Eero mesh router review - Tom's Guide

Eero mesh router review - Tom's Guide

Eero mesh router review - Tom's Guide

Posted: 21 Feb 2020 09:39 AM PST

Going against the grain, the latest Eero mesh kit is built around small, inexpensive devices, but it lacks the speaker and microphone you'll find on the Orbi Voice and Nest Wifi routers.

As this router is the follow-up to one of the best mesh Wi-Fi systems on the market, we've been eagerly waiting to see what the new Amazon-owned Eero would deliver, and the results are mixed. It doesn't measure up on range and performance, and its Secure+ protection plan costs an extra $100 a year. Still, at $249 for a three-pack, it's the best bargain in mesh networking today.

Eero Mesh design

Since being purchased by Amazon last year, Eero has been very busy. It has not only engineered a smaller mesh networking kit that should be more than enough to fill most homes, but the company has also dropped its prices; at $249 for a three-pack, it costs $150 less than the similar trio of devices for the 2017 Eero.

(Image credit: Eero)

Small, white and with rounded corners, the Eero device is one of the smallest networking designs around. At 3.9 inches square and 2.4 inches tall, it's smaller than Google's Nest Wifi devices and positively miniscule compared to Netgear's Orbi devices. In other words, it's easy to hide (like on a bookshelf) but is unobtrusive enough to be left out in the open on a coffee table.

Eero Mesh product specs

Wi-Fi specs: 802.11ac/dual-band mesh kit
Number of antennas/removable: 4/no
Ports: Two 1Gbps Ethernet
Processor: Quad-core 700 MHz
Memory/storage: 512MB/4GB
Wi-Fi chip: Qualcomm IQP4019
Size: 3.9 x 3.9 x 2.4 inches
Peak throughput: 342.1 Mbps (at 5 feet)
Range: 65 feet
Price: $250 for three units

What you need to know about encryption on your phone - CNET

Posted: 10 Mar 2016 12:00 AM PST

androidlollipop5-0-encryption.jpg
Jason Cipriani/CNET

The heated and very public confrontation between the FBI and Apple has spurred a lot of talk about encryption, the technology that shields data on phones and other gadgets.

The feds are pushing Apple to find a way to prevent an iPhone 5C from erasing itself after 10 successive incorrect guesses at the passcode. The user of that phone, San Bernardino shooter Syed Farook, used a PIN code to secure his device, and without bypassing that code, the data stored on it is unreadable, thanks to encryption.

If Apple were to disable the auto-erase feature, the FBI could then connect the iPhone to a computer and quickly and repeatedly attempt to guess the passcode -- a technique commonly referred to as a brute force attack -- until the device is unlocked.

Should the FBI prevail and the courts force Apple to comply, the decision could have widespread implications for our daily lives. Apple and fellow technology companies would be forced to create permanent solutions for law enforcement to get around encryption, using what's commonly referred to as a back door.

Alternatively, companies could very well decide the financial burden of maintaining encryption and abiding by law enforcement requests is too much, and give up on adding security features to the devices we've come to rely upon.

With our personal devices carrying more and more of our lives than ever before, it's a good time to look at what is and isn't encrypted and what you can do to ensure your information is safe.

What is encryption?

A fancy word for a basic concept, encryption is the science behind protecting any information stored on an electronic device, be it a phone, a laptop or a server. On a phone that means your photos, text conversations, emails and documents.

Encryption stores information in a scrambled format, typically unreadable by computers or people without a key (which only the device's owner should know) to unlock the data. PIN codes (of numbers, letters or a combination of both) and fingerprints are just two of many examples of keys used to unlock an encrypted device.

Indeed, the practice of encryption is far more technical than requiring a PIN code or fingerprint to unlock a device. Some phone manufacturers, such as Apple, require multiple pieces of information -- one known to the device owner, another embedded in the processor inside the device unknown to anyone -- to unlock data stored within the device.

It's important to note, regardless of the device you're using, data created by third-party applications store information on their own servers, which may or may not be encrypted. Even then, the rules for decrypting data stored on a server are often different than data stored on a phone (see iCloud section below for more information).

In other words, most of what we do on a phone is backed up to a server at some point. That means a copy of your Facebook posts or photo albums, Snapchat conversations, or Twitter direct messages are stored on your device but also on the respective servers for each service.

Essentially, any information stored within an app on your phone that forgoes any sort of connection to a server is encrypted and inaccessible by law enforcement on a locked phone. For example, if an iOS user wanted to keep Notes or Contacts off of Apple severs, he or she would need to disable iCloud sync for the respective app in Settings.

If you've opted not to sync your contacts or calendars through Google or a similar service, relying instead on a local copy of information on your device, that data is encrypted and presumably inaccessible by law enforcement.

How does iOS handle encryption?

Apple began encrypting iOS devices in 2014 with the release of iOS 8. Prior to iOS 8, iOS users were able to set a PIN or passcode to prevent unauthorized access, but some of the data stored on the device was still accessible by Apple when law enforcement presented the company with a valid warrant. A total of 84 percent of iOS devices are running iOS 8 or later.

With iOS 8 and beyond, Apple no longer has the tools required to bypass a device's lock screen and gain access to any data stored on your iOS device. That means items such as call logs, photos, documents, messages, apps and notes are inaccessible to anyone without a device's PIN.

This is an important detail, as it has led to the current situation playing out in public view between the FBI and Apple.

How does iCloud factor in?

Another topic that's come up in the battle between the FBI and Apple is what data stored in an iCloud backup of an iOS can and cannot be accessed by Apple.

Apple's Legal Process Guidelines state iCloud backups are encrypted and stored on the company's servers. However, unlike an encrypted device, Apple can access information stored within a backup. Specifically, it's possible for Apple to provide authorities with "photos and videos in the users' camera roll, device settings, app data, iMessage, SMS, and MMS messages and voicemail," as detailed in Section J.

What about encryption on Android?

As with all things Android, there's a long list of caveats regarding encryption on an Android device.

Android manufacturers use different processors and components, each requiring custom software and backup services outside of what Google originally designed Android for. It's the key selling point of Android over iOS, as Android fans are quick to espouse. And they're not wrong. However, each change can introduce unintended security issues outside of Google's control.

Google first provided the option for users to opt into encrypting their devices in 2011. At the time, the option was strictly up to the user, leaving the manufacturer out of the equation.

Toward the end of 2014, though, the company released Android 5.0 Lollipop with the default setting of encryption turned on. But phone makers didn't have to enable encryption to be default when they made phones; it wasn't a requirement of Google, and in the end, most OEMs left the setting turned off, citing performance issues as the reason.

Then, with the release of Android 6.0 Marshmallow in 2015, Google started requiring manufacturers to enable encryption on all devices out of the box. There is, of course, an exception to the rule: Google allows phone makers to disable the feature on what amounts to entry level, and thus often slower devices. For those who want a more technical explanation, read section "9.9 Full-Disk Encryption" of this document.

Once an Android device is encrypted, all data stored on the device is locked behind the PIN code, fingerprint, pattern, or password known only to its owner.

Without that key, neither Google nor law enforcement can unlock a device. Android security chief Adrian Ludwig recently took to Google+ to refute a claim of a back door into Android: "Google has no ability to facilitate unlocking any device that has been protected with a PIN, password, or fingerprint. This is the case whether or not the device is encrypted, and for all versions of Android."

Nevertheless, each phone manufacturer is able to alter Android, customizing its look, adding or removing features, and in the process potentially introducing bugs or vulnerabilities authorities can use to bypass Android's security features.

So how do you know if you've got encryption working?

Android users can check the encryption status of a device by opening the Settings app and selecting Security from options. There should be a section titled Encryption that will contain the encryption status of your device. If it's encrypted, it will read as such. If not, it should read similar to "encrypt device." Tap on the option if you want to encrypt your device, but make sure to set aside some time -- encrypting a device can take upwards of an hour.

Google's backup service for Android devices is optional for device manufacturers and application developers. As with Apple's iCloud Backup practices, data within a backup stored on Google's servers is accessible by the company when presented with a warrant by law enforcement. However, because the backup service is opt-in by developers, it may not contain data from every app installed on your device.

What can you do to better protect your data?

Android users should enable encryption and set a PIN code or alphanumeric passcode. iOS users, setup Touch ID and use an alphanumeric passcode containing at least six digits. The longer password is a hassle, yes, but with Touch ID enabled, you shouldn't have to enter it too often.

If the FBI succeeds in forcing Apple to bypass a device's lock screen timeout, it would take five and a half years for a computer to crack a six-digit alphanumeric passcode, according to Apple's iOS Security Guide (see page 12).

As for protecting data stored in backups on Apple's or Google's servers, you can start by disabling iCloud backups by opening the settings app, selecting iCloud, followed by Backup and sliding the switch to the Off position. Apple also allows you to delete iCloud backups from your account through the iCloud settings on your iOS device by opening Settings > iCloud > Storage > Manage Storage.

On Android, the process for disabling backups will depend on the device you're using, but generally the setting is found in Settings app under Backup & Reset. You can remove backed-up data from Google's servers under the Android section in your Google Dashboard.

Apple takes on the FBI

How to stay private when using Android - Security Boulevard

Posted: 12 Dec 2019 12:00 AM PST

The smartphone is one of the most invasive devices ever invented. It's easy to forget that, of course, because we are so familiar with them, and they are so useful. But while you might value your smartphone for the convenience it gives you, tech companies value it for an entirely different reason: it is collecting data on everything you do.

If you believe, like us, that privacy is a human right, Android is something of a nightmare. Most people who use Google services are aware the company is tracking their location, checking which websites they go to, recording their voice, and reading their emails. What a lot of people forget is that Android was developed by Google, and is one of the most important tools for this data collection.

It is possible, though, to use Android in a way that drastically limits the amount of data you are sharing with Google (and other companies who want your data). In this guide, we'll show you how to do that.

In each step below, we'll show you how to use the settings menu on your device to increase your security and privacy. Most of the menus we mention will be the same for most current Android devices, but since devices vary you might find these options in a slightly different location or named differently. With a little poking around in your device's menu, you should be able to find the relevant option. 

The basic principle: Turn everything off

Before we begin with the specific steps necessary to make your Android device more private, let's highlight a basic principle of using your phone: turn off all the connectivity you do not need.

This goes for whatever smartphone, and whichever operating system, you have. Don't let your phone connect to unknown WiFi networks because they may be a source of malware. Don't leave your Bluetooth on because there are plenty of Bluetooth security vulnerabilities. Don't connect your phone to your computer (if you can avoid it), because smartphones can also act as a reservoir of malware, and your phone can be infected without you realizing it. 

In short: if you are not using a service right now, turn it off.

With that out of the way, let's make your phone more secure. Here is a short(ish) list of how to do that.

1. Avoid Google Data Protection

First and foremost, you should be aware of Google's fake commitment to privacy and limit the data the company collects from your phone. Android phones let you do this, but it is hidden. Go to your settings, and look for "activity controls." Here, you can limit the data that Google is collecting via your phone. 

Going further, you can even use your Google device without signing into your Google account. Unfortunately, this really limits what you can do with your phone. 

2. Use a PIN

Another basic privacy step is to lock your phone with a personal identification number (PIN). Locking your phone prevents random strangers from being able to get into it and keeps your data private in the event that your phone is stolen or one of your friends "borrows" it.

When you set up a PIN on your device, some versions of Android will ask you if you want to encrypt the device as well. This is also a good idea, and we'll come to that process shortly.

In 2019, it might seem a bit old-fashioned to use a PIN (or, even better, an alphanumeric password), but in terms of data privacy, a PIN is still king. That's because if you are using the other locking methods that Android provides — your fingerprint or face recognition — you are consenting for this biometric information to be stored on your phone, and occasionally transmitted to Google

3. Encrypt your device

Encrypting your entire phone is pretty simple, but not many people do this. Encryption, though, is by far the best way to keep your data private, whether your phone is hacked or stolen.

Encrypting your phone can be done from the "security" menu in Android. You need to enter a PIN to do this, and the phone needs to be plugged in. Just don't forget the PIN, because if you do all of the data on your phone may be lost forever.

4. Keep your software up-to-date

Everyone knows that keeping your software up-to-date is incredibly important, but even the most security-conscious people sometimes skip that annoying notification. If you don't keep your phone updated, you are opening yourself up to vulnerabilities that can be exploited by hackers to steal your data.

In Android, you can update your software at any time by going to Settings > About Phone > System Update.

5. Be wary of unknown sources

By default, Android locks down the sources of software you can use by only allowing you to download apps from "approved sources" that have been vetted by Android developers. This is actually something that Android has inherited from Linux, which the OS is based on. However, sometimes your phone asks you to enable "unknown sources" for software, and if you're in a rush you can accidentally turn this on. You should never trust software from these sources: some of it is malware, and some of it is merely riddled with security flaws.

To disable unknown software sources, go to Settings > Security > Unknown Sources, and uncheck the box. It's probably not enabled anyway, but it doesn't hurt to check.

6. Check app permissions

Yep. You know already that you should carefully check all of the permissions that an app asks for when you install it, but in a hurry you may not. There is no hard-and-fast rule when it comes to checking these permissions, but there is a good guiding principle: are the permissions an app is asking for appropriate for what it does? Does this silly game you've downloaded really need to access your camera, contacts, and microphone? Probably not.

The situation, when it comes to app permissions, has improved in recent years. In response to user concerns over privacy, Android apps now ask for (almost) all of the permissions they need. They will also ask for these selectively, so you can use an app without granting it all the permissions it asks for. An app will ask for Bluetooth permission, for instance, only when you try to use this functionality. 

On the other hand, there are some permissions that are so "basic" that they are not even counted as permissions by Android. The most striking example of this is access to your Internet connection. All apps are granted this permission by default, they will not ask you to confirm this, and you cannot disable it. This means that even your flashlight app can send and receive data.

You should check the permissions that an app asks for when you install it, but you should also audit your apps frequently to make sure that you have not granted them more permissions than they need. Building this kind of audit into your monthly schedule is a great way of staying on top of your cybersecurity, since you can easily spot extra permissions that you may have granted in a rush. To check these permissions, go to Settings > Apps > ⚙ icon > App permissions.

In general, if you think an app is asking for greater permissions than necessary, look for an alternative that takes your privacy more seriously.

7. Review your cloud sync

Plenty of apps request permission to sync data with the cloud, and sometimes you might want them to do this. There are many advantages of cloud storage for messaging apps and those that store important data. But, just like checking the permissions they ask for, you should also limit the number of apps you have syncing to the cloud. 

You can turn off cloud syncing for individual apps by going to Settings > Accounts, and then tapping on the app name. 

8. Hide notifications

An often overlooked way of making Android devices more private is simply to turn off notifications on the lock screen. That way, someone who picks up your phone won't be able to see your contacts, message previews, reminders, and alerts.

Turning off these notifications is easy. Just go to Settings > Sound & Notifications.

9. Review default apps

Now we're getting to some more technical measures. Android opens certain types of files with certain apps, and these are controlled by a list held in Settings > Apps > ⚙ icon > Default. Here, you can see which apps Android uses for each type of file. 

The key here is to make sure that Android is using the most secure apps available to open particular files. If you've installed ProtonMail, for example, make this your default app for email. The same goes for any other secure app you download because by default Android opens everything with the least privacy-focused apps available (i.e. the apps made by Google, which wants to spy on you).

10. Don't share your location with apps

Many apps request that you share your location with them. For some apps, this is incredibly useful. In fact, some apps lose all functionality unless you give them your location data. 

On the other hand, plenty of apps that don't need to know where you are ask for this information. This, in fact, has been one of the major security concerns of the 5G network, and why Huawei is banned from taking part in it. There was a fear that the Chinese tech giant was collecting location data by default for everyone who used their hardware, and that this could be used to identify individuals even when they had taken precautions against this.

To turn off location permissions for your apps, go to Settings > Apps > ⚙ icon > App permissions > Location.

A more general way of limiting access to your location data is to disable Google's attempts to track your every move. You can do that by going to Settings > Location > Google Location History.

11. Use a non-Google version of Android

If you take your privacy seriously, you could also consider using a version of Android that is not built by Google and won't send them data.

Though most device manufacturers make their own "flavor" of Android, most of these variant systems are built around the core functionality that Google provides. As a result, almost all "mainstream" versions of Android will share your data with Google. 

There are some versions of Android, however, that do not do this. Installing them is a pretty major and complicated step, though, so you should carefully consider whether you want to wipe the existing OS from your phone. At the moment, the most developed (and stable) alternative Android OS is LineageOS. This is based on CyanogenMod, which limits access to your phone by third parties. Installing an alternative OS requires technical knowledge, though there are plenty of install guides to help you.

12. Don't use Google for search

You might be wondering why this option is not higher up on this list. It should be easy to change your default search engine within Android, right? Well, yes and no. No surprise, Android doesn't let you use any other search service from within its default browser. 

In order to use a more secure search engine, you need to download an alternative browser. These let you change the default search engine and avoid Google collecting data on your queries. 

13. Use a VPN

A virtual private network (VPN) encrypts all of the data passing between your phone (or computer, or tablet) and the wider Internet. 

There are plenty of VPN providers out there, but you should be careful about which one you choose. In general, VPN providers often are not transparent about who operates them or how they may or may not use your data. In addition, be wary of VPN providers that are based in the EU or (even worse) the US, because they may be required to share data with foreign intelligence agencies. With our own VPN service, we have gone to great lengths to demonstrate why we offer a VPN worthy of your trust

14. Use a secure email provider

Finally, you should use an email provider that doesn't read your emails. It may sound pretty obvious. But you should remember that everything you do on Gmail is being read by Google. If you are uncomfortable with that, there are plenty of secure (and private) email providers out there. 

One of them is ProtonMail. We use PGP encryption to keep your emails private when they are in transit, and zero-access encryption to secure your data at rest. As a result, no one but you can access your messages, not even us. It's also quite easy to transfer your data from Gmail using the ProtonMail Import-Export application (now in beta).

Learn more: why ProtonMail is trustworthy

Using Android privately

In closing, it's also worth pointing out that, although Android is a risk to your privacy if you don't lock it down correctly, smartphones per se are not evil.

In fact, if used correctly they can be extremely useful in securing other parts of your online life. The clearest example of this is two-factor authentication, in which a time-based code from a smartphone app is required in addition to your password to log in to your account. (Where possible, you should set up this kind of system for all of your online accounts.)

The trick to using a smartphone securely, as with any other device, is to take the time to find out how it actually works. That way, you can disable the data-collection and data-sharing "functions" that you don't need. 

And just by reading this article, you've taken the first step on that road. 

Best Regards,
The ProtonMail Team

You can get a free secure email account from ProtonMail here.

We also provide a free VPN service to protect your privacy.

ProtonMail and ProtonVPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan or donate. Thank you for your support.

The post How to stay private when using Android appeared first on ProtonMail Blog.

*** This is a Security Bloggers Network syndicated blog from ProtonMail Blog authored by Ludovic Rembert. Read the original post at: https://protonmail.com/blog/android-privacy/
-

Comments

Post a Comment

Popular Posts

6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog

Image
6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog 5 best TrueCrypt alternatives | Encrypt your computer with these apps - proprivacy.com The Best Way to Encrypt Email in Outlook - Security Boulevard 6 Anti-forensic techniques that every cyber investigator dreads | EC-Council Official Blog - EC-Council Blog Posted: 23 Nov 2019 12:00 AM PST Anti-forensic techniques can make a computer investigator's life difficult. From committing fraud in an organization to stealing crucial data, cybercriminals can perform a wide range of nefarious activities. In some cases, these perpetrators try to cover their tracks by deleting browser history, cache memory, and even cookies. But with an upward trend , it is now much convenient for cyber attackers to use already progr...
Read more

How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf

Image
How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Mobile Encryption Market – Key Players, Size, Trends, Growth Opportunities, Analysis and Forecast To 2027 – The Courier - The Courier Fleeing WhatsApp for Better Privacy? Don't Turn to Telegram - WIRED How to Encrypt Your iPhone or iPad Backup - MUO - MakeUseOf Posted: 23 Feb 2021 12:00 PM PST [unable to retrieve full-text content] How to Encrypt Your iPhone or iPad Backup    MUO - MakeUseOf Physical and Digital Safety: Arrest and detention - CPJ Press Freedom Online Posted: 24 Feb 2021 06:14 AM PST Share this: Covering certain stories–such as human rights abuses, corruption, or civil unrest–can place you at a higher risk of arrest and detention, particularly...
Read more

A Look At Blockchain Smartphones Available Now - I4U News

Image
A Look At Blockchain Smartphones Available Now - I4U News A Look At Blockchain Smartphones Available Now - I4U News Posted: 09 Oct 2019 06:19 AM PDT There is probably no one in the world who has not heard of cryptocurrencies. In the past few years, the general public's awareness of the likes of Bitcoin and Ethereum has skyrocketed. This has happened to such a degree that there are literally millions of us using Bitcoin wallets offered by Luno and other well established names in the industry. On the other hand, blockchain is not necessarily that well known and its capabilities maybe a little less. So although we know that blockchain is the basis of cryptocurrencies, many of us know little more than that. Anyways, this technology is extremely adaptable and is being applied to many industries/sectors from health to disaster recovery. So that it will come as no surprise that blockchain is shifting its attention to mobile. This has resul...
Read more