Take pictures of your most important cards/papers and keep them both secure and available. What cards/papers? For example:
Drivers license
Medical insurance cards (in the US at least)
Birth Certificate
Passport
If you own a car, your automobile registration
In the US, a Social Security Card
For older Americans, a Medicare card
For a time, a COVID vaccination card was in this small group
For a homeowner, pictures of their home for insurance purposes
Maybe credit cards? If for nothing else, to have the phone number to call when the card is lost/stolen
etc. etc. etc.
A photo (front and back) is not as good as the original card, but it is waaaaaaay better than nothing.
It is important to keep these photos secure because they would easily lead to identity theft if a bad guy got ahold of them. But every coin has two sides, if they are stored in an extremely secure manner, they may be hard to get at in an emergency. One suggestion is to store them in a password manager on your phone and/or on a computer. I would suggest not using that password manager for anything else and not using its master password anywhere else either. These pictures are the key to our personal kingdoms.
Personally, I make one encrypted and password protected file out of all these photos and store that file both in my home and in the cloud using a secure storage provider, one of those listed on the Secure File Storage page.
Still another tactic, for anyone with an all-in-one printer/scanner/whatever, is to simply make copies of these important cards/papers.
Where to store the copies is a matter of opinion, but certainly keep them somewhere other than where the originals are kept.
ASSORTED STUFF
Web Browsing: Maybe install the Google Analytics opt-out browser add-on. This a browser extension for
Chrome, Safari, Firefox and Edge. It lets you prevent your data from being used by Google Analytics.
October 3, 2023: How to Take Back Control of Online Data With Apps Like Consumer Reports' Permission Slip by Kaveh Waddell of Consumer Reports. State laws passed in recent years give consumers the right to tell companies to stop selling their data to others, or telling them to delete it altogether. It takes a while to make each request, though, and hunting down all the different places your information lives would be an unending battle. Permission Slip is a free app, available on iOS and Android that provides information on how more than 100 companies use your personal information, and lets you request that they stop selling it, or that they delete it. FAQ.
If you are going to buy an external hard drive with a mechanical 3.5 hard disk, don't. This from the October 5, 2023 episode of the 2.5 Admins podcast where Jim Salter recommended buying the hard disk on its own and putting it in a case/caddy/enclosure that you also buy on your own. He claimed that mechanical 3.5 inch hard disks used in external hard drives are of lower quality than those sold on their own.
September 3, 2023: How to Use Proton Sentinel to Keep Your Accounts Safe by David Nield for Wired.
Proton describes their Sentinel feature as offering more protection than most people will need. It is aimed at people that need the most security such as journalists, government officials,
high-profile public figures, anyone who deals with sensitive data or anyone who might be a target for cyberattacks for whatever reason. It requires a paid account, the cheapest of which is the $10/month Unlimited account. It is also available on the $11/month Business account and the $20/month Family account. More from Proton: The Proton Sentinel high-security program (Aug 16, 2023).
Be very wary of files sent to you that you did not ask for. This applies on both desktop and mobile Operating Systems. Sometimes, just downloading them is enough to get infected with malware. Open these files on a Chromebook running in Guest Mode.
Do not trust the Geek Squad (which operates out of Best Buy). In June 2023 they sent someone to the home of someone I know to install a new all-in-1 HP printer. Then they called me. The printer was not USB connected to the PC, not Ethernet connected to the router and not on the WiFi network. Malpractice. And, the guy did not leave any cables behind. The Geek Squad said the Windows 10 computer was too old for the printer. This is a lie. All the Geek Squad person did was install HP software on an iPhone for someone who only uses Windows 10.
Kaspersky has an Online Privacy Checker that is not that. It is a static list of configuration suggestions for Instagram, Facebook, WhatsApp, TikTok, Twitter, Youtube, Google, Skype, LinkedIn, VK, Windows, macOS, iOS, Android, Edge, Firefox and Chrome. Each product has three levels of privacy options. The site is very slow and amateurish. There are no last update dates and it does not say which version(s) of the software it is targeting. Also, the navigation is confusing. The site copyright is 2021, so it may have already been abandoned. Not that it can't be useful. Here are some examples:
The website JustGetMyData is a directory of links for you to obtain your data from assorted services. It rates each company as to whether the process is easy,medium or hard. Easy: Google, Facebook, Apple, Tinder. Hard: Zoom, Microsoft, Adobe, Craigslist. A companion website, JustDeleteMe offers links to delete your account from assorted services. More: This Simple Tool Will Help You See What Websites Know About You by Matthew Gault of Vice (Jan. 2021). Michael Bazzell has a Data Removal Guide for removing your personal information from data broker and credit reporting services (Last updated April 2022).
Don't take computing advice from the mainstream media. Many reporters that cover technology are Art History majors that do not understand the stuff they write about. Thus, they often make bad Defensive Computing suggestions. For example, have you ever seen an article suggest using a Chromebook in Guest Mode when accessing sensitive/financial websites? I have not.
Mobile Device Best Practices from the National Security Agency. October 2020. A two page PDF. Some of it is just a round-up the usual suspects. But also: disable Location, Bluetooth and Wi-Fi when not using them. Power cycle the phone weekly.
The more you know about DNS the better. My Router Security website has both a short and long explanation along with a list of websites that show your currently used DNS servers. Get in the habit of checking the active DNS servers, especially when traveling.
Before you use a new USB flash drive, plug it into a Chromebook running in Guest mode and format it from there. In the same vein, If you don't know where a flash drive came from, the only computer you should plug it into is a Chromebook running in Guest mode. Malicious USB flash drives are a common tactic for infecting the computers of people who have not read this website. Running Linux off a bootable CD/DVD disc is also a safe environment. However, a USB flash drive can also destroy a computer. The usbkill.com drive overloads the circuits, converting a computer into a paper weight. So, a low end Chromebook is probably best.
More on the USB Flash Drive page.
Also, there is a Malicious Cable Detector by O.MG that claims to detect all types of malicious USB cables. As of August 2023, it sold for $40.
There is a chance that the camera on a computing device could be activated without your being aware of it. The defense is old school: cover the camera lens with something opaque (band-aid, tape). Try to avoid adhesive directly over the lens.
Speaking of laptop computers, they have microphones that are typically impossible to mute. This article: Why your laptop's always-listening microphone should be as easy to block as your webcam (June 2019) mentions some models that can disable the microphone. My T series Thinkpad can. Laptops from Framework have hardware off-switches for both the microphone and webcam. They are also extremely repairable (Sept 2021). The
$200 PineBook Pro Linux laptop can also mute the mic. On macOS, you can install
OverSight to be warned both when the mic is activated and when something accesses the webcam.
Or, you can buy the Mic-Lock microphone blocker for $7 (as of Feb 2020). It plugs into the 3.5mm microphone/headphone port on a laptop, phone, or tablet and tricks the device into thinking that a microphone is connected. For more on this, see the Dec 13, 2019 episode of the Privacy, Security and OSINT podcast,
Camera & Microphone Blocking. In Windows 10, turn off the mic at: Settings -> Privacy -> Microphone. In macOS turn it off at: System Preferences -> Security & Privacy -> Privacy -> Microphone.
Whenever you are offered the choice to Login With Google or Login With Facebook, don't do it. iOS 13 will introduce a new competing system: Login with Apple. As of July 2019, it is too soon to form an opinion on it, but it will let Apple read your email, something they could not do without it.
A very sneaky trick that some websites pull is making third party cookies look like first party cookies. Everyone allows first party cookies so this lets you be tracked. The website trackingthetrackers.com tests for this and reports on it. Great service.
The Princeton IoT Inspector software only runs on macOS High Sierra and Mojave (not Catalina as of Feb 2020). It lets you spy on the IoT devices that normally spy on you.
At dehashed.com you can search for your physical address, email address, userid and/or phone number to see if they have been leaked in a data breach.
I read an article that said victims of Identity Theft should go to ftccomplaintassistant.gov and I wondered if that site was legitimate. That is, is it really from the Federal Trade Commission, a division of the US Government? We have already seen that just having "FTC" in the name means nothing. The FTC has their own website at ftc.gov, so why the need for another domain name? Instead of a new domain, they could (read should) have used complaintassistant.ftc.gov or ftc.gov/complaintassistant. Both leave no doubt that they are from the FTC.
On thing pointing to its being a scam is that the home page of ftc.gov has a link to identitytheft.gov for reporting identity theft. There is no link on the FTC home page to ftccomplaintassistant.gov. And, identitytheft.gov has its own assistant (identitytheft.gov/Assistant) which does not link to ftccomplaintassistant.gov.
Looking at the ftccomplaintassistant.gov site, the first thing to notice is that it does not have the extra identity assurance. If it is legit, that would be pretty ironic, eh? In techie terms the site is Domain Validated (DV) rather than having Extended Validation (EV).
All domains have to be registered and whoever pays for the registration can chose to make their identity public, or not. Looking up this information is called a Whois search and every company that registers domains offers a Whois search. However, this turned out to be a dead end. I could find no Whois information for any .gov websites.
A couple things point to the site being legit. There is a page on ftc.gov with consumer information about Identity Theft and it has a link to "File a Consumer Complaint" that goes to ftccomplaintassistant.gov. And, while the home page of identitytheft.gov has no links to ftccomplaintassistant.gov, an examination of the underlying html (i.e. page source) showed that pulls in a script from chat.ftccomplaintassistant.gov.
So, is it legit? I would have to call the FTC on the phone and ask them.
On a related note, ftccomplaintassistant.com is definitely bad news. That was an easy call.
JUICE JACKING
USB cables normally carry both data and electricity. Data can be a problem, as it is an avenue through which a device can be attacked. The attack is called Juice Jacking (maybe Juice-Jacking) and the potential danger was first raised back in 2011. There are multiple defenses (see below) but the most commonly suggested defense is a USB cable that only does power. These cables go by multiple names: Power-Only cables, Charge-Only cables, USB Data Blockers or a USB condom.
This excellent article USB Data Blocker Teardown (Aug 2020) explains three different types of USB data blockers.
Protect your data with a USB condom by Adrian Kingsley-Hughes for ZDNet. April 11, 2023.
With two different popular types of USB ports, you may need multiple USB condoms: There are: USB-A-to-USB-A, USB-A-to-USB-C, and USB-C-to-USB-C.
The Krebs article was one a number of articles in April 2023 that asked just how likely such an attack is. It was probably the best. Another was: Actually, Charging Your Phone in a Public USB Port Is
Fine by Heather Tal Murphy for Slate. April 13, 2023. Despite the click bait headline, the article does recommend using a USB condom. It is mostly a takedown of how the tech press works. It says there are no known instances of a phone being hacked due to plugging into a public USB port. Still, this assumes that installing malware on a phone is
the only danger and ignores the issue of files that might be visible over the data connection - files that can be copied and thus leave no trace on the phone. The article also says that new Android and iPhones ask whether you want to share data or charge only when they plug into a USB port that is set up to capture data. Of course, a victim can answer the question wrong. And, the articles does not not define "new" so its not clear when this feature was added.
This page: 6 views per day (over 654 days) Total views: 3,694 Created: April 13, 2023