Hi there,
So just watched latest video of Jim Browning and in the video he had a sponsor I had not heard about before, Guard.io. So I went to check it out, and it seems like a fairly decent service (by that I mean, a service I would put on family members devices) for helping against possible phishing attempt and general safeguarding online activity etc… I currently have installed Ublock Origin in their browsers and pointed their DNS to base.dns.mullvad.net
, but that’s about it.
So:
- Anyone had any experience with this service?
- What’s the general consensus around this service?
- Is it necessary, compared to the measures I mentioned above?
- Are there any other general measure I could implement on their devices? (they are on both apple and Android ecosystems)
Thanks for any suggestions 🌻
Nope.
Not remotely private.
According to the PDF on their Privacy Policy page:They collect a whole bunch of data on you. Including every site you visit. As well as every email and SMS you receive.
Specifically, during Your access and/or use of the Services, we will collect or receive the following information (including Personal Information) about You:
- Anonymized browsing behavior needed inter alia for the operation of the Solution including sites and URLs visited during the Solution’s operation.
- Country, IP address, Installation time, E-mail, name, last name (as provided by the user), 4 digits of credit card, credit card type for paying customers, and other information provided by you during and as part of creating and maintaining an account with us.
- To the extent you have chosen to subscribe to and use our email scanning feature and/or SMS messages scanning feature as part of the Services, we will also receive information as follows: (a) when you use our email scanning feature – the information (including email content) contained in your email inbox as of your subscription to the service and information contained in any email you receive thereafter during your use of the Services; and (b) when you use our SMS messages scanning feature, information contained in the SMS messages (including messages content) you receive as of the subscription to such feature and thereafter during your use thereof, all as described in your subscription and as made available by us.
They then use and provide that “anonymized” data to any 3rd party they work with.
The collected information as stated above is stored in Guardio’s database and shall be used and processed by us only for the following purposes:
- Providing the Services or any part thereof and enabling convenient and efficient use of thereof including, as applicable, third-party services made available via our Services;
- Improve and enrich the Services;
- Modify and/or remove existing Services and content;
- Perform research and provide statistical information to third parties (in such case, the provided information will not identify You);
- Enforce the Guardio’s Terms;
- Collecting of payable fees;
- Providing additional services and/or products;
- Any other purpose detailed in the Terms and this Privacy Policy.
They target you with 3rd party ads (personalized content).
Your Personal Information is collected and used because Guardio has a legitimate business interest for Your Personal Information to be used for the above purposes. This enables Guardio to send You relevant and personalized content designed to improve Your use of the Services. You have the right to object to this by contacting us via email: [email protected]. Please note that if you object, this may affect Guardio’s ability to provide you with the Services and send personalized content to You.
Well yikes. I’ll stay far and wide away from this service. Thanks for taking the time to gather that information.
What a fantastic comment. Thanks so much for the effort.
Seems sketchy. You give them access to everything instead? How do we know they won’t be an avenue to compromise?
This bit from their FAQ does not inspire confidence either:
Is Guardio Legit?
Guardio is definitely 100% legitimate, and it’s also a great product.
If it was, they wouldn’t need to say stuff like that.
What do you mean? You prefer services that advertise that they are definitely 80% legit, it just depends on who your sales guy is?
I guess what he mean the service must proof itself legit by actions, rather saying it out loud in a FAQ.
Still, that FAQ explicitly saying they are legit gives me the feel of “The lady doth protest too much, methinks,”.
Sorry, my sarcasm didn’t translate through text.
It does indeed have “I’m always wearing a condom” vibes, even if we’re at dinner
Hmm, I agree that it’s not the best advertising in the world. But also they are closed source, so I guess it can never truly be trusted. Question that really remains is: is it better to use them than to not use them, for lesser tech savvy peeps.
I wouldn’t use it.
Seems to me like free plan is what browsers natively support anyway. (Scam site blacklist. I highly suspect they use the same. They can’t compete with the one Google hosts and all major browsers integrate.)
And instead of paying 15 usd per month, Windows defender is a well funded, well established, well trusted solution.
There’s no practical gain in blockage before download. Windows defender scans upon and after download, before execution.
Fair enough, thanks 😊
Just use NextDNS and PiHole/AdGuardHome and redirect all port 53 requests to your local DNS instance.
DoT and DoH will mitigate some phishing risks.
Social engineering is the biggest threat, especially through vishing.
I personally use nextDNS, and love it. However my setup is too strict for their use cases and blocks newspapers and stuff they read. I also don’t feel comfortable logging their devices. I guess I could spin up a few more nextDNS accounts for them on the free plan instead though, that’s probably what I should do.
You can put them in another bucket with custom rules.
Hold on, is that possible in nextDNS? Never seen that option before.
I pay for NextDNS. It’s under new profiles on the top left.
I alos pay, but have completely missed this feature hehe. Thanks for pointing this out, completely solves this issue for me 🙌
Is it necessary, compared to the measures I mentioned above?
That product is trash but how is what you’re doing helping with phishing?
As another comment said, through DoT and DoH. Also newly registered links (30days) are blocked by default (at least with my nextDNS settings). I was however mixing up, thinking Mullvad would do the same… I should probably make a nextDNS profile for each member in family.
Ye mullvad uses their blocklists but does not provide the features mostly listed in the security tab. I still don’t get how dot and doh are relevant with phishing.
Until its known by people that actually know stuff, avoid it