Saturday, December 30, 2023

Virtual Footprint

I asked Pascal, Belladonna's boyfriend, for some guidance regarding "apps" and security issues. Pascal works in IT and is very fond of the virtual world.

This is ONE IT guy's opinions. Please bear in mind that this post was stitched together from two return email he sent to me. He had no expectation that I would publish it so it is not written to the level of a MBA quality thesis. I did, however ask his permission before posting it and he is fine with the idea and gave me his permission.

The content of his return emails highlighted with light blue. My comments have no highlighting.

This one's tricky, it depends on your risk acceptance and how you determine what you 'trust'.

At a baseline, if you're installing apps through an official app store (google play or the iOS app store), you're going to be very safe. That doesn't mean it's impossible to be compromised, but it's very, very improbable.

Nowadays security is fantastic from what I hear - attacks are going to come from social engineering / credential stealing / or very rarely something that comes from the developer accidentally (development tools being infected, etc. - I think that's what happened with SolarWinds)

"In my mind, (downloading large numbers of apps) is the equivalent of having large numbers of sexual partners. Any one of them is probably "clean" but as the numbers increase the confidence level drops."

It's hard to say in a general sense - but I agree with your analogy. Technically, the more apps you install, the more likely you are to be compromised. How much more likely? It's hard to say, that's like a game theory question.

Me personally, I like to keep anything I don't want compromised off of devices / platforms that are more vulnerable. So personal information and files are encrypted and on devices / partitions that don't get apps installed. I use an app called Signal to communicate in a relatively more secure manner. I hate the idea of having my personal stuff compromised, but when I'm installing apps on my phone I feel very safe - and just in case there's some freak chance that there is an issue, I don't have vulnerable information on there.

It's a really big topic so I'm kind of all over the place rambling here - but I think you're right to be conservative with what you install. I personally install anything I want from the official stores because a lot of what I like to do comes from apps and websites. The scary thing for me would be to have my primary email or main PC compromised. Nowadays, all of my passwords are randomly generated, complex, and unique - but if someone were to compromise my main device, then they'd have access to all my accounts at once. The saving grace there is multi-factor authentication", meaning even if someone has a password, they can't get into my important accounts without also having access to my phone. If they get both then I'm in trouble.

None of this addresses the possibility of an unauthorized player downloading data onto a thumb-drive and then misusing it.

It's a numbers game - I think many important companies also face the same type of issues and they're actually being targeted. The tech companies have done a good job securing things - and that combined with the fact that the average *Joe* isn't exactly being targeted makes me feel like it's safe to at least install some apps.

I'm speaking of 'compromising' as a malicious actor stealing info or harming you in some way. If you're worried about your personal data / digital activity being sold without your permission, then that's almost a guarantee and is likely already happening to some extent.

The way I see it, unless you work very, very hard - your information is out there. It's being sold and shared without your consent. There are laws in place that allow you to stop some of that, but unfortunately we are in an 'opt-out' situation, rather than an 'opt-in'. I look at it as two channels: stuff I don't care that is shared and stuff that I do. If I have stuff I don't want shared, I make an effort to use devices and tools that I believe to be less compromised. For example, I use "Signal", a communication platform that emphasizes security and privacy.

The way I see it, it's more convenient to just accept that your stuff is out there and enjoy the benefits of convenience - as long as you keep it to stuff you don't really mind being shared. If you do mind, then you can either silo off stuff you want private into more secure systems, or you can work hard to try and ensure all of your info is secured. In today's world, unless someone has worked hard to 'opt-out' and secure their stuff, it's already being shared and sold.

One thing I'm curious about is how liable companies are to keep that information private from the *public*. They can share and sell it behind the scenes to other companies, but I wonder if there would be any punishment for them leaking it to the general public and exposing people (i.e. exposing individuals interests, browsing history, etc.) - I would expect that even though they share information with other companies, they're held to some responsibility to make sure the information doesn't become public.


  1. Good luck proving in a court of law that Company X leaked the info to the general public if Company X bought the info from Company ABC in the first place.

  2. ERJ - I hardly download any "new" apps at this point and the ones I have are either effectively "corporate" apps or have high ratings on the app store. To Pascal's point, I suspect that the in-store apps are pretty clean as likely Apple/Google would bounce any developer's that was not.

    I also, like Pascal, assume that at some point anything that is electronically stored has the potential to appear somewhere else - one of the reasons I do not care for the idea of Cloud Storage is the fact that everything is "out there" for the taking, because regardless of any state policies, there is nothing to prevent a Cloud provider from looking at the files.

    I am finding as I go that I "put" less and less anywhere that it can be found, which mostly means either local drives or in physical form.

  3. Thanks. Well arranged info. 90%+ don't need to go past the second blue paragraph.

  4. EULA
    Since no one reads them............................

  5. If you have a smart phone or any other device connected to the internet, you are never safe. EVERYTHING you do, buy, say or read is being cataloged, all that information stored.

  6. Lost my "smart phone" to a large wave from the Atlantic, off Jupiter, Florida surfcasting almost three years ago. Use the home computer for important stuff, like ERJ and ouyay ubetay. Retired. Peaceful life without the concerns listed, and tracking. Have managed well without the "conveniences", and will continue to until someone offers the "Ron Paul edition" of communications, obviously with the Opt-In feature.

  7. If you have an iPhone turn on lockdown mode, extreme enhanced security for people at risk. It’s very interesting the things that breaks - like Why would enhanced security prevent me viewing a simple website, but it does.
    I second the comment if you don’t want it public, don’t put it on a cell phone. I have never had social media and an almost non-existent in the searches. I think that everyone is “volunteering” their info by logging into google or Facebook, etc. the only app I have that spies on me is the home depot app.


Readers who are willing to comment make this a better blog. Civil dialog is a valuable thing.