Friday, December 13, 2019
11 secrets that will make you more secure on the internet
11 secrets that will make you mora secure on the world wide web11 secrets that will make you more secure on the internetHacked accounts in the news. Endless robocalls. Online ads that eerily seem to read your mind. Do I hear Alexa and Siri gossiping about your secrets? Italmostfeels like paranoia is a totally appropriate reaction.In 2018 alone,data breachesexposed four-point-fivebillionrecords to hackers. Three months into 2019 and abedrngnisher two-point-seven billion are already illegally available for sale. But hackers arent the only problemFollow Ladders on FlipboardFollow Ladders magazines on Flipboard titelseiteing Happiness, Productivity, Job Satisfaction, Neuroscience, and moreWeve all read about the 50 mio Facebook accounts involved in theCambridge Analytica scandal. And another 30 million were exposed inOctober of 2018. Oh, and in September another 7 million hadprivate photos revealed.Of course, Google knows every search youve made (yes, even in incognito mode) andtons of o ther stuffabout you. And in 2014,hackersreleased a lot of not-so-clothed pictures stolen from celebrities Apple iCloud accounts.Oh, and dont forget that your internet service provider has a list ofeverywebsite youve ever visited at home. Yes, even those websites that we dont discuss at family dinner. And they sell thatinfo to marketers. Some retail stores nowtrack how often you visitandwhich aisles you spend the most time in. Three-hundred bucks to the right shady individual can buy meyour exact location at any time. And nobody wants their leistungspunkt info leaking. But italready has. Multipletimes.Feeling a bit 1984 over there, Winston Smith? Okay, lets take a breath. Dont start folding your tinfoil hat just yet.There is one ironclad rule on our sideNobody can abuse information about you that they dont have.Which is why we need to take security and privacy more seriously. Because its on us. And so I present you with what could be titled Internet Security and Privacy The-mora-Than -You-Care-To-Know Edition.Id like to single outMichael Bazzellfor his fine work that I drew a fair portion of this info from. He spent years at the FBIscybercrime divisionand was a consultant on the first season ofMr. Robot. His incredibly thorough books areThe Complete Privacy Security Desk ReferenceandHiding from the Internet Eliminating Personal Online Information.Were gonna cover everything from fundamentals like good passwords all the way to the paranoid level of aliases and burner phones. If you just want to be safer online or if you want that tinfoil hat to be nicely tailored, this should have you covered.So whats the first step?Know your Threat ModelSecurity and privacy are different. Security is somebody breaking into your online accounts. Privacy is someone having personal details about you. (So putting your entire digital life into Google products is excellent for security - but often terrible for privacy.) You can be more concerned about one and less about the other.An d then theres the security/privacy vs. convenience trade-off. Its pretty much axiomatic that more secure means less convenient. You can be concerned about privacy but not concerned about it enough that you want to live in a Faraday cage. So how can we be responsiblewithoutbeing paranoid?The answer is to think about your threat model. Ask yourself (non-rhetorically) What am I afraid of? And how much am I willing to do to prevent it? Are you more concerned about security or privacy? More worried about hackers or stalkers? Are you someone who just wants to be on fewer marketing lists or are you a whistleblower who may have the resources of a global corporation turned against him or her?Know what you want to defend against and youll know what measures will be vital - and what is paranoid overkill.(To learn more about how you and your children can lead a successful life, check out my bestselling bookhere.)Alright, we know how to evaluate whats necessary for each of us. But this first on e is non-negotiable, whatever your threat model may be1) Get FrozenNo, not the Disney movie. You need to get acredit freeze. Its the best defense against identity theft. The best time to get one is yesterday. Or sooner.Many of you are saying Yawn. I did that a long time ago with all three credit agencies. To which I would reply, Actually, there are 6 credit agencies. Oooooops.So fill out the forms forEquifax,Experian,Transunion,Innovis,NCTUEandChex. Theres an excellent overview of the whole absprachehere.And if you have young children get a credit freeze for them too. Kids are abig targetbecause their credit is not only clean but also their reports are unlikely to get checked for, oh, about a decade or so. It would be awful for little Jimmy to be $300,000 in debt by age nine. More info on credit freezes for kidshere.(To learn how to stop checking your phone all the time, clickhere.)Okay, lets talk about that computer of yours. Its feeling vulnerable and needs a little more than a hu g2) Full Disk Encryption, Firewall, And BackupsThis trio is critical for your computer. Full disk encryption keeps your data safer and a firewall protects you from some online attacks. (Heres how to setupFDEanda firewallon Mac, and heresFDEandfirewallon Windows.)Backing up means if anything happens to your computer you wont lose your data. Think of it like homeowners insurance for your digital life. You have to do this regularly, but its often easy to automate. If youreveryconcerned about your data, you want to have multiple encrypted backups, with one of them maintained offsite. The latter means putting an encrypted copy of your info on a USB drive that you keep at a friends place (recommended) or in the cloud (not recommended.) This way if a meteor hits your house or the jackbooted minions of the great global conspiracy seize the rebellions plans, youre covered. Good options areTime MachineandCarbon Copy Cloner. And I highly recommendthis little guy.The most important part of smar tphone privacy is limiting app permissions like location data, contacts, etc. And dont download sketchy apps.(To learn the 4-step morning ritual that will make you happy all day, clickhere.)Okay, you should be in good shape. But theres something that comes up again and again that we tend to put off. But its vital. In fact, many experts say its the single most important thing you can do to increase security3) Updates Are Annoying. Do Them AnywayMost hackers arent geniuses. Often theyre using the same tricks from 5 years ago. But if you havent updated your software in 5 years uhhh yeah, thats a problem.Those updates youre putting off? Most of them are security-related. Apply updates ASAP. It often feels like its doing nothing but youre forgetting that when it comes to security,nothing is a wonderful thing and something is very very schwimmbad.And routinely updateallyour devices. Desktop, laptop, smartphone, firmware on routers, etc. Enable automatic updates on any device that offers i t.After any update, check your settings. When new features are added they often default to the least secure options. And sometimes updates even turn on options you turned off. Sadly, the price of digital liberty is often eternal vigilance.(To learn the 4 harsh truths that will make you a better person, clickhere.)Okay, youre updating often. But theres a way to increase securityandmake updates less cumbersome at the same time4) Apps Are Not Pokemon. Stop Collecting ThemIf you dont use something regularly, delete it. Smartphone apps, computer software, browser extensions, etc. This reduces attack surface. The more software you have, the more points of failure you have. More things that can have vulnerabilities. More potential rogue software doing things it shouldnt do.That said, hold on to yourantivirusandmalware protection- especially if youre using Windows.(To learn how to have a long awesome life, clickhere.)Alright, time for an intervention. We need to have a serious talk about a very serious subject. Im very disappointed in your behavior5) Your Passwords Bring Shame Upon Your FamilyThemost common passwordsare embarrassing The top two slots have been left unchanged for the fifth year in a row. They are, maddeningly, 123456 and password.In fact, just by knowing thetop ten most common passwordsyou could break into almost 1 out of every 50 computers. Okay, maybe your password is slightly better. But slightaint cutting it, BubbaA password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. Its an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.By the way, that article is seven years old. You think computers have gotten faster or slower since then? Exactly. You need unique, strong passwords for every account and on every device. 12 characters or more, a mix of letters, numbers and special characters. No excuses.Some people are th inking, Are you crazy? I cant remember all those. But you dont need to. Get a good password manager likeLastpass. It will generate super-strong passwords for you and remember them all.Willing to forego convenience for super-duper security? Then forgetLastpass. You dont want a password manager that uses the cloud - that means your passwords are out there onsomeone elses computer. Yes, theyre almost certainly safe and cloud-based systems are very convenient - but if youre a die-hard about security the only place the keys to your digital kingdom should be is onyourdevices. Go withKeePassXCandMiniKeePassfor your iPhone.Beyond that password, guard your primary schmelzglasle account with your life. If I can get into that, I can go to most every site you frequent and request a password reset. Boom - hacking one account gets me all of them. And Im not speculating here. This is exactly what happened to Wired reporterMat Honan.You also needtwo-factor authentication. (2FA) You know when you log into your bank and they text you a code? Yeah, that. And if youre getting all your 2FA codes via SMS you aredoing it wrong. Use an app-based system instead, like Google Authenticator (iPhone,Android) orAuthy. Some sitesonlyoffer SMS-based 2FA and, inexplicably, many are companies you would expect themostsecurity from. (Im looking atyou, Bank of America.) If SMS is your only choice, its definitely better than nothing. A helpful list of all major sites offering 2FA ishere.And finally, what if you wantultimatesecurity (but not necessarily privacy) for that precious primary email account? TryGoogle Advanced Protection. Then nobody can get into your account without a passwordanda physicalUSB key.And it works. Google instituted it for all employees. How many phishing-based hacks have they had since then?Zero.(To learn how to deal with out-of-control kids - from hostage negotiators - clickhere.)Perfect. But what are you using to log into those accounts anyway? And is it as private a s youd like?6) Stock Browsers Are Bad BrowsersAt least if youre very serious about privacy. Safarisends data to Appleand you better believeChrome sends info to Google. If this is part of your threat model, ditch them both and go withFirefox, which is the most secure of the mainstream browsers.For super-duper security and privacy, here are some recommended extensionsHTTPS everywhere This is a must for everyone. Forces sites to encrypt your connection whenever possible.Ublock Origin Great, customizable ad-blocker. Do not install if you love ads.Cookie Autodelete Prevents tracking. Not for everyone. Very secure, not-so-convenient.Multi-Account Container This makes each tab operate as if it was a separate browser, preventing those eerie recommendations that seem to read your mind. Not for everyone.Track Me Not It runs random Google searches in the background to bury your real searches in a haystack of noise. Only needed if youre very privacy conscious and have a puckish sense of humor.F or your smartphone, itsFirefoxagain, unless you want super-security and dont mind a convenience hit then go withFirefox Focus.And at thesuper-extremeouter edge we have the Deluxe Snowden Package. Youll needQubesandTor(Pro tip be careful with thoseexit nodes.) And you cannot afford to be tracked by your phone. Get aFaraday bag- or put it in a martini shaker. Yes,seriously.(To learn how to deal with passive-aggressive people, clickhere.)Browser secured. But thats not going to help much when the data leaves your computer and heads out there into the big bad internet. How do you keep your online activities secure and private when theyre out of your hands?7) Dig A TunnelYour ISP can see every site you visit when youre online at home. And so can the marketers they sell that info to. If a connection isnt secure, hackers can intercept your traffic and mess with you. And using public WiFi is like making your poor little phone have unprotected sex with very unattractive strangers. How the he ck do we stay safe from all ansicht prying eyes and barbarians at the digital gate?Its called aVPNand Ill go so far as to say everyone should have one. Basically, it creates an encrypted tunnel between you and your VPN provider, protecting your internet activities from visibility and attacks. Your ISP now only knows youre connected to the VPN, and nothing more. Hackers cant break through the encryption to monkey with your data. And public WiFi gets a much-needed condom.Note that some sites dont play well with VPNs, because many bad guys use them. VPNs are pretty cheap (roughly $5 a month) and theyre simple to set up on both computers and smartphones.PIAandNordVPNare recommended providers.(To learn 5 secrets from neuroscience that will increase your attention span, clickhere.)So far weve discussed a lot of attack scenarios youre probably familiar with. But heres one most people arent. And if youre not protected, it could lead to someone emptying your bank account8) The Phone Number I s The New Social Security NumberWhat do you do whenever you get a new phone? Call your cellular provider and have them move your number to the new device. Easy peasy. But what if I called your cellular carrier and pretended Im you? They moveyourphone service tomyphone. And when I log in to Bank of America with your password, guess who gets the text with that 2FA code? Yup, moi. Shopping spree time. (Hacking the password was easy its was 123456, right?)This is called SIM swapping. These days people are signing up for 2FA more often, so SIM swapping is happening more often. If youre doing 2FA with an app like Authy or ahardware token, youre covered. But some sites (*cough*, *cough*, Bank of America)onlyoffer 2FA by SMS. Ugh. What to do?Many of the phone companies are now offering to secure your account with a password, so go to their site or call them to get one. People wont be able to port your number without the code.And whats the ultimate-privacy-Jason-Bourne-level-security-tinfoil -hat-conspiracy-theory solution? Thats easymake sure nobody knows your phone number - not even you.This will prevent both SIM swapping attacks and shady dudes from selling your GPS location. But how the heck do you do it?Move your current phone number to Google Voice. (You can do thatherefor $10. Instructionshere.) Sign up for a pre-paid mobile plan. (Mint Mobile is dirt cheap and reliable. Joinhere.) Theyll give you a new SIM card with a new number. You now get all your calls, texts and voicemail through the Google Voice app. And you never give the new SIM card number out to anyone.Yes, this works. You cant be SIM swapped, you cant be tracked and anyone you tell about it will probably assume youre a fugitive, a drug dealer or utterly insane.While were driving down paranoia lane, SMS text messaging is fundamentally insecure. Switch to an encrypted free app likeSignal. But the people youre contacting need to have it as well. So now youre an insane fugitive drug dealer who is also ha ving an affair. Remember what I said about security vs convenience..?(To learn the neuroscience secret to how to quit bad habits without willpower, clickhere.)Weve covered a lot of technical stuff, but one of the most important things to do when dealing with online security threats is to change your attitude9) Be More SkepticalPhishingattacksdont always comein the obvious form of emails from Nigerian royalty. Increasingly, these attacksappearto come from close friends, leading you to click links without hesitation. Using a site likethisI can send you an email that appears to be from, well, anyone. Andthis sitelets me do the equivalent with my phone, spoofing my caller ID. Yes, its that easy.Dont log in to anything important using a public computer or public WiFi without a VPN. Turn WiFi off on your phone toavoid being tracked in retail stores. And sign up for notificationshereto find out if any of your personal information has popped up in data breaches.If giving out personal info i s an overwhelming concern for you (everybody say it with me nowthreat model) you might want to check outMySudo. Ever wanted a secret identity? MySudo offers you multiple aliases - each with their own working phone number and email address. For when you have to give the hotel a number but dont want marketing calls, when youre not sure about that person on Tinder, when buying things online, or if you just want to pretend youre Stringer Bell from The Wire carrying a burner phone.(To learn the 4 rituals from neuroscience that will make you happy, clickhere.)Okay, youve got the skepticism part down. But were already using some services that may not pass that new threshold. Time to reevaluate10) Be Wary Of The Cloud And Social MediaMost of us see free iCloud backup as an awesome service. And it is but also look at it through your security lensany time you backup in the cloud you are putting all of your data on a computer you do not control.The cloud is great for convenience and data loss protection but anything you put on someone elses computer is subject to data breaches or nosy employees. For most people, the cloud is probably fine. But if you plan on becoming a political dissident or an grenzberschreitend celebrity (no, Im not going to link to the hacked nudes of Jennifer Lawrence but I cant stop you from Googling them) keep your data on your devices. Theres also a middle path encrypt files before uploading them. (Free software for thathere.)So what about social media?Hereshow to get what Facebook knows about you, how to delete it, or to change your privacy settings.HeresGoogle.Thisis Apples data on you, how to delete it, and how to limit ad tracking.For the extreme crowd, hereshow to delete your Facebook account, yourGoogle accountandother social media.Me? Ill be sharing this post all over social media. But you cant see my nudes. I know my threat model.(To learn the secret to never being frustrated again, clickhere.)Ive tried to give a balance of reasonable opt ions along with more extreme measures. At this point, the reasonable folks are more than covered. But there are going to be some who say Im not being paranoid enough. Oooooookay, lets go to thetotal edge case11) Convinced They Are Watching You? Set Traps.If youve got a stalker, an abusive spouse, or live in a country where having unpopular political opinions tends to make people vanish, youve got a legit extreme threat model. And Imhere to help.Whether its a despotic government, your boss, or the henchmen of the Illuminati, how do you know if someone already has access to your computer? What if you had a canary in the coal mine to warn you?Canary Tokensallows you to create, for free, files that send you an email when theyve been opened, along with the IP address of the intruder. Throw one on your desktop with atoo-good-not-to-click-onname like passwords, finances or my personal favorite, stuff to discuss with therapist and then never touch them. If you get an email from Canary Token s, somebodys looking at your stuff - and it aint you.Yeah, agreed, this is all super-paranoid That is, unless the canary sings.(To learn the science of how to take naps that will make you smarter and happier, clickhere.)We have covered a positivelygargantuanamount of information. I should give you a diploma at this point. Lets round it all up and Ill tell you how to get everything you need to get your info off all those sketchy online data broker sites that flood your inboxes with spam and robocall you to deathSum UpHeres how to be more secure on the internetGet frozen Credit freeze. All 6. For the kids too. (Dont raise lazy kids. Let them run up their own debt instead of having someone else do it.)Full disk encryption, firewall and backups Armor and reinforcements.Updates are annoying. Do them anywayMany security experts say this is numero uno.Apps are not Pokemon. Stop collecting them What you dont download cant hurt you.Your passwords bring shame upon your family Get a password manager and 2FA. Its as simple as 123456.Stock browsers are bad browsers Get foxy, baby.Dig a tunnel VPNs are the best kept secret in security. (Bonus they also let you watchregion-specific Netflix content.)The phone number is the new social security number Get a password from your cellular provider, or port your number to briefly turn your life into a spy thriller.Be more skeptical Please wire me $500. Its a gullibility tax.Be wary of the cloud and social media Think twice before putting anything important on computers that arent yours.Convinced They are watching you? Set traps Tweet-tweet, said the diabolical conspirator.Yeah, its a lot. Consider your threat model and do a little bit at a time. (No, you cant email me with your IT problems. Only my dad gets to do that.)If you want to get your info off those data broker sites, two excellent places to start the process arehereandhere. Also, in my nextweekly emailIll be sending out a PDF with an exhaustive list that will really help i mprove your online privacy, get you off marketing lists, and reduce the amount info out there that hackers can use against you. To make sure you get it, joinhere.And if you want to get more involved in the security and privacy cause, check out theEFF.I hope this will keep you, your loved ones and your beloved data that much safer.I mean, after all,Theyare watching our every move, you knowA canary told me.Join over 330,000 readers.Get a free weekly update via emailhere.This article first appeared on Bakadesuyo.com .You might also enjoyNew neuroscience reveals 4 rituals that will make you happyStrangers know your social class in the first seven words you say, study finds10 lessons from Benjamin Franklins daily schedule that will ersatzdarsteller your productivityThe worst mistakes you can make in an interview, according to 12 CEOs10 habits of mentally strong people
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.