Consumer Reports is a widely respected publication. It recently published a list of privacy recommendations that I think does not represent good cybersecurity best practices for the mainstream users they service.
I want to put in a disclaimer that this list is not part of an article published as a result of their testing service, which are typically written with care. This list is a set of recommendations from security experts.
But the very fact that this list is published in Consumer Reports does need, in my opinion, to pass the criteria of whether it is worthwhile for their readership.
They are usually good at meeting the needs of their audience, but they have missed the mark in the past, such as piling on to the Toyota sudden acceleration hysteria as reported in Malcolm Gladwell’s Revisionist History podcast.
In addition, the list of 66 ways to protect privacy is way too long. Not that they are all bad, but I wish they prioritized the most important ones. I list the worst offender, as well as a few simple ones that people ought to consider. I list them based on the hint number in the magazine and website.
Here’s the doozy that does not make sense to mainstream people:
#61: Use the Ubuntu OS.
This recommendation from Cory Doctorow does not make sense for normal home users. They are most likely using Windows, Mac, or a smartphone for their computing. I do agree that Ubuntu (based on Debian) is a reliable OS, less likely to get targeted mostly because it is not as prevalent, and benefits from open source transparency. Debian (or GNU/Linux in general) is a good OS for server use, but not for normal, regular home users. Well informed IT professionals do use Linux on their desktop or laptops, but not regular people. Do you really want your grandmother to type in commands to the bash shell? Really?
The difficulty in setting up their applications (they will ask “Where’s my Outlook – it used to be on the desktop”), the change in process for getting updates, configuring networks, etc. is not what most people can bear with.
What’s better to do
Instead, I think the simple recommendations that follow are best for normal users.
#13: Turn on Automatic Updates
This is a much better way to keep your environment secure and up to date so that the base OS is less vulnerable. Mac and Windows have these settings. It’s easy to check the settings and change them. There are third party add-ons like Glary Utilities that scan your Windows system for app updates too.
#20: Two-Factor Authentication
Is a great way to prevent people who are using a computer other than the one you typically use to login to your account, since it requires either a code from an SMS text message, a two-factor app, or perhaps a USB-based security key that you possess in order to login. Read more here: https://www.lockdownyourlogin.com/
For networking, which is my main area, I do like this:
#32: Use a VPN
This is useful for corporate enterprise users who travel with their computers since many enterprises offer VPN access to their employees so that they are using a private tunnel to connect to network resources. Your network traffic is routed to a secured remote server so that it's hard to snoop into the network traffic and steal login info.
If you use public Wi-Fi at coffee shops, hotels, or airports, this is a good thing to use. I do admit that some public Wi-FI systems have tricky network setups that make VPN connections hard to use, especially when you have to provide some additional login or accept legal terms, but in most cases it will work.
If you are using something like Cisco AnyConnect, then you are using a VPN. There are many other brands and one of them may be pre-configured in your corporate-provisioned PC. For home users, I doubt that any are built-in.
Consumers can buy their own VPN and some ISPs offer a VPN free as part of their internet access package. This could be useful if you don't want to mix work and home use.
Here’s an extra bonus that is not in the “must do” list but gnaws at me.
#27 – Outwit your Smart TV's Automatic Content Recognition
Did you know that some TVs have Automatic Content Recognition (ACR) that sends what you are seeing to some third parties? Here’s an article that goes into this in depth. Some people volunteer and/or get paid to share their data. But I don’t really want my TV watching habits (not just cable/broadcast but even streaming or DVD) sent to someone to analyze unless I explicitly set it. So turning it off is a good privacy measure. You bought your TV with your money, I don’t see why someone should be harvesting your data without consent (or at least warning you).
The linked article identifies Samsung, LG, and Vizio but it's worth checking if this applies to your brand of TV.
That’s it for now.