Ever since I read the Motherboard article:
I became aware of just how little data is requried to identify the average individual from an anonymous browsing history, it’s just seven clicks.
If you leave your browser open on many mainstream media sites your details will inadvertently be passed to dozens of IP addresses, and behind each address is likely an organisation that uses that data to build up a profile of yourself and your family as you read articles, watch videos and generally browse your intests, and is frequently sold as a commodity.
Crucially for me, this process happens to my children as well, whether or not they are of an age to agree to such profiling. With profiling you inevitably get targetting, and I certainly don’t want companies targeting my children with promotions, products and content when they’re early in their development.
What’s going to happen with all these profiles of my kids?
We also live in slightly unnerving times and it’s hard to say where things will go with data over the coming years and data. Will my children be judged by mistakes they make when they’re young, as has happened to so many people over the past year.
Digital is increasingly a hostile environment
There’s also the need to continually protect their security in what has become an incredibly hostile environment. I know from my work at Affino that 95% of traffic that hits our customer sites is now bots (rather than humans) and of that 50% is questionable activity, from bots which either give no identifier of who they are or what they’re doing, or try to pass as humans. A significant portion will be criminal or government related.
There have been a lot of incidents this year where legitimate apps have been bought up by less than legitimate companies and as a result people’s personal information is compromised, and their devices are used for crimial purposes, see here for example.
There is also the huge issue of location tracking within apps, and having the location information of your children shared with any number of 3td party companies to target with advertising and ultimately used for other purposes.
GDPR and Privacy is good in principle but is mostly ignored
As an EU citizen (at least for now ...) we have certain protections under GDPR and the upcoming eprivacy legislation, however this is still in its infancy and is mostly swept under the carpet by the use of ’legitimate interest’ justifications. I expect GDPR and similar legislation to play an increasing part in protecting my family’s privacy in the future but am fully aware that at this point it is not doing so.
As a parent these are just some of the things that concern me and have led me to take steps to regularly review and update all my family’s devices on a regular basis. They have also shaped a lot of the decisions in what devices we let them use as well as what apps and sites we approve of.
In practice my kids are kids, and will naturally push boundaries, explore new sites, communities and experiences, download and play new online games and apps and coninuously circumvent any parental controls I put in place (you’ve got to face facts).
The single most important thing I do is simply to let my kids know what is safe and unsafe behaviour, and what are the latest developments which might make them less safe and might impact on them in the future.
The truth is that sooner or later they will be fully engaged online, the world has moved there, so teaching and reinforcing digital safety and smarts has to be right up there, in the same way as teaching them what to do when a stranger comes up to them on the street (it’s why they’re all learning Tae Kwon Do).
Picking secure platforms
For quite a few reasons (too many for this short piece) I have invested in iPhones, iPads and Macs (Apple), Alexa (Amazon) and the Switch (Nintendo) as the main platforms the kids use. These feel inherently the most secure and private of all the platforms out there and also the ones with the fewest security issues. Whilst they’re not perfect either, they try the hardest to maintain the highest privacy and security levels, and all provide regular security updates.
Minimise the app and web footprint
I’m always on the lookout for apps and sites which might compromise my kids, especially if they are using them a lot. As a result a lot of apps get deleted, and we have a chat about why, if they don’t pass a certain comfort level.
I set up all the kids devices to use CloudFront’s 22.214.171.124 service so that their DNS lookups aren’t sold.
I also educate my kids to only use Safari on their devices, and whilst Firefox is also a good option, it expands the app footprint, which for me adds an additional security risk. I don’t stop them using other browsers, just ask them to make sure they use Safari as their default.
Use Privacy plugin
Whilst Apple has done a good job of steadily improving the privacy protection on it’s browser, and will block around half of the platforms that make money from selling your personal details, or targeting you based on your behaviour, they don’t go nearly far enough for me.
As a result on I set up Ghostery or Ghostery Light on all the browsers on macOS and on Safari I set up Firefox Focus as the Content Blocker (in Settings > Safari). These work pretty well and provide as much protection as is currently available.
Anonymise the search
A recent step I’ve taken is to install DuckDuckGo as the default search provider on every browser and operating system (wherever possible). They promise to never track your search history. In practice DuckDuckGo is simply nowhere as good as Google which is excellent (but profligate with our personal data) so we all end up using Google from time to time, but we use it a lot less and leave a smaller footprint.
Lock down location sharing
This one is absolutely crucial and is the reason I will not buy Android devices for anyone, namely that Google has no option for locking location sharing down to only when you’re using a specific app, unlike Apple which enforces it as the default on iOS.
In fact Google let’s companies get away with seeking way too many permissions of end users on Android and needs to lock this down as the No 1 priority as far as I’m concerned. It’s shocking that almost any app can permanently share your location data when installed on Android.
On iOS go to Settings > Location and just lock down the location sharing.
Always be current
This can’t be stressed enough, just look at every set of release notes from Apple (which has a link off to the security aspects of each update). They’re always long lists of exploits which have been fixed. Until you update, your kids’ devices will be vulnerable. Only in exceptional circumstances, such as known issues with a patch, should you not update within the week.
This is a place where Apple tends to be ahead of the pack as it controls the entire hardware and software chain. My last Android test device, which had been promised security updates for two years, barely got them for one, something that is completely shocking to me in this day and age. I’m now back on the Google devices with the Pixel 3 for my Android test device, but I run it on wifi only to minimise my footprint there.
A good habit to be in is to do checks each weekend to see if there are any critical updates, and if there are then update, and let the kids know to update as well (and help them to do it where needed).
Keep the community in mind
For me a big consideration is to have my kids participating in safer communities. It’s why I prefer the Nintendo Switch to the PS4 or Xbox. As a proportion there are simply far more games aimed at younger people on the Switch which means that when they reach out to play against someone, or watch a YouTube video on the game they’re playing they’re more likely to have something that is child friendly.
It’s absolutely not guranteed but is more likely ...
For my youngest, still just five, I ban her from ’friending’ in her games and apps, and disable it wherever possible. For the others I stress the importance of only friending kids they know well through the family or school.
Watch out for the videos
One of the most troubling recent developments I’m seeing is propaganda popping up in the middle of videos that my kids watch. Some of it is highly shocking (to me) and only comes five or ten minutes into what might be a game review or someone talking about a new doll.
It’s been impossible for me to police, or indeed manage this in any way, since anyone can fire up a browser to anonymously browse YouTube or any other video site which means any parental protection takes only a few seconds to bypass.
I’m really not sure how to protect my kids from this, but for now am dealing with the consequences of having some very surprising conversation topics and opinions which come up, and then working through these with my kids, often way earlier than I would have hoped or expected to.
All tips welcome
Hopefully this will be useful to you and help you to protect your family and especially your young ones.
If you have tips of your own then please post in the comments below as this is an area where I’m always open for new suggestions and thoughts.
I’ll update this post from time to time to keep it current and to answer any questions that may arise.