only concern is what they want, and they will employ a variety of tactics to get what they want while offering little to nothing in return. Unfortunately, good faith actors often fall for this approach, as they would rather disengage and get back to constructive activities than get dirty wrestling in the mud with a bad actor.
3. False generosity: When bad faith actors seek to manipulate people or situations, they will sometimes make what appears to be a generous offer. Conversely, these offers often come at a tremendous cost. How so? If a good faith actor takes a bad faith actor up on an offer, it could be used against them in the future. The bad faith actor could also attempt to convince others of their "good nature" and "generosity" by pointing to a good faith actor who took the offer.
4. Bait and switch: Bait and switch is one of the oldest tricks in the book. As the Latin phrase so aptly states, caveat emptor: Buyer beware. Bad faith actors will often make promises of something they have absolutely no intention of giving to extract what they want from good actors. Once they have what they were after, they go quiet or become evasive. The chances of a good faith actor ever seeing what they wanted are very slim.
5. Promoting a narrative: One way bad faith actors seek out, persuade, and take advantage of new victims is by surrounding themselves with a chorus of approvers. This "posse," of sorts, may consist of witting and/or unwitting accomplices. In some cases, accomplices were recruited via lies or manipulation. In other cases, the accomplices may have their own motivations for why they wish to partake in certain bad faith activities. In any event, bad faith actors will often promote a narrative to help convince new audiences they can be believed. This can be difficult to navigate and often catches good faith actors by surprise.
In the end, a heaping dose of awareness-- and even a bit of healthy cynicism-- of misleading behaviors can stop bad faith actors from taking advantage and achieving their goals.
© vocalbits.com