Archives for October 2024

“Don’t leave home without it.” American Express.

Some ad slogans become so famous, they show up in conversation as often as a quote from a Shakespeare play. This 1975 American Express ad is one of them. The “it” refers to Travelers Checks. Today, most people would say this about their cell phones.

We use our cell phones for more than telephone calls. We check our email, pay our bills, text our friends, and post on social media. But what if your cell phone suddenly stopped working? No more emails, texts or phone calls. You reach out to the phone company only to discover that your phone number has been activated on a new device. And it’s not a device that you own. You are the victim of SIM swapping.

A Subscriber Identity Module or SIM card is a small computer chip that comes with your cell phone. It may be removable (a SIM card), or electronic and embedded in the device (an eSIM). It holds information about your account with the telephone company, including your cell phone number, and enables communication between your phone and the cellular phone network.

Scammers call the phone company with information they’ve gleaned about you and say your phone was lost or damaged. Then they ask the phone company to activate a new SIM card, connected to your phone number, on a new phone—a phone they own. If the phone company believes the bogus story and activates the new SIM card, the scammer, not you, will get all your text messages, calls, and data on the new phone. This is SIM swapping. And scammers can be very persuasive.

Remember our discussion about two-factor authentication with SMS messages? The scammers will receive the SMS passcode on the new phone, helping them hack your accounts. This is bad.

The solution is straightforward. Activate an account PIN with your telephone provider. Your provider will require the PIN before they activate a new phone on your account. This is simple, quick, and provides powerful protection.

The procedure for setting up a PIN varies by provider. Check the website for your account or call their service desk. To point you in the right direction:

• AT&T: On their website, navigate to “Account Profile > Sign-In Info > Wireless Passcode > Manage Extra Security,” to set up a PIN.
• Verizon: On their website, go to “Account > Account Settings > Security,” and set an “Account PIN.”
• T-Mobile: Activate their “Account Takeover Protection Service.”

Store the PIN in your Password Manager.

This is a gimme. Protect your cell phone. Don’t get hacked.

Information provided in this post is subject to the disclaimer in the first post of this series.

“Great things are done when men and mountains meet.” William Blake.

Congratulations and well done!

We’ve covered a lot of ground together. You’ve implemented your strategy for backup and recovery, password management, anti-malware protection and full disk encryption. Automatic updates are enabled for your operating systems and applications. You’ve taken steps to manage your privacy permissions and understand secure file deletion. And along the way, you’ve learned how to freeze your credit report, avoid getting scammed, tighten up your privacy settings on social networking sites, find a lost or stolen device, and lock your phone account.

That’s a lot. Your digital devices are much more secure.

As we continue our journey, we’ll discuss how to preserve your privacy while accessing the Internet and review virtual private networks (VPNs), private web browsers, web search, text messaging, and email. We’ll also touch upon securely selling or donating a device, managing metadata in photos, the Internet of things (IoT), virtual credit cards, and more privacy-focused social networking services.

Onward.

Information provided in this post is subject to the disclaimer in the first post of this series.

“This demonstrates the value of not being seen.” Monty Python.

Monty Python fans know that being seen, when you don’t wish to be, can be bad. It might involve explosions. While ‘being seen’ as you browse the Internet may not be quite so dire, if you do nothing to prevent it, you are under constant surveillance as you traverse the web. Your privacy will not be respected.

A Virtual Private Network, or VPN, is one of the simplest and most effective ways to protect your privacy online and reduce your digital exhaust. Without a VPN, when you connect to the Internet through your Internet Service Provider (ISP) or a public Wi-Fi service, all the sites you visit are recorded and used to create a profile of your activities. They also record your physical location and the identity of the device you are using.

An ISP connects your home or business to the Internet. Major U.S. service providers include Comcast, Charter Communications (Spectrum), Verizon, AT&T, T-Mobile, Xfinity, and Cox Communications. ISPs collect a lot more data about you than you might expect, and provide few options for you to control how your data is being used. The Federal Trade Commission’s 2021 report on ISPs provides details about the information that ISPs collect. You may find it at: https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect-troves-personal-data-users-have-few . Note: it’s long and a bit scary.

Public Wi-Fi services do much the same.

A VPN protects you from this surveillance by creating an encrypted tunnel between your device and a VPN server managed by the VPN service provider. From there, you can access the Internet while appearing to be at the location of the VPN server. This also hides the identity of the sites you are visiting from your ISP or public Wi-Fi service provider.

I very strongly recommend that you use a VPN on every digital device—desktop, laptop, tablet, and phone—that connects to the Internet. A VPN:

• Prevents your ISP from collecting information on every website you visit, when you visited it, and for how long.
• Inhibits your ISP’s ability to throttle or charge extra for different types of content. Content types include email, web browsing, video streaming, and multiplayer gaming.
• Prevents hackers from intercepting your data when connecting to public Wi-Fi services. This is particularly important.
• Facilitates bypassing censorship and location-based access restrictions by hiding your device identity and your physical location.

I strongly recommend that you use a VPN in conjunction with other privacy preserving products and services, such as a secure web browser, privacy preserving web search, and secure communications protocols. Note that a VPN does NOT:

• Protect your data once it leaves the VPN server in transit to a website or other service. Use of an end-to-end encrypted communications protocol is required. Hypertext Transfer Protocol Secure (https) is the most common example.
• Provide anonymity when connecting to a website or other service. Preserving anonymity requires, among other things, a secure web browser.

A VPN may impose a small performance penalty and your Internet browsing may be a little slower. I don’t find this noticeable. And a competent and trustworthy VPN is not free. As we discussed in the post, “Show Me the Money,” maintaining a worldwide network of VPN servers costs money and you should expect to pay for it.

I strongly recommend AGAINST using free VPN services. If you do so, you are the product and you should not expect your privacy to be respected. There are several hundred free VPN services available and many of them are sketchy.

For extra credit, and if you are technically confident, consider installing a home router VPN application to protect all the devices in your home, including those that don’t support an installed VPN application. Installing VPN software on your current router can be challenging, and your existing router may not have sufficient processing power to accommodate the load. If you are comfortable managing your home router, and your budget will support it, I recommend purchasing a new router with your preferred VPN software pre-installed. The website for your VPN service will provide links to the routers they partner with.

And one last thought, if you also use a home firewall product such as Firewalla (https://firewalla.com/), connect the firewall inside the VPN. Otherwise, the VPN may inhibit some of the useful functions of the firewall. So in order from outside to inside: the modem that connects your home to your ISP, your home wireless router with the VPN installed, your firewall, every digital device in your home that connects to the Internet.

In the next post, I provide some criteria to assist you in selecting a VPN service, recommend two commercial services, and see how our friends Alice and Bob implemented VPN services.

Information provided in this post is subject to the disclaimer in the first post of this series.

What features should you look for when selecting a VPN service? The post “It’s a Jungle Out There” provides some overarching criteria: prefer services from companies based in good privacy jurisdictions, verify their claims through a reputable third-party audit, choose services that maintain little or no logs of your usage, and choose services with strong encryption.

Some additional features to look for include:

• User-friendly apps for all major devices and common operating systems.
• An application for installation on common routers.
• High availability and performance. Reputable VPN services providers maintain thousands of servers distributed around the globe, providing secure access to Internet content worldwide.
• A network lock or “kill switch” which blocks all traffic to and from your device if the VPN disconnects.
• Excellent performance when using streaming services like Netflix.
• A good balance of price, number of simultaneous connections, and bandwidth.
• Responsive customer support with a refund policy.
• An excellent reputation in the marketplace.

I would note that router-based VPNs may have issues with paid streaming services like Netflix if they connect through the router to the Internet. Those services are aggressively working to detect VPNs to mitigate against location-based license violations.  If you have an an issue, a router-based VPN will permit selected connections to bypass the VPN. Configuration instructions to do so vary by product.

I recommend the following two VPN services: NordVPN and ExpressVPN. Both are provided by companies based in good privacy jurisdictions, are subject to third party audits, do not log your usage, provide strong encryption, provide a network lock option, offer apps for all major operating systems and devices, provide an application for installation on common routers, and offer strong performance and availability through a worldwide network of servers including support for streaming services. The VPN services are reasonably priced and typically provide a significant discount for the first year. They also provide for multiple simultaneous connections and high-speed network throughput. Both have a good customer support and a strong reputation in the marketplace.

The link to NordVPN is: https://nordvpn.com/

The link to ExpressVPN is: https://www.expressvpn.com/

So how did our friends Alice and Bob meet their VPN needs?

As you recall, Alice has a Windows 10 PC to support her personal IT consulting business and a MacBook Pro for personal use. She carries an iPhone for both personal and business calls. Alice purchased a license from ExpressVPN and installed the app on her Windows PC, her MacBook Pro, and her iPhone. She purchased an Aircove router from ExpressVPN with the VPN pre-installed, which covered all the devices in her house that did not support installation of a VPN app (like her Roku device). When she was at home and connected to the Internet through her router, which had the VPN installed, she turned off the VPN app on her computers and iPhone. She turned them on when she was out of the house. One license covered all her devices and her router.

While ExpressVPN was a little more expensive than some others at $80 per year, she felt it was worth it for the simplicity, consistency, high performance, and very strong security the service provided. ExpressVPN is the most audited of the VPNs and always passes with flying colors. It’s based in the British Virgin Islands, an excellent privacy jurisdiction, and has a network of thousands of servers in 105 countries worldwide. It also works seamlessly with Netflix and other streaming services she watches on her MacBook. She was satisfied.

Bob only had to provide a VPN for his home router. His PC never left the house and his video streaming and gaming electronics all used the same home Wi-Fi connection. Being a serious techno-geek, he installed NordVPN on his existing router by himself. His Android phone was not used to connect to the Internet, and a VPN is not required for standard phone service.

Bob hated to spend one nickel unless he had to, but he was not crazy enough to connect to the Internet without a VPN. He persuaded his older sister to purchase a license from NordVPN for the family and used one connection for his router. At less than $66 per year, NordVPN is a great value. And a license supports 10 simultaneous connections, so he didn’t feel too guilty when his sister paid for it.

Bob loved the fact that Nord is based in Panama, an excellent privacy jurisdiction, and has thousands of servers in over 110 countries. He got additional threat protection features with the license: blocking ads, trackers and malware. He particularly appreciated its performance on multi-player gaming and video streaming services. Despite his predilection to be unhappy with all IT services, he grudgingly had to admit that he was satisfied.

Now that you’ve done some research and reviewed Alice’s and Bob’s VPN approach, it’s time for you to choose your own if you have not already done so. I very strongly recommend you use a VPN whenever you connect to the Internet. And with my apologies, it’s a service you need to pay for.

Information provided in this post is subject to the disclaimer in the first post of this series.