Do you need to monitor your clothes dryer online? What stories does your smart speaker tell about you?

Online privacy is a hot topic, and David Choffnes, a professor at the Khoury College of Computer Sciences, has some no-nonsense advice for those seeking to control the amount of personal data available about them:

“If someone or something is asking for information about you, think twice.”

Websites, apps, and even physical devices are gathering data about us all the time. How much of that data is necessary? One of the things Choffnes studies is “privacy dark patterns” – the tricks companies use to make it easy to reveal more data than you should. “For example, to access a website where there’s no need for you to be uniquely identified, there’s a requirement to give up your contact information or even a credit card.”

Taking care of your own privacy means stopping to ask “Is this really necessary?” Legitimate sites may offer a way for you to opt-out of that data collection. Sites and systems you use often, such as social media sites, may have privacy settings you can control.

A lot of dark patterns take advantage of our impulsive natures. “Do I really need that app?” is a valuable question, Choffnes says.

One of his recent areas of research involves smart speakers such as Alexa or Echo. His team tested them by playing hundreds of hours of TV shows at them and noting when they recorded data and transmitted it to the companies that make them. They found that when the speakers do “wake up” when the wake word isn’t spoken, it’s usually for a short period of time – but in rare cases, longer recordings do get made and transmitted without input from a human.

Another study involved apps that record the screen when you use them, sharing this potentially sensitive information without your permission. These have now been banned by the Google and Apple app stores.

As the Internet of Things (IoT) devices become more common, ask yourself which devices need to connect to the internet and why. Choffnes has an internet-enabled clothes dryer but has chosen not to connect it. “When I do connect it, it will be to study it.”

Steps to Protect Your Privacy

Northeastern’s security staff has many measures in place to keep users safe, but you still need to take active measures to protect your own privacy.

  1. Check your privacy settings for sites and apps you use regularly, especially shopping and social media. Use those settings to restrict sites and apps from sharing data about you.
  2. For new sites, apps, or devices, think before you enter your data. If an app asks for too much information, don’t use it.
  3. Whenever possible, enable multi-factor authentication on your accounts. (Northeastern uses Duo for this; see northeastern.edu for more information.)
  4. Keep your applications, operating systems, and antivirus programs up to date.
  5. Be alert for sketchy emails (“phishing”), websites, and apps. If something doesn’t seem right, or if it seems like someone is asking for too much information, don’t click! Delete the app or email, or navigate away from the website. You can also report phishing emails sent to your Northeastern account.
  6. Consider using a password manager or digital vault to store passwords and other private information. This will let you use long, hard-to-guess, unique passwords.
  7. Before you dispose of a computer, tablet, or phone, be sure to permanently delete any personal information on it.
  8. If you’re working in an office or other group environment, log off from your device or lock your screen whenever you leave your desk.