Safe Practices for your Desktop & Mobile Devices

Personal information is like money & cryptos

  • Value it
  • Protect it

Information to protect – Protect your Meta Data

  • What you search for online
  • Where you shop
  • What apps and games you play
  • What crypto wallets you use
  • What crypto exchanges you visit

We will cover how to protect your Meta Data later

Keep security software current on all devices that connect to the internet

  • Keep your desktop OS up to date
  • Keep your mobile device up to date
  • Keep your crypto hardware wallets up to date.
  • Make sure to update both software & firmware
  • This includes Browsers, anti virus apps, etc.
    • stops threats
    • keeps things running smoothly

General Ideas To Remember

Lock your computer when you are not going to use it.

  • Log out
  • Shut off
  • Enable a feature to lock your computer when you are away for a set period of time.

Take out the Trash

  • Remember to empty your computer & email trash
  • Don’t use the trash can as a hold spot
  • You’ll leave important documents available to being undeleted

Pick the correct name

  • Don’t name your computer anything personal or identifiable
  • If your computer / mobile device is leaked, it could identify who you are.

Delete un-needed software and apps

  • If you downloaded a program to use for a project like planning a trip or looking for a house, delete it when you are done. You can always download it again when needed.
  • This is important for mobile devices and tracking
  • Apps do things you have no idea they are doing. (see below)

Install a paid anti-virus / anti-malware software.

  • If you are going to install something that will protect you, don’t use free. Use a paid service or FOSS.

The Price of Free Software

What is FOSS?

Free and open-source software (FOSS) is software that can be classified as both free software and open-source software.[a] That is, anyone is freely licensed to use, copy, study, and change the software in any way, and the source code is openly shared so that people are encouraged to voluntarily improve the design of the software.[3] This is in contrast to proprietary software, where the software is under restrictive copyright licensing and the source code is usually hidden from the users.

https://en.wikipedia.org/wiki/Free_and_open-source_software

Examples of FOSS

Email

  • Use a secure email service, not common email services like gmail, yahoo, etc
  • Sending mail across the internet is ALWAYS insecure.
  • Use services like Proton mail and Tutanota
    • You can send encrypted mail.
    • it will bring the user back to the proton mail website, but it will be encrypted.
    • you must manually select this option before sending mail.

Is Your Email Leaking Who You Are?

Some email services can leak information about you

  • IP address
  • Name of your computer
  • Name of your mobile device
  • The area in yellow identified the user who sent me this email. It gave me the IP address of their computer.
  • I’ve had others that gave me the name of their iPhone which identified who they were. Don’t name your iPhone or Android “Mike Smith iPhone”

Browsers

  • Use a less mainstream browser that can be hardened. Selecting a browser is a personal choice.
    • Brave
    • Firefox
    • Tor
      • Tor is for advanced users. Many sites block Tor connections
  • Move away from google for searches.
  • Clear temp data like cookies
  • Enable privacy settings on the browser
  • Use “Private Window” when you surf

Are Things Real

  • Make sure you are using trusted extensions
    • Visit a company website’s link back to it’s browser extension page
  • Make sure you are visiting the correct website
  • Check the SSL certificate of a website

AntiVirus and Anti-Malware

  • Installing Antivirus software on your computer is a controversial topic.
  • The need to install Antivirus software depends on your computer habits
    • Are you a safe surfer?
    • What type of email habits do you have?
    • What are your clicking habits like?
  • You might not need to install software

Are you losing privacy installing Antivirus software

The answer is simple: YES. But, you need to recognize the trade-off of Privacy vs Security.
Antivirus software scans every file on your computer

  • Is Your Antivirus Software Spying on You?
    • Selling your data to third-party advertisers
    • Decrypting encrypted web traffic
    • Installing potentially unwanted programs on your computer
    • Cooperating with governments
    • Undermining security and giving hackers access to private data
    • Choose your antivirus software wisely
      • Don’t be the product, pay for your antivirus.
      • Read the end user license agreement
      • Read installation options
      • Customize privacy settings
      • Read reviews about the product
        • Including what endusers have to say about the product

Experts are suggesting Windows Security is as good paid Anti-virus

Practice Safe Clicking

  • Don’t just click on any link in an email or on a website.
  • Know your endpoint
  • All modern browsers will allow you to see the link that you are about to click on when you “mouse over” a link. The URL should show up toward the bottom of the page.

Keep Antivirus Software Updated

Don’t wait to do the update, Do the update

  • Don’t turn off updates, think of them as an important security measure
  • Take your time doing the update, don’t rush through it
  • Updates fix vulnerabilities
  • Updates add functionality
  • Replace old OS. Don’t use Windows or Mac OS’s that can’t be updated or are obsolete.
    • WindowsXP
    • Windows 7
    • Older Mac OS

Software is not the only thing that needs to be updated

  • Computers and Smart devices are an important tool in our lives
  • Consider the wisdom of using older hardware to store your hardware wallets. There may be a better option.
  • Upgrade outdated hardware
    • Smart phones
    • Computers
    • Network devices
  • Update firmware regularly
    • Internet modem
    • Internet router
    • Wireless router
    • Hardware wallets

Mobile Devices & Apps

Smart phone and device users need to be careful of what they install on their device.

Mac iOS Users

Wait, let’s just show you the list caught so far….

LinkedInABC NewsReuters
Call of DutyAl Jazeera EnglishRussia Today
Fruit NinjaCBC NewsStern Nachrichten
PUBG MobileCBS NewsThe Economist
AccuweatherCNBCThe Huffington Post
AliExpressFox NewsThe Wall Street Journal
Google NewsNews BreakVice News
Tik TokNew York TimesHotels.com
RedditNPRHotel Tonight
Overstockntv NachrichtenThe Weather Network
PaetronViberSky Ticket
ToTalkWeiboTruCaller
Tok8 Ball PoolZoosk
BejeweledAmaze!!!Golfmasters
Block PuzzlePlants vs Zombies HeroesBed Bath & Beyond
List as of August 12, 2020
  • These are the ones caught so far.
  • What happens when you copy a password?
  • There is no good reason these apps need access to your clipboard, giving them access to harvest it
  • Until these apps push out updates that fix the clipboard issues, beware of what you copy onto your devices.

Android Users

  • If you think that this issue only exists on iOS, you’d be wrong. It impacts Android users as well.
  • Most Android apps can even access clipboard data when they are in the background.
    • This makes it even more dangerous than iOS.
    • Android changed this behavior with version 10, but we know these updates are not available to all Android device users.

Hot Spots

  • Be cautious using hot spots
  • Don’t use only WiFi Hotspots.
  • Know who you are connecting to.
  • Do not transmit personal info or make purchases on unsecured networks (such as free wifi at the cafe or hotel).
  • Use your VPN when connecting to WiFi hotspots outside your home.

Tracking while using WiFi

Smart Advice for Smart Phones

  • Secure your device
    • Use strong passwords & passcodes
    • Biometrics – Fingerprint reader or facial recognition is an on-again-off-again feature depending on where you are.
      • If you have biometrics enabled, turn off your finger print and facial recognition options when:
        • going to a peaceful protest
        • going to a protest of any kind
        • boarding a plane
        • crossing a country border (you have little to no rights crossing)
        • in the US dealing with TSA
          • when traveling via plane, boat or train
  • Turn off Analytics on your phone
  • Check permissions on each app
    • Only give it what it needs.
    • The Weather app might need your location, but it doesn’t need your camera.
      • Only allow apps to have your data location when it needs it
  • Disable Radio Signals when not being used.
    • Turn off Bluetooth when you aren’t using it.
    • Best practices for security and saving battery life.
  • Close your apps when you aren’t using them
    • Accessing your clipboard is easy when the app is running

Bluetooth Vulnerabilities

The Top 5 Bluetooth Security Vulnerabilities

  1. Bluesnarfing – Hacker pairs with your Bluetooth device without your knowledge
  2. Eavesdropping – Eavesdroppers trick you into pairing with their devices by misspelling the name of a device your device trusts
  3. Denial of service – Crash your devices and start denying you services
  4. Viruses and worms – You download malware from counterfeit websites and apps
  5. Bluetooth headsets vulnerability – Hackers can open up Bluetooth headsets and eavesdrop on the conversations around you

Practice Safe Bluetooth

  • Turn Bluetooth off when you don’t use it
  • Rejecting pairing requests from unknown devices
  • Keeping your firmware updated at all times
  • Buy a device that has sufficient security features
  • Make sure auto connect is not enabled for Bluetooth

Contact Tracing uses Bluetooth
The Inventors Of Bluetooth Say There Could Be Problems Using Their Tech For Contact Tracing
How Apple and Google Are Enabling Covid-19 Contact-Tracing

Stingrays & IMSI Catchers

Cell-site simulators, also known as Stingrays or IMSI catchers, are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower. Stingrays impersonate a legitimate cell phone tower in order to trick mobile devices into connecting to them and revealing information about their user’s location and potentially giving up personal data.

  • Cell-site simulators can also log IMSI numbers (International Mobile Subscriber Identity) of all of the mobile devices within a given area.
  • Law enforcement use cell-site simulators to pinpoint the location of phones with greater accuracy than phone companies. They can track you without a warrant.
  • Some cell-site simulators may have advanced features allowing law enforcement to intercept communications or even alter the content of communications.
  • Some rogue towers will also attempt to intercept encrypted mobile communication by forcing a phone to downgrade from a 3G or 4G network connection to a 2G network—a less secure network that doesn’t authenticate cell towers to the phone and contains vulnerabilities that make it easier to decrypt secure communication.
  • A Stingray isn’t just used to triangulate your position, it can ask your cell phone to turn on it’s GPS and send an exact location. This is part of the E911 service.

Are your calls being intercepted? 17 fake cell towers discovered in one month (Computerworld 2014)
Fake Cell Towers Allow the NSA and Police to Keep Track of You (Newsweek 2014)
Hacker Lexicon: Stingrays, the Spy Tool the Government Tried, and Failed, to Hide (Wired 2016)
Protecting High-Level Personnel from IMSI Catchers (Security Magazine 2020)

Mitigation Steps Against Stingrays

  • If your smartphone allows it, turn off 2G support. Doing so greatly reduces the capabilities of IMSI catchers.
  • When traveling through chokepoints (like airports and border crossings) where there’s a greater chance of IMSI catchers, turn off your smartphone or use an RF-shielding device, such as a Faraday bag. Neither option completely reduces RF emissions but can minimize them greatly.
  • Use communication apps featuring end-to-end encryption, ensuring that captured content cannot be easily deciphered. Use Signal for text and voice communication.

Safe Surfing – Reduce Your Digital Footprint

Understand that you create or add to your digital footprint each time you’re on the net.

  • A digital foot print is any piece of data on the internet tied back to you
  • Your digital footprint paints a picture of who you are
  • Your digital footprint is all the stuff you leave behind as you use the internet
    • Comments on social media
    • Skype calls
    • App usage
    • Email
    • it’s part of your online history and can potentially be seen by other people, or tracked in a database.
  • Retailers and product review sites often leave cookies on your system which can track your movement from site to site.
    • These cookies will show targeted advertisements on products you’ve been recently reading about or looking at online.
  • Some websites will build a list of different devices you have used to visit those sites.
    • This can help secure your account, but it is important to understand this information is being collected about your habits.
  • All those +1s, Retweets, and Facebook comments (even private ones) leave a record. 

Everyday, whether we want to or not, most of us contribute to a growing portrait of who we are online; a portrait that is probably more public than most of us assume. So no matter what you do online it’s important that you know what kind of trail you’re leaving, and what the possible effects can be. These tutorials help you to not only learn about your digital footprints, but help you make the right choices for you.

Time to DeGoogle

Let’s start with getting rid of Big Brother Google. It’s true, Google stores your user data, but you have some control.

  • The DeGoogle movement (also called the de-Google movement) is a grassroots campaign. Many privacy activists are urging users to stop using Google products entirely. There are growing privacy concerns regarding the company.
  • The term refers to the act of removing Google from one’s life. The growing market share of the internet giant creates monopolistic power for the company in digital spaces.
  • You should start the process to DeGoogle your life.

    How to delete or turn off ‘My Activity’ in your Google account – Step by step instructions
    • Disable everything in the Google “My Activity Page”
      • In the main section of the My Activity section of your Google account, you’ll be able to view and delete your usage data, Voice & Audio data, Google Assistant data (searches, smart home control, etc.), search data, and ads.
      • If you don’t want to delete your stored Google usage data, you can still pause certain tracking aspects.

How To De-Google-ify Your Life: The Complete Guide To Leaving Google
Alternatives to current Google apps.

Steps To Take When Creating Accounts Or Updating Old Accounts

  • Know the site you are visiting
  • Make sure to use the least amount of personal data
  • Manipulate the data so it really doesn’t match you.
  • Use an email address that can’t be tied back to you.
    • Create a “Social media” email address
    • Create a “Sign up for free offers” email address
    • Create a “Banking only” email address
  • If you still have an account on a site you no longer use, log in and change all the information, including the email and then delete it.
    • When you add a Password manager to your life, it’s a great time to delete accounts that you don’t use.
  • Use fake information for a website’s security information.
    • If a site asks you for “The city you were born in”, make something up.
    • Don’t give a site the ability to leak your personal information if it’s ever hacked.
    • Store this fake information in your Password Manager’s notes area

Social Media

  • Enable privacy settings for each service
    • Make sure you know what the default privacy settings are for your social media accounts, and keep an eye on them.
    • Sites often introduce new policies and settings that increase the visibility of your data. 
    • Sites rely on you just clicking “OK” to whatever terms they are introducing, without reading them.
  • Use bogus information if it really doesn’t effect your Social Information
    • I never give out my correct birthday. I always give the same wrong birthday so I remember it, but it couldn’t be tracked back to me. I’m much younger online.
  • Don’t talk to strangers. Only use it for people you know.
    • I am aware this rule won’t work for dating sites.
    • Don’t share personal information with people you don’t know.
  • Only give the information that is required and nothing more.