Be Cautious of Site Notifications


As most of us know, there has been a growing trend towards online shopping over the past decade. Whether we’re actually making purchases online or looking for the best prices, we’re increasingly going to the internet to buy stuff. And as the 2020 Holiday Season takes off, we’re seeing an unprecedented number of people shopping online.

On the plus side, if 2020 has taught us anything, it’s the importance of cybersecurity. While we have seen more security threats this year than ever before, and cybercrime damage costs are expected to reach $6 trillion annually in 2021, we’ve also seen an explosion of security integration. Businesses across the world are addressing security concerns and implementing protections for themselves and their customers.

But that doesn’t mean they always have your best interests at heart.

Location Notifications

If you’ve gone to a retail website recently, whether on a mobile device or from your computer, you’ve seen that a great deal of them are asking you to approve notifications. Some of these are fairly benign and often helpful. For example, location notifications help with GPS, display local store inventories, and provide information relevant to businesses close to you. As helpful as this might be, it’s still important to be judicious when allowing these notifications.

Before we move forward, you should know that almost all apps on mobile devices collect and transmit information about your location. Also, disabling these features can make it much more difficult for you to be located when calling emergency services such as 9-1-1 and will affect the usefulness of GPS and mapping programs. Yes, having your location exposed carries an inherent risk that has been addressed by both the FBI and NSA and numerous cybersecurity firms. That being said, the majority of us are still going to keep these services active on our devices, just for the sake of convenience.

Okay, having established that site location is useful enough to most of us that we’re likely to continue using it, that doesn’t mean you have to allow everyone to track you. When you allow access to your location, information about your IP address and nearby access points are being gathered and sent to a geolocation service provider who provides the actual location estimation to the website requesting it. Web browsers typically encrypt this information and use random client identifiers that expire after two weeks, but this is not true for all website or mobile phone applications.

Push Notifications

There’s been a great deal of chatter in cybersecurity circles about push notifications for the past two years. Most of us will agree that this is a feature that has been long asking to be abused, and 2020 is bringing us to that point. As is the case with most software used for scamming, how things are said matters. While a lot of effort has been made to ensure location tracking protects privacy (as much as possible) those that push information to you are far less trustworthy.

What is a Push Notification?

These are pop-up windows sent by a webpage or app asking you to click “allow” for various reasons. Apps often include this as part of the install process, where permissions accessed could include access to your contacts, camera, location, microphone, etc. On the computer or in web browsers, you may be prompted to “allow” to watch a video, receive notifications, or read an article. You should probably be asking yourself, why does a game on my phone or a funny cat video need this information?

Much of the push notification software is written by companies who pay website owners and app developers to use their software. The push notification software will usually provide clients with some analytics information, yet everything it gathers is transmitted back to the company who wrote the software to sell it online to marketing firms and/or scammers and hackers. Most website owners and app developers don’t really know how much data is being gathered about their customers. Likewise, most users don’t fully grasp what they’re consenting to when they allow these notifications.

A recent study of push notification software has shown that approving notifications allows the company’s advertising partners to display whatever message they want in your browser, whenever they want, and in real-time. These messages often include misleading notifications about security risks, ads for dating sites, online medications, and fake investment opportunities, to name but a few. In addition, some of these notifications can be used for credential phishing, malware installation, and other security threats.

Security Awareness

Even if you disable all the options on your mobile devices, you will still see push notifications on some websites and when installing some apps. There are options to turn off notifications in most web browsers under the Privacy and Security headers, but when it comes to apps, the only thing we can do is pay attention to what information is being asked for and only allow those necessary for the app to function.

Since we already established that removing all tracking abilities from our devices is probably something we’re not going to do, how can you stay safe?

Be security conscious and aware. Only allow notifications from sites that you trust or with whom you often do business. I spend a lot of time at Home Depot and find it very convenient that my searches pull up the location nearest to me, so allowing them to access my location works for me. That being said, anytime I receive a request to Show Notifications, my first instinct is to click “Block” on that notification.

That should be your first instinct as well.


5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments