In my last post I talked about securing your network for $35. With simple tools like Pi-Hole, it’s very easy to see what’s trying to leave your network. Just after installing the Pi-Hole I caught communication to a C2 server from my son’s computer. It had been infected with a java-based botnet agent thanks to a Minecraft modpack that included a little extra something something.
Something else that ends up being very easy to see is just how much privacy you are giving away to companies that want to hoover up your data. Have a look at this:
Among the top 5 blocked DNS domains on my home network, three of them have to do with Snapchat. That’d be my 16-year-old daughter’s handiwork. I imagine half of these queries involved duck lips of some manner.
You’ll also see other domains having to do with app analytics. Some seem innocuous like Crashytics but if you do a bit of poking around you’ll see that Crashlytics is owned by <drumroll please>…. Google.
Let’s dive deeper:
- app-analytics.snapchat.com -> Snapchat domain that collects all kinds of app usage information
- sc-analytics.appspot.com -> Snapchat’s analytics engine sending information to a Google service
- graph.instagram.com -> Instagram’s API service
- e.crashlytics.com -> Unsure what the service is (‘e’) but Crashlytics is owned by Google
- usc.adserver.snapads.com -> Snapchat ad service
- reports.crashlytics.com -> Google
- news.iadsdk.apple.com -> ads served into Apple’s News app
- googleapis.l.google.com -> Google
- graph.facebook.com -> Facebook’s API service
- s.youtube.com -> ad service for YouTube.
So, in the top 10 we have only 4 companies represented:
My goal here isn’t to say you shouldn’t use apps and services from these companies. My goal here is to open your eyes just a crack that with few exceptions, you really are the product. Free services are great and all, but understand that you’re heavily trading information about you and your habits in order to use things like Snapchat, Facebook, Google, etc. These companies construct portfolios dossiers about their customers targets in order to sell it to advertisers. Google is an advertising company first and foremost. Consider whether this is a fair trade.
Where does this end?