Posted: 3 Min ReadFeature Stories

Is Your Personal Data Leaking from Your “Digital Exhaust”?

Synchronization services provide convenience, but also risk

It’s easy to take for granted how convenient technology has become.

As we switch between devices, our calendars, emails, notes, photos and other information follow us – always keeping us up-to-date. Your messages follow you from your personal phone to your work computer and then back at the end of the day.

However, there can be a downside to all this convenience. The very reason your devices can do such things may put your personal data at risk in ways you may not realize.

Your Digital Exhaust

As you travel through the internet, you leave a data trail behind you – something known as “digital exhaust.”

Companies like Apple and Google have built services into their products that allow important pieces of data you may use multiple times a day to follow you from device to device.  These synchronization services are built into the popular technologies Apple iCloud®  and Google Chrome®. They’re the reason you can keep items such as your bookmarks or iMessages synchronized between all the devices you use them on. 

The Cyber Security Services research team at Symantec, owner of Norton LifeLock, recently performed a deep analysis of these two services, and we found a few potential areas of concern. Before we go into the details, it’s important to note that synchronization services from Apple iCloud and Google Chrome operate effectively as designed. The security concerns we are highlighting come from the tradeoff we make by using these services for the convenience and efficiencies they provide to us.

Risks of Synchronization

How could these security concerns affect you?

Let’s say you are working on a new project at work. You store some notes about the project in your Notes app on your corporate Mac®  computer, which is using your personal iCloud account.  When you leave for the day, you shut off your computer.

What you don’t realize is you may have already put that highly confidential data at risk.

Because of the synchronization service, the data you stored in the Notes application on your work computer was also automatically stored in your home computer Notes application. In fact, the data was in your home before you were.

This poses potential risks. Since home networks generally have less security than company networks, cyber criminals may have an easier time accessing it. Inadvertently syncing the data onto your home computer may also violate your company’s policies.

The data replication goes the other way as well – from your personal device to your work computer. Imagine that you stored some personal medical information on your smartphone using your personal iCloud account. If you use the same account for your work computer, the information will be stored on your company network. That means your company might see some of your personal information that you prefer to keep private.  

The security concerns from synchronization aren’t always insidious, though. Say you were doing research for a trip to the Bahamas to surprise your spouse for your anniversary.  You carefully did this research at work during your lunch hour so there was no chance of your spouse getting wind of the trip. Or so you thought. However, if your family has a shared device, like an iPad, your spouse could come across notes you took at work that were replicated onto your home device.

Since home networks generally have less security than company networks, cyber criminals may have an easier time accessing it.

How to Reduce Your Risk

The point isn’t to stop using synchronization services, since they do make our lives easier. However, you should realize the risk they carry, so you can use the services in a way that allows you to protect your most sensitive data while getting the maximum benefit of these convenience services. Consider the following ways to keep your data more secure:

  • Keep Info Separate. Do not use your personal Google (Gmail) or iCloud accounts on your work computer and vice versa.
  • Don’t Be a Borrower. Use your account only on machines and networks you trust; don’t use them on borrowed devices that you cannot factory reset after use.
  • Should You Fill Up? Turn off the feature in Chrome or Safari that automatically fills forms.
  • Turn On or Turn Off. Switch off synchronization capabilities on devices that you do not wish to store data on or share data from.

We live in a fast-paced world, and we’ve become used to the idea of being able to access any information we want at any time from any device.  It’s important to understand the security risk that comes with this modern level of convenience.

You’ll never be able to eliminate your entire digital exhaust. However, you can keep some of your most sensitive information from spewing out of the tailpipe.  

To learn more, download the report here: Privacy in a Synchronized World

Symantec Enterprise Blogs
You might also enjoy
Threat Intelligence9 Min Read

Mobile Privacy: What Do Your Apps Know About You?

Just how much personal information are your apps gathering? And do they really need so much?

About the Author

Stan Kiefer

Senior Security & Innovation Researcher , Consumer Labs, Norton LifeLock

Stan is a Senior Security & Innovation Researcher in the Consumer Labs at Norton LifeLock. Prior to that, Stan was a security researcher on the Cyber Security Services team where he led the cyber simulation service and ran the CyberWar Games program.

Want to comment on this post?

We encourage you to share your thoughts on your favorite social platform.