I’m writing a post on securing your digital life. I have my own set of ideas, but I’m open to anything people want to suggest. From messaging to backup to passwords to email.
Comments
Log in with your Bluesky account to leave a comment
No one in the general population is gone read anything that has more than ~4 points. So I'd write one section first with the "3 golden rules/controls everyone must have" and then move into deeper stuff for interested people.
Another good thing is short guides on "What to do if X?"
"What to do if X?" Is very important for when you're out of your knowledge area. Probably a firefighter can write a 500 guide on what to do in case of fire, but for must of us the very-simple instructions of "stay out of danger and call emergency" is more than enough. This applies to cyber
Family members knows that if they receive a weird email they're not meant to go and check the certificate of the, or check on... Nah, they know just to stop and video call me right so I can help them.
Overall, please make it easy for non-technical people to understand and utilize. Talk with a variety of people who are not into techy or security stuff, including teenage kids and older people.
There’s nothing easy about digital security for non-technical people. If folks want even a modicum of safety and the opportunity to lower their threat level and how much BS they have to deal with on a yearly basis, it requires buckling down and learning some new skills and workflows, unfortunately.
I've seen many of those challenges with my elderly mother, but she did learn some important things. In my college math tutoring days I learned how powerful it is to be patient and adapt to their way of thinking instead of forcing them into a mathematician's mindset. I'm confident much can be done.
That’s why this stuff should be taught in elementary school on up. It’s not easy to teach adults that they have to take on a whole new skill set (password security, phishing vigilance, etc.) to avoid 20-100 hours of extreme frustration (being “hacked”, identity stolen, etc.) every decade.
I think one area people are ignorant of if the vastness of exposure of personal info, and how to manage it in a world of data brokers and aggregation (e.g. facial recognition, location tracking), and simple useful steps anyone can take to take control.
I'm surprised I was still asked "security" questions while signing up for something. I call them "insecurity" questions and trained my nieces to put un-guessable garbage in them and think of them as alternative passwords people might get from your social media posts.
I've gotten most of my account emails switched to unique email addresses (using duckduckgo's email forwarding service). I assume there are others. I put them in my password manager for each account to keep track of them.
Would appreciate your thoughts on something like a personal disaster recovery plan. Imagine you suddenly forget the passphrase to unlock your password manager following an accident or similar. What's the next best alternative to simply writing down that passphrase and hiding it?
I posted something about 6 weeks ago, with some recommendations. You’re welcome to cross reference, just to see if there’s anything you might want to add from it.
To allow a “dead man’s switch”, which should be standardized as a setting.
With possibility to apply different policies to each service (e.g., move ownership, wipe profile clean and allow further use, burn like it never existed, etc).
I find the proper and secure backups to be one of the hardest bullets to bite.
They are absolutely essential, but depending on your “threat level” ([un]founded paranoia) can become a huge nuisance.
At which point you start to slack and defer to next deferment...
Yes, it’s relatively easy to follow the 3-2-1 rule[1].
And if you don’t care about uploading all your stuff to some large cloud provider unencrypted - then it’s almost a breeze.
Hey, at least they provide a few folks solid job security, as some people are completely hopeless at anything computer-related beyond their scope of “Excel mastery”...
Even if you think that is a piece of cake - how about testing and making sure your backups actually work (i.e., are fully readable)? How many people actually think of that before S hits the fan?..
Automating this seems foolish, as every tool has a potential to fail. So manual tests are a must.
Does regular Joe need this kind of complexity? Of course not.
But at the same time, we are “giving away” too much to cloud providers, and in turn - to funny-letters dudes.
Even if you discount the last point - hacks and leaks happen all the time, so the spooks are usually the least of the worries.
Comments
Another good thing is short guides on "What to do if X?"
Also best paid/free versions of common software/apps that everyone uses (eg browser, email, devices, maps etc)
It would be good to see the final doc
And more so than just leaving email passwords in some safe/escrow.
Although I am not sure how much more can be said about it.
To allow a “dead man’s switch”, which should be standardized as a setting.
With possibility to apply different policies to each service (e.g., move ownership, wipe profile clean and allow further use, burn like it never existed, etc).
From the top of my head, I remember only Telegram having an auto-delete option with a customizable duration.
They are absolutely essential, but depending on your “threat level” ([un]founded paranoia) can become a huge nuisance.
At which point you start to slack and defer to next deferment...
And if you don’t care about uploading all your stuff to some large cloud provider unencrypted - then it’s almost a breeze.
[1] https://www.backblaze.com/blog/the-3-2-1-backup-strategy/
Hey, at least they provide a few folks solid job security, as some people are completely hopeless at anything computer-related beyond their scope of “Excel mastery”...
Apple’s Time Machine and iCloud backups seem to be the most noob-friendly solutions, though.
But yeah, sucks to be locked into a more expensive and less customizable/fixable eco-system.
Of course, it’s possible to write a script and/or find a tool that will do it for you.
But it is a Major F. Payne until you do so…
Automating this seems foolish, as every tool has a potential to fail. So manual tests are a must.
But at the same time, we are “giving away” too much to cloud providers, and in turn - to funny-letters dudes.
Even if you discount the last point - hacks and leaks happen all the time, so the spooks are usually the least of the worries.
Why did I encrypt them in the first place? Well, why not? It’s an external drive, after all.
Now I am more selective.
But I just hate this complexity.
It shouldn't be this hard.