Safer Internet: Keep Your Internet Connection Private
Safer Internet: Keep Your Internet Connection Private
Summary | Preview | References
Summary
- "Stay the patient course...
- "Give a person a fish and you feed them for a day...
- [1] Use WPA2 for Wi-Fi networks; improve DNS lookups/privacy
- [1] Use a VPN when you're on any open or unfamiliar network
- [1] Use HTTPS: for web browsing (and SSL/TLS for email) when available
- [1] Avoid malware
- [2] Turn off unnecessary services, e.g., location
- [2] Turn on your computer's firewall
Preview: privacy / security / anonymity via encryption / indirection
- Recall the letter / post office analogy in Privacy, Security, Anonymity section?
- We're mostly concerned about content (postcard vs. letter) -- encryption
- The address (actual vs. PO Box) could be important too -- anonymity via indirection
- The following figures show the effect of encryption from various techniques
- What's not shown: which information might be added, e.g., ads, tracking, malware
- which information might be saved on client or servers, e.g., history, logs, caches
- how secure your data is on their server, e.g., passwords, medical records, credit card, social security no.
- how someone else accesses information you've 'published', e.g., email recipient, blog reader
- None: {Figure 1. TCYOP-4: 56; TCYOP-3: 44} -- at right
- [1] Wi-Fi (WPA2) [device-to-router]:
{Figure 3. TCYOP-4: 58; TCYOP-3: 46} - [1] HTTPS: for browser, SSL/TLS for email [device-to-final specific site]
{Figure 6. TCYOP-4: 67; TCYOP-3: 55} - [1-2] VPN [device-to-intermediate server; some address]
{Figure 4. TCYOP-4: 60; TCYOP-3: 48} - [3] Tor [device-to-intermediate servers; most of address]
{Figure 14. TCYOP-4: 104; TCYOP-3: 87}
References
- {TCYOP-4: 51-77; TCYOP-3: 39-63; Wi-Fi connections, Cellular connections, DNS disruptions, ISP monitoring, Router monitoring, Malware, Location discovery, Quantum Computing and Encryption, Prevent Snooping}
- Crosswords: Connection; Malware
Safer Internet: Connection: Encrypt Wi-Fi
Safer Internet: Connection: Encrypt Wi-Fi
Quotes | Summary | Connecting | Encrypting | Admin | Remote Admin |
DNS | Conn. Problems | Backup | Firmware | SIM Pin |
References: General | Android | Cellular | DNS, IP | iOS |
ISP | macOS | Modem, Router | Wi-Fi | Windows
Quotes
- I used to like my neighbors,...
- Today my Wi-Fi suddenly stopped working...
- Interesting Wi-Fi network names:...
- What not to name your personal hotspot on an airplane to avoid arrest:...
- "A teenager at a funeral...
- "People think that data is in the cloud, but...
- "Stay the patient course
Of little worth is your ire
The network is down." ~Haiku error messages
Summary
- [1] Don't connect to unknown public networks, such as "Free WiFi", or hotspots with no/weak/public passwords -- to reduce data interception, ISP injections (ads), and MITM (man-in-the-middle) attacks. Read privacy policy. Some providers may track location across multiple Wi-Fi networks.
- [1] Connect to Wi-Fi networks securely
- [1] Set a strong memorable/typable password for your Wi-Fi network with WPA2 (encryption level) -- or WPA3 if available
- [1] Router Maintenance: Set an Admin password (long random); Disable Remote Admin & UPnP
- [1] Change DNS servers
- [2] Troubleshoot common connection problems
- [2] Router Maintenance: Backup settings; Update firmware
- [3] Set phone/tablet SIM PIN
- References
[1] Connecting to a Wi-Fi Network
- Connect to known networks using WPA2 -- unless you're already encrypting traffic using a Virtual Private Network (VPN), and/or HTTPS: for all web sites and TLS/SSL for email.
- This assumes that your device, router and destination web server have the latest security updates installed;
there are exceptions depending on your risk tolerance. - WEP (Wired Equivalency Protocol) is old and easily cracked -- barely better than no encryption
- WPS (Wi-Fi Protected Setup) lets you use WPA without having to enter a long password; however, you may be vulnerable if you have not changed the pre-shared WPA key from the factory default setting, and PIN feature is enabled -- one reason why WPS is less secure than WPA2
- Network figures
- with no encryption (Wi-Fi, SSL/HTTPS): {Figure 1. TCYOP-4: 56; TCYOP-3: 44}
- with Wi-Fi encryption: {Figure 3. TCYOP-4: 58; TCYOP-3: 46}
- Connect intentionally -- not automatically -- to open (insecure) Wi-Fi networks.
- By default, macOS & iOS connect automatically only to "known" networks, i.e., open or password-protected networks that you've connected to before
- Automatic connections might occur in older systems or on other platforms?
- For a new, unknown network, you can be prompted to join it, or to select it manually. it won't connect automatically
- macOS:
System Preferences > Network > Wi-Fi > Ask to Join New Networks : "on" (prompt you when a new network is avail) or "off" (you'll select manually)
- iOS:
Settings > Wi-Fi > Ask to Join Networks
(same as macOS) - iOS:
Settings > Wi-Fi > (select network > 'i' > Auto-Join
-- customize for individual networks - iOS: If a friend's iOS 11 device tries to connect to your Wi-Fi network, you’ll receive a prompt that lets you send over the password by tapping Send Password
- To remove a network from the list of automatically connecting "known" networks (that you've connected to previously)
- macOS:
System Preferences > Network > Wi-Fi > Advanced > W-Fi > (select network) > "-"
- iOS:
Settings > Wi-Fi > "i" (for network) > Forget This Network
- Check encryption level from client: none?, WEP?, WPA? WPA2?
- macOS:
menubar > [option-click] Wi-Fi icon
: current network stats displayed; other networks: hover to display stats - iOS:
Settings > Wi-Fi
insecure connection warning (right) - You could also use a utility, e.g., NetSpot (Mac, Win) that displays encryption level for nearby networks -- and signal/noise, etc.
- Android, macOS, Windows: How to Check WiFi Security Encryption Type 1/24/2014
[1] Encrypting your Wi-Fi Network
- Encrypt Wi-Fi networks you control WPA2 (Wi-Fi Protected Access) -- not WPA or WPA2/WPA combo -- certainly not WEP; eventually WPA3 -- with a strong password: memorable / typable occasionally by you & your guests
- Weak/no password could create problems if neighbors use your connection (& IP address)
for illicit activities or excessive downloads -- not an issue (e.g., hackers in your driveway)
if your WiFi range does not extend outside, or for hard-wired devices (via Ethernet cable) - Check your router's manual (download .pdf) to locate settings and router IP address, e.g.,
http://192.168.1.1
- Connect via web browser to router's local web server, or use manufacturer's configuration app
- Use WPA2/AES rather than TKIP encryption (note: old Netgear figure shows incorrect combo setting)
- Apple Airport config {Figure 2. TCYOP-4: 47; TCYOP-3: 45}
- Netgear:
Wireless Settings > Security Options > WPA2
- TP-Link:
Wireless (freq) > Wireless Security > WPA2
[screenshot] - [2] To make your network freely available to others, e.g., during a disaster, set up a separate Guest network (with no password), rather than disabling security on your regular network, if possible [screenshot]
- If you set up your smartphone to share its data connection via Wi-Fi (aka 'Personal Hotspot' or 'tethering'), be sure to set a password for security and to avoid others using your data allocation.
- iOS:
Settings > Personal Hotspot (if Cellular Data on) > On (Wi-Fi,Bluetooth,USB); Wi-Fi Password: xxx
[1] Router: Admin Password
- Set a strong admin password -- this protects the router itself -- different from the Wi-Fi password you use or supply to guests; long, random -- save in password manager!
- If password is required to be short (older routers?), also change admin user name
- Netgear:
Maintenance > Set Password
- TP-Link:
System Tools > Password
[screenshot]
[1] Router: Disable Remote Admin and UPnP
- Turn off ability to log in and administer your router remotely -- hopefully, it was already off by default
- Netgear:
Advanced > Remote Management
- TP-Link:
Security > Remote Management
[screenshot] - [3] Re-enable if you have need / expertise
- Disable UPnP (Universal Plug and Play) -- hopefully, it was already off by default
- TP-Link:
Forwarding > UPnP
(or maybe Advanced > NAT Forwarding?) - Check if disabled: F-Secure's Router Checker or ShieldsUp!! Instant UPnP Exposure Test
[1] Router/Device DNS
- "What does a network administrator say after returning from work?...
- DNS (Domain Name System) is a directory service that returns an IP address corresponding to a domain name, e.g., www.google.com (analogous to telephone white pages)
- Change DNS name servers; e.g., Netgear w/ OpenDNS (right)
- suggested servers (below) usually faster than your ISP's DNS
- reliability/speed: these servers generally better than what your ISP provides
- privacy: reduce ISP logging of sites visited
- security: avoid ISP redirecting non-existent addresses to promotional ad sites
- Several free DNS services, and their primary and secondary name servers: {TCYOP-4: 69}
- CloudFlare:
1.1.1.1; 1.0.0.1
- Cloudflare: malware blocking
1.1.1.2; 1.0.0.2
; + adult content blocking:1.1.1.3; 1.0.0.3
; - Google Public DNS:
8.8.8.8; 8.8.4.4
- OpenDNS (Cisco):
208.67.222.222; 208.67.220.220
- Quad9:
9.9.9.9; 149.112.112.112
- Recursive DNS:
156.154.70.1; 156.154.71.1
- If set centrally in your router, all your connected devices will use the DNS servers
- Netgear:
Basic Settings > DNS Address
- TP-Link:
DHCP > DHCP Settings
[screenshot];Network > WAN
[screenshot] - If you have no router (or it's someone else's), you can change DNS directly on individual devices via "Network > DNS settings"
- iOS:
Settings > WiFi > (network: "i") > Configure DNS
- For iOS (and Android) devices, an app can manage DNS more simply, esp. for cellular data. e.g., "1.1.1.1 Faster Internet" (Cloudflare) sets up a VPN connection for DNS lookups.
- macOS:
System Preferences > Network > Advanced > DNS > DNS Servers
- macOS: If possible, create separate network profile, e.g., Home, Travel?
- You can also hide -- and encrypt -- DNS lookups by using a VPN (next section)
[2] Wi-Fi Connection Problems?
- If your Wi-Fi connection seems 'stuck', first try toggling Wi-Fi connection off/on; check that expected router reconnects
- macOS:
(Wi-Fi icon) > Turn Wi-Fi Off/On
- iOS:
Settings > Wi-Fi: off/on
-- note: disabling via iOS11 Control Center does not completely turn off! - If just one app not working, e.g., browser ok, but not email, close/reopen app
- [2] Reset/get new device IP address
- iOS:
Settings > Wi-Fi > (current network "i" icon) > Renew Lease
- macOS:
System Preferences > Network > Advanced > TCP/IP > Renew DHCP Lease
- Basic troubleshooting (step 1): Disconnect/Reconnect to router (Mac: option-click Wi-Fi icon); Turn Wi-Fi Off/On; reboot computer/device
- Basic troubleshooting (step 2): Turn Off cable/DSL modem & Router; wait ~60 seconds; Modem On; wait ~30-60 seconds (for internet connection to be established); Router On; wait until Wi-Fi connection reappears on device
[2] Router: Backup Settings
- If you have made numerous changes, back up router settings to ease restoration after any 'factory reset'.
- Netgear:
Maintenance > Backup Settings
- TP-Link:
System Tools > Backup & Restore
[2] Router: Update Firmware
- Check your router manufacturer's web site periodically (or automatically upon login) for firmware (i.e., low-level software) upgrades -- and install them
- Beyond having a good admin password, and disabling remote admin, this should further minimize security problems and attempts to weaken or hijack router, e.g., WPA2 protocol vulnerability (KRACK: Key Reinstallation Attacks) 10/16/2017; VPNFilter 5/23/2018
- Netgear:
Maintenance > Router Upgrade
- TP-Link:
System Tools > Firmware Upgrade
[screenshot] - If you rent a router from your ISP, check with them about updates.
- [3] Firmware in a cable modem should be updated automatically by your ISP.
- Check current modem version by browsing (usually) to: http://192.168.100.1 to access diagnostic page;
check manufacturer site for recommended version; contact ISP if major discrepancy.
[3] Set Device SIM PIN
- On some devices, e.g., iPhone, iPad*, you can lock your SIM card so that cellular data can't be used without entering a PIN -- whenever you swap SIM cards or restart. To enable, disable or change your SIM PIN:
- iPhone:
Settings > Phone > SIM PIN
- iPad:
Settings > Cellular Data > SIM PIN
(*Wi-Fi + Cellular models)
References
- {TCYOP-4: 55-77; {TCYOP-3: 44-47}
- sections: Refs: Android; Cellular; DNS, IP; iOS; ISP; macOS; Modem, Router; Wi-Fi; Windows
- topics: DNS hijacking, domains, IPv4 address crisis, KRACK, radiation, speed tests
- "If a packet hits a pocket on a socket on a port,
And the bus is interrupted as a very last resort... - "Oh, the network outside is frightful,
But on campus, it's so delightful... - Wikipedia: router; Network Address Translation (NAT); Internet of Things (IoT)
- Wikipedia: NAT: telephone number extension analogy
- HowStuffWorks: How Routers Work; Router Quiz; How Network Address Translation Works
- HowStuffWorks: How Home Networking Works; Home Networking Quiz
- Home Networking (Wydea): intro video: 0:44; modem; router; longer video 3:16; cables; Wi-Fi range; WPA; switch vs. router; powerline; sharing
- Wikipedia: IP (Internet Protocol) address; IPv4 (IP version 4): ~4.3 billion (232); adopted: 1981; currently, running out of addresses
- Wikipedia: IPv6 2128 (~3.4x1038) addresses; spec. published 1998; this amounts to approximately 5x1028 addresses for each of the 6.8 billion people alive in 2010. While these numbers are impressive, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses simplify allocation of addresses, enable efficient route aggregation, and implementation of special addressing features.; World IPv6 Launch
- HowStuffWorks: What is an IP address?
- Wikipedia: Subscriber Identity Module (SIM card)
- Steps to Simple Online Security: 10: Secure Your Wi-Fi NYT; 4/15/2022
- How to Turn Off Amazon Sidewalk
opt out Echo and Ring devices from internet-sharing mesh network; Wired; 6/8/2021 - Why Public Wi-Fi is a Lot Safer Than You Think due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was -- assuming software up to date; domain lookups still visible; EFF; 1/29/2021
- Speed Up Your Internet by Limiting Bandwidth-Hungry Apps LH; 7/16/2019
- The Land Where the Internet Ends To find real solitude, you have to go out of range. But every year that's harder to do, as America's off-the-grid places disappear; Green Bank, WV; 6/21/2019
- Why Do Internet Speed Tests Report Different Results? LH; 5/17/2019
- The Top 10 Ways to Deal with a Slow Internet Connection
10. Check your speeds (and your internet plan);
9. Give your hardware the universal fix (turn off/on);
8. Know your hardware's limitations;
7. Fix your WiFi signal;
6. Turn off or limit bandwidth-hogging apps;
5. Try a new DNS server;
4. Call your internet provider;
3. Optimize your web for a slow connection;
2. Work smarter;
1. Don't worry about it; LH; 5/16/2019 - How the Internet Travels Across Oceans NYT; 3/10/2019
- Military Carrier Pigeons in the Era of Electronic Warfare transport data on microSD cards; 1/24/2019
Android
- See the Wi-Fi Passwords for Every Network You've Connected to With this Android App LH; 5/5/2019
- Researcher finds that a popular hotspot finder app for Android exposed the Wi-Fi network passwords for 2M+ networks including tens of thousands in the US; WiFi Finder; TC; 4/22/2019
- Scan for Competing Wifi Networks With This Free Android App LH; 3/7/2019
Cellular
- How Secure are Personal Hotspot Connections from iPhone? OSXD; 3/23/2024
- Guide to 5G: Here's everything you'll ever want to know about the spectrum, millimeter-wave technology Wired; 12/31/2022
- What Is 5G, and Does It Actually Make a Difference? NYT; 8/11/2022
- How to Use Wi-Fi Calling on Your Smartphone
iPhone, Android; Wired; 11/18/2021 - 2G Connection Encryption Deliberately Weakened To Comply With Cryptowar Export Restrictions TD; 6/21/2021
- How to Set Up a 4G LTE Wi-Fi Network as an Alternative to Broadband Wired; 2/27/2021
- How 5G Could Replace Your Home Broadband Connection Giz; 2/11/2021
- How to turn your phone hotspot into a home broadband network read the fine print before you do so; MW; 11/23/2020
- Can My Phone's Hotspot Be My Only Internet Connection? data plan costs? LH; 5/22/2020
- How to share your iPhone’s mobile connection by tethering or hotspot MW; 4/10/2020
- Broadband engineers threatened due to 5G coronavirus conspiracies Guard; 4/3/2020
- Stop Your Phone From Using So Much Data Connect to Wi-Fi Whenever Possible; See Which Apps Are Using the Most Data; Tweak Your Apps; Settings; Get a Better Deal on Your Data; NYT; 3/5/2020
- How to disable Wi-Fi on an iPhone or iPad and always use cellular data MW; 3/2/2020
- What You Need to Know About 5G in 2020 NYT; 1/8/2020
- Worried about 5G and Cancer? Here’s Why Wireless Networks Pose No Health Risk TB; 12/6/2019
- 5G decoded: Here's how to tell real 5G from the marketing fluff 3 versions (& multiple marketing names): millimeter wave (mmWave; speed vs. distance); Low-band (better coverage than 4G); midband (in between); CNet; 11/21/2019
- New 5G flaws can track phone locations and spoof emergency alerts TC; 11/12/2019
- [3] How to see your true cellular signal strength with the iPhone Field Test app turn off WiFi, call: *3001#12345#*; MW; 3/4/2019
- [2] Ubiquitilink advance means every phone is now a satellite phone TC; 2/25/2019
- [2] New flaws in 4G, 5G allow attackers to intercept calls and track phone locations 1. Torpedo; 2. Piercer; 3. IMSI-Cracking; TC; 2/24/2019
DNS, IP Addresses
- Wikipedia: Domain Name System (DNS); OpenDNS; Google Public DNS
- HowStuffWorks: How Domain Name Servers Work; How Internet Infrastructure Works: Internet Protocol: Domain Name System
- Wikipedia: List of Internet top-level domains; generic top-level domains (gTLDs)
- Wikipedia: Internet Corporation for Assigned Names and Numbers (ICANN)
- HowStuffWorks: Who owns the Internet?; What are the standard top-level domain names and who controls them?
- HowStuffWorks: Where are all the Internet domain names registered and maintained?
- Wikipedia: DNS hijacking or DNS redirection is the practice of subverting the resolution of Domain Name System (DNS) queries
- Wikipedia: DNS spoofing or DNS cache poisoning; data is introduced into a Domain Name System (DNS) resolver's cache, causing the name server to return an incorrect IP address, diverting traffic to the attacker's computer (or any other computer).
- Wikipedia: Pharming cyber attack intended to redirect a website's traffic to another, fake site
- How to fix your network when you see 'Another device is using your IP address' on a Mac MW; 9/10/2022
- What is BGP, and what role did it play in Facebook’s massive outage
DNS tells you where you're going, and BGP (Border Gate Protocol)
tells you how to get there ~Cloudflare; Verge; 10/5/2021 - How to Use Private Relay in Safari to Hide Your IP address on iPhone & iPad OSXD; 10/4/2021
- Apple announces iCloud+ with privacy-focused features
Private Relay: combines DNS-over-HTTPS with proxy servers);
Hide my email: generate random email addresses;
TC; 6/7/2021 - The NSA warns enterprises to beware of third-party DNS resolvers possible issues: false sense of security, bypassing of DNS monitoring and protections, concerns for internal network configurations and information, and exploitation of upstream DNS traffic; Ars; 1/15/2021
- Cloudflare and Apple design a new privacy-friendly internet protocol Oblivious DNS-over-HTTPS (ODoH); only the proxy knows the identity of the internet user and that the DNS resolver only knows the website being requested; TC; 12/8/2020
- Cloudflare's 23-Minute Outage Today Also Took Down Major Web Sites bad router rather than DoS attack; TC; 7/17/2020
- [2] Microsoft urges patching severe-impact, wormable server vulnerability 17-year-old DNS flaw requires no user interaction; Ars; 7/15/2020
- Apple says iOS 14 and macOS 11 will support the DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) protocols ZD; 6/25/2020
- It's Long Past Time To Encrypt The Entire DNS TD; 6/22/2020
- Block Malware With Cloudflare's New DNS Options LH; 4/2/2020
- How to Enable DNS Over HTTPS in Your Web Browser Firefox, Chrome, Edge, Brave (not Safari); LH; 2/25/2020
- Firefox turns encrypted DNS on by default to thwart snooping ISPs Ars; 2/25/2020
- The Digital Colonialism Behind .tv and .ly Wired; 2/7/2020
- Mozilla to add second DNS-over-HTTPS (DoH) provider in Firefox NextDNS joins Cloudflare as second built-in Firefox DoH provider; ZD; 12/17/2019
- Here's why the internet will always have enough space for all our devices IP addresses; TNW; 11/17/2019
- DNS-over-HTTPS will eventually roll out in all major browsers, despite ISP opposition DoH support is already present in all major browsers. Users just have to enable it and configure it; instructions: Brave, Chrome, Edge, Firefox, Opera, Safari(?), Vivaldi; ZD; 11/8/2019
- DNS over HTTPS can increase user privacy by obfuscating web traffic, but it's no silver bullet as DNS resolving services will still see unencrypted requests Wired; 10/9/2019
- Firefox will encrypt web domain name requests by default Eng; 9/7/2019
- The Infrastructure Mess Causing Countless Internet Outages Border Gateway Protocol; Wired; 6/28/2019
- How to Find Your Local and External IP Address And, iOS, Mac, Win; LH; 5/13/2019
- Ongoing DNS hijackings target unpatched consumer routers Ars; 4/4/2019
- Cloudflare expands its government warrant canaries when the government comes for your data, tech companies can’t always tell you. But thanks to a legal loophole, companies can say if they haven't had a visit yet (and then remove it if they have); TC; 2/25/2019
- [3] Inside the DNSpionage hacks that hijack domains at an unprecedented scale Ars; 2/18/2019
- [2] DHS issues security alert about recent DNS hijacking attacks from Iran; ZD; 1/22/2019
iOS
- How to Share a Wi-Fi Password with QR Code from iPhone or iPad OSXD; 7/8/2021
- Bug in iOS can break iPhone Wi-Fi using rogue hotspot name
don't try %p%s%s%s%s%n; ApIn; 6/19/2021 - How to Enable & Disable Private Wi-Fi Address on iPhone & iPad to Increase Privacy OSXD; 2/16/2021
- How to use the Wi-Fi button in the iOS Control Center to deal with weak networks 'soft off'; MW; 11/5/2020
- How to Switch Wi-Fi Networks from Control Center on iPhone & iPad iOS/iPadOS 13; OSXD; 2/4/2020
- What the new iOS 13 Wi-Fi message means about nearby available networks 'popular' networks; MW; 12/4/2019
- That's right: You can't turn off Personal Hotspot in iOS 13 and iPadOS 13 MW; 10/11/2019
- How to Connect to Wi-Fi Networks Faster in iOS 13 4 ways; TB; 10/7/2019
- How to Check Current Wi-Fi Networks Signal Strength in iOS OSXD; 9/6/2019
- How to share your Wi-Fi password as a QR code on iOS TNW; 6/21/2019
- iOS 12.1.3 No Service or Cellular Data Problems on iPhone? Try These Fixes OSXD; 1/26/2019
- How iOS's Wi-Fi Assist works and how it can affect your cellular bill a bad Wi-Fi connection can still cause your iPhone (or iPad) to use cellular data; MW; 1/3/2019
ISP; Satellite
- Best Satellite Internet Providers for 2022
HughesNet, Viasat, Starlink; CNet; 6/2/2023 - Best Internet Speed Tests CNet; 5/31/2023
- Consider the Connection Type When Comparing Internet Providers
fiber; cable; 5G; fixed wireless; DSL; satellite; CNet; 5/6/2023 - Comparing the available home internet connection types CNet; 4/4/2023
- What's the Difference Between SpaceX's Starlink and OneWeb? Giz; 3/31/2023
- Starlink RV Review: The Dawn of Space Internet to Go Verge; 6/25/2022
- Does Bad Weather Really Affect Your Internet? MF; 10/3/2021
- Jared Mauch didn’t have good broadband -- so he built his own fiber ISP "I had to start a telephone company to get [high-speed] Internet access."; Ars; 1/12/2021
- US Falls Out Of Top 10 Fastest Broadband Speeds and ranked 33rd in average mobile download speeds; TD; 6/15/2020
- New Cloudflare tool can tell you if your ISP has deployed BGP fixes Is BGP (Border Gateway Protocol) Safe Yet; Ars; 4/19/2020
- How to Easily Test Internet Connection Speed on Mac fast.com; OSXD; 4/19/2020
- How to test your home Internet speed PC; 3/31/2020
- How to stop Spectrum junk mail Verge; 2/29/2020
- Why big ISPs aren't happy about Google's plans for encrypted DNS DNS over HTTPS will make it harder for ISPs to monitor or modify DNS queries; Ars; 9/30/2019
- What Would It Take to Shut Down the Entire Internet? Giz; 9/30/2019
- Stop Renting Your Cable Modem: Buy One Instead TB; 2/21/2019
- Frontier demands $4,300 cancellation fee despite horribly slow Internet Internet was often unusable, but ISP charges giant fee to one-person business; Ars; 2/22/2019
- If 5G Is So Important, Why Isn’t It Secure? Tom Wheeler, former FCC chairman; NYT; 1/21/2019
macOS
- Get Network Utility on macOS Ventura, Monterey, & Big Sur copy from macOS Catalina; OSXD; 12/16/2022
- How to test your Mac's internet speed and quality MW; 1/24/2022
- [2] How to use your Mac's Wi-Fi menu to sort out weak areas of Wi-Fi coverage
option-click WiFi icon; Tx Rate: raw data rate;
PHY Mode: layer, e.g., 802.11ac; Channel & Freq.;
BSSID (Basic Service Set IDentifier);
Solving weak spots; MW; 7/2/2021 - [2] How to Flush DNS Cache in MacOS Catalina & Big Sur OSXD; 8/27/2020
- How to share a Wi-Fi connection via macOS MW; 6/8/2020
- How to Prevent Mac from Remembering Wi-Fi Networks Joined OSXD; 6/7/2020
Modem, Router
- The Best Wifi Routers to Buy in 2024 LH; 1/24/2024
- Here's the Difference Between a Modem and a Router LH; 11/7/2023
- Why It's Still Worth It to Wire Your House for Ethernet faster; LH; 9/30/2023
- The Best Wi-Fi Routers NYT; 8/22/2023
- Best Mesh Routers CNet; 8/14/2023
- Best Wi-Fi Extenders CNet; 8/10/2023
- How to fix your network when you see 'Another device is using your IP address' Mac; Renew DHCP lease, etc. MW; 8/3/2023
- The Best Wi-Fi Routers Wired; 6/12/2023
- Do Routers Collect Data? I Read 30,000 Words of Privacy Policy to Find Out
all of them collect and share user data for marketing; CNet; 5/31/2023 - What is Ethernet? Everything You Need to Know About Wired Networks Wired; 4/20/2023
- The Gear to Get Reliable Wi-Fi in Any Home NYT; 4/6/2023
- Best Mac Router MW; 3/23/2023
- The Best Cable Modem NYT; 2/8/2023
- Why Your Wifi Router Needs a 'Guest Mode' more private and secure; LH; 9/23/2022
- Comcast says 2-gig speeds are rolling out now to 'millions'
with multi-gig symmetrical speeds set for 2023; Verge; 9/10/2022 - Best mesh Wi-Fi routers: Reviews and buying advice PC; 9/8/2022
- Modem vs. Router: What's the Difference? NYT; 9/7/2022
- The Best Wi-Fi Extender and Signal Booster NYT; 8/15/2022
- How to Tell If Someone Is Stealing Your Wifi (and Boot Them Off) LH; 3/18/2022
- Why We Love the TP-Link Archer A7 Wi-Fi Router NYT; 1/31/2022
- Which internet speed test should you use to test your connection at home? Ookla, Fast.com, MLab, Speedof.me, Testmy.net; CNet; 12/26/2021
- Nine WiFi routers used by millions were vulnerable to 226 flaws BC; 12/2/2021
- How to secure your home Wi-Fi network and router PC; 9/7/2021
- Wi-Fi extenders vs. boosters vs. repeaters: Major differences explained PC; 8/27/2021
- Point-to-point Wi-Fi bridging between buildings—the cheap and easy way Ars; 8/20/2021
- Improve Your Home Wi-Fi with Mesh, Powerline, MoCA, or More Routers TB; 8/19/2021
- Shopping for a Router Sucks. Here's What You Need to Know Wired; 8/16/2021
- Slow Wi-FI? Changing your Wi-Fi network channel and bandwidth settings might fix it PC; 7/19/2021
- How to set up a Wi-Fi extender PC; 7/8/2021
- Run out of ethernet ports on your router? network switches; TNW; 3/29/2021
- Is your internet connection driving you mad? Here's what might be behind it TNW; 3/21/2021
- AT&T scrambles to install fiber for 90-year-old after his viral WSJ ad from 3Mbps DSL to 300Mbps fiber: Aaron Epstein's newspaper ad gets amazing result; Ars; 2/12/2021
- Huzzah, Now ISPs Can't Charge Rental Fees for Your Own Dang Modem Frontier; Giz; 12/21/2020
- Comcast working toward 10Gbps to your home DOCSIS 4; ZD; 10/4/2020
- How home router manufacturers dropped the ball on security PC; 7/6/2020
- Disable UPnP on Your Wireless Router Already LH; 6/12/2020
- The 10 Best Ways to Boost Your Home Wifi LH; 6/8/2020
- Everything You Need to Know About Slow Internet Speeds comprehensive guide to what to do about them; NYT; 5/20/2020
- How to Regain Access to a Locked Linksys Account Smart Wi-Fi” service; LH; 4/21/2020
- You Need to Lock Down Your Router's Remote Management Options LH; 3/27/2020
- New attack on home routers sends users to spoofed sites that push malware DNS hijacking of Linksys, D-Link; Ars; 3/25/2020
- Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability Broadcom chips; ZD; 1/10/2020
- How to Secure Your Wi-Fi Router and Protect Your Home Network change passwords: admin and Wi-Fi (WPA2); update firmware; disable Remote Access, UPnP, and WPS; use a Guest Network (if avail); Wired; 1/4/2020
- Update These TP-Link Routers to Fix a Critical Password Vulnerability Archer C5 v4; Archer MR200v4; MR6400v4; Archer MR400v3; LH; 12/19/2019
- [2] How to Address Security Bugs in Your Old Router LH; 12/6/2019
- What's the Difference Between a Router and a Modem? MF; 3/15/2019
- Is your router's Wi-Fi working but ethernet has gone bad? Here’s how to check MW; 3/8/2019
- Amazon's acquisition of eero is met with concerns over data privacy and disappointment that eero will integrate with the tech giant's own ecosystem mesh WiFi router; Verge; 2/12/2019
Wi-Fi
- Wikipedia: Wi-Fi: Wireless Local Area Network (WLAN); 802.11
- Wikipedia: WPA/WPA2 (Wi-Fi Protected Access); WEP (Wired Equivalency Protocol) obsolete
- Wikipedia: WPS (Wi-Fi Protected Setup) avoids long passcodes; convenience for users; can be vulnerable if PIN feature enabled
- HowStuffWorks: How WiFi Works; Quiz
- Take Control: Apple Wi-Fi Network
- 11 Ways to Upgrade Your Wi-Fi and Make Your Internet Faster
1. Move Your Router; 2. Use an Ethernet Cable;
3. Change the Channel or Band; 4. Upgrade Your Router;
5. Get a Wi-Fi Extender; 6. Use Your Electrical Wiring;
7. Add a Password to Your Wi-Fi; 8. Cut Off Unused Devices;
9. Check Your PC; 10. Restart Your Router?
11. Call Your ISP; Wired; 1/22/2024 - What is Wi-Fi 7? Everything You Need to Know Wired; 1/8/2024
- Your Computer Secretly Stores All Your Wi-Fi Passwords. Here's How to Find Them CNet; 3/22/2023
- Do This to Seamlessly Connect Guests to Your Wifi NFC, QR; LH; 11/21/2022
- How to Share Your Wi-Fi Password Wired; 8/7/2022
- Traveling? Beware of Unsecured Hotel Wi-Fi Networks OSXD; 7/28/2022
- How to Force Open a Public Wi-Fi Login Page (Captive Portal) OSXD; 6/26/2022
- How to make sure your hotel's Wi-Fi is fast enough USA; 5/27/2022
- These Things Are Blocking Your Home’s Wifi Signal LH; 5/26/2022
- Wi-Fi 7 Is Coming, and Here's Why You Should Care
IEEE 802.11be Extremely High Throughput (EHT); Giz; 2/16/2022 - The Best Ways to Boost Your Wifi Signal for Free LH; 2/2/2022
- How to Share Your Wifi Password
And, iOS, Mac, Win; LH; 12/20/2021 - The Truth About the Quietest Town in America
The National Radio Quiet Zone limits wireless communications.
But a journey to its center in Green Bank, West Virginia reveals a town at odds with itself.
Wired; 8/3/2021 - How to Share Your Wi-Fi Password
between Apple devices with visitor in your Contacts and vice versa;
QR code; Wired; 7/25/2021 - Did weak wi-fi password lead the police to our door?
BBC; 5/23/2021 - How to name your Wi-Fi networks for best Mac, iPhone, and iPad roaming
WPA2 settings; separate names useful if you have a lot of older equipment that bogs down the 5 GHz network; MW; 5/5/2021 - Wi-Fi's biggest upgrade in decades is starting to arrive Wi-Fi 6E (6GHz) devices are now being certified; Verge; 1/7/2021
- Check If the Wifi Is Going to Suck Before You Arrive Lag app; LH; 9/15/2020
- 5 Simple Ways to Improve Your Wi-Fi
1. Reposition your router;
2. Use an Ethernet cable instead;
3. Buy a new Wi-Fi router, extender or mesh networking kit;
4. Consider using a Wi-Fi hot spot (or your phone);
5. Upgrade your internet plan;
NYT; 8/24/2020 - How to turn your home Wi-Fi password into a QR code for easy sharing TNW; 7/20/2020
- Desperate for Wi-Fi, Many Have Nowhere to Go but a Parking Lot With cafes and libraries closed, Americans without internet access are sitting outside them to get free and fast connections; NYT; 5/5/2020
- How to Check Your Wifi Signal Strength LH; 4/27/2020
- What You Need to Know About Wifi 6E LH; 4/24/2020
- Flaw in billions of Wi-Fi devices left communications open to eavesdroppng Cypress and Broadcom chip bug; Ars; 2/26/2020
- [2] Ten rules for placing your Wi-Fi access points Ars; 2/24/2020
- You Need More Than HTTPS to Stay Safe on Public Wifi hackers can see metadata: domain names, size of files/pages, non-https sites & services; LH; 2/21/2020
- Find the WiFi Password For Almost Any Airport Lounge Using This Free Map LH; 1/20/2020
- [2] How to Find the Login Page on Public Wifi LH; 1/13/2020
- Tired of hearing about Wi-Fi 6? Great, let’s talk about Wi-Fi 6E doubling Wi-Fi's usable spectrum; Ars; 1/6/2020
- How Can I Find Out If Someone's Stealing My Wifi?
Low-tech method: Check your wireless router lights;
Network admin method: Check your router device list;
Detective method: Use a network monitoring software tool;
Moving forward: Beef up your wifi security; LH; 10/4/2019 - [2] How to Reveal Your Saved Wifi Passwords in Windows or macOS LH; 9/19/2019
- Wi-Fi 6 is barely here, but Wi-Fi 7 is already on the way in 2024; CNet; 9/3/2019
- Wi-Fi 6 Will Be Here Soon. What Is It? Wired; 8/29/2019
- Ask About a Hotel or Airbnb's WiFi Before You Book speed, caps, cost; LH; 8/25/2019
- With 'warshipping', hackers ship their exploits directly to their target's mail room Wi-Fi devices in packages; TC; 8/6/2019
- 82% of People in Study Say They Connect to Any Free WiFi That's Available in a Public Place 8/1/2019
- Never Commit a Crime When Your Phone Is Connected to a Wi-Fi Network Four students who left racist graffiti on their high school were caught when their smartphones betrayed them; Slate; 7/12/2019
- 6 Ways to Identify If You're Using Fraudulent Wi-Fi
1. The Wi-Fi Network Has A Vague Name.
2. You Haven't Confirmed The Network Name With Someone Trustworthy.
3. The Network Name Looks Almost Identical To Another One In The Area.
4. There Wasn't An Opt-In Page When You Logged On.
5. The Network Required You To Install Something Before You Could Use It.
6. The Network Isn't On A Reliable Database Of Vetted Networks; MF; 7/2/2019 - Wi-Fi 6: Better, faster internet is coming -- here's what you need to know CNet; 5/11/2019
- How Do I Share My Neighbor's Wi-Fi Connection? with permission; LH; 4/12/2019
- [2] Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords Ars; 4/11/2019
- How Do I Block My Neighbor's Wifi? LH; 3/22/2019
- A brief history of Wi-Fi security protocols from "oh my, that's bad' to WPA3 ~1997: WEP(RC4); ~1999:WPA(TKIP); ~2004:WPA2(AES-CCMP); ~2018:WPA3(NFC, PFS, SAE); Ars; 3/10/2019
- Do My Devices Have to Use the Same Wi-Fi Band to Talk to Each Other? LH; 3/8/2019
- [2] Which Wi-Fi Channels Should I Use for My Wireless Network?
2.4GHz (2400-2500MHz): 14 channels @ 20MHz each, all overlapping -- ideally, channels 1, 6, or 11;
5GHz (5200-5400MHz): 25 channels @ 20MHz each, though you’ll only typically see up to 12 options, each 40MHz wide;
you want your wireless networks to live on channels that have as few competing networks as possible;
wireless scanning app: Wifi Analyzer Win: free;
Wifi Explorer Mac: $20;
NetSpot: And, Mac, Win: free, $; LH; 2/22/2019 - Wi-Fi 6: is it really that much faster? WPA3; theoretical max speed: 9.6 Gbps vs. 3.5 Gbps on Wi-Fi 5; more about improving the network when many devices are connected; Verge; 2/21/2019
- Which Wi-Fi Band Should I Use for My Devices? 2.4GHz band: better range; 5GHz band: fastest speeds; congestion, number of devices? LH; 2/15/2019
- [2] WiFi firmware bug affects laptops, smartphones, routers, gaming devices lets attacker hijack devices without any user interaction; list of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices; "patches are in the works"; ZD; 1/18/2019
Windows
Safer Internet: Connection: Use a VPN
Safer Internet: Connection: Use a VPN
Summary | Choosing | Configuration |
References: General | Android | Government | iOS |
Products/Reviews | macOS | Windows
Summary
- [1] Choose and Configure a Virtual Private Network (VPN) to connect to the Internet:
- To keep info extra private or secure:
when your device (or remote site) lacks the latest security updates
-- https: (normally secure) might be vulnerable,
or when communicating insecurely with a site via plain (unencrypted) http:
-- block ad injections/tracking by ISPs,
or when you're on an open, public, insecure non-WPA Wi-Fi network
(including Wi-Fi with a widely distributed password, e.g., coffee shop -- though https: is usually enough)
-- avoid MITM (man-in-the-middle) attacks from nearby,
or when using a foreign cell carrier or SIM card (whose encryption might be compromised),
or when plugging into a public ethernet jack, e.g., hotel cabling and/or switches may have been compromised. - If travelling, esp. internationally -- avoid monitoring and bypass content/service blocking,
e.g., [1] location-based "geofencing", e.g., streaming services, banks? [2] government censorship of sites/apps - Potential disadvantages: configuration, slower, sites may detect/block VPN access
- How much of connection is encrypted / anonymous?
{Figure 4. TCYOP-4: 60; TCYOP-3: 48} - Connection between you and the VPN uses your IP address
-- everything is encrypted. - Connection between VPN and destination site uses VPN's IP address
-- content still encrypted, if https: used initially - Site does not see original IP address -- however, anonymity not guaranteed
if government or hacker can obtain VPNs server logs - [1] Reduce monitoring/logging by network providers (ISPs, cell companies) and governments
- If not using a full VPN, at least encrypt web address (DNS) lookups?
- "1.1.1.1 Faster Interet" (free Cloudflare app; iOS, Android) uses a VPN
to enable faster more secure DNS lookups (only) -- not content) (section: WiFi: DNS) - [2] If working remotely -- company info very attractive to hackers/spies
- [2] Reduce recording of your searches by search engines, e.g., Google
-- there are easier ways, e.g., see :Browsing:Search Privately - [3] For more anonymity (IP address), see Browsing:Anonymity, e.g., Tor, TAILS
- [3] If you're a high-profile target: dissident, whistleblower, executive, celebrity, wealthy, cryptocurrency speculator, ...
- [3] Supplement your firewall protection
- References
Choose a VPN Service
- paid version vs. free (ads, limits)
- performance -- it can be somewhat -- or a lot -- slower
- company experience, longevity, privacy policy, trustworthiness
- anonymity decreased by server logs?
- network reliability, availability
- bandwidth/transfer limits
- configuration ease & support
- trustworthiness & accuracy of product reviews
-- there are many mediocre or bad services; don't choose only because of an 'incredible' (life-time) price. - country of company's servers and operations?
some believe their government can't obtain their logs if a VPN company is based 'offshore';
if ownership and security policies of a VPN are not transparent, can you trust that it isn't run by a government agency, or ? - Joe's recommendations {TCYOP-4: 60-61; TCYOP-3: 49-50} -- all platforms, unless otherwise noted
- [1] Free, ad-supported, usage caps, e.g., Hotspot Shield; privacy risk?
- [1] Free, specific browser, e.g., Opera; Mac, Win
- [1] Paid services/subscriptions:
- Cargo VPN (Mac-only)
- Encrypt.me (formerly Cloak)
- Disconnect Premium; browser only? includes other privacy and security features
- IVPN
- personalVPN / WiTopia* (also: jumpthewall.net);
Why Use a VPN?; Why We're the Best VPN;
[1] And, iOS, Mac, Win; [2] others -- on right: "Quick Connect" screen;
*if you subscribe to personalVPN, please use this referral link (or code: Q8Hg3YRM)
-- you'd receive an immediate 15% discount, and Steve receives a similar credit! - Private Internet Access (PIA)
- [3] NordVPN; also routes your connections through Tor
- [3] Hardware VPN router, e.g., WiTopia Cloakbox Pro, e.g., for all home devices
Configure and Use a VPN Service
- Example personalVPN (Witopia): all platforms: apps & manual setup
- personalVPN apps available: Android; iOS; macOS, Windows
- others (manual setup): Chromebook, Fire, Linux, Surface, etc.
- In app, login using separate VPN username and password
-- different from main account credentials. - iOS:
Settings > VPN
; right: configurations: "1.1.1.1" & personalVPN - Instead of default (Quick) connection, change to
a gateway/server in a different country or specific city,
e.g., on right: iOS and Mac screens - [2] comparison of protocols;
setup: IPsec; L2TP; IKEv2;
[3] OpenVPN/OpenSSL most secure/customizable;
[3] PPTP older, not recommended
References
- {TCYOP-4: 59-66; TCYOP-3: 47-57; Recommendations, Beware VPN Review Sites, The Problem of End-to-End Privacy, Using a VPN Router, SSL Implementation Bugs and Issues, Avoid DNS Mischief}
- sections: Refs: Android; Government; iOS; Products/Reviews; macOS; Windows
- topics: censorship, China, IPSec, L2TP, PPTP, OpenVPN
- Wikipedia: VPN; proxy server
- Wikipedia: Tunneling Protocol; Internet Protocol Security (IPsec); Point-to-Point Tunneling Protocol (PPTP); Layer 2 Tunneling Protocol (L2TP); OpenVPN
- table: PPTP vs L2TP/IPSec vs OpenVPN
- HowStuffWorks: How VPNs Work
- dnsleaktest.com, ipleak.net check if IP address private
- Don't Fall for These 7 VPN Myths
1. VPNs are mostly for illegal activity
2. VPNs make you completely anonymous
3. Free VPNs are just as good as paid VPNs
4. VPNs speed up your internet
5. VPNs can bypass any geo-restrictions
6. VPNs are too complex to use
7. VPNs protect against malware and viruses
CNet; 11/9/2023 - 5 Reasons to Use a VPN CNet; 9/29/2023
- VPN Obfuscation: What It Is and Why You Might Need It CNet; 8/17/2023
- Why You Should Use a VPN When Booking a Hotel it's travel industry standard to use dynamic pricing, location is one of the many factors that affect prices
-- one of the few you can control; LH; 8/9/2023 - Browser-Based VPNs: 3 to Try if You Want to Improve Online Privacy
easier and speedier to use than typical VPNs (router, apps), these lightweight privacy boosts are handy to have around;
Brave Firewall + VPN; Firefox Private Network; Chrome w/ a VPN extension; CNet; 10/7/2022 - What You Need to Know About Google's VPN
if you pay for Google's cloud storage, you might be able to take advantage of it; Giz; 2/25/2022 - 3 companies control many big-name VPNs: What you need to know
Kape Technologies Plc (Formerly Crossrider Plc): CyberGhost VPN (Crossrider), ZenMate VPN, Private Internet Access, ExpressVPN;
Ziff Davis (Formerly J2 Global, Inc.): IPVanish, Strong VPN (Encrypt.me, ibVPN, SaferVPN);
Nord Security (Tesonet): NordVPN, Atlas VPN, Surfshark;
CNet; 2/5/2022 - Here's why you probably don't need to rely on a VPN anymore
the widespread use of encryption has made public internet connections far less of a security threat, cybersecurity experts say; NBC; 12/31/2021 - A New Report on VPNs Shows They're Often a Mixed Bag for Privacy
Consumer Reports white paper; Giz; 12/8/2021 - iCloud+ Private Relay explained: Don't call it a VPN
'public beta' feature this fall for paid iCloud accounts;
VPN differences: works only w/ Safari, not all traffic;
easily identifiable as a 'proxy server' (VPNs usually aren't);
can't hide your region; MW; 11/17/2021 - It’s Time to Stop Paying for a VPN
more sites use https: and/or support MFA; NYT; 10/6/2021 - NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs 9/28/2021
- Can ISPs, Websites, and Your Boss Tell If You're Using a VPN? LH; 9/10/2021
- VPN Hacks Are a Slow-Motion Disaster
recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown;
Wired; 4/25/2021 - Is your VPN secure? How to make sense of VPN encryption PC; 3/24/2021
- Three VPNs popular with criminals and active for over a decade have had their servers and web domains seized by law enforcement from US, Germany, France, others safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers; ZD; 12/22/2020
- Researchers say seven Hong Kong-based 'no log; VPNs have left 1TB+ of user logs and personally identifiable info exposed on the internet Reg; 7/17/2020
- VPNs: 3 things they can't help you with Let you game at work without the boss knowing; Protect you from viruses and tracking; Get you online during an internet shutdown; CNet; 3/10/2020
- Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data Android: Free and Unlimited VPN, Luna VPN, Mobile Data, Adblock Focus; iOS: Adblock Focus, Luna VPN; BF; 3/9/2020
- NordVPN users' passwords exposed in mass credential-stuffing attacks Ars; 11/1/2019
- How to Protect Your Data in the NordVPN, TorGuard and VikingVPN Breaches LH; 10/22/2019
- Hackers steal secret crypto keys for NordVPN. Here's what we know so far Breach happened 19 months ago; Ars; 10/21/2019
- Cloudflare Launches Its Security-Focused Mobile VPN, Again WARP; Wired; 9/25/2019
- Opera 60 debuts with a free, faster VPN, and Netflix hasn't blocked it yet PC; 4/10/2019
- Cloudflare 1.1.1.1 with Warp Accelerates Internet Privacy 4/1/2019
Android
- Best Android VPN CNet; 10/9/2023
- The 5 best VPNs for Android PC; 6/17/2023
- 7 Android VPN apps you should never use because of their privacy sins Yoga, proXPN, Hola, oVPNSpider, SwitchVPN, Zoog, Seed4.Me; CNet; 9/9/2019
- Opera adds unlimited VPN service to its Android browser for free 256-bit encryption and no data logging; 3/20/2019
- Check if Your Android VPN Is Collecting Personal Data LH; 3/7/2019
- Facebook VPN that snoops on users is pulled from Android store Onavo Protect VPN (removed for iOS 8/2018); Ars; 2/22/2019
- How to Set Up Opera's Mobile VPN for Secure Browsing on Android LH; 2/7/2019
Government
- Russians Need VPNs. The Kremlin Hates Them Wired; 3/30/2022
iOS
- All iOS VPNs are worthless and Apple knows it, claims researcher
long-time bug in iOS prevents any VPN from fully encrypting all traffic; ApIn; 8/17/2022 - Security researchers warn of scam VPN apps on iOS Buckler VPN, Hat VPN, Beetle VPN; fake reviews, expensive subscriptions; ApIn; 6/3/2020
- Researcher: a vulnerability affecting iOS 13.3.1 and later prevents VPNs from encrypting some traffic, potentially exposing user data or leaking IP addresses BC; 3/26/2020
- How to View VPN Connect Time on iPhone or iPad OSXD; 2/5/2020
- How to Delete a VPN from iPhone or iPad OSXD; 12/14/2019
macOS
- How to use a VPN on a Mac MW; 12/7/2022
- Apple has removed a controversial feature in macOS 11.2 beta 2 that allowed its own apps to bypass third-party firewalls, security tools, and VPNs ZD; 1/14/2021
- Apple apps on Big Sur bypass firewalls and VPNs TNW; 11/16/2020
- How to Delete a VPN Configuration from Mac OSXD; 2/2/2020
Products / Reviews
- Witopia sometimes is not listed in (paid) product reviews, or given a bad rating (possibly since based in US). Witopia Support responded to me: "Honestly we are not sure where they are getting a lot of their data from as it is not accurate. They are even giving a bad rating for companies that have offices in the USA which is odd. We have reached out to them many times to try and get them to correct the bad data but they refuse to reply or correct. We do not store any logs of users. We do not share data with other parties about your usage, sites, services etc. We do not limit anything (bandwidth, filters throttles etc)."; About; Why We Are the Best VPN
- Best VPN services: Reviews and buying advice for Mac users MW; 11/6/2023
- Best VPN service CNet; 8/28/2023
- Best Mac VPN CNet; 8/20/2023
- Best VPN Services: Reviews and Buying Advice PC; 8/10/2023
- The Best VPNs to Protect Yourself Online Wired; 7/9/2023
- TunnelBear 5.0.1 TB; 4/21/2023
- Best VPN Service NYT; 3/14/2023
- NordVPN review: A great choice for Netflix fans, but who's running the show? NordVPN has good performance, great features, and it suits novices and power users alike. But who is running the show down there? PC; 9/29/2021
- You Should Probably Stop Using ExpressVPN
Kape Technologies (an Israeli technology firm with a controversial past) owns ExpressVPN, Private Internet Access (PIA), CyberGhost, ZenMate; Giz; 9/24/2021 - Which VPN Providers Really Take Privacy Seriously in 2021? 6/14/2021
- Is a free VPN safe? What to look for
Who runs the VPN?
What data does the VPN collect?
What does the VPN do with your data?
How does the VPN make money?
How does the VPN secure your data?
Best free VPNs to start with; PC; 3/15/2021 - Hackers are actively trying to steal passwords from two widely used VPNs Fortigate, Pulse Secure; Ars; 8/24/2019
- Risky free VPNs still available in Apple App Store & Google Play despite warnings AI; 8/13/2019
- Do You Trust Your VPN? Are You Sure?
what's 'reputable'? US vs. offshore location/ownership? some VPNs are scams, shady/biased review sites, slow performance, ads; Slate; 2/28/2019
Windows
- Malwarebytes releases new VPN service for Windows Malwarebytes Privacy. in future: Mac, iOS, Android, ChromeOS versions; BC; 4/23/2020
Safer Internet: Connection: Avoid Malware
Safer Internet: Connection: Avoid Malware
Quotes | Summary | Types | User Practices | Apps | Plugins | Flash | Java | Anti-Virus | Advanced |
References: General | Android | Anti-virus | Cyberattacks/Cyberwar |
Extensions, Plug-ins | Flash, Shockwave | iOS | Java | JavaScript | macOS |
Microsoft Office | Ransomware | Spyware | Web Servers | Windows
Quotes
- "In God we trust,...
- "If you spend more on coffee than on IT security,...
- Amish Virus...
- Disney Virus...
- Prozac Virus...
- Airline Virus...
- Health Care Virus...
- Dr. Jack Kevorkian Virus...
- Viagra Virus...
- Viagra 2 Virus...
Summary
- [1] Understand different types of malware, by transmission and action
- [1] Improve user practices: "be-aware"
- [1] Install and update approved apps: software
- [1] Manage / Minimize Plugins, Extensions, Add-ons
- [1] Flash: Update, Block or Uninstall
- [1] Java: Update, Block or Uninstall (but keep JavaScript enabled)
- [1] Install & Maintain AntiVirus tools -- if available / applicable
-- lower priority than updating software and safer user behaviors. - [2] Disable programming functionality in apps, e.g., Microsoft Office macros
- [3] Advanced Settings: JavaScript, WebGL, web admin
- References
[1] Understand Different Types of Malware
- Malware can access, compromise local files -- and online identities and accounts.
- Viruses Wreak Havoc On Your Files
- Spyware Steals Your Information
- Scareware Holds Your PC for Ransom
- Trojan Horses Install a Backdoor
- Worms Infect Through the Network
- There's often overlap
[1] Improve User Practices
- Pay attention -- most malware requires active user involvement
- Don't click on links or open attachments in an unexpected email from "friends", "boss", "family"
- Use browser Bookmarks / Favorites or a password manager to access web sites -- see later section: Browsing: Go To Correct Site
- Don't click on links in popups, or unknown links in web pages, esp. ads
- Do not respond to popups that "hijack" your browser, esp. those that "found malware" or download unexpected 'Flash updates' -- just quit browser (see Block Ads section if you can't close/quit); reputable companies do not use such annoying / scare tactics
[1] Install and Update Approved Apps
- Backup your Devices; install & update your software -- system and applications -- by downloading only from vendor's app store (if screened), app's own Update preference or control panel, other reputable sites
- [3] macOS: System Integrity Protection (SIP) is enabled by default, which aims to protect critical system folders by locking them down; temporarily disable SIP only if you know what's you're doing
- [3] Don't "jail break" or "root" your device, i.e., don't install unofficial or pirated system/application software -- or visit "warez" or "dark" sites
- macOS:
App Store
- iOS:
App Store
- macOS:
System Preferences > Security & Privacy > General > Allow Apps Downloaded From:
[screenshot] - [1]
Mac App Store
- [2]
Mac App Store and Identified Developers
- [3]
Anywhere
-- note: option hidden by default in 10.12 - [2] To open an "unidentified" app that you're sure about:
- macOS:
Applications > (ctrl-click app) > Open > Open
- iOS: use the TestFlight app to accept expected invitations from known developers
- Enable phishing/malware/plugin warnings
- macOS:
Safari > Preferences > Security > Fraudulent sites; Internet plug-ins
[screenshot] - macOS:
Firefox > Preferences > Security > Block reported attack sites / web forgeries / add-ons
- macOS:
Chrome > Settings > Advanced Settings > Privacy > Protect you and your device from dangerous sites
- iOS:
Settings > Safari > Privacy & Security > Fraudulent Website Warning
[screenshot] - [2] Don't automatically open downloaded files (check file types)
- macOS:
Safari > Preferences > General > Open "safe" files after downloading
[screenshot]
[1] Manage / Minimize Plugins, Extensions, Add-ons
- macOS:
Safari > Preferences > Security > Allow plugins
[screenshot]; [screenshot: Plug-in Settings] - macOS:
Firefox > Preferences > Applications
- macOS:
Firefox > Preferences > Security > Warn me when sites try to install add-ons
- macOS:
Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Plugins; also Unsandboxed Plugins
- Consider disabling problematic, obsolete, infrequently-used plugins
- most sites, e.g., YouTube, default to HTML5 for video if Flash not present; Java less popular -- covered next
- iOS: unnecessary -- since plugins are not generally allowed
- configure to selectively load a plug-in if desired, or re-install if needed
- remove obsolete plugins, e.g., Microsoft Silverlight
- macOS:
Finder > (disk/user) > Library > Internet Plugins
[1] Flash: Update, Block or Uninstall
- iOS: NA
- macOS: I generally recommend uninstalling Flash from system; if necessary to use for some Flash-based sites, selectively use Google Chrome, which keeps Flash up-to-date automatically (at least for a little while longer), provides "sandboxing", and also auto-pauses certain videos / ads
- macOS:
Chrome > chrome://plugins > Enable, Always Allow to Run
maybe possible to run on-demand selectively via ctrl-click? - If you do need to use Flash more frequently / conveniently, make sure it's always up to date and control using a flash blocker
- macOS:
System Preferences > Flash Player > Advanced > Updates
- macOS:
System Preferences > Flash Player > Storage > Delete All
- macOS:
Safari > Preferences > Extensions > Get Extensions : ClickToFlash
- macOS:
Safari (ctrl-click) > ClickToFlash Preferences
- macOS should automatically disable insecure versions, and display message: 'Blocked plug-in', 'Flash Security Alert' or 'Flash out-of-date'
[1] Java: Update, Block or Uninstall
- iOS: NA
- macOS:
System Preferences > Java > Update
[screenshot] - macOS:
System Preferences > Java > Security > Security Level
- macOS:
Safari > Preferences > Security > Allow Plugins > Website Settings : Java : Ask
[screenshot] - If installer wants to install any crapware or change settings by default, e.g., Yahoo homepage, search engine -- uncheck anything you don't want! -- installer now seems to be 'clean'
[1] Install Anti-Virus (AV)
- Install & maintain antivirus software on your device, if applicable & desired
- Be careful where you obtain malware protection software -- some may be malware / adware itself -- especially if obtained via ad links, popups, pop-under windows
- Having AV installed is no excuse to be careless
- iOS: unnecessary
- macOS: optional -- to avoid distributing infected files to others, e.g., Windows friends, or if still using external portable media from unknown sources: USB drives, CD/DVD, floppies, etc.
- virus definitions may not include newest threats; scanning may slow down, interfere with system
- examples: Avast; Avira; ClamXav; Comodo; Sophos
- note: if you're running Windows on macOS (using Boot Camp, or virtualization software like VMware Fusion or Parallels Desktop), you should absolutely run Windows anti-malware software -- Mac anti-malware won't help
- Windows:
Windows Settings > Update & Security > Windows Defender
- If you must use others' devices to access your accounts, make sure they're well-protected (antivirus) and maintained (software updates) -- see Mobile Privacy section, esp. to avoid keyloggers or other spyware
[3] Advanced Settings: JavaScript, WebGL, web admin
- JavaScript: on
- JavaScript (not the same as 'Java') is essential for most modern sites; most browsers don't provide an option to disable
- macOS:
Safari > Preferences > Security > Enable JavaScript
- You can generally remove tracking scripts by using a Content/Ad Blocker -- see Block Ads section
- WebGL: on
- WebGL (Web Graphics Library) JavaScript-based graphics using GPU
- macOS:
Safari > Preferences > Security > Allow WebGL
- If administering your own website, check system log for suspicious activity, e.g., logins to non-existent or unauthorized accounts, unexpected accesses to admin pages or to non-existent modules / pages / directories; add suspicious IP addresses to a 'deny list'
References
- {TCYOP-4: 70-71; TCYOP-3: 57-58}
- sections: Refs: Android; Anti-virus; Cyberattacks/cyberwar; Extensions, Plug-ins; Flash, Shockwave; iOS; Java; JavaScript; macOS; Microsoft Office; Ransomware; Spyware; Web Servers; Windows
- topics: airgap, botnet, cryptojacking, keylogger, social engineering, USB drives, zombie
- other computer virus jokes: politicalhumor.about.com; ahajokes.com
- Wikipedia: Malware: short for malicious software, is a general term used to refer to a variety of forms of hostile or intrusive software, e.g, to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Only some is internet-related.
- HowStuffWorks: How to Detect Online Scams
- Wikipedia: Zero day attack exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch
- Wikipedia: Worm: malware that actively transmits itself (automatically, w/o user intervention) over a network to infect other computers
- Wikipedia: Virus: malware that has infected some executable software and, when run (usually by user opening a program, email or document), causes the virus to spread.
- HowStuffWorks: How Computer Viruses Work; How to Know if Your Computer is Infected with a Virus
- HowStuffWorks: How do viruses and worms spread in e-mail?
- HowStuffWorks: 10 Worst Computer Viruses of All Time
- Wikipedia: Trojan Horse: malware that appears benign/desirable but conceals malicious code; e.g., Zeus (2007-)
- HowStuffWorks: How Trojan Horses Work
- Viruses, Trojans and Worms video: 2:31
- Wikipedia: Botnet: collection of Internet-connected programs communicating with other similar programs in order to perform tasks -- some may be malware
- Wikipedia: Zombie computer: malware used to send email spam, to host contraband data such as child pornography, or to extort via distributed denial-of-service attacks.
- Wikipedia: Denial of Service Attack (DoS): make a machine or network resource unavailable to its intended users
- HowStuffWorks: How Zombie Computers Work; How to Fix Your Zombie Computer
- Wikipedia: air gap physically isolate a secure computer network from unsecured networks
- Wikipedia: Rootkits modify the host's operating system so that the malware is hidden from the user.
- Wikipedia: man in the middle attach (MITM) requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel
- Wikipedia: Logic bomb: malware triggered by certain conditions, e.g., programmer fired
- HowStuffWorks: How does a logic bomb work?
- Wikipedia: social engineering obtaining confidential information by manipulating and/or deceiving people
- Wikipedia: Hacker (black hat); Firewall
- Wikipedia -- conferences/conventions: Black Hat Briefings; DEF CON
- HowStuffWorks: How Hackers Work; How Firewalls Work; Could hackers devastate the U.S. economy?; Computer Security Quiz
- That QR Code You’re About to Scan Could Be Risky, F.T.C. Warns NYT; 12/11/2023
- How to Not Get Hacked by a QR Code "quishing"; Wired; 12/3/2023
- It's Safe to Scan QR Codes (If You're Careful) LH; 5/12/2023
- FBI Advising People to Avoid Public Charging Stations 4/12/2023
- How to Recover From a Browser Hijacking Attack LH; 3/9/2023
- Why You Should Never Plug In an Unknown USB Device LH; 7/7/2022
- How to Use Microsoft Defender on All Your Devices
the security tool for Apple, Android, and Windows is now
available to any Microsoft 365 subscriber; Wired; 6/27/2022 - Steps to Simple Online Security: 8: Free Antivirus Software Is Good NYT; 4/15/2022
- FCC puts Kaspersky on security threat list, says it poses "unacceptable risk"
Moscow-based firm joins Huawei and ZTE on the same US security threat list; Ars; 3/25/2022 - The Log4J Vulnerability Will Haunt the Internet for Years Wired; 12/13/2021
- Hacker Lexicon: What Is a Watering Hole Attack?
two types of victims: the legitimate website or service that attackers compromise
to embed their malicious infrastructure, and the users who are then compromised
(usually via browser bug) when they visit; Wired; 11/28/2021 - 'Stalkerware' Apps Are Proliferating. Protect Yourself.
these spyware apps (mostly Android, some iOS) record your conversations, location and everything you type,
all while camouflaged as a calculator or calendar; NYT; 9/29/2021 - Feds list the top 30 most exploited vulnerabilities. Many are years old Ars; 7/29/2021
- Amnesty International researchers published a toolkit to help anyone scan their iPhone and Android devices for evidence of compromise by NSO's Pegasus spyware TC; 7/19/2021
- No, open source Audacity audio editor is not "spyware"
the community's telemetry concerns were received and addressed two months ago;
new privacy policy; Ars; 7/6/2021 - Google App Engine feature abused to create unlimited phishing pages malicious subdomains; BC; 9/20/2020
- How to Check Your Devices for Stalkerware Wired; 7/19/2020
- TikTok says it will stop clipboard snooping after iOS 14 reveals when apps attempt to read the clipboard; TikTok claims it was used to identify spammy behavior Tel; 6/25/2020
- Hacker Lexicon: What Is a Side Channel Attack? computers constantly give off more information than you might realize—which hackers can use to pry out their secrets; Wired; 6/21/2020
- UPnP flaw exposes millions of network devices to attacks over the Internet Windows; printers, modems, routers; best defense is to disable UPnP altogether; Ars; 6/11/2020
- The Curious Case of Copy & Paste -- on risks of pasting arbitrary content in browsers 6/2/2020
- Major security flaw found in Thunderbolt Macs and PCs: Should you be worried? for Mac, only if physical access to powered on Mac; MW; 5/16/2020
- Filipino Onel de Guzman, author of the Love Bug worm that infected millions of PCs in May 2000, talks about his creation and claims he regrets writing it BBC; 5/3/2020
- Meet the white-hat group fighting Emotet, the world's most dangerous malware Cryptolaemus group; from banking trojan to malware loaded; ZD; 2/29/2020
- Microsoft to bring its Defender antivirus software to iOS and Android malware and phishing attack protection; CNet; 2/20/2020
- One of the most destructive botnets can now spread to nearby Wi-Fi networks weak WiFi passwords; Ars; 2/11/2020
- There's a scary new reason not to borrow a stranger's iPhone cable FC; 10/8/2019
- How Can You Tell If an App Is Malware? LH; 9/20/2019
- How to Find Spyware Your Employer Installed on Your Computer and What to Do About It Giz; 8/5/2019
- The Worm That Nearly Ate the Internet Conflicker infected 10 million computers in 2010. So why did cybergeddon never arrive? NYT; 6/29/2019
- A Computer Afflicted With 6 Infamous Viruses Has Passed $1 Million at Auction art project: The Persistence of Chaos; MB; 5/21/2019
- Hard-to-detect credential-theft malware has infected 1,200 and is still going Separ's 'living-off-the-land' approach (spartan malware that's built on legitimate apps and utilities) bypasses many antimalware providers; starts by end user clicking on a disguised executable; Ars; 2/20/2019
Android
- How Hackers Tricked 300,000 Android Users into Downloading Password-Stealing Malware LH; 12/1/2021
- Uninstall These Malicious Android Apps That Stole Facebook Passwords LH; 7/4/2021
- How to Get Rid of Android's Most Annoying Malware: xHelper LH; 2/18/2020
- This New Android Malware Can Survive a Factory Reset LH; 10/30/2019
- Double-Check That Your Android Antivirus App Actually Works some underperform or may even pose serious security risks; LH; 3/20/2019
- In a test of 250 Android antivirus apps in the Google Play Store, only 80 could detect more than 30% of malware, and only 23 had 100% detection rate ZD; 3/14/2019
- Delete These Malware-Laden Apps From Your Android Right Now LH; 3/14/2019
Anti-Virus
- HowStuffWorks: Is there any free anti-virus software?
- Avast shutters data-selling (Jumpshot) subsidiary amid user outrage Users were not happy to learn "security" software sold their browsing habits; Ars; 1/30/2020
- Antivirus Maker Avast Sold Data on Millions of Users TB; 1/29/2020
- Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits. Forbes; 12/9/2019
- Recent antivirus tests are bad news for paid security suites Windows; their basic AV capabilities are being equaled by free apps; PC; 1/30/2019
Cyber Attacks, CyberWar
- Wikipedia: Anonymous loosely associated international network of activists and hacktivists; well-known for distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites
- Wikipedia: Hacktivism; Denial of Service Attack make a machine or network resource unavailable to its intended users
- HowStuffWorks: How Anonymous Works
- Wikipedia: Computer Emergency Response Team Internet security incidents and cyberthreats
- Wikipedia: cyberterrorism; cyberwar Kosovo 1998; US Cyber Command; CISPA: Cyber Intelligence Sharing and Protection Act proposed: 2011
- HowStuffWorks: Is cyberwar coming?; How CISPA Works
- HowStuffWorks: What does the U.S. cybersecurity czar do?; Could a single hacker crash a country's network?; Could hackers devastate the U.S. economy?
- Could Cyberwar Make the World Safer? NYT; 8/22/2021
- The Untold History of America's Zero-Day Market lucrative business of dealing in code vulnerabilities is central to espionage and war planning; Wired; 2/14/2021
- With Hacking, the United States Needs to Stop Playing the Victim the U.S. also uses cybertools to defend its interests. It’s the age of perpetual cyberconflict; NYT; 12/23/2020
- Journalist’s phone hacked by new 'invisible' technique: All he had to do was visit one website. Any website. NSO Group; 6/21/2020
- China's Military Is Tied to Debilitating New Cyberattack Tool Aria-body (embedded in MS Office files) had been deployed against governments and state-owned companies in Australia and SE Asia; NYT; 5/7/2020
- A Critical Internet Safeguard Is Running Out of Time Shadowserver; Wired; 3/16/2020
- The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History Wired; 10/17/2019
Extensions, Plug-ins
- see sections: Flash, Java
- Wikipedia: Silverlight; Adobe (Macromedia) Shockwave
- Ethical.net: Browser extensions
- Our Favorite Ad Blockers and Browser Extensions to Protect Privacy NYT; 9/30/2021
- Our Favorite Ad Blockers and Browser Extensions to Protect Privacy
Ad blocker: uBlock Origin;
Tracking blocker: Privacy Badger;
Secure connections: HTTPS Everywhere;
Cleaner links: ClearURLs;
Local resources: Decentraleyes;
Login protection: Use a password manager;
Firefox Multi-Account Containers;
Extra-credit tools: Use a VPN, Enable DNS over HTTPS (DoH), Change your default search engine;
NYT; 3/11/2021 - How to Make Sure Your Browser Extensions Are Safe Wired; 6/27/2021
- Teams behind Chrome, Safari, Firefox, and Edge unveil a development forum at W3C to standardize and build a unified, more secure foundation for extensions CNet; 6/4/2021
- Up to 3 million devices infected by malware-laced Chrome and Edge add-ons 28 malicious extensions hosted by Google and Microsoft; Ars; 12/16/2020
- What You Need to Know About the Latest Chrome Extension Malware Campaign LH; 6/24/2020
- Check Chrome and Remove Any of These 70+ Malware Extensions LH; 2/14/2020
- Mozilla removes four Firefox extensions made by Avast and AVG after reports that they were harvesting user data and browsing histories still available on the Chrome Web Store; ZD; 12/3/2019
- DuckDuckGo Privacy Essentials extension returns to Safari ApIn; 11/7/2019
- Mozilla to stop supporting sideloaded extensions in Firefox starting March 2020, with Firefox 74; ZD; 11/1/2019
- Google to Minimize the Data Collected by Chrome Extensions PC; 7/23/2019
- Uninstall These Eight Browser Extensions That Stole Data from Millions
Branded Surveys (Chrome); FairShare Unlock (Chrome and Firefox)
HoverZoom (Chrome); Panel Community Surveys (Chrome)
PanelMeasurement (Chrome); SaveFrom.net Helper (Firefox)
SpeakIt! (Chrome); SuperZoom (Chrome and Firefox); LH; 7/18/2019 - My browser, the spy: How extensions slurped up browsing histories from 4M users Have your tax returns, Nest videos, and medical info been made public? DataSpii: How extensions hide their data grabs -- and how they're discovered; Ars; 7/18/2019
- A third of all Chrome extensions request access to user data on any site 35.4% ask users for permission to access and read all their data on any site, 84.7% had no privacy policy; check privacy/security of any Chrome extension: CRXcavator; ZD; 2/22/2019
- [2] How Web Apps Can Turn Browser Extensions Into Backdoors TP; 1/22/2019
- It's Time to Audit All the Extensions You've Installed on Your Browser Chrome, Firefox, Safari, Edge; Giz; 1/18/2019
Flash, Shockwave [Adobe]
- Wikipedia: plugin; Flash; Flash cookies
- Microsoft to fully remove Adobe Flash from Windows 10 in July PC; 5/4/2021
- Flash Is Dead -- but Not Gone Zombie versions of Adobe’s troubled software can still cause problems in systems around the world; Wired; 1/24/2021
- Adobe just released the last Flash update ever Flash Player will block playback starting on 1/21/2021; Verge; 12/9/2020
- Flash Animations Live Forever at the Internet Archive no plugin required, just WebAssembly support; 11/19/2020
- Flash on Firefox will die completely in 55 days Firefox 83 is the penultimate version of Mozilla's browser to support the once ubiquitous plug-in. Security and battery life concerns hastened its demise; CNet; 11/17/2020
- Microsoft Is Finally Purging Flash From Windows Giz; 10/28/2020
- Porn surfers have a dirty secret. They’re using Internet Explorer -- and Flash Ars; 9/12/2020
- The rise and fall of Adobe Flash Ars; 7/7/2020
- Adobe Flash Is Actually Going to Die This Time, For Real [12/31/2020] Giz; 6/16/2020
- How to Enable Flash on Chrome Browser OSXD; 2/17/2020
- How to Avoid the Most Popular Mac Malware, 'Shlayer' fake Flash Player download; LH; 1/24/2020
- Google's Chrome 76, now in beta, will block Flash by default a Google employee claims Chrome 76 will prevent sites from detecting users in Incognito Mode; 9to5; 6/13/2019
- Adobe Shockwave will be discontinued on 4/9/2019 interactive content has moved to platforms like HTML5 Canvas and WebGL in recent years; Verge; 3/11/2019
- Microsoft culls secret Flash allow list after Google points out its insecurity Previously, some 58 sites were given special treatment. Now it's only Facebook; Ars; 2/20/2019
- [2] Malvertisers target Mac users with steganographic code stashed in images via HTML5 coding; underlying link if clicked directs to fake Flash update site; Ars; 1/24/2019
- Mozilla: Firefox 69 will disable Adobe Flash plugin by default ZD; 1/14/2019
iOS
- How NSO Group's iPhone-Hacking Exploit Works Giz; 12/22/2021
- Using Extensions in Safari in iOS 15 and iPadOS 15 TB; 10/2/2021
- Pegasus spyware: How to check your iPhone and why you shouldn't worry MW; 7/22/2021
- This App (iVerify) Will Tell You if Your iPhone Gets Hacked with caveats; MB; 11/14/2019
- How 18 Malware Apps Snuck Into Apple's App Store phony ad clicks; Wired; 10/25/2019
- Make Sure You Didn't Download One of These 17 Malicious iOS Apps LH; 10/24/2019
- [2] Checkm8 creator says his iPhone exploit requires physical device access and lacks persistence after reboot but will make jailbreaking more accessible and safer; Ars; 9/28/2019
- [2] Unpatchable bug in millions of iOS devices exploited, developer claims "Checkm8" jailbreak exploit works on devices from iPhone 4s to iPhone X, developer claims; Ars; 9/27/2019
- Mysterious iOS Attack Changes Everything We Know About iPhone Hacking For two years, a handful of websites have indiscriminately hacked thousands of iPhones; Wired; 8/30/2019
- These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer MB; 8/10/2019
- It's Almost Impossible to Tell if Your iPhone Has Been Hacked MB; 5/14/2019
- Cybersecurity 101: Five settings to secure your iPhone or iPad
1. Turn on USB Restricted Mode to make hacking more difficult:Settings > Touch ID & Passcode > USB Accessories : Off
2. Make sure automatic iOS updates are turned on:Settings > General > Software Update > Automatic Updates : On
3. Set a stronger device passcode;Settings > Touch ID & Passcode > (old passcode) > Change Password > Options > Custom Numeric Code
4. Switch on two-factor authentication;Settings > (your name) > Password & Security > Two-Factor Authentication : On
5. Change your reused passwords -- use your password manager; or if using iCloud Keychain:Settings > Passwords & Accounts > Website & App Passwords > (enter passcode) > (choose site) > Change Password on Website
; TC; 2/19/2019
Java
- Wikipedia: Java
- HowStuffWorks: How Java Works; Quiz
JavaScript (JS)
- Wikipedia: JavaScript; JS Security; Virtual machines
- Wikipedia: Cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users
- Wikipedia: code injection caused by processing invalid data on server
- Wikipedia: same origin policy if content from one site (such as https://mybank.example1.com) is granted permission to access resources on the system, then any content from that site will share these permissions
- Wikipedia: Cross-site request forgery unauthorized commands are transmitted from a user that the website trusts; previous cookie
- Wikipedia: buffer overflow overwrites adjacent memory -- affecting security and other programs
- Wikipedia: sandbox executes software in a restricted operating system environment, thus controlling the resources accessed (files, etc.)
- JS blockers: Wikipedia: NoScript Firefox; JavaScript Blocker Safari
- How to Block JavaScript on Your iPhone or Android (and When You Should) LH; 10/6/2021
- FSF announces JShelter browser add-on to combat threats from nonfree JavaScript 9/30/2021
macOS
- Best antivirus software for protecting your Mac from viruses and malware MW; 3/4/2024
- Is Apple's Built-in Antivirus Enough XProtect, Gatekeeper; 3rd party? MW; 2/16/2024
- How to know if your Mac has been hacked MW; 12/11/2023
- What to do if you think your Mac has a virus
Bitdefender Virus Scanner; AVG Antivirus for Mac;
Avira Free Security for Mac; MW; 12/5/2023 - New malware strain stealing business data from Intel Macs ApIn; 9/16/2023
- 'Downfall' and Intel Macs: What you need to know about the flaw and fix Macs (from 2015 on) use affected processors,
but it's unclear if they are subject to the attack or not; MW; 8/12/2023 - Complete list of Mac attacks: Every Mac virus, malware and trojan MW; 8/2/2023
- How to Identify and Eliminate Abusive Web Notifications "Website ___ would like to send you notifications in Notification Center" -- Don't Allow;
Safari > Settings > Websites > Notifications > Allow websites to ask for permission to send notifications (deselect)
(similar settings for other browser); TB; 6/26/23 - Macs can get viruses, but do Macs need antivirus software? MW; 6/14/2023
- Help Prevent Evil Maid Attacks & Unknown Tampering of MacBooks with Nail Polish OSXD; 6/4/2023
- Your Mac might not be safe from ransomware for much longer MW; 4/19/2023
- New malware (MacStealer aka "weed") steals Mac passwords incl. credentials and cookies from Firefox, Google Chrome, and Brave browsers;
and also extracts the Keychain database, and other files; ApIn; 3/27/2023 - The best antivirus for Mac is none at all ApIn; 3/18/2023
- ClamXAV review: Basic antivirus protection for an annual price MW; 3/14/2023
- Checking your Mac for viruses. Wait, what? MW; 2/24/2023
- Avira Free Security for Mac review MW; 1/19/2023
- AVG AntiVirus for Mac review: Basic but solid protection for free MW; 12/8/2022
- Study: Almost 50% of macOS malware comes from only one app = MacKeeper; 11/16/2022
- macOS's New XProtect Remediator Now Regularly Scans for Malware
macOS 11 and later; TB; 9/2/2022 - macOS's New XProtect Remediator Now Regularly Scans for Malware
macOS 11 and later; TB; 9/2/2022 - A Single Flaw Broke Every Layer of Security in MacOS Wired; 8/12/2022
- Good Mac security goes beyond antivirus ApIn; 7/22/2022
- CleanMyMac review: Some handy tools but its malware dictation still falls short MW; 7/7/2022
- Macs can get viruses, but do Macs need antivirus software? MW; 6/27/2022
- Mac malware spreading for ~14 months installs backdoor on infected systems
UpdateAgent; Ars; 2/2/2022 - Booby-trapped sites delivered potent new backdoor trojan to macOS users DazleSpy; Ars; 1/25/2022
- CleanMyMac X review: A solid scrubber with hit-or-miss malware removal MW; 8/19/2021
- Malwarebytes Reports on the State of Mac Malware in 2020 TB; 2/19/2021
- Apple Platform Security Guide Reveals Focus on Vertical Integration TB; 2/18/2021
- [2] Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities ZD; 8/14/2020
- New Mac ransomware is even more sinister than it appears ThiefQuest's spyware capabilities: exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in; need to install piracted apps; Ars; 7/5/2020
- Malwarebytes: Macs Outpaced PCs in Number of Malware Threats Detected Per Endpoint in 2019, But Most Are Adware MR; 2/11/2020
- Airo Antivirus review: A promising start for a Mac-focused antivirus MW; 2/2/2020
- How to Avoid the Most Popular Mac Malware, 'Shlayer' fake Flash Player download; LH; 1/24/2020
- F-Secure Safe for Mac review: No-frills quality protection MW; 12/4/2019
- How to Install Malwarebytes on Mac to Scan for Malware & Adware Uninstall OSXD; 8/9/2019
- Microsoft is bringing its Defender antivirus software to the Mac Defender Advanced Threat Protection (ATP); for businesses (only?); Verge; 3/21/2019
- [2] Hackers keep trying to get malicious Windows file onto MacOS clever trick may be designed to bypass Gatekeeper protections built into macOS; uses Little Snith Mono framework; Ars; 2/11/2019
- [3] How to Bypass 'Safari no longer supports unsafe extension' Error in Mac OS Mojave OSXD; 2/8/2019
Microsoft Office
- see section: Flash
- Now Microsoft Office is blocking macros by default Verge; 7/22/2022
- How to protect yourself from the new Microsoft Office hack
don't click on risky docs; make sure Protected View is still switched on in Office; PC; 9/9/2021 - An '80s File Format Enabled Stealthy Mac Hacking now-patched vulnerability would have let hackers target Microsoft Office using Symbolic Link, an old file type; Wired; 8/5/2020
- Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office now fixed for the latest version of Office on Mac, and for MacOS 10.15.3; MB; 8/5/2020
- G Suite's lack of end-to-end encryption means US agencies could force Google to hand over unreleased reporting, even unpublished info about journalistic sources 10/9/2019
- How Hackers Turn Microsoft Excel's Own Features Against It Wired; 6/27/2019
Ransomware
- Wikipedia: Ransomware: restricts access to the system that it infects, and demands a ransom paid to the creator of the malware in order to remove the restriction.
- No More Ransom! Need Help unlocking your digital life without paying your attackers?
- What experts think companies should do when ransomware strikes NPR; 8/12/2022
- GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need 5/24/2022
- Winning the War on Ransomware
DOJ’s task force; Verge; 12/9/2021 - Ransomware gangs are complaining that other crooks are stealing their ransoms ZD; 9/30/2021
- Why ransomware hackers love a holiday weekend Ars; 9/5/2021
- The history of hacking ransoms and cryptocurrency CNet; 7/30/2021
- How REvil Ransomware Took Out Thousands of Business at Once
automated updates via supply chain network; Wired; 7/4/2021 - Don't Ignore Ransomware. It's Bad.
govt actions; backups; uptodate software;
if companies, government agencies and organizations required all employees and others who access their computer networks
to use strong passwords, password managers and multi-step authentication, it would go a long way to prevent cyberattacks; NYT; 4/29/2021 - How Did ‘Ransomware’ Get So Bad? NYT; 10/5/2020
- When coffee makers are demanding a ransom, you know IoT is screwed watch along as hacked machine grinds, beeps, and spews water; Ars; 9/26/2020
- Ransomware Has Gone Corporate. Where Will It End? the DarkSide operators are just the latest group to adopt a veneer of professionalism—while at the same time escalating the consequences of their attacks; Wired; 8/26/2020
- Researchers detail the increasingly prevalent LockBit ransomware, which may one day reach parity with other feared ransomware packages like Maze or Ryuk Ars; 4/30/2020
- The Covid-19 Pandemic Reveals Ransomware's Long Game hackers laid the groundwork months ago for attacks; Wired; 4/28/2020
- Ransomware Gangs to Stop Attacking Health Orgs During Pandemic BC; 3/18/2020
- Ransomware Attacks Grow, Crippling Cities and Businesses Hackers are locking people out of their networks and demanding big payments to get back in. New data shows just how common and damaging the attacks have become; NYT; 2/9/2020
- Why you can't bank on backups to fight ransomware anymore they still will face demands for payment in order to avoid the publication or sale of information stolen by the attackers before the ransomware was triggered; Ars; 2/7/2020
- New ransomware doesn't just encrypt data. It also meddles with critical infrastructure Ekans represents a "new and deeply concerning" evolution in malware targeting control systems; Ars; 2/3/2020
- Experts: Don't reboot your computer after you've been infected with ransomware Rebooting may lead to restarting a crashed file-encryption process, potential loss of encryption keys stored in-memory; ZD; 11/5/2019
- Profile of Michael Gillespie, who has cracked the encryption of 100+ types of ransomware and helped thousands of ransomware victims recover their files for free ProPub; 10/29/2019
- FBI warns of major ransomware attacks as criminals go "big-game hunting" Ars; 10/7/2019
- How insurance companies are fueling a rise in ransomware attacks Insurers prefer to pay the ransom. Why? ProPublica says attacks are good for business; Ars; 8/27/2019
- Don't Pay the Ransom The F.B.I. should follow the example of European law enforcement and help victims of ransomware decrypt their data; No More Ransom initiative, toolsNYT; 8/14/2019
- Cybersecurity officials warn state and local agencies (again) to fend off ransomware three steps urged by CISA, MS-ISAC, NGA, NASCIO: run daily backups, train staff on "cybersecurity awareness," and "revisit and refine cyber incident response plans"; Ars; 7/30/2019
- No More Ransom project has prevented ransomware profits of at least $108 million 82 tools that can be used to decrypt 109 different types of ransomware; ZD; 7/26/2019
- How to protect yourself from online scams including ransomware and more PC; 7/16/2019
- Georgia's courts hit by ransomware Ryuk; Ars; 7/1/2019
- Florida LAN: Someone clicks link, again, giving Key Biscayne ransomware Ars; 6/28/2019
- Sting Catches Another Ransomware Firm -- Red Mosquito -- Negotiating With "Hackers" rather than high-tech ransomware solutions; PP; 6/24/2019
- A tale of two cities: Why ransomware will just get worse Deal or no deal, either way cities pay through the nose because of failed IT practices; Ars; 6/21/2019
- [2] Zero-day attackers deliver a double dose of ransomware—no clicking required Oracle WebLogic; Ars; 4/30/2019
- Arizona Beverages, one of the largest drink suppliers in the US, is reeling after a ransomware attack FBI warned them beforehand of a malware infection; TC; 4/2/2019
- Here's how personalized ransomware attacks work, and how to protect yourself TNW; 3/28/2019
- New ransomware rakes in $4 million by adopting a "big game hunting" strategy Ryuk lies in wait for as long as a year, then pounces on only the biggest prey; Ars; 1/12/2019
Spyware
- Wikipedia: Spyware: malware that monitors users' web browsing, displays unsolicited advertisements, or redirects affiliate marketing revenues to the spyware creator.
- Wikipedia: Keystroke logging: action of recording (or logging) the keys struck on a keyboard, typically in a covert manner, e.g., passwords
- HowStuffWorks: How Spyware Works; How to Avoid Spyware; How to Scan for and Remove Spyware
- Spyware Maker NSO Promises Reform but Keeps Snooping recent revelations in India show that the threat from the company’s spyware to activists and journalists isn’t limited to autocratic regimes; NYT; 11/9/2019
- Fake veteran hiring site downloads spyware instead of jobs Ars; 9/25/2019
- El Chapo Trial: Kingpin Used Spyware to Obsessively Monitor His Wife and Mistress NYT; 1/10/2019
[3] Web Servers
- Apache, Drupal, Joomla, WordPress, etc.
- Many websites threatened by highly critical code-execution bug in Drupal Drupal is the third most-widely used CMS behind WordPress and Joomla; Ars; 2/21/2019
- How to Run a Web Server on iOS with iSH and python OSXD; 2/20/2019
Windows
- Best antivirus: Keep your Windows PC safe from spyware, Trojans, malware, and more PC; 8/2/2023
- The best antivirus protection CNet; 12/19/2022
- Hackers Are Exploiting a Flaw Microsoft Fixed in 2013
optional update; ZLoader; Wired; 1/5/2022 - AVG Internet Security review much improved interface along with good protection and solid pricing; PC; 2/3/2021
- What you need to know about Windows Security in Windows 10 PC; 1/6/2021
- Windows Security review: There are better options, but not for the 'price' PC; 12/12/2019
- Why you can stop paying for antivirus software Microsoft's Windows Security (formerly Windows Defender) is now on a par with paid solutions such as McAfee and Norton; PC; 9/24/2019
- Why You Should Use Windows Defender's Ransomware Prevention LH; 8/16/2019
- How to remove malware from your Windows PC PC; 5/6/2019
Safer Internet: Connection: Turn Off Unnecessary Services
Safer Internet: Connection: Turn Off Unnecessary Services
Summary | Sys. Prefs | Login Screen | Find My ... |
Location | Camera, etc. | Bluetooth | Notifications | Speech |
References: General | Android | Bluetooth | Camera | iOS | Location |
macOS | Microphone | Notifications | Screens | Video | Windows
Summary
- [1] Review System Preferences to control what information is shared between apps and over the internet
- [1] Add Contact Info to Login ('Lock') Screen -- useful for medical emergency or if device found
- [1] Enable Find My xx to locate, and optionally erase, your lost/stolen device
- [1] Control Access to your Location by apps and sites: maps, local stores, advertisers?
- [1] Control Access to your Computer, Keyboard, Camera, Microphone, Screen by apps and sites
- [1] Limit Bluetooth Access, e.g., to known contacts only, esp. with AirDrop
- [2] Control System and App Notifications
- [2] Control Sharing of Speech & Analytics Data, e.g., Siri, Alexa; app crashes
- Later sections: Internet of Things (SmartTVs; Game boxes; Amazon Alexa, Apple Siri, Google Home); Share Files Privately
- References
[1] Review System Preferences
- Besides exploring every option under Preferences / Settings, you can use Search
- macOS:
System Preferences > Security & Privacy > Privacy : Location Services, Contacts, Calendars, Reminders, Accessibility, Diagnostics & Usage
[screenshot] - macOS:
System Preferences > Sharing : Screen, Files, Printer, Remote, Internet, Bluetooth
[screenshot] - macOS:
System Preferences > Extensions : All, Actions, Finder, Photos Editing, Share Menu, Today
- iOS:
Settings > Privacy : (many)
[screenshot] - iOS:
Settings > General > Restrictions: (many)
- Windows: (File Sharing) {Figure 7. TCYOP-4: 72; TCYOP-3: 59}
[1] Add Contact Info to Login ('Lock') Screen
- macOS:
System Preferences > Security & Privacy > General (lock message)
[screenshot] - iPhone:
Health > Medical ID: Medical Conditions, Spouse, Child, Blood Type, Organ Donor
- result: "Emergency" link on lock screen
- iOS: add a message to your Lock Screen by overlaying text* on an image
- You can also set this (or a different) image as your Home Screen (background for app icons).
- iOS:
Settings > Wallpaper > Choose a New Wallpaper > Camera Roll >
[screenshot] - ... (tap lock image)
> (iPhone:Set) > Set Lock Screen
- ... (tap home image)
> (iPhone:Set) > Set Home Screen
- *[2] Use an image app on desktop or iOS to add text to an image; tradeoffs: cost, simplicity, flexibility.
- e.g., use Preview on Mac to create 2 appropriately-sized images: one for use with Home Screen, one with text for Lock Screen
- macOS:
Finder > (select original image) > File > Duplicate
; rename with suffix, e.g., 'home' - macOS:
Preview > File > Open: 'home' image, e.g., my-ipad-screen-home.jpg
- Preview: use rectangular selection tool to highlight a square area corresponding to device's smaller dimension
- e.g., iPad Air: 2048x2048, iPhone 7: 750x750; square wallpaper will work with both portrait and landscape screen orientations
- macOS:
Preview > Tools > Crop; File > Save
- macOS:
Finder > (select 'home' image) > File > Duplicate
; rename with suffix, e.g., 'lock' - macOS:
Preview > File > Open: 'lock' image, e.g., my-ipad-screen-lock.jpg
- macOS:
Preview > Tools > Annotate > Text
- add text, e.g., name, email, phone: yours(iPad), spouse(iPhone); customize font, size, etc.
- macOS:
Preview > File > Save
- transfer lock (& home) image file(s) to Photos (iOS) via AirPlay, Messages, Mail, ...
- set wallpaper(s) -- per earlier instructions
- iOS:
Settings > Control Center > Access on Lock Screen
If on, someone would be able to enable Airplane Mode on a lost/stolen phone, which would disable Find My iPhone - iOS:
Settings > Passcode (or Touch ID & Passcode) > Allow access when locked: Notifications, Siri, Wallet, etc.
[screenshot]
[1] Enable Find My iPhone, iPad, Mac, Windows
- To use: login to iCloud account
- macOS:
System Preferences > iCloud > Find My Mac
[screenshot] - iOS:
Settings > (my acct) > iCloud > Find My iPad/iPhone
[screenshot] - [2] iOS:
Settings > Privacy > Location Services > System Services > Status Bar Icon: off
If your phone is lost/stolen, and you're tracking it, it's better not to advertise it, though this turns off for all location services? - Windows:
Windows Settings > Update & Security > Find my Device
- Windows iCloud setup for iOS devices
[1] Control Access to your Location
- Before
- And:
Settings > Security & Location > Location > App-Level Permissions: on, off
- macOS:
System Preferences > Security & Privacy > Privacy : Location Services
[screenshot] - macOS:
... Location Services > System Services > Details > Show location icon in menu bar when System Services request your location
- macOS:
Safari > Preferences > Privacy > Website use of Location Services
[screenshot] - macOS:
Firefox -- none?
- macOS:
Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Location
- iOS:
Settings > Privacy : Location Services: Share My Location; Apps; System Services
choices: Never, Always, While Using [screenshot] - iOS:
Settings > (your acct) > iCloud > Share My Location
- After: allow/deny for specific web sites that request access on an adhoc basis
[1] Control Access to your Computer, Keyboard, Camera, Microphone, Screen
- An entrepreneur has made a device that can prevent the NSA from spying on you by blocking your laptop's camera. This new high-tech device is...
- Avoid snooping on your keyboard and screen over your shoulder in public places; control remote access
- macOS:
System Preferences > Security & Privacy > Privacy > Accessibility > Allow apps to control your computer
[screenshot] - macOS:
System Preferences > Sharing > Screen Sharing; Remote Login
[screenshot] - macOS:
System Preferences > Security & Privacy > Privacy > Camera
older versions: use a piece of cardboard & tape except for specific apps! - macOS:
Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Mouse cursor; Media (camera, microphone)
- iOS:
Settings > Privacy > Microphone, Camera, Motion
[screenshot] - iOS:
Settings > Safari > Camera & Microphone Access
- Windows:
Windows Settings > System > Remote Desktop
[1] Limit Access to Bluetooth
- a wireless technology standard for exchanging data over short distances between "paired" devices, e.g., for keyboard, headset, AirDrop (file sharing), share Internet connection
- range: 30-300' depending on device power Class and environmental factors
- most modern devices and implementations support encryption
- however, if you enable only temporarily when you need it, your device will be more secure, use less power, etc.
- macOS:
System Preferences > Bluetooth > Turn Bluetooth: On/Off
[screenshot] - iOS:
[swipe up] > AirPlay
- iOS:
General > AirDrop: Contacts Only
-- or Receiving Off; if Everyone then just temporarily - iOS:
Settings > Bluetooth: On/Off
[screenshot] -- note: disabling via iOS11 Control Center does not completely turn off!
[2] Control System and App Notifications
- Messages that appear in the 'Notification Center' can be useful vs. annoying
- risk if someone sees screen, e.g., verification codes via SMS; allow/deny for web sites that request access?
- macOS:
System Preferences > Notifications
[screenshot] - macOS:
Safari > Preferences > Websites > Notifications: Allow websites to ask for permission to send push notifications
- macOS:
Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Notifications
- iOS:
Settings > Notifications
[screenshot] - iOS:
Settings > Notifications > Show Previews > When Unlocked
- Windows:
Windows Settings > System > Notifications & Actions
[2] Control Sharing of Speech & Analytics Data
- Collecting data about crashes and usage of services can improve system services and applications
- Is it anonymized? Read privacy policies
- iOS:
Settings > General > Siri > About Siri and Privacy (read)
- Dictation online: spoken words are recorded and uploaded to Apple's servers for translation
- Enhanced (offline) mode more private but requires software install
- macOS:
System Preferences > Dictation & Speech > Dictation > Use Enhanced Dictation
- iOS:
Settings > Privacy > iPad/iPhone Analytics: [none/all] Share iPad Analytics (with Apple), Share With App Developers, Share iCloud Analytics (with Apple)
- macOS:
System Preferences > Security&Privacy > Privacy > Analytics: [select] Share Mac Analytics (with Apple), Share with App Developers, Share iCloud Analytics (with Apple)
References
- {TCYOP-4: 72-73; TCYOP-3: 59-60}
- sections: Refs: Android; Bluetooth; Camera; iOS; Location; macOS; Microphone; Notifications; Screens; Video; Windows
- see also VPN section (for hiding location), Mobile Privacy section
- topics: AirDrop, Alexa, autoplay, geofencing, maps, Medical ID, photos, Siri, tape
- Wikipedia: Location-based service; Geo-fence; Find My iPhone/Mac
- HowStuffWorks: How Location Tracking Works
- The Best Thing About Apple's AirTags Is Also the Scariest abusers installing unwanted trackers; Giz; 4/30/2021
- 6 Privacy-Focused Alternatives to the Apps You Use Every Day Signal for Messaging; Firefox for Web Browsing; DuckDuckGo for Search; OsmAnd for Maps (OpenStreetMap); ProtonMail for Email; Jumbo for Social Media; Wired; 12/13/2020
- macOS systems abused in DDoS attacks Apple Remote Desktop enabled; ZD; 10/3/2019
- Researcher: devices can be tracked across apps and sites with info from sensors like gyroscope patched on iOS; a minor issue on Android, given poor calibration; ZD; 5/22/2019
- iOS 12.2 will be able to block Web access to your iPhone's motion sensors ad agencies are reportedly worried about the change; ApIn; 2/4/2019
Android
- Google: Choose which apps use your Android device's location
- More than 1,000 Android apps harvest data even after you deny permissions e.g., location; CNet; 7/8/2019
- Here's the easiest way to find, lock, or wipe your lost Android phone TNW; 7/1/2019
- How to stop location tracking Verge; 4/12/2019
Bluetooth
- Wikipedia: Bluetooth; Bluetooth Security
- HowStuffworks: How Bluetooth Works; How Bluetooth Surveillance Works
- Thieves Are Using Bluetooth to Target Vehicle Break-Ins How to keep your devices safe when you park at a trailhead -- or anywhere; power off or Airplane mode; Out; 12/9/2019
- New Attack exploiting serious Bluetooth weakness can intercept sensitive data Key Negotiation of Bluetooth (KNOB) forces devices to use encryption keys that are trivial to break; attacker within 10-400m; Ars; 8/17/2019
Camera
- Can Someone Really Spy on Me Through My Webcam or Phone Camera? LH; 12/16/2021
- How to Stop Apps from Using Camera on Mac OSXD; 7/11/2019
iOS
- Apple: Privacy: Siri and Dictation; Maps; Health
- Apple: iOS Security Network security pp. 27-30; 9/2015
- Apple: iOS: Supported Bluetooth profiles 3/5/2015
- Jamf's Quick Guide to Which iOS Permissions Apps Really Need TB; 8/26/2021
- How to Manage Which Apps Access Location Data on iPhone & iPad OSXD; 12/29/2020
- How to set up Medical ID on your iPhone MW; 10/21/2020
- Double-Check Your iPhone's Medical ID Emergency Contacts TB; 2/18/2020
- Stop AirDrop in iOS with Screen Time MW; 2/13/2020
- How to See & Change What Apps Can Access Health Data on iPhone OSXD; 1/30/2020
- What is the Screen Time Passcode in iOS 12? OSXD; 3/30/2019
Location
- How to find, block, and disable an unknown AirTag moving with you MW; 5/2/2023
- How to Make Sure You're Not Accidentally Sharing Your Location Wired; 2/12/2023
- How the Find My App Became an Accidental Friendship Fixture
introduced 10 years ago, the app has slowly become a popular way to keep track of friends.
But it comes with considerable privacy concerns; NYT; 8/20/2022 - Your Phone's Location Access Reveals a Lot. Here's How to Turn It Off. NYT; 6/29/2022
- How to find, block, and disable an unknown AirTag moving with you MW; 5/1/2022
- Can Controlling Vehicles Make Streets Safer and More Climate Friendly?
geofencing, Sweden; NYT; 3/28/2022 - How to Hide / Blur Your Home on Google Maps & Apple Maps OSXD; 3/1/2022
- How to find, block, and disable an unknown AirTag moving with you MW; 2/18/2022
- How to find, block, and disable an unknown AirTag moving with you MW; 2/11/2022
- An update on AirTag and unwanted tracking Apple; 2/10/2022
- Apple's New 'Personal Safety Guide' Helps You Deal With AirTag Stalkers Giz; 1/25/2022
- Are Apple AirTags Being Used to Track People and Steal Cars? NYT; 12/30/2021
- What to do when you find an AirTag, or are told by your iPhone that one is following you ApIn; 12/20/2021
- Life360 Family Tracking App Is Selling Its Customers’ Precise Location Data TB; 12/15/2021
- How to opt out of the Find My network
participating in Apple’s crowdsourced network for devices and AirTags is optional; MW; 5/28/2021 - Six Reasons Why Google Maps Is the Creepiest App On Your Phone
1. Google Maps Wants Your Search History
2. Google Maps Limits Its Features If You Don't Share Your Search History
3. Google Maps Can Snitch On You
4. Google Maps Wants to Know Your Habits
5. Google Maps Doesn't Like It When You're Offline
6. Google Makes It Seem Like This Is All for Your Own Good;
Vice; 11/12/2020 - What are geofence warrants? TNW; 9/5/2020
- Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users plus ad tracking; Ars; 8/4/2020
- How to Remove Location Data from Photos Before Sharing on iPhone & iPad OSXD; 5/29/2020
- How to Find a Lost iPhone, iPad, Mac with FindMy on Mac OSXD; 11/25/2019
- Find My: How to use Apple's new all-in-one app to find friends and devices MW; 10/14/2019
- How to Set Your Google Data to Self-Destruct
option to set search and location data to automatically disappear after a certain time;
myactivity.google.com; NYT; 10/2/2019 - How Incognito Google Maps Protects You -- and How It Doesn't Wired; 10/2/2019
- How to Disable Location Based Apple Ads on Mac OSXD; 8/30/2019
- Researchers find that in four dating apps, including Grindr, any user's location can be determined using the apps' public APIs, if the username is known 8/12/2019
- The Terrible Anxiety of Location Sharing Apps Wired; 7/28/2019
- EFF Hits AT&T With Lawsuit Over Sale Of User Location Data TD; 7/16/2019
- Secret Palantir User Manual Sheds Light on How ICE and Law Enforcement Track Families Vice; 7/12/2019
- How Apple's New Find My Service Locates Missing Hardware That's Offline TB; 6/21/2019
- iOS 13 will show you where apps have tracked your location, on a map TNW; 6/10/2019
- [2] The Clever Cryptography Behind Apple's 'Find My' Feature Wired; 6/5/2019
- Study: many iOS apps, including the Washington Post's, use "background app refresh" to send tracking info like location and IP address, even late at night Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week; WaPo; 5/28/2019
- Google Is Probably Tracking Your Location Right Now -- Here's How to Stop That MF; 5/5/2019
- How to Return a Lost Phone Contact Info (on case; ICE (in case of emergency); Voice Assistant; NYT; 4/24/2019
- Tracking Phones, Google Is a Dragnet for the Police NYT; 4/13/2019
- Google's Sensorvault Is a Boon for Law Enforcement this Is How It Works; NYT; 4/13/2019
- The Chicken Is Local, But Was It Happy? GPS Now Tells The Life Story Of Your Poultry NPR; 2/24/2019
- Your phone and TV are tracking you, and political campaigns are listening in 'digital fence' pushed ads onto the iPhones and Androids of all those attending the meeting. Not only that, but because the technology pulled the unique identification numbers off the phones, a data broker could also use the digital signatures to follow the devices home. Once there, the campaign could use so-called cross-device tracking technology to find associated laptops, desktops and other devices to push even more ads; possible solutions? VPN, ad blocking, app settings (or safer apps), TV settings; LAT; 2/20/2019
- How to stop Facebook from tracking your location And, iOS; TNW; 2/21/2019
- Apple, Google Criticized For Carrying App That Lets Saudi Men Track Their Wives Absher, an app from the Saudi government, helps men in the country track and dictate where women can travel; Sen. Ron Wyden, D-Ore., sent a letter to both companies asking them to remove the app; NPR; 2/12/2019
- 'Find my iPhone' warned murder victim of assailant's location minutes before death she was shot to death, but it gave her enough time to save her son; ApIn; 2/6/2019
- How to Change IP Address & GeoLocation for Web Browsing with Epic OSXD; 1/30/2019
- AT&T and T-Mobile say they will stop selling customers' location data to 3rd-party service providers by March; Verizon says it's winding down sharing agreements WaPo; 1/10/2019
- Los Angeles sues the company behind the Weather Channel app, which is owned by IBM, for slyly using location data for commercial purposes NYT; 1/3/2019
macOS
- How to find out which Mac apps are tracking your location MW; 6/14/2021
- How to Prevent Microphone & Camera Access for Websites in Safari on Mac OSXD; 4/22/2021
- Feeling Paranoid? Micro Snitch Tells You If Your Mac Is Spying on You TB; 7/22/2020
- How to Delete Siri & Dictation History on Mac and Opt-Out of Audio Recording Storage OSXD; 11/21/2019
- Apple's AirDrop and password sharing features can leak iPhone numbers AirDrop: Contacts Only? disable Bluetooth? Ars; 8/1/2019
- Best Mac remote access apps MW; 7/4/2019
- Know When Malware Tries to Access Your Mac's Camera or Mic With This App Oversight; LH; 3/9/2019
Microphone
Notifications
- How to Take Control of Your Notifications NYT; 2/5/2020
Screens
- The Sometimes Catastrophic, but Mostly Just Embarrassing Consequences of Screen Sharing at Work NYT; 3/21/2019
- How to Not Ruin Your Life (or Just Die of Embarrassment) With a Screen Share NYT; 3/21/2019
Video
- Apple says it has notified app developers to remove code that lets them record how a user interacts with their apps without explicit user consent Glassbox 'session replay' records taps, button pushes and keyboard entry; TC; 2/7/2019
- Microsoft introduces background blur feature to Skype, which uses AI to detect the user's hair, hands, and arms, and blur distracting objects in the background Giz; 2/7/2019
Windows
Safer Internet: Connection: Use a Firewall
Safer Internet: Connection: Use a Firewall
Summary | Built-in Software | Block Ports | Other Software |
References: General | macOS | Windows
Summary
- Routers typically provide some hardware firewall protection, plus a layer of anonymity.
- [1] Enable your device's built-in software firewall; default (mostly inbound) settings are usually adequate
- [2] Block/unblock specific ports/services via router or OS, e.g., if you're a gamer or server admin
- [3] Install 3rd party software for more advanced inbound and/or outbound firewall
- References
[1] Enable your device's built-in software firewall
- iOS: not necessary
- macOS:
System Preferences > Security & Privacy > Firewall > Turn On
[screenshot] you'll need to click the lock and provide your admin password - macOS: {Figure 9. TCYOP-4: 76; TCYOP-3: 62}; Win: {Figure 8. TCYOP-4: 75; TCYOP-3: 61}
[2] Block/unblock specific ports/services
- macOS:
System Preferences > Security & Privacy > Firewall > Firewall Options
[screenshot]
[3] Install 3rd party software
- Install 3rd party software for more advanced inbound and/or outbound firewall {TCYOP-4: 66}
- macOS: Little Snitch; Lulu; others: Intego NetBarrier; Murus; Norton Security; Radio Silence
- macOS: access secondary built-in firewall pf via Terminal, or GUI: Murus
- Windows: ZoneAlarm; Windows 8 Firewall Control
References
- {TCYOP-4: 74-77; TCYOP-3: 61-63; Use an Outbound Firewall; Beware Analog Snooping, Too}
- sections: Refs: macOS, Windows
- Wikipedia: Firewall controls incoming and outgoing network traffic; router
- Wikipedia: Firewalls and Internet security; Personal firewall
- HowStuffWorks: How Firewalls Work
macOS
- Apple: firewall
- Little Snitch 5.7 TB; 8/24/2023
- How to Enable or Disable Firewall on MacOS Ventura OSXD; 5/17/2023
- Apple has removed a controversial feature in macOS 11.2 beta 2 that allowed its own apps to bypass third-party firewalls, security tools, and VPNs ZD; 1/14/2021
Win
- Wikipedia: Windows firewall
Safer Internet: Connection: Crossword #1
Safer Internet: Connection: Crossword #1
The Puzzle
- Interactive version [below]
Check button: Check puzzle for errors; Reveal button: reveal current word
Web version created by Crossword Compiler - Print versions [.pdf]: puzzle; solution
- Download for a crossword app [.puz]: puzzle w/ solution
open it in a crossword app, e.g., Mac, Windows: Across Lite (free); Android, iOS: Crosswords
Safer Internet: Connection: Crossword #2
Safer Internet: Connection: Crossword #2
The Puzzle
- Interactive version [below]
Check button: check puzzle for errors; Reveal button: reveal current word
Web version created by Crossword Compiler - Print versions [.pdf]: puzzle; solution
- Download for a crossword app [.puz]: puzzle w/ solution
open it in a crossword app, e.g., Mac, Windows: Across Lite (free); Android, iOS: Crosswords