Everyone wants privacy, but won’t do what it takes

by Geoff Green, Myntex Inc. President and CEO I’ve seen staggering stories in the last 11 years, since I entered the privacy and security sector, with business and individuals facing

insurmountable losses due to cybercrime. Identity theft, ransomware, and malware threats just keep mounting. So, it’s heartening for me to finally see people paying closer attention to the

risks of using a cellphone. Global research by Statista found: · 90% of online users are significantly concerned about data privacy · 47% worry a data breach will expose personal information

and be compromised by cybercrime · 40% dread sensitive personal information being sold to third parties and used without their consent Considering the average adult spends about 3 hours a

day on their mobile — which adds up to 45 days over the course of a year — the number of opportunities to be targeted by a threat actor is frightening. According to Pew Research, most people

say the potential risks they face (because of data collection) outweighs any benefits and two-thirds feel the same about information gathered by governments. Most people expect they’re

being tracked by ads, big tech and other companies online and by their phones. Some of the biggest data breaches in the last year have been on social media sites, the largest of which was on

LinkedIn. Through two different data scraping hacks, 90 percent of LinkedIn’s 738 million users were affected. No wonder they say smartphone dependency makes people more anxious and

depressed. There are many ways to protect yourself against exposure. Here’s what I do (or don’t) and why. If you’re wondering why I care, it’s because there’s so much deception about what

some products claim to be able to do for you, I feel like it’s a public service to clear the air. Perhaps that is why journalists, podcasters, and even lawyers have reached out to me for my

insights and perspective over the last few years. Do Your Own Due Diligence I always get as much information as I can about something before I use it. Whether that’s adopting a new process

that I build into technology or installing an app on my computer. Research is key so you know what you’re getting into. Yes, that means read the fine print. Especially before downloading

free apps. You don’t get something for nothing. I won’t recommend a product if it is known for collecting your personal information, like WhatsApp, or any of the other apps that make money

on marketing data. The World Economic Forum blog post on crime in the metaverse noted, “End-users should be made aware that participating in any new technology makes them a potential target.

People need to familiarize themselves with the threat of social engineering and common scams, as well as best practices on how to safeguard themselves, their digital assets, wallets and

identities.” Don’t Bend The Rules We make deliberate choices with our company, so our global clients can be confident they are using a phone that is compliant with regulations in every

country where encrypted mobile devices can be used, especially since they are business travellers. We would never add a feature that could get our customers into trouble with the law.

Recently, a new privacy phone app was introduced in the US, designed by a couple of university researchers. It got a lot of attention for its patent-pending method of changing your phone’s

SIM to prevent being tracked by IMSI-catchers, like Stingrays. You would also need to change your IMEI, which the researchers explain here:

https://www.usenix.org/system/files/sec21_slides_schmitt.pdf You can do it yourself if you have a legally unlocked device, which allows your phone to work with a new carrier. Canada, China,

Singapore, and Israel are a few of the only countries in the world that forbid SIM locking and contract/phone bundling outright. Nonetheless, I want to unpack what this product is trying to

do. With a focus on hiding your phones presence, this app (which is marketed as a privacy-first phone carrier) decouples the authentication of your device. It uses a mobile virtual network

operator as a proxy or intermediary to randomly provide a new SIM number. Vice tech Journalist, Joseph Cox tried the app and said, “The tool certainly does not solve the issue of privacy on

phones as a whole — that problem is complex, with multiple parts such as the operating system, the hardware, and more — but it could help protect against the sort of persistent surveillance

that everyone is subjected to by simply being connected to a phone network.” It doesn’t provide you with true privacy. It is not offering encryption. It doesn’t prevent you from being hacked

or introducing malware to your device, which in turn can infect your network. Furthermore, when you download an app on Google Play or the Apple Store, they take your account information to

install apps on your device. So much for your privacy. Hiding your presence on a cell network is not enough. I went into the subject of surveillance pretty deep with my June Medium blog if

you want to read more. Therefore, I’ll just reiterate my key takeaway. Don’t trust an encrypted phone provider who promises to change your ID numbers for your phone or SIM as a privacy

feature. There is a trend towards equipping phones with an eSIM (the e stands for embedded) although, these are generally offered in phones with dual SIMs. Furthermore, there are many ways

to properly protect your communications from surveillance. Be Prepared For An Attack A Forbes Tech Council blog notes, “Cybersecurity has evolved from an enterprise afterthought or costly

burden to a critical interest of the board … Encryption, deployed correctly, can prevent a contagion from probing and spreading. The goal must be to minimize the impact by encrypting all

data-at-rest with strong user controls and creating end-to-end encryption (E2E) channels for application data-in-motion.” Knowing that perpetrators will seek to get inside any network

through whatever means they can find is why you need to not only lockdown your device but ensure any asset saved on it cannot be exploited. Hackers will take advantage of zero-day loopholes,

exploit server backdoors, attack any potential vector from USBs to Wi-Fi, GPS and Bluetooth as well as look for vulnerabilities in apps, conduct Man-in the-Middle attacks and attempt to

target you through phishing … you need a solid encrypted phone solution. Confidentiality Considerations I don’t recommend trusting anti-virus software or a VPN for your phone privacy.

Anti-virus software has proven unreliable and provides a false sense of security. Some VPNs track sites you visit, storing IP addresses, payment information and a roster of email addresses

you contact. You can add security to your communications with DNS-over-HTTPS, used by default with Google Chrome and Mozilla’s Firefox among others. However, the encryption only works in

transit. To protect your privacy, your data also needs to be encrypted at rest on your device. This includes your photos, notes, email, text, and voice messages. If you are using a

communications application, ensure your service provider doesn’t store your data on their servers. Know that surfing the internet with your phone exposes you to all kinds of threats, which

is why my device is not only de-Googled, but it also blocks internet browsing altogether. Likewise, you can’t use third-party apps with it. Think About Technology As the world moves to 5G,

phone service providers will be focused on ways to save money, maximize profits, and outsource servers. Be wary of products that use mobile virtual network operators or edge computing to

deliver your encrypted calling, email, and messages. As this article reports, “Converging technologies and services bring a serious concern for information security. MVNOs can be especially

susceptible as the security of their systems is directly dependent on the security of the telecom’s system underpinning their own.” Edge computing is focused on delivering data faster by

processing it with connected networks closer to the requested task, at the risk of security. The Identity Management Institute notes, “Loopholes in edge security can provide hackers easy

access to the core of a network. This is of particular concern if edge devices are rushed to market before thorough testing is performed or companies race to adopt the technology without a

full understanding of the security risks involved.” As noted in the Myntex blog post about our in-house privately owned and operated data center, if you are hosted in a third-party data

center, you don’t control anything. They merely give you access to your data and communications, which they are in control of. You Get What You Pay For Ultimately, you want as much control

as possible over your private mobile communications with a service designed around security. If the business model is based on selling data, it doesn’t prioritize your needs. As challenging

as it is to find a trusted service provider that adheres to regulations, without sacrificing your anonymity, organizations can’t afford to settle for less. Get a phone with encrypted

messaging, email, notes, calling and camera — and doesn’t store your private data on a server — on a hardened device, layered with protection at rest and in transit.