Your Contact List Isn't Private
Welcome back, everyone! We took a break last week—I hope you all had a great couple of weeks!
This week, we released a video about the contacts list in our phones. At first glance, our contacts list may seem like a local database kept private just on our personal device, and so we don’t hesitate to put all kinds of personal information in it.
It wasn’t until a friend asked me not to save his home address in my phone that I actually started to consider the privacy of this list. It wasn’t that he didn’t trust me with his address—he didn’t trust my phone.
Here’s a summary of our findings, including an explanation of why contacts in our phone’s default contact list might not be as private as we think, who can access them, and how we can protect our contacts more effectively.
Contacts: The Hidden Goldmine Fueling the Surveillance Economy
Our contact list holds a treasure trove of personal information: names, phone numbers, email addresses, home addresses, birthdays, work, and social media information. This data creates a detailed social graph, revealing intricate details about our personal relationships and interests.
The default contact list on iOS and Android devices is not private. Apple and Google collect our information through various app interactions and syncing services. On top of that, countless apps request permission to access our contacts list, and many apps sell this information to third parties.
This data can end up with data brokers, advertisers, political campaigns, and law enforcement agencies, often without our knowledge or consent. By not storing contact information privately, we not only jeopardize our own privacy but also expose the private information of our friends, family, and colleagues. Each contact entry represents a real person with their own privacy concerns, and our actions can inadvertently compromise their security and trust.
How to Protect Contact Information:
Turn off Syncing: Export your cloud contacts as a .vcf file to have a local backup, and then turn off cloud syncing to services like Google and Apple.
Review App Permissions: Regularly check which apps have access to your contacts and revoke unnecessary permissions.
Use Third-Party Contact Managers:
Standard Notes: This encrypted notes app syncs across devices, ensuring end-to-end encryption for your contacts.
ProtonContacts and Tutanota Contacts: Part of the ProtonMail suite and Tutanota’s email platform, these options provide end-to-end encrypted storage for your contacts. This is handy for autofilling email addresses within these apps.
KeePassXC: This local password manager can also work as an encrypted database for your contacts, providing high privacy. You can store a copy on your different devices, but you would need to keep them synced manually.
Use a Graphene Phone: GrapheneOS doesn’t send your contacts to centralized OS servers, unlike iOS and Android. Additionally, GrapheneOS offers “contact scopes,” which allow you to control exactly what contact information apps can access. Note that with iOS’s latest release, they too introduce contact scopes, but we still recommend GrapheneOS over iOS for privacy: Apple doesn’t end-to-end encrypt users’ contacts, which means they can access them.
NOTE: In our video, we mention Simple Contacts Pro, but we have since learned that it has been acquired by ZipoApps, a company known for adding ads and tracking to apps. One of the developers forked the project, and the fork, “Fossify,” is an alternative that you can consider instead.
By taking these steps, we can protect our contacts from indiscriminate harvesting. Taking control of our contact lists and the sensitive data they contain is crucial not just for our own privacy and security, but also for respecting the privacy of others. Our contacts deserve to be treated with the utmost care and respect.
If you found this information helpful, consider supporting our channel by donating to NBTV. Your support helps us create free educational content that teaches people how to reclaim control over their digital lives. Visit NBTV.media/support to set up a monthly, tax-deductible donation to our non-profit.
Yours in privacy,
Naomi
NBTV. Because Privacy Matters.