Personal information is like money & cryptos
- Value it
- Protect it
Information to protect – Protect your Meta Data
- What you search for online
- Where you shop
- What apps and games you play
- What crypto wallets you use
- What crypto exchanges you visit
We will cover how to protect your Meta Data later
Keep security software current on all devices that connect to the internet
- Keep your desktop OS up to date
- Keep your mobile device up to date
- Keep your crypto hardware wallets up to date.
- Make sure to update both software & firmware
- This includes Browsers, anti virus apps, etc.
- stops threats
- keeps things running smoothly
General Ideas To Remember
Lock your computer when you are not going to use it.
- Log out
- Shut off
- Enable a feature to lock your computer when you are away for a set period of time.
Take out the Trash
- Remember to empty your computer & email trash
- Don’t use the trash can as a hold spot
- You’ll leave important documents available to being undeleted
Pick the correct name
- Don’t name your computer anything personal or identifiable
- If your computer / mobile device is leaked, it could identify who you are.
Delete un-needed software and apps
- If you downloaded a program to use for a project like planning a trip or looking for a house, delete it when you are done. You can always download it again when needed.
- This is important for mobile devices and tracking
- Apps do things you have no idea they are doing. (see below)
Install a paid anti-virus / anti-malware software.
- If you are going to install something that will protect you, don’t use free. Use a paid service or FOSS.
The Price of Free Software
- Why your free software is never free
- The Cost of Avast’s Free Antivirus: Companies Can Spy on Your Clicks
- Beware – this popular free VPN could be spying on your internet browsing
What is FOSS?
Free and open-source software (FOSS) is software that can be classified as both free software and open-source software.[a] That is, anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve the design of the software. This is in contrast to proprietary software, where the software is under restrictive copyright licensing and the source code is usually hidden from the users.https://en.wikipedia.org/wiki/Free_and_open-source_software
Examples of FOSS
- Microsoft Office Replacement
- Signal Messaging
- State-of-the-art end-to-end encryption (powered by the open source Signal Protocol) keeps your conversations secure.
- Photoshop Replacement
- Password Manager
- A great, secure OS to install on your computer
- Clean Your System and Free Disk Space
- Wipe an email server
- Algo VPN
- Set up your own VPN server(s)
- BitCoin & most blockchains
- Use a secure email service, not common email services like gmail, yahoo, etc
- Sending mail across the internet is ALWAYS insecure.
- Use services like Proton mail and Tutanota
- You can send encrypted mail.
- it will bring the user back to the proton mail website, but it will be encrypted.
- you must manually select this option before sending mail.
Is Your Email Leaking Who You Are?
Some email services can leak information about you
- IP address
- Name of your computer
- Name of your mobile device
- The area in yellow identified the user who sent me this email. It gave me the IP address of their computer.
- I’ve had others that gave me the name of their iPhone which identified who they were. Don’t name your iPhone or Android “Mike Smith iPhone”
- Use a less mainstream browser that can be hardened. Selecting a browser is a personal choice.
- Tor is for advanced users. Many sites block Tor connections
- Move away from google for searches.
- 12 Google Alternatives: Best Search Engines To Use In 2020
- Clear temp data like cookies
- Enable privacy settings on the browser
- Use “Private Window” when you surf
Are Things Real
- Make sure you are using trusted extensions
- Visit a company website’s link back to it’s browser extension page
- Make sure you are visiting the correct website
- Check the SSL certificate of a website
AntiVirus and Anti-Malware
- Installing Antivirus software on your computer is a controversial topic.
- The need to install Antivirus software depends on your computer habits
- Are you a safe surfer?
- What type of email habits do you have?
- What are your clicking habits like?
- You might not need to install software
Are you losing privacy installing Antivirus software
The answer is simple: YES. But, you need to recognize the trade-off of Privacy vs Security.
Antivirus software scans every file on your computer
- Is Your Antivirus Software Spying on You?
- Selling your data to third-party advertisers
- Decrypting encrypted web traffic
- Installing potentially unwanted programs on your computer
- Cooperating with governments
- Undermining security and giving hackers access to private data
- Choose your antivirus software wisely
- Don’t be the product, pay for your antivirus.
- Read the end user license agreement
- Read installation options
- Customize privacy settings
- Read reviews about the product
- Including what endusers have to say about the product
Experts are suggesting Windows Security is as good paid Anti-virus
- Why you can stop paying for antivirus software
- Microsoft’s Windows Security (formerly Windows Defender) is now on par with paid solutions such as McAfee and Norton
Practice Safe Clicking
- Don’t just click on any link in an email or on a website.
- Know your endpoint
- All modern browsers will allow you to see the link that you are about to click on when you “mouse over” a link. The URL should show up toward the bottom of the page.
Keep Antivirus Software Updated
Don’t wait to do the update, Do the update
- Don’t turn off updates, think of them as an important security measure
- Take your time doing the update, don’t rush through it
- Updates fix vulnerabilities
- Updates add functionality
- Replace old OS. Don’t use Windows or Mac OS’s that can’t be updated or are obsolete.
- Windows 7
- Older Mac OS
Software is not the only thing that needs to be updated
- Computers and Smart devices are an important tool in our lives
- Consider the wisdom of using older hardware to store your hardware wallets. There may be a better option.
- Upgrade outdated hardware
- Smart phones
- Network devices
- Update firmware regularly
- Internet modem
- Internet router
- Wireless router
- Hardware wallets
Mobile Devices & Apps
Smart phone and device users need to be careful of what they install on their device.
Mac iOS Users
- TikTok caught spying on users
- LinkedIn caught spying on users
- iOS 14 Exposes Apps That Spy On Your Clipboard Data
- iOS 14 flags TikTok, 53 other apps spying on iPhone clipboards
Wait, let’s just show you the list caught so far….
|Call of Duty||Al Jazeera English||Russia Today|
|Fruit Ninja||CBC News||Stern Nachrichten|
|PUBG Mobile||CBS News||The Economist|
|Accuweather||CNBC||The Huffington Post|
|AliExpress||Fox News||The Wall Street Journal|
|Google News||News Break||Vice News|
|Tik Tok||New York Times||Hotels.com|
|Overstock||ntv Nachrichten||The Weather Network|
|Tok||8 Ball Pool||Zoosk|
|Block Puzzle||Plants vs Zombies Heroes||Bed Bath & Beyond|
- These are the ones caught so far.
- What happens when you copy a password?
- There is no good reason these apps need access to your clipboard, giving them access to harvest it
- Until these apps push out updates that fix the clipboard issues, beware of what you copy onto your devices.
- If you think that this issue only exists on iOS, you’d be wrong. It impacts Android users as well.
- Most Android apps can even access clipboard data when they are in the background.
- This makes it even more dangerous than iOS.
- Android changed this behavior with version 10, but we know these updates are not available to all Android device users.
- Be cautious using hot spots
- Don’t use only WiFi Hotspots.
- Know who you are connecting to.
- Do not transmit personal info or make purchases on unsecured networks (such as free wifi at the cafe or hotel).
- Use your VPN when connecting to WiFi hotspots outside your home.
Tracking while using WiFi
- Some stores will use WiFi and Bluetooth to track your movements in stores and when you are in range.
- In Stores, Secret Surveillance Tracks Your Every Move
- HomeDepot was horrible and always forced my AT&T WiFi connection to be enabled while in the store’s range.
- I tried to delete that connection several times, but it kept coming back.
- It was not HomeDepot that was forcing this, it was AT&T.
Smart Advice for Smart Phones
- Secure your device
- Use strong passwords & passcodes
- Biometrics – Fingerprint reader or facial recognition is an on-again-off-again feature depending on where you are.
- If you have biometrics enabled, turn off your finger print and facial recognition options when:
- going to a peaceful protest
- going to a protest of any kind
- boarding a plane
- crossing a country border (you have little to no rights crossing)
- in the US dealing with TSA
- when traveling via plane, boat or train
- If you have biometrics enabled, turn off your finger print and facial recognition options when:
- Turn off Analytics on your phone
- Check permissions on each app
- Only give it what it needs.
- The Weather app might need your location, but it doesn’t need your camera.
- Only allow apps to have your data location when it needs it
- Disable Radio Signals when not being used.
- Turn off Bluetooth when you aren’t using it.
- Best practices for security and saving battery life.
- Close your apps when you aren’t using them
- Accessing your clipboard is easy when the app is running
- Bluesnarfing – Hacker pairs with your Bluetooth device without your knowledge
- Eavesdropping – Eavesdroppers trick you into pairing with their devices by misspelling the name of a device your device trusts
- Denial of service – Crash your devices and start denying you services
- Viruses and worms – You download malware from counterfeit websites and apps
- Bluetooth headsets vulnerability – Hackers can open up Bluetooth headsets and eavesdrop on the conversations around you
Practice Safe Bluetooth
- Turn Bluetooth off when you don’t use it
- Rejecting pairing requests from unknown devices
- Keeping your firmware updated at all times
- Buy a device that has sufficient security features
- Make sure auto connect is not enabled for Bluetooth
Stingrays & IMSI Catchers
Cell-site simulators, also known as Stingrays or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower. Stingrays impersonate a legitimate cell phone tower in order to trick mobile devices into connecting to them and revealing information about their user’s location and potentially giving up personal data.
- Cell-site simulators can also log IMSI numbers (International Mobile Subscriber Identity) of all of the mobile devices within a given area.
- Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. They can track you without a warrant.
- Some cell-site simulators may have advanced features allowing law enforcement to intercept communications or even alter the content of communications.
- Some rogue towers will also attempt to intercept encrypted mobile communication by forcing a phone to downgrade from a 3G or 4G network connection to a 2G network—a less secure network that doesn’t authenticate cell towers to the phone and contains vulnerabilities that make it easier to decrypt secure communication.
- A Stingray isn’t just used to triangulate your position, it can ask your cell phone to turn on it’s GPS and send an exact location. This is part of the E911 service.
Are your calls being intercepted? 17 fake cell towers discovered in one month (Computerworld 2014)
Fake Cell Towers Allow the NSA and Police to Keep Track of You (Newsweek 2014)
Hacker Lexicon: Stingrays, the Spy Tool the Government Tried, and Failed, to Hide (Wired 2016)
Protecting High-Level Personnel from IMSI Catchers (Security Magazine 2020)
Mitigation Steps Against Stingrays
- If your smartphone allows it, turn off 2G support. Doing so greatly reduces the capabilities of IMSI catchers.
- When traveling through chokepoints (like airports and border crossings) where there’s a greater chance of IMSI catchers, turn off your smartphone or use an RF-shielding device, such as a Faraday bag. Neither option completely reduces RF emissions but can minimize them greatly.
- Use communication apps featuring end-to-end encryption, ensuring that captured content cannot be easily deciphered. Use Signal for text and voice communication.
Safe Surfing – Reduce Your Digital Footprint
Understand that you create or add to your digital footprint each time you’re on the net.
- A digital foot print is any piece of data on the internet tied back to you
- Your digital footprint paints a picture of who you are
- Your digital footprint is all the stuff you leave behind as you use the internet
- Comments on social media
- Skype calls
- App usage
- it’s part of your online history and can potentially be seen by other people, or tracked in a database.
- Retailers and product review sites often leave cookies on your system which can track your movement from site to site.
- These cookies will show targeted advertisements on products you’ve been recently reading about or looking at online.
- Some websites will build a list of different devices you have used to visit those sites.
- This can help secure your account, but it is important to understand this information is being collected about your habits.
- All those +1s, Retweets, and Facebook comments (even private ones) leave a record.
Everyday, whether we want to or not, most of us contribute to a growing portrait of who we are online; a portrait that is probably more public than most of us assume. So no matter what you do online it’s important that you know what kind of trail you’re leaving, and what the possible effects can be. These tutorials help you to not only learn about your digital footprints, but help you make the right choices for you.
Time to DeGoogle
Let’s start with getting rid of
Big Brother Google. It’s true, Google stores your user data, but you have some control.
- The DeGoogle movement (also called the de-Google movement) is a grassroots campaign. Many privacy activists are urging users to stop using Google products entirely. There are growing privacy concerns regarding the company.
- The term refers to the act of removing Google from one’s life. The growing market share of the internet giant creates monopolistic power for the company in digital spaces.
- You should start the process to DeGoogle your life.
How to delete or turn off ‘My Activity’ in your Google account – Step by step instructions
- Disable everything in the Google “My Activity Page”
- In the main section of the My Activity section of your Google account, you’ll be able to view and delete your usage data, Voice & Audio data, Google Assistant data (searches, smart home control, etc.), search data, and ads.
- If you don’t want to delete your stored Google usage data, you can still pause certain tracking aspects.
- Disable everything in the Google “My Activity Page”
How To De-Google-ify Your Life: The Complete Guide To Leaving Google
Alternatives to current Google apps.
Steps To Take When Creating Accounts Or Updating Old Accounts
- Know the site you are visiting
- Make sure to use the least amount of personal data
- Manipulate the data so it really doesn’t match you.
- Use an email address that can’t be tied back to you.
- Create a “Social media” email address
- Create a “Sign up for free offers” email address
- Create a “Banking only” email address
- If you still have an account on a site you no longer use, log in and change all the information, including the email and then delete it.
- If you want to see how easy it might be to delete a particular account, check out this site https://justdeleteme.xyz/
- When you add a Password manager to your life, it’s a great time to delete accounts that you don’t use.
- Use fake information for a website’s security information.
- If a site asks you for “The city you were born in”, make something up.
- Don’t give a site the ability to leak your personal information if it’s ever hacked.
- Store this fake information in your Password Manager’s notes area
- Enable privacy settings for each service
- Make sure you know what the default privacy settings are for your social media accounts, and keep an eye on them.
- Sites often introduce new policies and settings that increase the visibility of your data.
- Sites rely on you just clicking “OK” to whatever terms they are introducing, without reading them.
- Use bogus information if it really doesn’t effect your Social Information
- I never give out my correct birthday. I always give the same wrong birthday so I remember it, but it couldn’t be tracked back to me. I’m much younger online.
- Don’t talk to strangers. Only use it for people you know.
- I am aware this rule won’t work for dating sites.
- Don’t share personal information with people you don’t know.
- Only give the information that is required and nothing more.