If you missed the in-person session, here are the Presentation Slides
Has this happened to you or someone you know? Your friend mentions that you should take a trip to the south pole, and an hour later, there it is, a “sponsored” post on your feed… And you didn’t Google anything about the South Pole. So what’s happening here? Is your phone listening to you?
The Short answer is No. While it feels like your phone must be eavesdropping, the reality is often more complex (and arguably more impressive) than simple audio recording. Here is the “behind the scenes” look at the digital trail that creates that uncanny “listening” effect.
Browser Fingerprinting
This is a more advanced way to identify you across the web. Some websites (like Facebook) collects a unique “snapshot” of your settings:
- Your screen resolution and battery level.
- Installed fonts and browser version.
- Your exact time zone and hardware specifications.
When combined, these traits create a signature so unique that companies can recognize you even if you clear your cookies or use “Incognito” mode. This allows them to link your “South Pole” research on a laptop to the Instagram app on your phone.
Data Brokers
Data brokers are companies that exist solely to buy, aggregate, and sell your information. They pull data from thousands of sources including websites you go to both when you’re logged in (FB) and sites you browse using Browser Fingerprinting.
When you or your friend talked about the South Pole, you’ve likely already left clues. Maybe you looked at a weather app for Antarctica, or your friend, who is connected to you on social media, searched for “winter parkas.” Data brokers connect these dots and sell the “prediction” to advertisers.
Lookalike Modeling
This is the most common reason for the “listening” illusion. Algorithms know your social graph, the people you spend time with.
- Location Data: If your phone and your friend’s phone are in the same living room for two hours, the algorithm knows you are interacting.
- The Chain Reaction: If your friend goes home and searches for “South Pole flights,” the system assumes you might be interested in the same thing because you were just together. It serves you the ad based on their search.
Myth vs Reality Summary…
| The Myth | The Reality |
| “My phone is recording my voice.” | Constant audio streaming would drain your battery and use massive amounts of data, both of which are easily detectable. |
| “They knew what I was thinking.” | They knew what your friends were searching for and where you were standing. |
| “I never searched for this!” | You didn’t, but you might have bought a related item (like thermal socks) or followed a travel influencer. |
TAke Action:
We can significantly disrupt the “surveillance machine” by cutting off its primary fuel sources: tracking, profiling, and persistent data storage.
Here are three practical steps to protect your digital life in 2026:
1. Kill the “Social Graph” (App Tracking)
The “listening” illusion often happens because apps like Instagram or Facebook link your location to your friends. You can break this chain by disabling cross-app tracking.
- On iPhone: Go to Settings > Privacy & Security > Tracking and toggle off “Allow Apps to Request to Track.” This prevents apps from accessing your device’s unique Advertising ID (IDFA).
- On Android: Go to Settings > Privacy > Ads and select “Delete Advertising ID.” This makes it much harder for data brokers to stitch your activity across different apps into one profile.
2. Switch to a “Shielded” Browser
Standard browsers (like Chrome) are designed to facilitate tracking. Switching to a privacy-first browser can stop Browser Fingerprinting by default.
- Brave or Firefox: These browsers include built-in protections that “randomize” your fingerprint, making your device look like a generic one instead of a unique target.
- Must-Have Extension: Install uBlock Origin or Privacy Badger. These tools block “trackers” from loading at all, which not only protects your data but also makes your web pages load significantly faster.
3. Switch to a “Privacy First” Search Engine
Google makes the vast majority of it’s money selling online advertisements. The Google Search engine is designed to help you find what you are looking for, as well as facilitate selling online ads which also involves finding out what you’re interested in by tracking what you look at online. Switching to a privacy-first search engine can reduce the amount of personal data you give to Google and through them to advertisers. Here are some privacy focused search engine alternatives:
- DuckDuckGo: Is a privacy-focused alternative to Google, and is a US-based search engine that draws on over 400 sources (including Bing and Yahoo) plus its own indexing. DuckDuckGo doesn’t share any personal information with any of the sources they use to provide you with search results.
- Qwant: Is a well-established privacy-focused search engine based in France that touts itself as a European alternative to Google. According to Qwant’s privacy policy, it doesn’t target you with ads or keep your search history. Qwant doesn’t use tracking cookies or build personal profiles. You do see ads, but they’re based on your search terms, not a personal profile.
4. Evict Yourself from Data Broker Databases
Even if you stop tracking today, data brokers already have years of your history. You can force them to delete it.
- The Manual Way: You can visit the “Opt-Out” pages of major brokers like Acxiom and Epsilon. I understand that it can be time-consuming but is free.
- The Automated Way: Use a service like Incogni or DeleteMe, but both of these services charge start at $20 for one month and over $140 per year for their services. These services automatically send legal “Right to Erasure” requests to hundreds of data brokers on your behalf and, critically, keep monitoring to make sure they don’t re-add you later.
Pro Tip: If you want to see exactly how “unique” your browser looks to a tracker right now, visit the EFF’s Cover Your Tracks tool. It will give you a report on how well you’re currently protected against fingerprinting.
Pay The Game!
Is My Phone Listening to me Game
Reflection
After learning about this, do you think you’ll change any of the ways that you use your phone or interact with websites or online?
Have You Been Pwned?
A couple of months ago my partner needed to travel to help one of our children to recover from a surgery. She went onto her Save-On-Foods More Rewards website to see if she had enough points to book the flight. She didn’t have enough points, but noticed that someone had booked a $700 ticket from Winnipeg to Toronto a couple of weeks before. She asked if I’d booked it, but I hadn’t…
She then spent several hours on the phone with customer support, while I went to the “Have I Been Pwned” website to see if her account information had been compromised… And yes, one of the passwords that she regularly re-used on More Rewards website. She was able to get the money back, but a more complicated, non-reused password would have saved her a lot of inconvenience and time on hold with customer support.
Have you been Pwned? Or in other words, has any of your data, including passwords been stolen from hacked servers and sold online?
Take Action:
Find out by going to the Have I Been Pwned website and use your email address to see if any of your personal information has been hacked: http://HaveIBeenPwned.com
Password Managers, PassKeys & 2 Factor Authentication
Password Managers & PassKeys are the unsung heroes of internet security. Here are the major high risk behaviours people engage in with their passwords:
- Systematic Password Reuse: Using the exact same password, or minor variations of it, across multiple platforms. If a single low-security website suffers a data breach, threat actors harvest those credentials and feed them into automated botnets. Attackers use automated attacks to systematically try out leaked username-password pairs into major websites until a match is found.
- Utilizing Predictable and Low-Complexity Passwords: Relying on sequential numbers, keyboard patterns, or common dictionary words (e.g., “123456”, “password”, “qwerty”) is extremely risky.
- Relying on Obvious Personal Information for Complexity: Incorporating easily discoverable information into the password string, such as birthdays, pet names, sports teams, or local geographic markers. Attackers scrape public social media profiles to build custom wordlists tailored to a specific individual, feeding these personalized terms into websites.
- Unsafe Storing and Sharing Practices: Writing passwords on paper (like sticky notes under keyboards) or sharing credentials via unencrypted digital channels like SMS, email exposes passwords to local or online capture.
How can password managers like Bitwarden (cross platform) and the built in Password Manager in iPhones (Apple only), can help you secure your passwords and make it easy to access them?
- The automatically creates and saves random, impossible to guess passwords for each of your accounts.
- To access all your passwords, all you have to do is memorize the master password for your password manager.
- The password manager autofills your user name and password for all websites and across all your devices (both phone and laptop).
- Most password managers also monitor for data breaches and will let you know if a site you use has been hacked and will help you change your password for that website.
Passkeys are a new security feature and make your accounts on websites that support them more secure, and more convenient for you to access the website.
Why should we start using Passkeys?
- Absolute Phishing Resistance: Passkeys cannot be tricked into logging you on a lookalike or fraudulent website site.
- Elimination of Password Theft: Because passkeys use asymmetric cryptography, a data breach on that website cannot expose your login credentials or compromise your other accounts.
- No Memorization or Complexity Requirements: Users do not need to create, update, or remember complex text strings, removing the need you to remember multiple difficult passwords.
- Seamless Biometric Authentication: Logging into accounts is made easier as you can authenticate using your fingerprints, facial recognition, or a simple device PIN.
Two-Factor Authentication
Two-factor authentication (2FA) helps make the account you use them on much mor secure. For example, to log into an account using 2FA, you begin by entering your standard username and password on a website or app. Once the site verifies that your password is correct, instead of letting you straight into your account, it pauses and displays a screen asking for a secondary security code. Simultaneously, you receive a notification or text message on your smartphone containing a temporary, six-digit number, or you open a dedicated authenticator app on your device to grab the currently active code. You then type that unique short-lived code into the website’s prompt, which proves you have physical possession of your phone, and the system grants you access to your account. Unfortunately, not all websites support 2FA.
- It stops hackers who only have your password: If someone steals your password through a data breach or a phishing scam, they still cannot access your account because they lack the second piece of evidence,like a code sent to your phone, needed to logon.
- It protects against weak or reused passwords: Many people use the same password across multiple websites, meaning one compromised account risks them all. 2FA ensures that even if a hacker guesses a weak password, the account remains locked.
- It provides real-time alerts of login attempts: When you receive an unexpected 2FA verification code or notification on your device, it serves as an immediate warning that someone else has discovered your password and is trying to break into your account.
- It verifies physical possession, not just digital knowledge: Passwords can be copied and shared across the world instantly. 2FA usually requires access to a physical object you own, such as your specific smartphone or a security key, which a remote hacker cannot easily steal.
Take Action:
- Mac & iPhone owners: I’d suggest you use the build in Apple Passwords App as this will be the easiest way for you to create, manage an use your strong passwords across your devices.
- Windows & Android or iPhone owners: Your situation is a bit more complex, but I’d recommend you use the free version of the Bitwarden Password Manager. It is cross platform tool that runs on Windows, Mac, Android and iPhone devices.
Grammarly vs Harper
Harper is an Open Source grammar checker that always respect your privacy unlike some commercial cloud based grammar checkers.
Harper is a trustworthy alternative grammar checker for all your documents because:
- Harper only runs on your laptop, so your documents are never sent to cloud based servers in the USA.
- Grammarly runs on Amazon Web Servers in the cloud.
- Harper is ideal for people who value their privacy, plus anyone in Education, Legal, Healthcare, and Government sectors.
Take Action:
If you haven’t already, try installing the Harper browser plugin and see how it works for you: https://writewithharper.com/
Ad Blockers
Why would anyone consider using an Ad Blocker on their laptop or phone?
- Stop distractions & clutter
- Load webpages & website faster
- Enhance your privacy by making it more difficult for advertisers to track you online
- Helps secure your personal browser history from data brokers & advertisters
Take Action:
If you’d like to try out an Ad Blocker on your web browser, please check out uBlock Origin which has consistently been on of the top free Ad Blocking browser plugins for several years now.