Five Steps to Protecting Your Home Address

Achieving comprehensive personal privacy is a complicated goal involving a lot of complex, discrete steps. On this blog I (and on the podcast we) spend a lot of time focusing on the highly specific, individual steps. Often we fail to provide a lot of context for why we’re doing them, or how they fit into the bigger picture. This was called to my attention recently when an old friend contacted me. He has a legitimate safety reason to wish to be more private, and asked me for advice. Unfortunately, I don’t have a single blog post or podcast episode I could offer him that effectively introduces the basic steps of protecting your home address. Continue reading “Five Steps to Protecting Your Home Address”

Coinbase Review – Bitcoin Simplified I

Some of you have asked about using Bitcoin. Bitcoin has some amazing privacy advantages, but the process can be intimdating. Additionally, using Bitcoin requires giving up your bank account information which can be a scary prospect. Coinbase is an online Bitcoin wallet that makes using Bitcoin easy and intuitive. In Part I of this Coinbase review I am going to talk about the security of the service. Hopefully this will allay some of your fears about using Bitcoin. The next part will talk about actually using Bitcoin. Continue reading “Coinbase Review – Bitcoin Simplified I”

Smartphone Bluetooth Interface Security

This post is a continuation of the series on smartphone interfaces and will cover Bluetooth interface security. Let me begin by saying that Bluetooth security is not as bad as it once was. As with the other articles in the series I will cover both the security and privacy concerns around this interface. Continue reading “Smartphone Bluetooth Interface Security”

DeleteMe – Privacy for Hire?

As readers here know, I really like Abine’s privacy service, Blur. What you may not know is that Abine also offers a service to protects privacy in another way. DeleteMe is Abine’s automated “opt-out” service. If you have read Hiding From the Internet or The Complete Privacy and Security Desk Reference, you know that opting out yourself can be frustrating and time consuming. The allure of services like these is in their convenience. You pay for the service, then carry on with life. Within a few months, your stuff is gone. Or so they say. I decided that I want to see for myself how services like this work, so I reached out to DeleteMe… Continue reading “DeleteMe – Privacy for Hire?”

Vehicle Privacy and Security

After hearing my recent interview with Aaron on the In the Rabbit Hole Urban Survival Podcast a couple weeks ago, I realized that I’ve yet to talk about vehicle privacy and security. For those of us in North America, vehicles are a way of life. Vehicles present some unique privacy and security challenges. In this post I’m going to talk about a few things you can do to improve vehicle privacy and security. Most requires some minor behavioral modification. Continue reading “Vehicle Privacy and Security”

ProtonMail Premium Review

Email is a service that we all rely on. Finding an email provider that promises a good balance of privacy, security, and convenience is a fraught proposition, however. As readers here doubtlessly know, I have huge privacy concerns around email. I hate giving out my real email address if possible, because it equates to attack surface (more on this later). I also hate using the same email for multiple services, but this creates major convenience problems. And I can’t store email with providers that either a.) dont’ store my data securely or b.) store it securely but scrape it for marketing purposes. Readers here also know I am a big fan of ProtonMail. This is why I decided to give ProtonMail Premium a try. Continue reading “ProtonMail Premium Review”

Tattoos, Tattoo Recognition, and Privacy

When I was a kid, people with tattoos were pretty few and far between.  If you had ink there was a good chance you’d been in the military or jail.  If you had tattoos on your hands, head, or neck you had almost certainly been to jail, or were, at very least, somone people didn’t want to mess with. These days a guy (or girl) with knuckle tattoos is just as likely to be a barista or art major as an ex-con.  A recent Harris poll estimates that 1 in 3 Americans has a tattoo, and half of millenials have them. Continue reading “Tattoos, Tattoo Recognition, and Privacy”

Complete Privacy and Security

It is my pleasure to make a few announcements today.  First, The Complete Privacy and Security Desk Reference has been released and is finally available on Amazon!  This is huge – Michael and I had hoped to have this work out by January but things happened that were beyond our control.  Thousands of Wickr messages, hundreds of ProtonMail emails, scores of Signal calls, and four personal meets later (one in a foreign country), here we finally are!  From the description:

This 492-page textbook will explain how to become digitally invisible. You will make all of your communications private, data encrypted, internet connections anonymous, computers hardened, identity guarded, purchases secret, accounts secured, devices locked, and home address hidden. You will remove all personal information from public view and will reclaim your right to privacy. You will no longer give away your intimate details and you will take yourself out of ‘the system’. You will use covert aliases and misinformation to eliminate current and future threats toward your privacy & security. When taken to the extreme, you will be impossible to compromise.
Since Complete Privacy and Security is available on Amazon, I will no longer be taking direct sales here.  However, I will still be taking bulk orders of over 10 copies.  Contact me for price breaks.
Complete Privacy and Security
Second, today marks the one-year anniversary of this blog.  I am proud of this milestone, and feel it has been a productive year.  I greatly appreciate all of you who have emailed me, commented on the blog, or just lurked in the background.  Thank you!  In the coming year I plan to be much  more active; as you may have noticed since the Thirty-Day Security Challenge ended I’ve tried to post three posts a week, and I hope to continue this through 2016.
Third, now that Volume I of Complete Privacy and Security is finished, I can once again begin focusing on the Your Ultimate Security Guide series.  This series will undergo some changes.  These books will get much smaller and will be intended as companions to CP&S.  While CP&S is more principle-focused, new versions of Your Ultimate Security Guide will dig into the nitty gritty of each OS. However, it will forego a lot of the material that would be duplicted by CP&S.  This should make these volumes much slimmer and cost-effective.  The first planned releases are a Windows 10 and Android, which I hope to complete this year.  An iOS re-write will be available in October or November, after the release of the now iOS version.
Thank you all again for a great first year!

Identity Theft & Data Breach Response

Data breaches occur with shocking regularity.  The news is full of reports of data being spilled by companies and individuals being targeted for identity theft.  Few of these stories contain much useful information on appropriate data breach response, however.  Once your information has been spilled it is impossible to fully recover it.  However, there are some meaningful data breach response steps you can take if you do fall victim to this type of crime.

  1. Contact your financial institutions immediately. If you think your financial information has been compromised this should be your first step.  Call your bank or credit card issuer and alert them to the problem.  Frequently your bank will contact you if suspicious activity occurs, but if you know something they don’t, don’t wait!  Request to cancel your credit and debit card numbers and be issued new ones.  Use new PINs on these cards, and ask the bank to flag your account for suspicious activity.
  2. Contact the credit reporting bureaus.  If you do not have a credit freeze in place and the breach involves financial information, you should immediately contact Equifax, Experian, and Transunion. Some online resources advise placing a fraud alert on your account at this point; I recommend a credit freeze (see below).
  3. Change your login information.  If you suspect an online account has been breached you should immediately change its password and, if possible, username.  If the account does not already have two-factor authentication enabled, enable it.  In addition, you should also change the login credentials for any accounts associated with the breach account.
  4. Contact local law enforcement and file a report.  I will be honest – your local law enforcement agency probably isn’t going to open an investigation and bring the perpetrator to justice, so be prepared for that.  What they will do is generate a police report for you.  This serves as proof that you were the victim of identity theft.  This can help you recover your credit later if the need should arise.  It can also assure that you get free credit freezes for life (see below).  It may also be useful if you attempt to opt-out of public and non-public databases as Michael and I recommend in The Complete Privacy and Security Desk Reference.

Of course, the best spillage, identity theft, or data breach response is preemptive (the best defense is, after all, a good offense).  There are several steps you can take to make yourself more resilient against identity theft.  The time to act is now – once your information is online you will never completely erase it.  I am a strong advocate for dealing with the problem before it is a problem!

  1. Use strong authentication for online accounts.  Use strong passwords and two-factor authentication on all of your online accounts.  Though this isn’t a guarantee that your accounts are safe, you are unlikely to fall into the “victim of opportunity” category.
  2. Use unique usernames.  Though this could fall under the above category, I am listing it discretely because I think it protects you where strong passwords and two-factor authentication do not: customer service reps.  If an attacker knows your username, he or she can often convince a customer service rep to give out sensitive information.  Using a unique username gives you a great layer of protection against this type of attack.
  3. Have a credit freeze in place.  A credit freeze with each of the credit reporting agencies (Experian, Equifax, and TransUnion) is the strongest measure you can take to ensure new credit is not issued in your name.  Credit freezes also protect your personal information and credit report.  A credit freeze will not protect your current accounts and lines of credit, however.
  4. Use one-time credit card numbers.  Some credit card issuers offer this option organically.  A one-time credit card number is only good for one purchase.  If a hacker recovers it, it will no longer be valid and cannot make a charge to your account.  If your bank does not offer this an online service that I recommend called Blur does.
  5. Limit personal information that is publicly available.  Large amounts of personal information make you vulnerable to social engineers.  This information can be pieced together to allow someone to impersonate you in order to gain access to your financial or online accounts.  I recommend minimizing the information you place in the public domain on social media, personal blogs, etc.  If a great deal of information is available about you, remove it!  More information is available in The Complete Privacy and Security Desk Reference which will be publicly available soon.

3DSC Day 14: Virtual Private Network

Today is going to be a little bit different that most because today I am going to ask you to spend a little money.  Today’s task is to purchase a virtual private network service.  A virtual private network (VPN) is one of those things that I just could not live without.  After using one for so many years it feels like wearing a seatbelt – I can go on without it, but I’m going to have a nagging feeling the whole time.

So what exactly is a VPN?  A VPN works like this: you install a program on your computer and smartphone.  When activated the program will create an encrypted “tunnel” to a remote server, also owned and/or operated by the VPN provider.  Your traffic will be encrypted to and from this remote server.  This has two benefits:

  • Security:  If you are worried about your local traffic being captured and analyzed, worry no more.  All of your traffic will be encrypted and protected from hackers, internet service providers, nosy owners of public Wi-Fi hotspots, and your company IT guy.  Your VPN will also defeat trackers like Verizon’s supercookies.  It is hard to overstate the security benefits of using a VPN, especially when you are connected to an untrusted network.
  • Privacy:  VPNs also offer you a great deal of privacy.  When you connect to a VPN server your traffic appears to originate from that server.  This means that websites that are attempting to track your physical location and browsing history (via your IP address) will have a much harder time doing so.  Additionally, all your traffic that exits the VPN server exits alongside the traffic of other users, making it less distinct and not obviously yours.

Although there are tons of free VPN services available, there are lots of good reasons NOT to use a free virtual private network.  Running a VPN service is expensive business with a lot of overhead, and free ones have to be financed in some way.  Some free VPNs are little more than data collection mechanisms for gathering subscribers’ data.  For example Facebook paid $120,000,000.00 for Onavo, a company that offers a free VPN and data compression app.  One imagines Facebook did so to serve the needs of Facebook and will receive a return on that investment, probably in data collected from users.   One free VPN even sold user bandwidth that was subsequently used in botnet and DDoS attacks.

Buy VPN

The virtual private network service that I recommend is Private Internet Access.  Private Internet Access (PIA) has a lot of things going for it that I really like.  First, PIA has over 3,000 servers.  Though you are only allowed to choose what region you would like to connect to (US Midwest, US Texas, US East, etc.) there are numerous servers in each “region”.  This allows PIA to load balance so traffic is not slowed by heavy use on any single server.  Next, PIA uses the OpenVPN encryption protocol which offers the best VPN encryption currently available.  A single PIA subscription offers unlimited bandwidth and allows you to connect up to five devices simultaneously.  This is enough for many small families to connect most of their devices with a single plan.  Finally, PIA is extremely user friendly and available for Android, iOS, Mac OS X, and Windows devices.

To use Private Internet Access (or many other paid VPNs) follow the steps below:

  • Purchase a subscription.  A year is only $39.95 which averages out to $3.33 per month.  You can pay for your PIA subscription with all major credit cards, PayPal, BitCoins, or even with major retailer gift cards.  Have an old, half-used REI gift card from last Christmas?  It’s probably worth at least a month or two of PIA service.  After you have purchased a subscription you will be emailed your login credentials.
  • Download the PIA app on your computer, phone, and other devices you wish to protect (I have previously written specifically about PIA for iOS).
  • Enter your credentials on the app and connect.  That’s it.

PIA does offer some advanced user settings, like the ability to change encryption, SHA, and handshake protocols as shown in the screen grab below, but the default options are solid.

Virtual Private Network

FULL DISCLOSURE: this blog has an affiliate relationship with PIA.  This means I receive a small commission for every subscription sold through this site.  However, I do not push PIA because of this; I push PIA because I believe in the product and use it myself.  There are numerous other VPN providers with which I could partner but I do not because they have yet to earn my trust.  That being said, there are many very good, reputable VPN providers out there.  If you are uncomfortable with PIA I encourage you to do your own research.  Some other virtual private networks that I have experience with and would personally recommend (and DO NOT have an affilate relationship with) include AirVPN, blackVPN, and CyberGhost.