this post was submitted on 31 Mar 2024
19 points (85.2% liked)

Privacy

32130 readers
371 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

Hi there, So just watched latest video of Jim Browning and in the video he had a sponsor I had not heard about before, Guard.io. So I went to check it out, and it seems like a fairly decent service (by that I mean, a service I would put on family members devices) for helping against possible phishing attempt and general safeguarding online activity etc.. I currently have installed Ublock Origin in their browsers and pointed their DNS to base.dns.mullvad.net, but that's about it.

So:

  • Anyone had any experience with this service?
  • What's the general consensus around this service?
  • Is it necessary, compared to the measures I mentioned above?
  • Are there any other general measure I could implement on their devices? (they are on both apple and Android ecosystems)

Thanks for any suggestions 🌻

top 20 comments
sorted by: hot top controversial new old
[–] Steve@communick.news 29 points 7 months ago* (last edited 7 months ago) (2 children)

Nope.
Not remotely private.
According to the PDF on their Privacy Policy page:

They collect a whole bunch of data on you. Including every site you visit. As well as every email and SMS you receive.

Specifically, during Your access and/or use of the Services, we will collect or receive the following information (including Personal Information) about You:

  • Anonymized browsing behavior needed inter alia for the operation of the Solution including sites and URLs visited during the Solution’s operation.
  • Country, IP address, Installation time, E-mail, name, last name (as provided by the user), 4 digits of credit card, credit card type for paying customers, and other information provided by you during and as part of creating and maintaining an account with us.
  • To the extent you have chosen to subscribe to and use our email scanning feature and/or SMS messages scanning feature as part of the Services, we will also receive information as follows: (a) when you use our email scanning feature – the information (including email content) contained in your email inbox as of your subscription to the service and information contained in any email you receive thereafter during your use of the Services; and (b) when you use our SMS messages scanning feature, information contained in the SMS messages (including messages content) you receive as of the subscription to such feature and thereafter during your use thereof, all as described in your subscription and as made available by us.

They then use and provide that "anonymized" data to any 3rd party they work with.

The collected information as stated above is stored in Guardio’s database and shall be used and processed by us only for the following purposes:

  • Providing the Services or any part thereof and enabling convenient and efficient use of thereof including, as applicable, third-party services made available via our Services;
  • Improve and enrich the Services;
  • Modify and/or remove existing Services and content;
  • Perform research and provide statistical information to third parties (in such case, the provided information will not identify You);
  • Enforce the Guardio’s Terms;
  • Collecting of payable fees;
  • Providing additional services and/or products;
  • Any other purpose detailed in the Terms and this Privacy Policy.

They target you with 3rd party ads (personalized content).

Your Personal Information is collected and used because Guardio has a legitimate business interest for Your Personal Information to be used for the above purposes. This enables Guardio to send You relevant and personalized content designed to improve Your use of the Services. You have the right to object to this by contacting us via email: my.privacy@guard.io. Please note that if you object, this may affect Guardio’s ability to provide you with the Services and send personalized content to You.

[–] Sunny 5 points 7 months ago

Well yikes. I'll stay far and wide away from this service. Thanks for taking the time to gather that information.

[–] schwim@lemm.ee 3 points 7 months ago

What a fantastic comment. Thanks so much for the effort.

[–] catloaf@lemm.ee 26 points 7 months ago (2 children)

Seems sketchy. You give them access to everything instead? How do we know they won't be an avenue to compromise?

This bit from their FAQ does not inspire confidence either:

Is Guardio Legit?

Guardio is definitely 100% legitimate, and it’s also a great product.

If it was, they wouldn't need to say stuff like that.

[–] hddsx@lemmy.ca 3 points 7 months ago (1 children)

What do you mean? You prefer services that advertise that they are definitely 80% legit, it just depends on who your sales guy is?

[–] umami_wasbi@lemmy.ml 5 points 7 months ago* (last edited 7 months ago) (1 children)

I guess what he mean the service must proof itself legit by actions, rather saying it out loud in a FAQ.

Still, that FAQ explicitly saying they are legit gives me the feel of "The lady doth protest too much, methinks,".

[–] hddsx@lemmy.ca 2 points 7 months ago

Sorry, my sarcasm didn’t translate through text.

It does indeed have “I’m always wearing a condom” vibes, even if we’re at dinner

[–] Sunny 2 points 7 months ago

Hmm, I agree that it's not the best advertising in the world. But also they are closed source, so I guess it can never truly be trusted. Question that really remains is: is it better to use them than to not use them, for lesser tech savvy peeps.

[–] Kissaki@feddit.de 8 points 7 months ago* (last edited 7 months ago) (1 children)

I wouldn't use it.

Seems to me like free plan is what browsers natively support anyway. (Scam site blacklist. I highly suspect they use the same. They can't compete with the one Google hosts and all major browsers integrate.)

And instead of paying 15 usd per month, Windows defender is a well funded, well established, well trusted solution.

There's no practical gain in blockage before download. Windows defender scans upon and after download, before execution.

[–] Sunny 1 points 7 months ago

Fair enough, thanks 😊

[–] randombullet@programming.dev 6 points 7 months ago (1 children)

Just use NextDNS and PiHole/AdGuardHome and redirect all port 53 requests to your local DNS instance.

DoT and DoH will mitigate some phishing risks.

Social engineering is the biggest threat, especially through vishing.

[–] Sunny 1 points 7 months ago (1 children)

I personally use nextDNS, and love it. However my setup is too strict for their use cases and blocks newspapers and stuff they read. I also don't feel comfortable logging their devices. I guess I could spin up a few more nextDNS accounts for them on the free plan instead though, that's probably what I should do.

[–] randombullet@programming.dev 1 points 7 months ago (1 children)

You can put them in another bucket with custom rules.

[–] Sunny 1 points 7 months ago (1 children)

Hold on, is that possible in nextDNS? Never seen that option before.

[–] randombullet@programming.dev 1 points 7 months ago (1 children)

I pay for NextDNS. It's under new profiles on the top left.

[–] Sunny 2 points 7 months ago

I alos pay, but have completely missed this feature hehe. Thanks for pointing this out, completely solves this issue for me 🙌

[–] Pantherina@feddit.de 3 points 7 months ago

Until its known by people that actually know stuff, avoid it

[–] headroom@lemmy.ml 3 points 7 months ago (1 children)

Is it necessary, compared to the measures I mentioned above?

That product is trash but how is what you're doing helping with phishing?

[–] Sunny 1 points 7 months ago (1 children)

As another comment said, through DoT and DoH. Also newly registered links (30days) are blocked by default (at least with my nextDNS settings). I was however mixing up, thinking Mullvad would do the same.. I should probably make a nextDNS profile for each member in family.

[–] headroom@lemmy.ml 1 points 7 months ago

Ye mullvad uses their blocklists but does not provide the features mostly listed in the security tab. I still don't get how dot and doh are relevant with phishing.