Google-hatched Security Planner matches expert advice with your worst security fears

  • Liam Tung (CSO Online)
  • 15 December, 2017 07:07
Security Planner -- An Alphabet project passed to Citizen Lab
Security Planner -- An Alphabet project passed to Citizen Lab

Even tech savvy people can struggle to secure all the tools and devices they use to communicate privately. Security takes effort but there’s little benefit investing energy into defenses against government surveillance if your main threat is a jealous ex.

To help people pick the right strategy, Canadian digital rights group Citizen Lab has launched a new site called Security Planner that helps people navigate the best options given their situation. The site factors in the hardware and communications tools a person uses, and the person’s greatest security concerns. It arrives as families  gather for the Christmas break, which is an ideal time for families to share ideas about staying safe online.    

The advice includes instructions for enabling important free security tools from Apple, Microsoft, Google, and  third-party systems, as well as instructions for and explanations why patching and online backups are worthwhile efforts.

Better yet, the advice should be reliable as it's been been peer reviewed by security experts at Google, cryptographer Bruce Schneier, media professionals, and groups that defend political dissidents. The site also offers links to emergency support services that can provide immediate help, such as Access Now.    

The idea for Security Planner was hatched at Jigsaw -- a part of Google parent Alphabet that explores technology to make people safer -- and handed over to Citizen Lab in 2015. 

The tool could be particularly useful for people who may not know how to begin a search for answers to a security problem, whether it’s being stalked online, fears over government access, or ransomware.

Security Planner is structured as a three-step questionnaire, with each stage offering pre-filled answers combined with recognizable graphics. 

The first question is “What do you use to handle you private information?”. The answers include “iPhone or iPad”, “Android Phone or Tablet”, “Mac computer”, “Windows Computer”, “Email”, “Social Media Accounts”, “Online Shopping and Banking”, and “Other”, which includes smart watches, games and so on. 

Users can tap one or multiple answers, so if you have an Android phone but use a Windows PC, you can select both and then hit “Next” to the go to the next stage. 

Step two asks you to click you’re “top online security concerns”, which include accidentally downloading malware, lost or stolen devices, private communications, shoulder surfers, and blocked websites. 

The third stage offers five statements that help identify whether you just want to know how to stay anonymous online or if you’re a public figure or senior exec who could be targeted. 

The site doesn’t require users register or provide personal information.   

The Security Planner then offers an “Action Plan” and a list of security tips that are relevant to the person's devices, tools and habits as well as links to resources and organizations that can offer more help. The page offers a shareable link to the advice or a printable version.  

While the project has Google-affiliated origins, the advice spans tools that are native to non-Google platforms and third-party apps that are available for for all platforms. The advice includes recommendations for Windows Defender and Windows Backup, macOS FileVault encryption and Time Machine backups, password managers and firewalls for all platforms, and third-party secure messaging tools such as Signal. It also includes references to important Google tools, such as its recently launched Advanced Protection Program