Wednesday, 14 September 2016

Who's Spying Your PC?

Who's Spying Your PC?

Don’t think for a second that you’re ever truly alone when browsing the web. Mike Plant reveals how everything you do online is watched – and what you can do about it

How would you react if the next time you walked into a restaurant you’d never visited before the head waiter not only greeted you by name, but also reeled off your address? Then, before you’d had a chance to sit down, he asked you about your recent holiday to the Costa del Sol, before telling you that your best friend visited the restaurant recently and would definitely recommend the chicken chasseur.


When you come to order, the waiter recites every meal you’ve eaten in the past five years (reminding you which you liked best). Then, when you finally get to finish your meal, you’re told there’s no need to provide your payment details because the restaurant already has them.

It’s fair to say you might be a little perturbed. And yet, many of us hand this type of personal information to Google without a second thought. If you use Chrome, have a Gmail account or own an Android phone then Google has its eye on you. That’s because its entire business model is based on gathering as much information about us as possible.

Here – in the spirit of public service – I delve into the murky depths of my own Google account to reveal how you can find out exactly what Google knows about you. I’ll also explain how you can restrict how it tracks you – and even stop it altogether.

While Google’s Big Brother tactics are worrying, they aren’t as downright scary as the hackers who are out to take control of your PC, keyboard, webcam, router and more in order to steal your identity. We’ll reveal some of the shocking new tactics they use to gain access to your PC, as well as outline the tweaks you should make and the hardware you should avoid to stop criminals spying on your computer.

WHAT GOOGLE KNOWS ABOUT YOU


1 Every web page you’ve ever visited


It’s impossible to talk about Google’s excessive monitoring of our online habits without starting with My Activity. This is the company’s privacy dashboard. It stores – among other things – every Google search you’ve made, every website visited, every app you’ve downloaded and every location visited (in real life not online). To access your own My Activity page go to https://myactivity.google.com, click Sign In and enter your Google username and password. To see just your browsing history click ‘Filter by date’, tick Chrome in the section below, then click search (the blue button with the magnifying glass).

Prepare yourself for information overload. When I logged into my own page I was greeted by a seemingly endless list of every website I’d visited in the past few years. A disclaimer at the top of the page states that ‘Only you can see this data’, although Google’s Privacy guidelines says that the company uses this data to “direct your online experience”.

The good news is you can remove entries from your browsing history. First, in the left-hand panel, choose to view your history in either ‘Bundle view’ (which combines the pages you look at during a single visit of a website) or ‘Item view’ (lists every page separately). Next, click the three dots in the top-right corner of an entry, then click Delete.

You can prevent Google from collecting this information in future. Click the menu icon, then ‘Activity controls’ and switch the Web & App Activity slider to the left and click Pause. Be aware of the trade-off when you do this. Some people may find having access to their internet history useful – if for example you need to refer back to websites you’ve visited in the past. As a compromise, you can use Chrome’s Incognito mode, which temporarily stops Google recording your browsing habits. To open a window in Incognito mode, right-click the Chrome icon on your taskbar and choose ‘New incognito window’.

2 What you search for online


Google isn’t satisfied with just your browsing history – it also knows what you’ve searched for going back to 2011 (even if you didn’t click the search results). To see my entire history I returned to the ‘Filter by date’ link and ticked Search, Image Search and Video Search. This produced thousands of search entries, but you can restrict your results to within a specific time frame by using the dropdown menus in the ‘Filter by date’ section.

You can use this to remove specific chunks of your search history. For example, to delete all but the past three months of your search activity, set a Before date in mid-June 2016, then tick the boxes beside Search, Image Search and Video Search. Once the filtered search results appear, click the horizontal dots in the search bar and click ‘Delete results’. Delete sections of your search history by sorting it by date, then clicking the ‘Delete results’ option

3 Your credit-card information


The last time I bought an app from the Google Play store was about two years ago. On that occasion, I entered my debit-card details and forgot all about it. Only recently did I notice that Google has held that information ever since. To check whether Google is holding your card details, open Chrome and go to www.snipca.com/21595. You’ll see a list of every payment method (such as credit/debit cards and PayPal) you’ve added to your Google account. To delete a card, click Remove and Remove again. This means you’ll have to enter your card details the next time you buy something from the Google Play store.

4 Your name, phone number and occupation


To create a Google account in the first place I had to provide my name, date of birth and phone number. In return, I got a Gmail account. Clicking through My Activity I realised how much else Google knew about me, including my education, my work history, and my home city. Most of this information was out of date, however, because the information was gathered from Google+ (Google’s Facebook-like social-media service) that I signed up to some years ago and have never used since.

To see what Google knows about you, click My Account on the My Activity dashboard then click ‘Personal info & privacy’. Scroll down to the ‘Your personal info’ section, then click ‘Edit what others see about you’ next to ‘About me’. To edit a section, click its pencil icon and make the changes.

To delete any information, click the pencil icon, then click the ‘x’ icon. You can’t delete information such as your gender, date of birth and occupation, but you can control who can see that information by clicking the globe icon next to the relevant fields and choosing Private (so only you can see it) or ‘Your circles’ (so only your Google+ friends can see it).

5 What you’ve been saying


In theory, say “OK Google” to your Chrome browser and whatever you request next (whether asking for directions or creating a calendar entry) will be recorded and acted upon. In practice, Google rarely recognises anything I say first time. For example, Google refuses to recognise the phrase ‘Next track’. It insists I’m trying to say ‘Maxitrak’ (perhaps it struggles with my strong Mancunian accent), and therefore redirects me to a miniature-train retailer’s website instead of skipping through my music collection. And, what’s more, Google keeps a record of these mis-heard commands in the My Activity dashboard.

To see (and hear) these, click ‘Activity controls’ and scroll down to Voice & Audio Activity, then click Manage Activity. You’ll now see a list of every voice search you’ve ever made (apparently the reason Google records each one is to learn your voice and speech pattern). Click the Play button next to an entry to hear what you said. Google also provides a transcript of what you said (or rather what it thinks you said).

Listening back to some of my own voice searches, I realised the majority were accidental recordings, made when Google presumably thought I’d said “OK Google” (or perhaps I’d inadvertently set off the mic on my Android phone when it was in my pocket).

Whatever the source Google rarely interprets what I tell it, which is why I’ve switched off its voice-recording tool. This doesn’t mean I can’t use OK Google. It just means that what I say won’t end up on Google’s servers. To do likewise, go to the Activity controls screen (via the top-left menu button), scroll down to Voice & Audio Activity, move the slider to the left and click Pause when prompted. To delete everything Google has already recorded, click Manage Activity, ‘Delete activity by’ and select ‘All time’ from the dropdown menu, then click Delete (twice).

6 What apps you use (and when)


If you use Android, Google will know what apps you have on your phone and tablet. To see for yourself, go to My Activity and click Android. You’ll see a detailed record of every app you’ve ever used. In my case, it makes for depressing reading, laying bare as it does my Angry Birds addiction.

To delete this information, click the three vertical dots in the Search bar then click ‘Delete results’. Google will warn you about deleting your history, but I can’t think of an occasion when having access to my app history has come in handy.

Annoyingly, Google won’t let you switch off its app-usage monitoring without also switching off browsing and search history (via Web & App Activity in ‘Activity controls’). However, because browsing and search history can prove useful, it’s worth putting up with the monitoring and deleting your history every few months as described in Tip 2.

7 What you’ve watched on YouTube


In case you didn’t already know, Google owns the online video website YouTube. This means that if you watch film trailers, old sitcoms or cat videos on YouTube it’s likely that Google already knows it. To check your own viewing history, go to My Activity, click ‘Activity controls’ and scroll down to YouTube Search History and YouTube Watch History. To prevent Google from tracking you, move each slider to the left and click Pause when prompted. To erase what Google has already recorded, click Manage History in both sections and click ‘Delete activity by’. Choose ‘All time’ from the dropdown menu and click Delete.

8 The adverts you see online


Using the internet means you’ll be exposed to a huge amount of adverts. Many of these – from those in your Google search results to the adverts in your Gmail inbox – will come directly from the 2 million websites and apps that partner with Google to show adverts. Google makes far too much money from selling advertising space to ever let you opt out from seeing adverts completely. You can, however, tell Google what adverts you’d prefer to see.

To pick and choose these, go to the Ads Personalisation (www.snipca.com/21593) and log into your Google account (if you’re not already signed in). Move the Ads Personalisation slider to On and tick ‘Also use Google Account activity and information…’. Then scroll down to the ‘Your topics’ section, click the blue +New Topic button and type a topic you’re interested in into the search box. The choices here are more nuanced than you might expect. For example, I was able to specify Superhero Films, rather than just Films.

If you’d prefer to keep Google in the dark over your preferences, move the slider to the left and click Turn Off when prompted. You can also prevent Google from using in its adverts feedback you’ve left on products you’ve bought. Go to https://plus.google.com/settings/endorsements, scroll down to the bottom of the page and untick the box where it says ‘Based on my activity, Google may show my name and profile photo in shared endorsements that appear in ads’, then click Save.

9 Where you are right now


Do you remember where you were on this very day last year? Google does. Apparently, this time last year I was (yes, you guessed it) at work, but I like to think our readers lead more varied lives.

Google’s location tracking works on Android phones or any iPhone with the Google app installed. To see if you’re being watched, click ‘Activity controls’ in My Activity, scroll down to the Location History section and click Manage Activity. This will open a Google Map covered with red dots that represent places that Google knows you’ve visited. To see where you were on a specific day use the Timeline box at the top-left. Select a year, month and day.

I use Google on my mobile phone to look up information on journey times (it helps with my commute into work), so I don’t mind this kind of tracking. But if you’d rather Google didn’t know where you’ve been, click the rubbish-bin symbol at the bottom-right of the Google Map, tick the ‘I understand and want to delete all Location History’ box, then click Delete Location History. You can also stop Google monitoring your future globetrotting by clicking the Settings ‘gear’ icon in the bottom-right corner, clicking Pause Location History, then Pause again when the pop-up window appears.

PLAY YOUR GOOGLE CARDS RIGHT


One of the ways Google uses the data it captures about you is with Google Now Cards – the notifications you see if you scroll to the left-most screen on an Android phone or tablet’s homepage (or by tapping the Google app). These cards show you anything from the local weather, to how long today’s commute will take – and yes, Google knows enough about you to know where home is, where work is, when you usually start the journey and whether you drive or take the train.

Limiting what Google tracks about you using our tips reduces the number of cards it shows you, but you can turn this feature off completely if you find the notifications a nuisance. On your device scroll to the leftmost homepage screen, tap the Settings icon (three horizontal lines in the top-left) and tap Settings, then ‘Now cards’. Slide the ‘Show cards’ slider to the left and tap Turn Off when prompted. To remove any information Google has collected about you, tick the ‘Also delete your Google Now preferences’ box before tapping Turn Off.

To see what Google thinks you’re interested in return to the Cards homescreen, tap the Settings icon then Customise and click a category (such as Weather and Places). Delete entries by tapping them then tapping No, or add new interests by clicking the ‘+’ icon.

ORDER A GOOGLE TAKEOUT


You can download everything Google knows about you using its Takeout service. Go to https://takeout.google.com/settings/takeout and make sure that all the tick boxes have a green tick, then click Next. On the next screen choose .zip in the ‘File type’ dropdown menu to save the data as a compressed ZIP file (so it takes up less space). Next, select how you want to receive the data using the ‘Delivery method’ dropdown menu – we’d recommend ‘Send download link via email’ to have it delivered to your Gmail account (but you can also select Google Drive, OneDrive or Dropbox if you prefer).

Next, click ‘Create archive’ and Google will start preparing it for you. Depending on how much data Google has on you, this could take days. However, Google will do the legwork on its own computers, so you can safely turn off yours. Once it’s ready you’ll receive the spreadsheet of information via the delivery method you specified. My archive took about three hours to generate and comprised three 1.9GB ZIP files full of photos, videos, audio files, and lots more.

WHAT ELSE IS BEING SPIED ON?


10 What your webcam sees


While Google knows a lot about us, it hasn’t quite reached the point where it literally watches us (at least not yet). But that doesn’t mean there aren’t prying eyes watching everything you do. Last month a shocking story emerged about a Texas family whose webcam was hacked. Footage of the family’s 8-year-old twin daughters was then streamed live over the internet (see www.snipca.com/21604 for the full story).

This happened because malware was smuggled on to the family’s PC through a video game the girls were playing. This problem is more widespread than people think. Several websites – such as www.insecam.org – expose just how flawed webcam security can be by streaming unsecure feeds.

To make certain your webcam is secure the first thing you should do is change its default password and username. These are often the same across all webcams of the same type, making it easy for hackers to gain access to your camera’s feed once they’ve broken into your home network using malware.

Log into your camera via your PC using its IP address (you’ll find this in the manual or printed on the camera) or dedicated app. Go to the Settings menu and change the username and password. It’s also a good idea to run a malware scanner, such as the free Malwarebytes Anti-Malware (www.snipca.com/21605) to eradicate any lingering malware traces.

11 Your broadband router


As the first line of defence between the web and your PC, it’s important to make sure your router hasn’t been hacked. A successful attack lets hackers change your router’s settings and alter the information sent to it. This in turn means they can infect your computer with more malware and even change the adverts you see when you browse.

To check if your router has been hijacked use F-Secure’s free Router Checker. Go to www.snipca.com/21609 and click the ‘Check your router’ button. If a threat is found, follow the onscreen instructions to remove it.

12 Every key you press


Keylogging allows criminals to record everything you type on your keyboard, and thereby gather personal information including your name, address, debit- and credit-card numbers and phone number. Keylogging software is often disguised as a Windows process, meaning you’ll need a rootkit scanner to remove it.

Kaspersky’s TDSSKiller is a good choice because, unlike some other programs, it’s compatible with all versions of Windows (32bit or 64bit; from XP to Windows 10). To download it go to www.snipca.com/21608 and press the green EXE button to the right of TDSSKiller. Double-click the downloaded file and the program will automatically open once the installation is complete. Click ‘Change parameters’ and tick every box to run the most thorough scan possible (this might require a system reboot), then click ‘Start scan’.

When the scan has finished you’ll hopefully see a ‘No threats found’ message. If the scan finds any threats, it lists them and assigns an action (Cure, Delete or Skip). It’s never ideal to completely delete files from your PC (just in case they’re important to how it works), so you should change any Delete actions to Cure by using the dropdown menu; if Cure isn’t listed, opt for Skip. Likewise, if TDSSKiller suggests Skip by default, change to Cure when possible. Click Continue to cure the files and reboot your PC if prompted.

Once your PC reboots re-open TDSSKiller and run the scan again. This time you should only see entries with Delete or Skip. These will be a mixture of potentially harmful files that TDSSKiller’s scan has flagged as suspicious and files that are safe but contain certain suspicious characteristics that have fooled the scanner. Take a look at these to make sure none of them are files you know are completely safe, such as your Word documents or photos (if so, make a note of them). Click the ‘Copy all to quarantine’ button to place all these files into a specially protected folder. This will stop any of the files further harming your PC. If you are certain some of those files are safe it’s possible to retrieve them from quarantine. Go to C:\TDSSKiller\Quarantine and find the folder with the current date. Inside you’ll find all the files you have quarantined. You can now copy and paste those you know are safe back into their usual folders.

If immediately after quarantining these files a program stops working, it might be because a file associated with it has been quarantined. Check by going to your C drive and looking for a log file detailing the files flagged by your scan - it will be called something like TDSSKiller.3.1.0.9_01.09.2016_10.47.21_log.txt. This will list any files flagged as suspicious and tell you the files’ locations before they were quarantined. If any were associated with the now faulty program, move it back to where it was.

13 What’s said in your own home


We’ve already seen how easily Google can use your phone’s microphone to record and store what you say to OK Google, but hackers can go the extra mile by taking control of your PC’s mic to spy on what you say at home. Thankfully, your antivirus software should detect and remove any malware trying to do that. But to be on the safe side, you could disable your PC’s microphone when you’re not using it.

Right-click the speaker icon in your taskbar, click ‘Recording devices’, then right-click your active microphone (it will have a green tick) and click Disable. To reverse the effect when you next want to use the microphone, right-click anywhere within the Recording tab and click ‘Show disabled devices’. Then right-click the disabled device (indicated by a grey down arrow), and click Enable.