11 secrets that will make you more secure on the internet

11 secrets that will make you more secure on the internet 11 secrets that will make you more secure on the internet Hacked accounts in the news. Endless robocalls. Online ads that eerily seem to read your mind. Do I hear Alexa and Siri gossiping about your secrets? It  almost  feels like paranoia is a totally appropriate reaction.In 2018 alone,  data breaches  exposed four-point-five  billion  records to hackers. Three months into 2019 and another two-point-seven billion are already illegally available for sale. But hackers aren’t the only problem…Follow Ladders on Flipboard!Follow Ladders’ magazines on Flipboard covering Happiness, Productivity, Job Satisfaction, Neuroscience, and more!We’ve all read about the 50 million Facebook accounts involved in the  Cambridge Analytica scandal. And another 30 million were exposed in  October of 2018. Oh, and in September another 7 million had  private photos revealed.  Of course, Google knows every search you’ve made (yes, even in incognito mode) and  tons of other stuff  about you. And in 2014,  hackers  released a lot of not-so-clothed pictures stolen from celebrities’ Apple iCloud accounts.Oh, and don’t forget that your internet service provider has a list of  every  website you’ve ever visited at home. Yes, even “those” websites that we don’t discuss at family dinner. And they sell that  info to marketers. Some retail stores now  track how often you visit  and  which aisles you spend the most time in. Three-hundred bucks to the right shady individual can buy me  your exact location at any time. And nobody wants their credit info leaking. But it  already has. Multiple  times.Feeling a bit “1984” over there, Winston Smith? Okay, let’s take a breath. Don’t start folding your tinfoil hat just yet.There is one ironclad rule on our side:  Nobody can abuse information about you that they don’t have.  Which is why we need to take security and privacy more seriously. Because it’s on us. And so I present you with what could be titled: “Internet Security and Privacy: The-More-Than-You-Care-To-Know Edition. ”I’d like to single out  Michael Bazzell  for his fine work that I drew a fair portion of this info from. He spent years at the FBI’s  cybercrime division  and was a consultant on the first season of  Mr. Robot. His incredibly thorough books are  The Complete Privacy Security Desk Reference  and  Hiding from the Internet: Eliminating Personal Online Information.We’re gonna cover everything from fundamentals like good passwords all the way to the paranoid level of aliases and burner phones. If you just want to be safer online or if you want that tinfoil hat to be nicely tailored, this should have you covered.So what’s the first step?Know your “Threat Model”Security and privacy are different. Security is somebody breaking into your online accounts. Privacy is someone having personal details about you. (So putting your entire digital life into Google products is excellent for security - but often terrible for privacy.) You can be more concerned about one and less about the other.And then there’s the “security/privacy” vs. “convenience” trade-off. It’s pretty much axiomatic that more secure means less convenient. You can be concerned about privacy… but not concerned about it enough that you want to live in a Faraday cage. So how can we be responsible  without  being paranoid?The answer is to think about your “threat model.” Ask yourself (non-rhetorically): “What am I afraid of? And how much am I willing to do to prevent it?” Are you more concerned about security or privacy? More worried about hackers or stalkers? Are you someone who just wants to be on fewer marketing lists or are you a whistleblower who may have the resources of a global corporation turned against him or her?Know what you want to defend against and you’ll know what measures will be vital - and what is paranoid overkill.(To learn more about how you and your children can lead a successful life, check out my bestselling book  here.)Alright, we know how to eva luate what’s necessary for each of us. But this first one is non-negotiable, whatever your threat model may be…1) Get FrozenNo, not the Disney movie. You need to get a  credit freeze. It’s the best defense against identity theft. The best time to get one is yesterday. Or sooner.Many of you are saying: “Yawn. I did that a long time ago with all three credit agencies.” To which I would reply, “Actually, there are 6 credit agencies.” Oooooops.So fill out the forms for  Equifax,  Experian,  Transunion,  Innovis,  NCTUE  and  Chex. There’s an excellent overview of the whole deal  here.And if you have young children get a credit freeze for them too. Kids are a  big target  because their credit is not only “clean” but also their reports are unlikely to get checked for, oh, about a decade or so. It would be awful for little Jimmy to be $300,000 in debt by age nine. More info on credit freezes for kids  here.(To learn how to stop checking your phone all the time, click  h ere.)Okay, let’s talk about that computer of yours. It’s feeling vulnerable and needs a little more than a hug…2) Full Disk Encryption, Firewall, And BackupsThis trio is critical for your computer. Full disk encryption keeps your data safer and a firewall protects you from some online attacks. (Here’s how to setup  FDE  and  a firewall  on Mac, and here’s  FDE  and  firewall  on Windows.)Backing up means if anything happens to your computer you won’t lose your data. Think of it like homeowner’s insurance for your digital life. You have to do this regularly, but it’s often easy to automate. If you’re  very  concerned about your data, you want to have multiple encrypted backups, with one of them maintained offsite. The latter means putting an encrypted copy of your info on a USB drive that you keep at a friend’s place (recommended) or in the cloud (not recommended.) This way if a meteor hits your house or the jackbooted minions of the great global conspiracy seize the rebellion’s plans, you’re covered. Good options are  Time Machine  and  Carbon Copy Cloner. And I highly recommend  this little guy.The most important part of smartphone privacy is limiting app permissions like location data, contacts, etc. And don’t download sketchy apps.(To learn the 4-step morning ritual that will make you happy all day, click  here.)Okay, you should be in good shape. But there’s something that comes up again and again that we tend to put off. But it’s vital. In fact, many experts say it’s the single most important thing you can do to increase security…3) Updates Are Annoying. Do Them AnywayMost hackers aren’t geniuses. Often they’re using the same tricks from 5 years ago. But if you haven’t updated your software in 5 years… uhhh yeah, that’s a problem.Those updates you’re putting off? Most of them are security-related. Apply updates ASAP. It often feels like it’s doing nothing but you’re forgetting that when it comes to security ,  â€œnothing” is a wonderful thing and “something” is very very bad.And routinely update  all  your devices. Desktop, laptop, smartphone, firmware on routers, etc. Enable automatic updates on any device that offers it.After any update, check your settings. When new features are added they often default to the least secure options. And sometimes updates even turn on options you turned off. Sadly, the price of digital liberty is often eternal vigilance.(To learn the 4 harsh truths that will make you a better person, click  here.)Okay, you’re updating often. But there’s a way to increase security  and  make updates less cumbersome at the same time…4) Apps Are Not Pokemon. Stop Collecting ThemIf you don’t use something regularly, delete it. Smartphone apps, computer software, browser extensions, etc. This reduces “attack surface.” The more software you have, the more points of failure you have. More things that can have vulnerabilities. More potential rogue software d oing things it shouldn’t do.That said, hold on to your  antivirus  and  malware protection  - especially if you’re using Windows.(To learn how to have a long awesome life, click  here.)Alright, time for an intervention. We need to have a serious talk about a very serious subject. I’m very disappointed in your behavior…5) Your Passwords Bring Shame Upon Your FamilyThe  most common passwords  are embarrassing: “The top two slots have been left unchanged for the fifth year in a row. They are, maddeningly, ‘123456’ and ‘password.‘”In fact, just by knowing the  top ten most common passwords  you could break into almost 1 out of every 50 computers. Okay, maybe your password is slightly better. But slight  ain’t cutting it, Bubba:A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It’s an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours. By the way, that article is seven years old. You think computers have gotten faster or slower since then? Exactly. You need unique, strong passwords for every account and on every device. 12 characters or more, a mix of letters, numbers and special characters. No excuses.Some people are thinking, “Are you crazy? I can’t remember all those.” But you don’t need to. Get a good password manager like  Lastpass. It will generate super-strong passwords for you and remember them all.Willing to forego convenience for super-duper security? Then forget  Lastpass. You don’t want a password manager that uses the cloud - that means your passwords are out there on  someone else’s computer. Yes, they’re almost certainly safe and cloud-based systems are very convenient - but if you’re a die-hard about security the only place the keys to your digital kingdom should be is on  your  devices. Go with  KeePassXC  and  MiniKeePass  for your iPhone.Beyond that password, guard your primary email account with your life. If I can get into that, I can go to most every site you frequent and request a password reset. Boom - hacking one account gets me all of them. And I’m not speculating here. This is exactly what happened to Wired reporter  Mat Honan.You also need  two-factor authentication. (“2FA”) You know when you log into your bank and they text you a code? Yeah, that. And if you’re getting all your 2FA codes via SMS you are  doing it wrong. Use an app-based system instead, like Google Authenticator (iPhone,  Android) or  Authy. Some sites  only  offer SMS-based 2FA and, inexplicably, many are companies you would expect the  most  security from. (I’m looking at  you, Bank of America.) If SMS is your only choice, it’s definitely better than nothing. A helpful list of all major sites offering 2FA is  here.And finally, what if you want  ultimate  security (but not necessarily privacy) for that precious primary email account? Try  Google Advanced Protection. Then nobody can get into your account without a password  and  a physical  USB key.  And it works. Google instituted it for all employees. How many phishing-based hacks have they had since then?  Zero.(To learn how to deal with out-of-control kids - from hostage negotiators - click  here.)Perfect. But what are you using to log into those accounts anyway? And is it as private as you’d like?6) Stock Browsers Are Bad BrowsersAt least if you’re very serious about privacy. Safari  sends data to Apple  and you better believe  Chrome sends info to Google. If this is part of your threat model, ditch them both and go with  Firefox, which is the most secure of the mainstream browsers.For super-duper security and privacy, here are some recommended extensions:HTTPS everywhere: This is a must for everyone. Forces sites to encrypt your connection whenever possible. Ublock Origin: Great, customizable ad-blocker. Do not install if you love ads. Cookie Autodelete: Prevents tracking. Not for everyone. Very secure, not-so-convenient. Multi-Account Container: This makes each tab operate as if it was a separate browser, preventing those eerie recommendations that seem to read your mind. Not for everyone. Track Me Not: It runs random Google searches in the background to bury your real searches in a haystack of noise. Only needed if you’re very privacy conscious and have a puckish sense of humor.For your smartphone, it’s  Firefox  again, unless you want super-security and don’t mind a convenience hit; then go with  Firefox Focus.And at the  super-extreme  outer edge we have the “Deluxe Snowden Package.” You’ll need  Qubes  and  Tor  (Pro tip: be careful with those  exit nodes.) And you cannot afford to be tracked by your phone. Get a  Faraday bag  - or put it in a martini shaker. Yes,  seriously.(To learn how to deal with passive-aggressive people, click  here.)Browser secured. But that’s not going to help much when the data leaves your computer and heads out there into the big bad internet. How do you keep your online activities secure and private when they’re out of your hands?7) Dig A TunnelYour ISP can see every site you visit when you’re online at home. And so c an the marketers they sell that info to. If a connection isn’t secure, hackers can intercept your traffic and mess with you. And using public WiFi is like making your poor little phone have unprotected sex with very unattractive strangers. How the heck do we stay safe from all these prying eyes and barbarians at the digital gate?It’s called a  VPN  and I’ll go so far as to say everyone should have one. Basically, it creates an encrypted “tunnel” between you and your VPN provider, protecting your internet activities from visibility and attacks. Your ISP now only knows you’re connected to the VPN, and nothing more. Hackers can’t break through the encryption to monkey with your data. And public WiFi gets a much-needed condom.Note that some sites don’t play well with VPNs, because many bad guys use them. VPNs are pretty cheap (roughly $5 a month) and they’re simple to set up on both computers and smartphones.  PIA  and  NordVPN  are recommended providers.(To learn 5 se crets from neuroscience that will increase your attention span, click  here.)So far we’ve discussed a lot of attack scenarios you’re probably familiar with. But here’s one most people aren’t. And if you’re not protected, it could lead to someone emptying your bank account…8) The Phone Number Is The New Social Security NumberWhat do you do whenever you get a new phone? Call your cellular provider and have them move your number to the new device. Easy peasy. But what if I called your cellular carrier and pretended I’m you? They move  your  phone service to  my  phone. And when I log in to Bank of America with your password, guess who gets the text with that 2FA code? Yup, moi. Shopping spree time. (Hacking the password was easy; it’s was “123456”, right?)This is called “SIM swapping.” These days people are signing up for 2FA more often, so SIM swapping is happening more often. If you’re doing 2FA with an app like Authy or a  hardware token, you’re covered. But some sites (*cough*, *cough*, Bank of America)  only  offer 2FA by SMS. Ugh. What to do?Many of the phone companies are now offering to secure your account with a password, so go to their site or call them to get one. People won’t be able to port your number without the code.And what’s the ultimate-privacy-Jason-Bourne-level-security-tinfoil-hat-conspiracy-theory solution? That’s easy:  make sure nobody knows your phone number - not even you.  This will prevent both SIM swapping attacks and shady dudes from selling your GPS location. But how the heck do you do it?Move your current phone number to Google Voice. (You can do that  here  for $10. Instructions  here.) Sign up for a pre-paid mobile plan. (Mint Mobile is dirt cheap and reliable. Join  here.) They’ll give you a new SIM card with a new number. You now get all your calls, texts and voicemail through the Google Voice app. And you never give the new SIM card number out to anyone.  Yes, this works. You can’t be SI M swapped, you can’t be tracked… and anyone you tell about it will probably assume you’re a fugitive, a drug dealer or utterly insane.While we’re driving down paranoia lane, SMS text messaging is fundamentally insecure. Switch to an encrypted free app like  Signal. But the people you’re contacting need to have it as well. So now you’re an insane fugitive drug dealer who is also having an affair. Remember what I said about security vs convenience..?(To learn the neuroscience secret to how to quit bad habits without willpower, click  here.)We’ve covered a lot of technical stuff, but one of the most important things to do when dealing with online security threats is to change your attitude…9) Be More SkepticalPhishing  attacks  don’t always come  in the obvious form of emails from Nigerian royalty. Increasingly, these attacks  appear  to come from close friends, leading you to click links without hesitation. Using a site like  this  I can send you an email that appear s to be from, well, anyone. And  this site  lets me do the equivalent with my phone, spoofing my caller ID. Yes, it’s that easy.Don’t log in to anything important using a public computer or public WiFi without a VPN. Turn WiFi off on your phone to  avoid being tracked in retail stores. And sign up for notifications  here  to find out if any of your personal information has popped up in data breaches.If giving out personal info is an overwhelming concern for you (everybody say it with me now:  threat model) you might want to check out  MySudo. Ever wanted a secret identity? MySudo offers you multiple “aliases” - each with their own working phone number and email address. For when you have to give the hotel a number but don’t want marketing calls, when you’re not sure about that person on Tinder, when buying things online, or if you just want to pretend you’re Stringer Bell from “The Wire” carrying a burner phone.(To learn the 4 rituals from neuroscience that will m ake you happy, click  here.)Okay, you’ve got the skepticism part down. But we’re already using some services that may not pass that new threshold. Time to reevaluate…10) Be Wary Of The Cloud And Social MediaMost of us see free iCloud backup as an awesome service. And it is… but also look at it through your security lens:  any time you backup in the cloud you are putting all of your data on a computer you do not control.The cloud is great for convenience and data loss protection but anything you put on someone else’s computer is subject to data breaches or nosy employees. For most people, the cloud is probably fine. But if you plan on becoming a political dissident or an international celebrity (no, I’m not going to link to the hacked nudes of Jennifer Lawrence but I can’t stop you from Googling them) keep your data on your devices. There’s also a middle path: encrypt files before uploading them. (Free software for that  here.)So what about social media?  Here’s  ho w to get what Facebook knows about you, how to delete it, or to change your privacy settings.  Here’s  Google.  This  is Apple’s data on you, how to delete it, and how to limit ad tracking.For the extreme crowd, here’s  how to delete your Facebook account, your  Google account  and  other social media.Me? I’ll be sharing this post all over social media. But you can’t see my nudes. I know my threat model.(To learn the secret to never being frustrated again, click  here.)I’ve tried to give a balance of reasonable options along with more extreme measures. At this point, the reasonable folks are more than covered. But there are going to be some who say I’m not being paranoid enough. Oooooookay, let’s go to the  total edge case…11) Convinced “They” Are Watching You? Set Traps.If you’ve got a stalker, an abusive spouse, or live in a country where having unpopular political opinions tends to make people vanish, you’ve got a legit extreme threat model. And I’m  h ere to help.Whether it’s a despotic government, your boss, or the henchmen of the Illuminati, how do you know if someone already has access to your computer? What if you had a “canary in the coal mine” to warn you?Canary Tokens  allows you to create, for free, files that send you an email when they’ve been opened, along with the IP address of the intruder. Throw one on your desktop with a  too-good-not-to-click-on  name like “passwords”, “finances” or my personal favorite, “stuff to discuss with therapist” and then never touch them. If you get an email from Canary Tokens, somebody’s looking at your stuff - and it ain’t you.Yeah, agreed, this is all super-paranoid… That is, unless the canary sings.(To learn the science of how to take naps that will make you smarter and happier, click  here.)We have covered a positively  gargantuan  amount of information. I should give you a diploma at this point. Let’s round it all up and I’ll tell you how to get everyt hing you need to get your info off all those sketchy online data broker sites that flood your inboxes with spam and robocall you to death…Sum UpHere’s how to be more secure on the internet: Get frozen: Credit freeze. All 6. For the kids too. (Don’t raise lazy kids. Let them run up their own debt instead of having someone else do it.) Full disk encryption, firewall and backups: Armor and reinforcements. Updates are annoying. Do them anyway:  Many security experts say this is numero uno. Apps are not Pokemon. Stop collecting them: What you don’t download can’t hurt you. Your passwords bring shame upon your family: Get a password manager and 2FA. It’s as simple as 123456. Stock browsers are bad browsers: Get foxy, baby. Dig a tunnel: VPN’s are the best kept secret in security. (Bonus: they also let you watch  region-specific Netflix content.) The phone number is the new social security number: Get a password from your cellular provider, or port your number to briefly turn your life into a spy thriller. Be more skeptical: Please wire me $500. It’s a gullibility tax. Be wary of the cloud and social media: Think twice before putting anything important on computers that aren’t yours. Convinced “They” are watching you? Set traps: “Tweet-tweet,” said the diabolical conspirator. Yeah, it’s a lot. Consider your threat model and do a little bit at a time. (No, you can’t email me with your IT problems. Only my dad gets to do that.)If you want to get your info off those data broker sites, two excellent places to start the process are  here  and  here. Also, in my next  weekly email  I’ll be sending out a PDF with an exhaustive list that will really help improve your online privacy, get you off marketing lists, and reduce the amount info out there that hackers can use against you. To make sure you get it, join  here.And if you want to get more involved in the security and privacy cause, check out the  EFF.I hope this will keep you, your loved ones and your beloved data that much safer.I mean, after all,  They  are watching our every move, you know…A canary told me.Join over 330,000 readers.  Get a free weekly update via email  here.This article first appeared on Bakadesuyo.com .  You might also enjoy… New neuroscience reveals 4 rituals that will make you happy Strangers know your social class in the first seven words you say, study finds 10 lessons from Benjamin Franklin’s daily schedule that will double your productivity The worst mistakes you can make in an interview, according to 12 CEOs 10 habits of mentally strong people