Safer Internet: Keep Your Internet Connection Private

Summary

"Stay the patient course...
"Give a person a fish and you feed them for a day...
[1] Use WPA2 for Wi-Fi networks; improve DNS lookups/privacy
[1] Use a VPN when you're on any open or unfamiliar network
[1] Use HTTPS: for web browsing (and SSL/TLS for email) when available
[1] Avoid malware
[2] Turn off unnecessary services, e.g., location
[2] Turn on your computer's firewall

Preview: privacy / security / anonymity via encryption / indirection

Recall the letter / post office analogy in Privacy, Security, Anonymity section?
We're mostly concerned about content (postcard vs. letter) -- encryption
The address (actual vs. PO Box) could be important too -- anonymity via indirection
The following figures show the effect of encryption from various techniques
What's not shown: which information might be added, e.g., ads, tracking, malware
which information might be saved on client or servers, e.g., history, logs, caches
how secure your data is on their server, e.g., passwords, medical records, credit card, social security no.
how someone else accesses information you've 'published', e.g., email recipient, blog reader
None: {Figure 1. TCYOP-4: 56; TCYOP-3: 44} -- at right
[1] Wi-Fi (WPA2) [device-to-router]:
{Figure 3. TCYOP-4: 58; TCYOP-3: 46}
[1] HTTPS: for browser, SSL/TLS for email [device-to-final specific site]
{Figure 6. TCYOP-4: 67; TCYOP-3: 55}
[1-2] VPN [device-to-intermediate server; some address]
{Figure 4. TCYOP-4: 60; TCYOP-3: 48}
[3] Tor [device-to-intermediate servers; most of address]
{Figure 14. TCYOP-4: 104; TCYOP-3: 87}

References

{TCYOP-4: 51-77; TCYOP-3: 39-63; Wi-Fi connections, Cellular connections, DNS disruptions, ISP monitoring, Router monitoring, Malware, Location discovery, Quantum Computing and Encryption, Prevent Snooping}
Crosswords: Connection; Malware

Safer Internet: Connection: Encrypt Wi-Fi

Quotes

Summary

[1] Don't connect to unknown public networks, such as "Free WiFi", or hotspots with no/weak/public passwords -- to reduce data interception, ISP injections (ads), and MITM (man-in-the-middle) attacks. Read privacy policy. Some providers may track location across multiple Wi-Fi networks.
[1] Connect to Wi-Fi networks securely
[1] Set a strong memorable/typable password for your Wi-Fi network with WPA2 (encryption level) -- or WPA3 if available
[1] Router Maintenance: Set an Admin password (long random); Disable Remote Admin & UPnP
[1] Change DNS servers
[2] Troubleshoot common connection problems
[2] Router Maintenance: Backup settings; Update firmware
[3] Set phone/tablet SIM PIN
References

[1] Connecting to a Wi-Fi Network

Connect to known networks using WPA2 -- unless you're already encrypting traffic using a Virtual Private Network (VPN), and/or HTTPS: for all web sites and TLS/SSL for email.
This assumes that your device, router and destination web server have the latest security updates installed;
there are exceptions depending on your risk tolerance.
WEP (Wired Equivalency Protocol) is old and easily cracked -- barely better than no encryption
WPS (Wi-Fi Protected Setup) lets you use WPA without having to enter a long password; however, you may be vulnerable if you have not changed the pre-shared WPA key from the factory default setting, and PIN feature is enabled -- one reason why WPS is less secure than WPA2
Network figures
with no encryption (Wi-Fi, SSL/HTTPS): {Figure 1. TCYOP-4: 56; TCYOP-3: 44}
with Wi-Fi encryption: {Figure 3. TCYOP-4: 58; TCYOP-3: 46}
Connect intentionally -- not automatically -- to open (insecure) Wi-Fi networks.
By default, macOS & iOS connect automatically only to "known" networks, i.e., open or password-protected networks that you've connected to before
Automatic connections might occur in older systems or on other platforms?
For a new, unknown network, you can be prompted to join it, or to select it manually. it won't connect automatically
macOS: System Preferences > Network > Wi-Fi > Ask to Join New Networks : "on" (prompt you when a new network is avail) or "off" (you'll select manually)
iOS: Settings > Wi-Fi > Ask to Join Networks (same as macOS)
iOS: Settings > Wi-Fi > (select network > 'i' > Auto-Join -- customize for individual networks
iOS: If a friend's iOS 11 device tries to connect to your Wi-Fi network, you’ll receive a prompt that lets you send over the password by tapping Send Password
To remove a network from the list of automatically connecting "known" networks (that you've connected to previously)
macOS: System Preferences > Network > Wi-Fi > Advanced > W-Fi > (select network) > "-"
iOS: Settings > Wi-Fi > "i" (for network) > Forget This Network
Check encryption level from client: none?, WEP?, WPA? WPA2?
macOS: menubar > [option-click] Wi-Fi icon: current network stats displayed; other networks: hover to display stats
iOS: Settings > Wi-Fi insecure connection warning (right)
You could also use a utility, e.g., NetSpot (Mac, Win) that displays encryption level for nearby networks -- and signal/noise, etc.
Android, macOS, Windows: How to Check WiFi Security Encryption Type 1/24/2014

[1] Encrypting your Wi-Fi Network

Encrypt Wi-Fi networks you control WPA2 (Wi-Fi Protected Access) -- not WPA or WPA2/WPA combo -- certainly not WEP; eventually WPA3 -- with a strong password: memorable / typable occasionally by you & your guests
Weak/no password could create problems if neighbors use your connection (& IP address)
for illicit activities or excessive downloads -- not an issue (e.g., hackers in your driveway)
if your WiFi range does not extend outside, or for hard-wired devices (via Ethernet cable)
Check your router's manual (download .pdf) to locate settings and router IP address, e.g., http://192.168.1.1
Connect via web browser to router's local web server, or use manufacturer's configuration app
Use WPA2/AES rather than TKIP encryption (note: old Netgear figure shows incorrect combo setting)
Apple Airport config {Figure 2. TCYOP-4: 47; TCYOP-3: 45}
Netgear: Wireless Settings > Security Options > WPA2
TP-Link: Wireless (freq) > Wireless Security > WPA2 [screenshot]
[2] To make your network freely available to others, e.g., during a disaster, set up a separate Guest network (with no password), rather than disabling security on your regular network, if possible [screenshot]
If you set up your smartphone to share its data connection via Wi-Fi (aka 'Personal Hotspot' or 'tethering'), be sure to set a password for security and to avoid others using your data allocation.
iOS: Settings > Personal Hotspot (if Cellular Data on) > On (Wi-Fi,Bluetooth,USB); Wi-Fi Password: xxx

[1] Router: Admin Password

Set a strong admin password -- this protects the router itself -- different from the Wi-Fi password you use or supply to guests; long, random -- save in password manager!
If password is required to be short (older routers?), also change admin user name
Netgear: Maintenance > Set Password
TP-Link: System Tools > Password [screenshot]

[1] Router: Disable Remote Admin and UPnP

Turn off ability to log in and administer your router remotely -- hopefully, it was already off by default
Netgear: Advanced > Remote Management
TP-Link: Security > Remote Management [screenshot]
[3] Re-enable if you have need / expertise
Disable UPnP (Universal Plug and Play) -- hopefully, it was already off by default
TP-Link: Forwarding > UPnP (or maybe Advanced > NAT Forwarding?)
Check if disabled: F-Secure's Router Checker or ShieldsUp!! Instant UPnP Exposure Test

[1] Router/Device DNS

"What does a network administrator say after returning from work?...
DNS (Domain Name System) is a directory service that returns an IP address corresponding to a domain name, e.g., www.google.com (analogous to telephone white pages)
Change DNS name servers; e.g., Netgear w/ OpenDNS (right)
suggested servers (below) usually faster than your ISP's DNS
reliability/speed: these servers generally better than what your ISP provides
privacy: reduce ISP logging of sites visited
security: avoid ISP redirecting non-existent addresses to promotional ad sites
Several free DNS services, and their primary and secondary name servers: {TCYOP-4: 69}
CloudFlare: 1.1.1.1; 1.0.0.1
Cloudflare: malware blocking 1.1.1.2; 1.0.0.2; + adult content blocking: 1.1.1.3; 1.0.0.3;
Google Public DNS: 8.8.8.8; 8.8.4.4
OpenDNS (Cisco): 208.67.222.222; 208.67.220.220
Quad9: 9.9.9.9; 149.112.112.112
Recursive DNS: 156.154.70.1; 156.154.71.1
If set centrally in your router, all your connected devices will use the DNS servers
Netgear: Basic Settings > DNS Address
TP-Link: DHCP > DHCP Settings [screenshot]; Network > WAN [screenshot]
If you have no router (or it's someone else's), you can change DNS directly on individual devices via "Network > DNS settings"
iOS: Settings > WiFi > (network: "i") > Configure DNS
For iOS (and Android) devices, an app can manage DNS more simply, esp. for cellular data. e.g., "1.1.1.1 Faster Internet" (Cloudflare) sets up a VPN connection for DNS lookups.
macOS: System Preferences > Network > Advanced > DNS > DNS Servers
macOS: If possible, create separate network profile, e.g., Home, Travel?
You can also hide -- and encrypt -- DNS lookups by using a VPN (next section)

[2] Wi-Fi Connection Problems?

If your Wi-Fi connection seems 'stuck', first try toggling Wi-Fi connection off/on; check that expected router reconnects
macOS: (Wi-Fi icon) > Turn Wi-Fi Off/On
iOS: Settings > Wi-Fi: off/on -- note: disabling via iOS11 Control Center does not completely turn off!
If just one app not working, e.g., browser ok, but not email, close/reopen app
[2] Reset/get new device IP address
iOS: Settings > Wi-Fi > (current network "i" icon) > Renew Lease
macOS: System Preferences > Network > Advanced > TCP/IP > Renew DHCP Lease
Basic troubleshooting (step 1): Disconnect/Reconnect to router (Mac: option-click Wi-Fi icon); Turn Wi-Fi Off/On; reboot computer/device
Basic troubleshooting (step 2): Turn Off cable/DSL modem & Router; wait ~60 seconds; Modem On; wait ~30-60 seconds (for internet connection to be established); Router On; wait until Wi-Fi connection reappears on device

[2] Router: Backup Settings

If you have made numerous changes, back up router settings to ease restoration after any 'factory reset'.
Netgear: Maintenance > Backup Settings
TP-Link: System Tools > Backup & Restore

[2] Router: Update Firmware

Check your router manufacturer's web site periodically (or automatically upon login) for firmware (i.e., low-level software) upgrades -- and install them
Beyond having a good admin password, and disabling remote admin, this should further minimize security problems and attempts to weaken or hijack router, e.g., WPA2 protocol vulnerability (KRACK: Key Reinstallation Attacks) 10/16/2017; VPNFilter 5/23/2018
Netgear: Maintenance > Router Upgrade
TP-Link: System Tools > Firmware Upgrade [screenshot]
If you rent a router from your ISP, check with them about updates.
[3] Firmware in a cable modem should be updated automatically by your ISP.
Check current modem version by browsing (usually) to: http://192.168.100.1 to access diagnostic page;
check manufacturer site for recommended version; contact ISP if major discrepancy.

[3] Set Device SIM PIN

On some devices, e.g., iPhone, iPad*, you can lock your SIM card so that cellular data can't be used without entering a PIN -- whenever you swap SIM cards or restart. To enable, disable or change your SIM PIN:
iPhone: Settings > Phone > SIM PIN
iPad: Settings > Cellular Data > SIM PIN (*Wi-Fi + Cellular models)

References

{TCYOP-4: 55-77; {TCYOP-3: 44-47}
sections: Refs: Android; Cellular; DNS, IP; iOS; ISP; macOS; Modem, Router; Wi-Fi; Windows
topics: DNS hijacking, domains, IPv4 address crisis, KRACK, radiation, speed tests
"If a packet hits a pocket on a socket on a port,
And the bus is interrupted as a very last resort...
"Oh, the network outside is frightful,
But on campus, it's so delightful...
Wikipedia: router; Network Address Translation (NAT); Internet of Things (IoT)
Wikipedia: NAT: telephone number extension analogy
HowStuffWorks: How Routers Work; Router Quiz; How Network Address Translation Works
HowStuffWorks: How Home Networking Works; Home Networking Quiz
Home Networking (Wydea): intro video: 0:44; modem; router; longer video 3:16; cables; Wi-Fi range; WPA; switch vs. router; powerline; sharing
Wikipedia: IP (Internet Protocol) address; IPv4 (IP version 4): ~4.3 billion (2³²); adopted: 1981; currently, running out of addresses
Wikipedia: IPv6 2¹²⁸ (~3.4x10³⁸) addresses; spec. published 1998; this amounts to approximately 5x10²⁸ addresses for each of the 6.8 billion people alive in 2010. While these numbers are impressive, it was not the intent of the designers of the IPv6 address space to assure geographical saturation with usable addresses. Rather, the longer addresses simplify allocation of addresses, enable efficient route aggregation, and implementation of special addressing features.; World IPv6 Launch
HowStuffWorks: What is an IP address?
Wikipedia: Subscriber Identity Module (SIM card)
Steps to Simple Online Security: 10: Secure Your Wi-Fi NYT; 4/15/2022
How to Turn Off Amazon Sidewalk
opt out Echo and Ring devices from internet-sharing mesh network; Wired; 6/8/2021
Why Public Wi-Fi is a Lot Safer Than You Think due to the widespread deployment of HTTPS encryption on most popular websites, advice to avoid public Wi-Fi is mostly out of date and applicable to a lot fewer people than it once was -- assuming software up to date; domain lookups still visible; EFF; 1/29/2021
Speed Up Your Internet by Limiting Bandwidth-Hungry Apps LH; 7/16/2019
The Land Where the Internet Ends To find real solitude, you have to go out of range. But every year that's harder to do, as America's off-the-grid places disappear; Green Bank, WV; 6/21/2019
Why Do Internet Speed Tests Report Different Results? LH; 5/17/2019
The Top 10 Ways to Deal with a Slow Internet Connection
10. Check your speeds (and your internet plan);
9. Give your hardware the universal fix (turn off/on);
8. Know your hardware's limitations;
7. Fix your WiFi signal;
6. Turn off or limit bandwidth-hogging apps;
5. Try a new DNS server;
4. Call your internet provider;
3. Optimize your web for a slow connection;
2. Work smarter;
1. Don't worry about it; LH; 5/16/2019
How the Internet Travels Across Oceans NYT; 3/10/2019
Military Carrier Pigeons in the Era of Electronic Warfare transport data on microSD cards; 1/24/2019

Wi-Fi

Wikipedia: Wi-Fi: Wireless Local Area Network (WLAN); 802.11
Wikipedia: WPA/WPA2 (Wi-Fi Protected Access); WEP (Wired Equivalency Protocol) obsolete
Wikipedia: WPS (Wi-Fi Protected Setup) avoids long passcodes; convenience for users; can be vulnerable if PIN feature enabled
HowStuffWorks: How WiFi Works; Quiz
Take Control: Apple Wi-Fi Network
11 Ways to Upgrade Your Wi-Fi and Make Your Internet Faster
1. Move Your Router; 2. Use an Ethernet Cable;
3. Change the Channel or Band; 4. Upgrade Your Router;
5. Get a Wi-Fi Extender; 6. Use Your Electrical Wiring;
7. Add a Password to Your Wi-Fi; 8. Cut Off Unused Devices;
9. Check Your PC; 10. Restart Your Router?
11. Call Your ISP; Wired; 1/22/2024
What is Wi-Fi 7? Everything You Need to Know Wired; 1/8/2024
Your Computer Secretly Stores All Your Wi-Fi Passwords. Here's How to Find Them CNet; 3/22/2023
Do This to Seamlessly Connect Guests to Your Wifi NFC, QR; LH; 11/21/2022
How to Share Your Wi-Fi Password Wired; 8/7/2022
Traveling? Beware of Unsecured Hotel Wi-Fi Networks OSXD; 7/28/2022
How to Force Open a Public Wi-Fi Login Page (Captive Portal) OSXD; 6/26/2022
How to make sure your hotel's Wi-Fi is fast enough USA; 5/27/2022
These Things Are Blocking Your Home’s Wifi Signal LH; 5/26/2022
Wi-Fi 7 Is Coming, and Here's Why You Should Care
IEEE 802.11be Extremely High Throughput (EHT); Giz; 2/16/2022
The Best Ways to Boost Your Wifi Signal for Free LH; 2/2/2022
How to Share Your Wifi Password
And, iOS, Mac, Win; LH; 12/20/2021
The Truth About the Quietest Town in America
The National Radio Quiet Zone limits wireless communications.
But a journey to its center in Green Bank, West Virginia reveals a town at odds with itself.
Wired; 8/3/2021
How to Share Your Wi-Fi Password
between Apple devices with visitor in your Contacts and vice versa;
QR code; Wired; 7/25/2021
Did weak wi-fi password lead the police to our door?
BBC; 5/23/2021
How to name your Wi-Fi networks for best Mac, iPhone, and iPad roaming
WPA2 settings; separate names useful if you have a lot of older equipment that bogs down the 5 GHz network; MW; 5/5/2021
Wi-Fi's biggest upgrade in decades is starting to arrive Wi-Fi 6E (6GHz) devices are now being certified; Verge; 1/7/2021
Check If the Wifi Is Going to Suck Before You Arrive Lag app; LH; 9/15/2020
5 Simple Ways to Improve Your Wi-Fi
1. Reposition your router;
2. Use an Ethernet cable instead;
3. Buy a new Wi-Fi router, extender or mesh networking kit;
4. Consider using a Wi-Fi hot spot (or your phone);
5. Upgrade your internet plan;
NYT; 8/24/2020
How to turn your home Wi-Fi password into a QR code for easy sharing TNW; 7/20/2020
Desperate for Wi-Fi, Many Have Nowhere to Go but a Parking Lot With cafes and libraries closed, Americans without internet access are sitting outside them to get free and fast connections; NYT; 5/5/2020
How to Check Your Wifi Signal Strength LH; 4/27/2020
What You Need to Know About Wifi 6E LH; 4/24/2020
Flaw in billions of Wi-Fi devices left communications open to eavesdroppng Cypress and Broadcom chip bug; Ars; 2/26/2020
[2] Ten rules for placing your Wi-Fi access points Ars; 2/24/2020
You Need More Than HTTPS to Stay Safe on Public Wifi hackers can see metadata: domain names, size of files/pages, non-https sites & services; LH; 2/21/2020
Find the WiFi Password For Almost Any Airport Lounge Using This Free Map LH; 1/20/2020
[2] How to Find the Login Page on Public Wifi LH; 1/13/2020
Tired of hearing about Wi-Fi 6? Great, let’s talk about Wi-Fi 6E doubling Wi-Fi's usable spectrum; Ars; 1/6/2020
How Can I Find Out If Someone's Stealing My Wifi?
Low-tech method: Check your wireless router lights;
Network admin method: Check your router device list;
Detective method: Use a network monitoring software tool;
Moving forward: Beef up your wifi security; LH; 10/4/2019
[2] How to Reveal Your Saved Wifi Passwords in Windows or macOS LH; 9/19/2019
Wi-Fi 6 is barely here, but Wi-Fi 7 is already on the way in 2024; CNet; 9/3/2019
Wi-Fi 6 Will Be Here Soon. What Is It? Wired; 8/29/2019
Ask About a Hotel or Airbnb's WiFi Before You Book speed, caps, cost; LH; 8/25/2019
With 'warshipping', hackers ship their exploits directly to their target's mail room Wi-Fi devices in packages; TC; 8/6/2019
82% of People in Study Say They Connect to Any Free WiFi That's Available in a Public Place 8/1/2019
Never Commit a Crime When Your Phone Is Connected to a Wi-Fi Network Four students who left racist graffiti on their high school were caught when their smartphones betrayed them; Slate; 7/12/2019
6 Ways to Identify If You're Using Fraudulent Wi-Fi
1. The Wi-Fi Network Has A Vague Name.
2. You Haven't Confirmed The Network Name With Someone Trustworthy.
3. The Network Name Looks Almost Identical To Another One In The Area.
4. There Wasn't An Opt-In Page When You Logged On.
5. The Network Required You To Install Something Before You Could Use It.
6. The Network Isn't On A Reliable Database Of Vetted Networks; MF; 7/2/2019
Wi-Fi 6: Better, faster internet is coming -- here's what you need to know CNet; 5/11/2019
How Do I Share My Neighbor's Wi-Fi Connection? with permission; LH; 4/12/2019
[2] Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords Ars; 4/11/2019
How Do I Block My Neighbor's Wifi? LH; 3/22/2019
A brief history of Wi-Fi security protocols from "oh my, that's bad' to WPA3 ~1997: WEP(RC4); ~1999:WPA(TKIP); ~2004:WPA2(AES-CCMP); ~2018:WPA3(NFC, PFS, SAE); Ars; 3/10/2019
Do My Devices Have to Use the Same Wi-Fi Band to Talk to Each Other? LH; 3/8/2019
[2] Which Wi-Fi Channels Should I Use for My Wireless Network?
2.4GHz (2400-2500MHz): 14 channels @ 20MHz each, all overlapping -- ideally, channels 1, 6, or 11;
5GHz (5200-5400MHz): 25 channels @ 20MHz each, though you’ll only typically see up to 12 options, each 40MHz wide;
you want your wireless networks to live on channels that have as few competing networks as possible;
wireless scanning app: Wifi Analyzer Win: free;
Wifi Explorer Mac: $20;
NetSpot: And, Mac, Win: free, $; LH; 2/22/2019
Wi-Fi 6: is it really that much faster? WPA3; theoretical max speed: 9.6 Gbps vs. 3.5 Gbps on Wi-Fi 5; more about improving the network when many devices are connected; Verge; 2/21/2019
Which Wi-Fi Band Should I Use for My Devices? 2.4GHz band: better range; 5GHz band: fastest speeds; congestion, number of devices? LH; 2/15/2019
[2] WiFi firmware bug affects laptops, smartphones, routers, gaming devices lets attacker hijack devices without any user interaction; list of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices; "patches are in the works"; ZD; 1/18/2019

Windows

Safer Internet: Connection: Use a VPN

Summary

[1] Choose and Configure a Virtual Private Network (VPN) to connect to the Internet:
To keep info extra private or secure:
when your device (or remote site) lacks the latest security updates
-- https: (normally secure) might be vulnerable,

or when communicating insecurely with a site via plain (unencrypted) http:
-- block ad injections/tracking by ISPs,

or when you're on an open, public, insecure non-WPA Wi-Fi network
(including Wi-Fi with a widely distributed password, e.g., coffee shop -- though https: is usually enough)
-- avoid MITM (man-in-the-middle) attacks from nearby,

or when using a foreign cell carrier or SIM card (whose encryption might be compromised),

or when plugging into a public ethernet jack, e.g., hotel cabling and/or switches may have been compromised.
If travelling, esp. internationally -- avoid monitoring and bypass content/service blocking,
e.g., [1] location-based "geofencing", e.g., streaming services, banks? [2] government censorship of sites/apps
Potential disadvantages: configuration, slower, sites may detect/block VPN access
How much of connection is encrypted / anonymous?
{Figure 4. TCYOP-4: 60; TCYOP-3: 48}
Connection between you and the VPN uses your IP address
-- everything is encrypted.
Connection between VPN and destination site uses VPN's IP address
-- content still encrypted, if https: used initially
Site does not see original IP address -- however, anonymity not guaranteed
if government or hacker can obtain VPNs server logs
[1] Reduce monitoring/logging by network providers (ISPs, cell companies) and governments
If not using a full VPN, at least encrypt web address (DNS) lookups?
"1.1.1.1 Faster Interet" (free Cloudflare app; iOS, Android) uses a VPN
to enable faster more secure DNS lookups (only) -- not content) (section: WiFi: DNS)
[2] If working remotely -- company info very attractive to hackers/spies
[2] Reduce recording of your searches by search engines, e.g., Google
-- there are easier ways, e.g., see :Browsing:Search Privately
[3] For more anonymity (IP address), see Browsing:Anonymity, e.g., Tor, TAILS
[3] If you're a high-profile target: dissident, whistleblower, executive, celebrity, wealthy, cryptocurrency speculator, ...
[3] Supplement your firewall protection
References

Choose a VPN Service

paid version vs. free (ads, limits)
performance -- it can be somewhat -- or a lot -- slower
company experience, longevity, privacy policy, trustworthiness
anonymity decreased by server logs?
network reliability, availability
bandwidth/transfer limits
configuration ease & support
trustworthiness & accuracy of product reviews
-- there are many mediocre or bad services; don't choose only because of an 'incredible' (life-time) price.
country of company's servers and operations?
some believe their government can't obtain their logs if a VPN company is based 'offshore';
if ownership and security policies of a VPN are not transparent, can you trust that it isn't run by a government agency, or ?
Joe's recommendations {TCYOP-4: 60-61; TCYOP-3: 49-50} -- all platforms, unless otherwise noted
[1] Free, ad-supported, usage caps, e.g., Hotspot Shield; privacy risk?
[1] Free, specific browser, e.g., Opera; Mac, Win
[1] Paid services/subscriptions:
Cargo VPN (Mac-only)
Encrypt.me (formerly Cloak)
Disconnect Premium; browser only? includes other privacy and security features
IVPN
personalVPN / WiTopia* (also: jumpthewall.net);
Why Use a VPN?; Why We're the Best VPN;
[1] And, iOS, Mac, Win; [2] others -- on right: "Quick Connect" screen;
*if you subscribe to personalVPN, please use this referral link (or code: Q8Hg3YRM)
-- you'd receive an immediate 15% discount, and Steve receives a similar credit!
Private Internet Access (PIA)
[3] NordVPN; also routes your connections through Tor
[3] Hardware VPN router, e.g., WiTopia Cloakbox Pro, e.g., for all home devices

Configure and Use a VPN Service

Example personalVPN (Witopia): all platforms: apps & manual setup
personalVPN apps available: Android; iOS; macOS, Windows
others (manual setup): Chromebook, Fire, Linux, Surface, etc.
In app, login using separate VPN username and password
-- different from main account credentials.
iOS: Settings > VPN; right: configurations: "1.1.1.1" & personalVPN
Instead of default (Quick) connection, change to
a gateway/server in a different country or specific city,
e.g., on right: iOS and Mac screens
[2] comparison of protocols;
setup: IPsec; L2TP; IKEv2;
[3] OpenVPN/OpenSSL most secure/customizable;
[3] PPTP older, not recommended

References

{TCYOP-4: 59-66; TCYOP-3: 47-57; Recommendations, Beware VPN Review Sites, The Problem of End-to-End Privacy, Using a VPN Router, SSL Implementation Bugs and Issues, Avoid DNS Mischief}
sections: Refs: Android; Government; iOS; Products/Reviews; macOS; Windows
topics: censorship, China, IPSec, L2TP, PPTP, OpenVPN
Wikipedia: VPN; proxy server
Wikipedia: Tunneling Protocol; Internet Protocol Security (IPsec); Point-to-Point Tunneling Protocol (PPTP); Layer 2 Tunneling Protocol (L2TP); OpenVPN
table: PPTP vs L2TP/IPSec vs OpenVPN
HowStuffWorks: How VPNs Work
dnsleaktest.com, ipleak.net check if IP address private
Don't Fall for These 7 VPN Myths
1. VPNs are mostly for illegal activity
2. VPNs make you completely anonymous
3. Free VPNs are just as good as paid VPNs
4. VPNs speed up your internet
5. VPNs can bypass any geo-restrictions
6. VPNs are too complex to use
7. VPNs protect against malware and viruses
CNet; 11/9/2023
5 Reasons to Use a VPN CNet; 9/29/2023
VPN Obfuscation: What It Is and Why You Might Need It CNet; 8/17/2023
Why You Should Use a VPN When Booking a Hotel it's travel industry standard to use dynamic pricing, location is one of the many factors that affect prices
-- one of the few you can control; LH; 8/9/2023
Browser-Based VPNs: 3 to Try if You Want to Improve Online Privacy
easier and speedier to use than typical VPNs (router, apps), these lightweight privacy boosts are handy to have around;
Brave Firewall + VPN; Firefox Private Network; Chrome w/ a VPN extension; CNet; 10/7/2022
What You Need to Know About Google's VPN
if you pay for Google's cloud storage, you might be able to take advantage of it; Giz; 2/25/2022
3 companies control many big-name VPNs: What you need to know
Kape Technologies Plc (Formerly Crossrider Plc): CyberGhost VPN (Crossrider), ZenMate VPN, Private Internet Access, ExpressVPN;
Ziff Davis (Formerly J2 Global, Inc.): IPVanish, Strong VPN (Encrypt.me, ibVPN, SaferVPN);
Nord Security (Tesonet): NordVPN, Atlas VPN, Surfshark;
CNet; 2/5/2022
Here's why you probably don't need to rely on a VPN anymore
the widespread use of encryption has made public internet connections far less of a security threat, cybersecurity experts say; NBC; 12/31/2021
A New Report on VPNs Shows They're Often a Mixed Bag for Privacy
Consumer Reports white paper; Giz; 12/8/2021
iCloud+ Private Relay explained: Don't call it a VPN
'public beta' feature this fall for paid iCloud accounts;
VPN differences: works only w/ Safari, not all traffic;
easily identifiable as a 'proxy server' (VPNs usually aren't);
can't hide your region; MW; 11/17/2021
It’s Time to Stop Paying for a VPN
more sites use https: and/or support MFA; NYT; 10/6/2021
NSA, CISA Release Guidance on Selecting and Hardening Remote Access VPNs 9/28/2021
Can ISPs, Websites, and Your Boss Tell If You're Using a VPN? LH; 9/10/2021
VPN Hacks Are a Slow-Motion Disaster
recent spying attacks against Pulse Secure VPN are just the latest example of a long-simmering cybersecurity meltdown;
Wired; 4/25/2021
Is your VPN secure? How to make sense of VPN encryption PC; 3/24/2021
Three VPNs popular with criminals and active for over a decade have had their servers and web domains seized by law enforcement from US, Germany, France, others safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers; ZD; 12/22/2020
Researchers say seven Hong Kong-based 'no log; VPNs have left 1TB+ of user logs and personally identifiable info exposed on the internet Reg; 7/17/2020
VPNs: 3 things they can't help you with Let you game at work without the boss knowing; Protect you from viruses and tracking; Get you online during an internet shutdown; CNet; 3/10/2020
Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data Android: Free and Unlimited VPN, Luna VPN, Mobile Data, Adblock Focus; iOS: Adblock Focus, Luna VPN; BF; 3/9/2020
NordVPN users' passwords exposed in mass credential-stuffing attacks Ars; 11/1/2019
How to Protect Your Data in the NordVPN, TorGuard and VikingVPN Breaches LH; 10/22/2019
Hackers steal secret crypto keys for NordVPN. Here's what we know so far Breach happened 19 months ago; Ars; 10/21/2019
Cloudflare Launches Its Security-Focused Mobile VPN, Again WARP; Wired; 9/25/2019
Opera 60 debuts with a free, faster VPN, and Netflix hasn't blocked it yet PC; 4/10/2019
Cloudflare 1.1.1.1 with Warp Accelerates Internet Privacy 4/1/2019

Android

Best Android VPN CNet; 10/9/2023
The 5 best VPNs for Android PC; 6/17/2023
7 Android VPN apps you should never use because of their privacy sins Yoga, proXPN, Hola, oVPNSpider, SwitchVPN, Zoog, Seed4.Me; CNet; 9/9/2019
Opera adds unlimited VPN service to its Android browser for free 256-bit encryption and no data logging; 3/20/2019
Check if Your Android VPN Is Collecting Personal Data LH; 3/7/2019
Facebook VPN that snoops on users is pulled from Android store Onavo Protect VPN (removed for iOS 8/2018); Ars; 2/22/2019
How to Set Up Opera's Mobile VPN for Secure Browsing on Android LH; 2/7/2019

Government

Russians Need VPNs. The Kremlin Hates Them Wired; 3/30/2022

iOS

All iOS VPNs are worthless and Apple knows it, claims researcher
long-time bug in iOS prevents any VPN from fully encrypting all traffic; ApIn; 8/17/2022
Security researchers warn of scam VPN apps on iOS Buckler VPN, Hat VPN, Beetle VPN; fake reviews, expensive subscriptions; ApIn; 6/3/2020
Researcher: a vulnerability affecting iOS 13.3.1 and later prevents VPNs from encrypting some traffic, potentially exposing user data or leaking IP addresses BC; 3/26/2020
How to View VPN Connect Time on iPhone or iPad OSXD; 2/5/2020
How to Delete a VPN from iPhone or iPad OSXD; 12/14/2019

macOS

How to use a VPN on a Mac MW; 12/7/2022
Apple has removed a controversial feature in macOS 11.2 beta 2 that allowed its own apps to bypass third-party firewalls, security tools, and VPNs ZD; 1/14/2021
Apple apps on Big Sur bypass firewalls and VPNs TNW; 11/16/2020
How to Delete a VPN Configuration from Mac OSXD; 2/2/2020

Products / Reviews

Witopia sometimes is not listed in (paid) product reviews, or given a bad rating (possibly since based in US). Witopia Support responded to me: "Honestly we are not sure where they are getting a lot of their data from as it is not accurate. They are even giving a bad rating for companies that have offices in the USA which is odd. We have reached out to them many times to try and get them to correct the bad data but they refuse to reply or correct. We do not store any logs of users. We do not share data with other parties about your usage, sites, services etc. We do not limit anything (bandwidth, filters throttles etc)."; About; Why We Are the Best VPN
Best VPN services: Reviews and buying advice for Mac users MW; 11/6/2023
Best VPN service CNet; 8/28/2023
Best Mac VPN CNet; 8/20/2023
Best VPN Services: Reviews and Buying Advice PC; 8/10/2023
The Best VPNs to Protect Yourself Online Wired; 7/9/2023
TunnelBear 5.0.1 TB; 4/21/2023
Best VPN Service NYT; 3/14/2023
NordVPN review: A great choice for Netflix fans, but who's running the show? NordVPN has good performance, great features, and it suits novices and power users alike. But who is running the show down there? PC; 9/29/2021
You Should Probably Stop Using ExpressVPN
Kape Technologies (an Israeli technology firm with a controversial past) owns ExpressVPN, Private Internet Access (PIA), CyberGhost, ZenMate; Giz; 9/24/2021
Which VPN Providers Really Take Privacy Seriously in 2021? 6/14/2021
Is a free VPN safe? What to look for
Who runs the VPN?
What data does the VPN collect?
What does the VPN do with your data?
How does the VPN make money?
How does the VPN secure your data?
Best free VPNs to start with; PC; 3/15/2021
Hackers are actively trying to steal passwords from two widely used VPNs Fortigate, Pulse Secure; Ars; 8/24/2019
Risky free VPNs still available in Apple App Store & Google Play despite warnings AI; 8/13/2019
Do You Trust Your VPN? Are You Sure?
what's 'reputable'? US vs. offshore location/ownership? some VPNs are scams, shady/biased review sites, slow performance, ads; Slate; 2/28/2019

Windows

Malwarebytes releases new VPN service for Windows Malwarebytes Privacy. in future: Mac, iOS, Android, ChromeOS versions; BC; 4/23/2020

Safer Internet: Connection: Avoid Malware

Quotes

"In God we trust,... all others we virus scan."
"If you spend more on coffee than on IT security,...
Amish Virus...
Disney Virus... Everything on your computer goes Goofy.
Prozac Virus...
Airline Virus...
Health Care Virus...
Dr. Jack Kevorkian Virus...
Viagra Virus...
Viagra 2 Virus... It turns your floppy into a hard drive.

Summary

[1] Understand different types of malware, by transmission and action
[1] Improve user practices: "be-aware"
[1] Install and update approved apps: software
[1] Manage / Minimize Plugins, Extensions, Add-ons
[1] Flash: Update, Block or Uninstall
[1] Java: Update, Block or Uninstall (but keep JavaScript enabled)
[1] Install & Maintain AntiVirus tools -- if available / applicable
-- lower priority than updating software and safer user behaviors.
[2] Disable programming functionality in apps, e.g., Microsoft Office macros
[3] Advanced Settings: JavaScript, WebGL, web admin
References

[1] Understand Different Types of Malware

Malware can access, compromise local files -- and online identities and accounts.
Viruses Wreak Havoc On Your Files
Spyware Steals Your Information
Scareware Holds Your PC for Ransom
Trojan Horses Install a Backdoor
Worms Infect Through the Network
There's often overlap

[1] Improve User Practices

Pay attention -- most malware requires active user involvement
Don't click on links or open attachments in an unexpected email from "friends", "boss", "family"
Use browser Bookmarks / Favorites or a password manager to access web sites -- see later section: Browsing: Go To Correct Site
Don't click on links in popups, or unknown links in web pages, esp. ads
Do not respond to popups that "hijack" your browser, esp. those that "found malware" or download unexpected 'Flash updates' -- just quit browser (see Block Ads section if you can't close/quit); reputable companies do not use such annoying / scare tactics

[1] Install and Update Approved Apps

Backup your Devices; install & update your software -- system and applications -- by downloading only from vendor's app store (if screened), app's own Update preference or control panel, other reputable sites
[3] macOS: System Integrity Protection (SIP) is enabled by default, which aims to protect critical system folders by locking them down; temporarily disable SIP only if you know what's you're doing
[3] Don't "jail break" or "root" your device, i.e., don't install unofficial or pirated system/application software -- or visit "warez" or "dark" sites
macOS: App Store
iOS: App Store
macOS: System Preferences > Security & Privacy > General > Allow Apps Downloaded From: [screenshot]
[1] Mac App Store
[2] Mac App Store and Identified Developers
[3] Anywhere -- note: option hidden by default in 10.12
[2] To open an "unidentified" app that you're sure about:
macOS: Applications > (ctrl-click app) > Open > Open
iOS: use the TestFlight app to accept expected invitations from known developers
Enable phishing/malware/plugin warnings
macOS: Safari > Preferences > Security > Fraudulent sites; Internet plug-ins [screenshot]
macOS: Firefox > Preferences > Security > Block reported attack sites / web forgeries / add-ons
macOS: Chrome > Settings > Advanced Settings > Privacy > Protect you and your device from dangerous sites
iOS: Settings > Safari > Privacy & Security > Fraudulent Website Warning [screenshot]
[2] Don't automatically open downloaded files (check file types)
macOS: Safari > Preferences > General > Open "safe" files after downloading [screenshot]

[1] Manage / Minimize Plugins, Extensions, Add-ons

macOS: Safari > Preferences > Security > Allow plugins [screenshot]; [screenshot: Plug-in Settings]
macOS: Firefox > Preferences > Applications
macOS: Firefox > Preferences > Security > Warn me when sites try to install add-ons
macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Plugins; also Unsandboxed Plugins
Consider disabling problematic, obsolete, infrequently-used plugins
most sites, e.g., YouTube, default to HTML5 for video if Flash not present; Java less popular -- covered next
iOS: unnecessary -- since plugins are not generally allowed
configure to selectively load a plug-in if desired, or re-install if needed
remove obsolete plugins, e.g., Microsoft Silverlight
macOS: Finder > (disk/user) > Library > Internet Plugins

[1] Flash: Update, Block or Uninstall

iOS: NA
macOS: I generally recommend uninstalling Flash from system; if necessary to use for some Flash-based sites, selectively use Google Chrome, which keeps Flash up-to-date automatically (at least for a little while longer), provides "sandboxing", and also auto-pauses certain videos / ads
macOS: Chrome > chrome://plugins > Enable, Always Allow to Run maybe possible to run on-demand selectively via ctrl-click?
If you do need to use Flash more frequently / conveniently, make sure it's always up to date and control using a flash blocker
macOS: System Preferences > Flash Player > Advanced > Updates
macOS: System Preferences > Flash Player > Storage > Delete All
macOS: Safari > Preferences > Extensions > Get Extensions : ClickToFlash
macOS: Safari (ctrl-click) > ClickToFlash Preferences
macOS should automatically disable insecure versions, and display message: 'Blocked plug-in', 'Flash Security Alert' or 'Flash out-of-date'

[1] Java: Update, Block or Uninstall

iOS: NA
macOS: System Preferences > Java > Update [screenshot]
macOS: System Preferences > Java > Security > Security Level
macOS: Safari > Preferences > Security > Allow Plugins > Website Settings : Java : Ask [screenshot]
If installer wants to install any crapware or change settings by default, e.g., Yahoo homepage, search engine -- uncheck anything you don't want! -- installer now seems to be 'clean'

[1] Install Anti-Virus (AV)

Install & maintain antivirus software on your device, if applicable & desired
Be careful where you obtain malware protection software -- some may be malware / adware itself -- especially if obtained via ad links, popups, pop-under windows
Having AV installed is no excuse to be careless
iOS: unnecessary
macOS: optional -- to avoid distributing infected files to others, e.g., Windows friends, or if still using external portable media from unknown sources: USB drives, CD/DVD, floppies, etc.
virus definitions may not include newest threats; scanning may slow down, interfere with system
examples: Avast; Avira; ClamXav; Comodo; Sophos
note: if you're running Windows on macOS (using Boot Camp, or virtualization software like VMware Fusion or Parallels Desktop), you should absolutely run Windows anti-malware software -- Mac anti-malware won't help
Windows: Windows Settings > Update & Security > Windows Defender
If you must use others' devices to access your accounts, make sure they're well-protected (antivirus) and maintained (software updates) -- see Mobile Privacy section, esp. to avoid keyloggers or other spyware

[3] Advanced Settings: JavaScript, WebGL, web admin

JavaScript: on
JavaScript (not the same as 'Java') is essential for most modern sites; most browsers don't provide an option to disable
macOS: Safari > Preferences > Security > Enable JavaScript
You can generally remove tracking scripts by using a Content/Ad Blocker -- see Block Ads section
WebGL: on
WebGL (Web Graphics Library) JavaScript-based graphics using GPU
macOS: Safari > Preferences > Security > Allow WebGL
If administering your own website, check system log for suspicious activity, e.g., logins to non-existent or unauthorized accounts, unexpected accesses to admin pages or to non-existent modules / pages / directories; add suspicious IP addresses to a 'deny list'

References

{TCYOP-4: 70-71; TCYOP-3: 57-58}
sections: Refs: Android; Anti-virus; Cyberattacks/cyberwar; Extensions, Plug-ins; Flash, Shockwave; iOS; Java; JavaScript; macOS; Microsoft Office; Ransomware; Spyware; Web Servers; Windows
topics: airgap, botnet, cryptojacking, keylogger, social engineering, USB drives, zombie
other computer virus jokes: politicalhumor.about.com; ahajokes.com
Wikipedia: Malware: short for malicious software, is a general term used to refer to a variety of forms of hostile or intrusive software, e.g, to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Only some is internet-related.
HowStuffWorks: How to Detect Online Scams
Wikipedia: Zero day attack exploits a previously unknown vulnerability in a computer application or operating system, one that developers have not had time to address and patch
Wikipedia: Worm: malware that actively transmits itself (automatically, w/o user intervention) over a network to infect other computers
Wikipedia: Virus: malware that has infected some executable software and, when run (usually by user opening a program, email or document), causes the virus to spread.
HowStuffWorks: How Computer Viruses Work; How to Know if Your Computer is Infected with a Virus
HowStuffWorks: How do viruses and worms spread in e-mail?
HowStuffWorks: 10 Worst Computer Viruses of All Time
Wikipedia: Trojan Horse: malware that appears benign/desirable but conceals malicious code; e.g., Zeus (2007-)
HowStuffWorks: How Trojan Horses Work
Viruses, Trojans and Worms video: 2:31
Wikipedia: Botnet: collection of Internet-connected programs communicating with other similar programs in order to perform tasks -- some may be malware
Wikipedia: Zombie computer: malware used to send email spam, to host contraband data such as child pornography, or to extort via distributed denial-of-service attacks.
Wikipedia: Denial of Service Attack (DoS): make a machine or network resource unavailable to its intended users
HowStuffWorks: How Zombie Computers Work; How to Fix Your Zombie Computer
Wikipedia: air gap physically isolate a secure computer network from unsecured networks
Wikipedia: Rootkits modify the host's operating system so that the malware is hidden from the user.
Wikipedia: man in the middle attach (MITM) requires an attacker to have the ability to both monitor and alter or inject messages into a communication channel
Wikipedia: Logic bomb: malware triggered by certain conditions, e.g., programmer fired
HowStuffWorks: How does a logic bomb work?
Wikipedia: social engineering obtaining confidential information by manipulating and/or deceiving people
Wikipedia: Hacker (black hat); Firewall
Wikipedia -- conferences/conventions: Black Hat Briefings; DEF CON
HowStuffWorks: How Hackers Work; How Firewalls Work; Could hackers devastate the U.S. economy?; Computer Security Quiz
That QR Code You’re About to Scan Could Be Risky, F.T.C. Warns NYT; 12/11/2023
How to Not Get Hacked by a QR Code "quishing"; Wired; 12/3/2023
It's Safe to Scan QR Codes (If You're Careful) LH; 5/12/2023
FBI Advising People to Avoid Public Charging Stations 4/12/2023
How to Recover From a Browser Hijacking Attack LH; 3/9/2023
Why You Should Never Plug In an Unknown USB Device LH; 7/7/2022
How to Use Microsoft Defender on All Your Devices
the security tool for Apple, Android, and Windows is now
available to any Microsoft 365 subscriber; Wired; 6/27/2022
Steps to Simple Online Security: 8: Free Antivirus Software Is Good NYT; 4/15/2022
FCC puts Kaspersky on security threat list, says it poses "unacceptable risk"
Moscow-based firm joins Huawei and ZTE on the same US security threat list; Ars; 3/25/2022
The Log4J Vulnerability Will Haunt the Internet for Years Wired; 12/13/2021
Hacker Lexicon: What Is a Watering Hole Attack?
two types of victims: the legitimate website or service that attackers compromise
to embed their malicious infrastructure, and the users who are then compromised
(usually via browser bug) when they visit; Wired; 11/28/2021
'Stalkerware' Apps Are Proliferating. Protect Yourself.
these spyware apps (mostly Android, some iOS) record your conversations, location and everything you type,
all while camouflaged as a calculator or calendar; NYT; 9/29/2021
Feds list the top 30 most exploited vulnerabilities. Many are years old Ars; 7/29/2021
Amnesty International researchers published a toolkit to help anyone scan their iPhone and Android devices for evidence of compromise by NSO's Pegasus spyware TC; 7/19/2021
No, open source Audacity audio editor is not "spyware"
the community's telemetry concerns were received and addressed two months ago;
new privacy policy; Ars; 7/6/2021
Google App Engine feature abused to create unlimited phishing pages malicious subdomains; BC; 9/20/2020
How to Check Your Devices for Stalkerware Wired; 7/19/2020
TikTok says it will stop clipboard snooping after iOS 14 reveals when apps attempt to read the clipboard; TikTok claims it was used to identify spammy behavior Tel; 6/25/2020
Hacker Lexicon: What Is a Side Channel Attack? computers constantly give off more information than you might realize—which hackers can use to pry out their secrets; Wired; 6/21/2020
UPnP flaw exposes millions of network devices to attacks over the Internet Windows; printers, modems, routers; best defense is to disable UPnP altogether; Ars; 6/11/2020
The Curious Case of Copy & Paste -- on risks of pasting arbitrary content in browsers 6/2/2020
Major security flaw found in Thunderbolt Macs and PCs: Should you be worried? for Mac, only if physical access to powered on Mac; MW; 5/16/2020
Filipino Onel de Guzman, author of the Love Bug worm that infected millions of PCs in May 2000, talks about his creation and claims he regrets writing it BBC; 5/3/2020
Meet the white-hat group fighting Emotet, the world's most dangerous malware Cryptolaemus group; from banking trojan to malware loaded; ZD; 2/29/2020
Microsoft to bring its Defender antivirus software to iOS and Android malware and phishing attack protection; CNet; 2/20/2020
One of the most destructive botnets can now spread to nearby Wi-Fi networks weak WiFi passwords; Ars; 2/11/2020
There's a scary new reason not to borrow a stranger's iPhone cable FC; 10/8/2019
How Can You Tell If an App Is Malware? LH; 9/20/2019
How to Find Spyware Your Employer Installed on Your Computer and What to Do About It Giz; 8/5/2019
The Worm That Nearly Ate the Internet Conflicker infected 10 million computers in 2010. So why did cybergeddon never arrive? NYT; 6/29/2019
A Computer Afflicted With 6 Infamous Viruses Has Passed $1 Million at Auction art project: The Persistence of Chaos; MB; 5/21/2019
Hard-to-detect credential-theft malware has infected 1,200 and is still going Separ's 'living-off-the-land' approach (spartan malware that's built on legitimate apps and utilities) bypasses many antimalware providers; starts by end user clicking on a disguised executable; Ars; 2/20/2019

Android

How Hackers Tricked 300,000 Android Users into Downloading Password-Stealing Malware LH; 12/1/2021
Uninstall These Malicious Android Apps That Stole Facebook Passwords LH; 7/4/2021
How to Get Rid of Android's Most Annoying Malware: xHelper LH; 2/18/2020
This New Android Malware Can Survive a Factory Reset LH; 10/30/2019
Double-Check That Your Android Antivirus App Actually Works some underperform or may even pose serious security risks; LH; 3/20/2019
In a test of 250 Android antivirus apps in the Google Play Store, only 80 could detect more than 30% of malware, and only 23 had 100% detection rate ZD; 3/14/2019
Delete These Malware-Laden Apps From Your Android Right Now LH; 3/14/2019

Anti-Virus

HowStuffWorks: Is there any free anti-virus software?
Avast shutters data-selling (Jumpshot) subsidiary amid user outrage Users were not happy to learn "security" software sold their browsing habits; Ars; 1/30/2020
Antivirus Maker Avast Sold Data on Millions of Users TB; 1/29/2020
Are You One Of Avast’s 400 Million Users? This Is Why It Collects And Sells Your Web Habits. Forbes; 12/9/2019
Recent antivirus tests are bad news for paid security suites Windows; their basic AV capabilities are being equaled by free apps; PC; 1/30/2019

Cyber Attacks, CyberWar

Wikipedia: Anonymous loosely associated international network of activists and hacktivists; well-known for distributed denial-of-service (DDoS) attacks on government, religious, and corporate websites
Wikipedia: Hacktivism; Denial of Service Attack make a machine or network resource unavailable to its intended users
HowStuffWorks: How Anonymous Works
Wikipedia: Computer Emergency Response Team Internet security incidents and cyberthreats
Wikipedia: cyberterrorism; cyberwar Kosovo 1998; US Cyber Command; CISPA: Cyber Intelligence Sharing and Protection Act proposed: 2011
HowStuffWorks: Is cyberwar coming?; How CISPA Works
HowStuffWorks: What does the U.S. cybersecurity czar do?; Could a single hacker crash a country's network?; Could hackers devastate the U.S. economy?
Could Cyberwar Make the World Safer? NYT; 8/22/2021
The Untold History of America's Zero-Day Market lucrative business of dealing in code vulnerabilities is central to espionage and war planning; Wired; 2/14/2021
With Hacking, the United States Needs to Stop Playing the Victim the U.S. also uses cybertools to defend its interests. It’s the age of perpetual cyberconflict; NYT; 12/23/2020
Journalist’s phone hacked by new 'invisible' technique: All he had to do was visit one website. Any website. NSO Group; 6/21/2020
China's Military Is Tied to Debilitating New Cyberattack Tool Aria-body (embedded in MS Office files) had been deployed against governments and state-owned companies in Australia and SE Asia; NYT; 5/7/2020
A Critical Internet Safeguard Is Running Out of Time Shadowserver; Wired; 3/16/2020
The Untold Story of the 2018 Olympics Cyberattack, the Most Deceptive Hack in History Wired; 10/17/2019

Extensions, Plug-ins

see sections: Flash, Java
Wikipedia: Silverlight; Adobe (Macromedia) Shockwave
Ethical.net: Browser extensions
Our Favorite Ad Blockers and Browser Extensions to Protect Privacy NYT; 9/30/2021
Our Favorite Ad Blockers and Browser Extensions to Protect Privacy
Ad blocker: uBlock Origin;
Tracking blocker: Privacy Badger;
Secure connections: HTTPS Everywhere;
Cleaner links: ClearURLs;
Local resources: Decentraleyes;
Login protection: Use a password manager;
Firefox Multi-Account Containers;
Extra-credit tools: Use a VPN, Enable DNS over HTTPS (DoH), Change your default search engine;
NYT; 3/11/2021
How to Make Sure Your Browser Extensions Are Safe Wired; 6/27/2021
Teams behind Chrome, Safari, Firefox, and Edge unveil a development forum at W3C to standardize and build a unified, more secure foundation for extensions CNet; 6/4/2021
Up to 3 million devices infected by malware-laced Chrome and Edge add-ons 28 malicious extensions hosted by Google and Microsoft; Ars; 12/16/2020
What You Need to Know About the Latest Chrome Extension Malware Campaign LH; 6/24/2020
Check Chrome and Remove Any of These 70+ Malware Extensions LH; 2/14/2020
Mozilla removes four Firefox extensions made by Avast and AVG after reports that they were harvesting user data and browsing histories still available on the Chrome Web Store; ZD; 12/3/2019
DuckDuckGo Privacy Essentials extension returns to Safari ApIn; 11/7/2019
Mozilla to stop supporting sideloaded extensions in Firefox starting March 2020, with Firefox 74; ZD; 11/1/2019
Google to Minimize the Data Collected by Chrome Extensions PC; 7/23/2019
Uninstall These Eight Browser Extensions That Stole Data from Millions
Branded Surveys (Chrome); FairShare Unlock (Chrome and Firefox)
HoverZoom (Chrome); Panel Community Surveys (Chrome)
PanelMeasurement (Chrome); SaveFrom.net Helper (Firefox)
SpeakIt! (Chrome); SuperZoom (Chrome and Firefox); LH; 7/18/2019
My browser, the spy: How extensions slurped up browsing histories from 4M users Have your tax returns, Nest videos, and medical info been made public? DataSpii: How extensions hide their data grabs -- and how they're discovered; Ars; 7/18/2019
A third of all Chrome extensions request access to user data on any site 35.4% ask users for permission to access and read all their data on any site, 84.7% had no privacy policy; check privacy/security of any Chrome extension: CRXcavator; ZD; 2/22/2019
[2] How Web Apps Can Turn Browser Extensions Into Backdoors TP; 1/22/2019
It's Time to Audit All the Extensions You've Installed on Your Browser Chrome, Firefox, Safari, Edge; Giz; 1/18/2019

Flash, Shockwave [Adobe]

Wikipedia: plugin; Flash; Flash cookies
Microsoft to fully remove Adobe Flash from Windows 10 in July PC; 5/4/2021
Flash Is Dead -- but Not Gone Zombie versions of Adobe’s troubled software can still cause problems in systems around the world; Wired; 1/24/2021
Adobe just released the last Flash update ever Flash Player will block playback starting on 1/21/2021; Verge; 12/9/2020
Flash Animations Live Forever at the Internet Archive no plugin required, just WebAssembly support; 11/19/2020
Flash on Firefox will die completely in 55 days Firefox 83 is the penultimate version of Mozilla's browser to support the once ubiquitous plug-in. Security and battery life concerns hastened its demise; CNet; 11/17/2020
Microsoft Is Finally Purging Flash From Windows Giz; 10/28/2020
Porn surfers have a dirty secret. They’re using Internet Explorer -- and Flash Ars; 9/12/2020
The rise and fall of Adobe Flash Ars; 7/7/2020
Adobe Flash Is Actually Going to Die This Time, For Real [12/31/2020] Giz; 6/16/2020
How to Enable Flash on Chrome Browser OSXD; 2/17/2020
How to Avoid the Most Popular Mac Malware, 'Shlayer' fake Flash Player download; LH; 1/24/2020
Google's Chrome 76, now in beta, will block Flash by default a Google employee claims Chrome 76 will prevent sites from detecting users in Incognito Mode; 9to5; 6/13/2019
Adobe Shockwave will be discontinued on 4/9/2019 interactive content has moved to platforms like HTML5 Canvas and WebGL in recent years; Verge; 3/11/2019
Microsoft culls secret Flash allow list after Google points out its insecurity Previously, some 58 sites were given special treatment. Now it's only Facebook; Ars; 2/20/2019
[2] Malvertisers target Mac users with steganographic code stashed in images via HTML5 coding; underlying link if clicked directs to fake Flash update site; Ars; 1/24/2019
Mozilla: Firefox 69 will disable Adobe Flash plugin by default ZD; 1/14/2019

iOS

How NSO Group's iPhone-Hacking Exploit Works Giz; 12/22/2021
Using Extensions in Safari in iOS 15 and iPadOS 15 TB; 10/2/2021
Pegasus spyware: How to check your iPhone and why you shouldn't worry MW; 7/22/2021
This App (iVerify) Will Tell You if Your iPhone Gets Hacked with caveats; MB; 11/14/2019
How 18 Malware Apps Snuck Into Apple's App Store phony ad clicks; Wired; 10/25/2019
Make Sure You Didn't Download One of These 17 Malicious iOS Apps LH; 10/24/2019
[2] Checkm8 creator says his iPhone exploit requires physical device access and lacks persistence after reboot but will make jailbreaking more accessible and safer; Ars; 9/28/2019
[2] Unpatchable bug in millions of iOS devices exploited, developer claims "Checkm8" jailbreak exploit works on devices from iPhone 4s to iPhone X, developer claims; Ars; 9/27/2019
Mysterious iOS Attack Changes Everything We Know About iPhone Hacking For two years, a handful of websites have indiscriminately hacked thousands of iPhones; Wired; 8/30/2019
These Legit-Looking iPhone Lightning Cables Will Hijack Your Computer MB; 8/10/2019
It's Almost Impossible to Tell if Your iPhone Has Been Hacked MB; 5/14/2019
Cybersecurity 101: Five settings to secure your iPhone or iPad
1. Turn on USB Restricted Mode to make hacking more difficult: Settings > Touch ID & Passcode > USB Accessories : Off
2. Make sure automatic iOS updates are turned on: Settings > General > Software Update > Automatic Updates : On
3. Set a stronger device passcode; Settings > Touch ID & Passcode > (old passcode) > Change Password > Options > Custom Numeric Code
4. Switch on two-factor authentication; Settings > (your name) > Password & Security > Two-Factor Authentication : On
5. Change your reused passwords -- use your password manager; or if using iCloud Keychain: Settings > Passwords & Accounts > Website & App Passwords > (enter passcode) > (choose site) > Change Password on Website; TC; 2/19/2019

Java

Wikipedia: Java
HowStuffWorks: How Java Works; Quiz

JavaScript (JS)

Wikipedia: JavaScript; JS Security; Virtual machines
Wikipedia: Cross-site scripting (XSS) enables attackers to inject client-side script into Web pages viewed by other users
Wikipedia: code injection caused by processing invalid data on server
Wikipedia: same origin policy if content from one site (such as https://mybank.example1.com) is granted permission to access resources on the system, then any content from that site will share these permissions
Wikipedia: Cross-site request forgery unauthorized commands are transmitted from a user that the website trusts; previous cookie
Wikipedia: buffer overflow overwrites adjacent memory -- affecting security and other programs
Wikipedia: sandbox executes software in a restricted operating system environment, thus controlling the resources accessed (files, etc.)
JS blockers: Wikipedia: NoScript Firefox; JavaScript Blocker Safari
How to Block JavaScript on Your iPhone or Android (and When You Should) LH; 10/6/2021
FSF announces JShelter browser add-on to combat threats from nonfree JavaScript 9/30/2021

macOS

Best antivirus software for protecting your Mac from viruses and malware MW; 3/4/2024
Is Apple's Built-in Antivirus Enough XProtect, Gatekeeper; 3rd party? MW; 2/16/2024
How to know if your Mac has been hacked MW; 12/11/2023
What to do if you think your Mac has a virus
Bitdefender Virus Scanner; AVG Antivirus for Mac;
Avira Free Security for Mac; MW; 12/5/2023
New malware strain stealing business data from Intel Macs ApIn; 9/16/2023
'Downfall' and Intel Macs: What you need to know about the flaw and fix Macs (from 2015 on) use affected processors,
but it's unclear if they are subject to the attack or not; MW; 8/12/2023
Complete list of Mac attacks: Every Mac virus, malware and trojan MW; 8/2/2023
How to Identify and Eliminate Abusive Web Notifications "Website ___ would like to send you notifications in Notification Center" -- Don't Allow;
Safari > Settings > Websites > Notifications > Allow websites to ask for permission to send notifications (deselect)
(similar settings for other browser); TB; 6/26/23
Macs can get viruses, but do Macs need antivirus software? MW; 6/14/2023
Help Prevent Evil Maid Attacks & Unknown Tampering of MacBooks with Nail Polish OSXD; 6/4/2023
Your Mac might not be safe from ransomware for much longer MW; 4/19/2023
New malware (MacStealer aka "weed") steals Mac passwords incl. credentials and cookies from Firefox, Google Chrome, and Brave browsers;
and also extracts the Keychain database, and other files; ApIn; 3/27/2023
The best antivirus for Mac is none at all ApIn; 3/18/2023
ClamXAV review: Basic antivirus protection for an annual price MW; 3/14/2023
Checking your Mac for viruses. Wait, what? MW; 2/24/2023
Avira Free Security for Mac review MW; 1/19/2023
AVG AntiVirus for Mac review: Basic but solid protection for free MW; 12/8/2022
Study: Almost 50% of macOS malware comes from only one app = MacKeeper; 11/16/2022
macOS's New XProtect Remediator Now Regularly Scans for Malware
macOS 11 and later; TB; 9/2/2022
macOS's New XProtect Remediator Now Regularly Scans for Malware
macOS 11 and later; TB; 9/2/2022
A Single Flaw Broke Every Layer of Security in MacOS Wired; 8/12/2022
Good Mac security goes beyond antivirus ApIn; 7/22/2022
CleanMyMac review: Some handy tools but its malware dictation still falls short MW; 7/7/2022
Macs can get viruses, but do Macs need antivirus software? MW; 6/27/2022
Mac malware spreading for ~14 months installs backdoor on infected systems
UpdateAgent; Ars; 2/2/2022
Booby-trapped sites delivered potent new backdoor trojan to macOS users DazleSpy; Ars; 1/25/2022
CleanMyMac X review: A solid scrubber with hit-or-miss malware removal MW; 8/19/2021
Malwarebytes Reports on the State of Mac Malware in 2020 TB; 2/19/2021
Apple Platform Security Guide Reveals Focus on Vertical Integration TB; 2/18/2021
[2] Mac malware spreads through Xcode projects, abuses WebKit, Data Vault vulnerabilities ZD; 8/14/2020
New Mac ransomware is even more sinister than it appears ThiefQuest's spyware capabilities: exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in; need to install piracted apps; Ars; 7/5/2020
Malwarebytes: Macs Outpaced PCs in Number of Malware Threats Detected Per Endpoint in 2019, But Most Are Adware MR; 2/11/2020
Airo Antivirus review: A promising start for a Mac-focused antivirus MW; 2/2/2020
How to Avoid the Most Popular Mac Malware, 'Shlayer' fake Flash Player download; LH; 1/24/2020
F-Secure Safe for Mac review: No-frills quality protection MW; 12/4/2019
How to Install Malwarebytes on Mac to Scan for Malware & Adware Uninstall OSXD; 8/9/2019
Microsoft is bringing its Defender antivirus software to the Mac Defender Advanced Threat Protection (ATP); for businesses (only?); Verge; 3/21/2019
[2] Hackers keep trying to get malicious Windows file onto MacOS clever trick may be designed to bypass Gatekeeper protections built into macOS; uses Little Snith Mono framework; Ars; 2/11/2019
[3] How to Bypass 'Safari no longer supports unsafe extension' Error in Mac OS Mojave OSXD; 2/8/2019

Microsoft Office

see section: Flash
Now Microsoft Office is blocking macros by default Verge; 7/22/2022
How to protect yourself from the new Microsoft Office hack
don't click on risky docs; make sure Protected View is still switched on in Office; PC; 9/9/2021
An '80s File Format Enabled Stealthy Mac Hacking now-patched vulnerability would have let hackers target Microsoft Office using Symbolic Link, an old file type; Wired; 8/5/2020
Ex-NSA Hacker Finds a Way to Hack Mac Users Via Microsoft Office now fixed for the latest version of Office on Mac, and for MacOS 10.15.3; MB; 8/5/2020
G Suite's lack of end-to-end encryption means US agencies could force Google to hand over unreleased reporting, even unpublished info about journalistic sources 10/9/2019
How Hackers Turn Microsoft Excel's Own Features Against It Wired; 6/27/2019

Ransomware

Wikipedia: Ransomware: restricts access to the system that it infects, and demands a ransom paid to the creator of the malware in order to remove the restriction.
No More Ransom! Need Help unlocking your digital life without paying your attackers?
What experts think companies should do when ransomware strikes NPR; 8/12/2022
GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need 5/24/2022
Winning the War on Ransomware
DOJ’s task force; Verge; 12/9/2021
Ransomware gangs are complaining that other crooks are stealing their ransoms ZD; 9/30/2021
Why ransomware hackers love a holiday weekend Ars; 9/5/2021
The history of hacking ransoms and cryptocurrency CNet; 7/30/2021
How REvil Ransomware Took Out Thousands of Business at Once
automated updates via supply chain network; Wired; 7/4/2021
Don't Ignore Ransomware. It's Bad.
govt actions; backups; uptodate software;
if companies, government agencies and organizations required all employees and others who access their computer networks
to use strong passwords, password managers and multi-step authentication, it would go a long way to prevent cyberattacks; NYT; 4/29/2021
How Did ‘Ransomware’ Get So Bad? NYT; 10/5/2020
When coffee makers are demanding a ransom, you know IoT is screwed watch along as hacked machine grinds, beeps, and spews water; Ars; 9/26/2020
Ransomware Has Gone Corporate. Where Will It End? the DarkSide operators are just the latest group to adopt a veneer of professionalism—while at the same time escalating the consequences of their attacks; Wired; 8/26/2020
Researchers detail the increasingly prevalent LockBit ransomware, which may one day reach parity with other feared ransomware packages like Maze or Ryuk Ars; 4/30/2020
The Covid-19 Pandemic Reveals Ransomware's Long Game hackers laid the groundwork months ago for attacks; Wired; 4/28/2020
Ransomware Gangs to Stop Attacking Health Orgs During Pandemic BC; 3/18/2020
Ransomware Attacks Grow, Crippling Cities and Businesses Hackers are locking people out of their networks and demanding big payments to get back in. New data shows just how common and damaging the attacks have become; NYT; 2/9/2020
Why you can't bank on backups to fight ransomware anymore they still will face demands for payment in order to avoid the publication or sale of information stolen by the attackers before the ransomware was triggered; Ars; 2/7/2020
New ransomware doesn't just encrypt data. It also meddles with critical infrastructure Ekans represents a "new and deeply concerning" evolution in malware targeting control systems; Ars; 2/3/2020
Experts: Don't reboot your computer after you've been infected with ransomware Rebooting may lead to restarting a crashed file-encryption process, potential loss of encryption keys stored in-memory; ZD; 11/5/2019
Profile of Michael Gillespie, who has cracked the encryption of 100+ types of ransomware and helped thousands of ransomware victims recover their files for free ProPub; 10/29/2019
FBI warns of major ransomware attacks as criminals go "big-game hunting" Ars; 10/7/2019
How insurance companies are fueling a rise in ransomware attacks Insurers prefer to pay the ransom. Why? ProPublica says attacks are good for business; Ars; 8/27/2019
Don't Pay the Ransom The F.B.I. should follow the example of European law enforcement and help victims of ransomware decrypt their data; No More Ransom initiative, toolsNYT; 8/14/2019
Cybersecurity officials warn state and local agencies (again) to fend off ransomware three steps urged by CISA, MS-ISAC, NGA, NASCIO: run daily backups, train staff on "cybersecurity awareness," and "revisit and refine cyber incident response plans"; Ars; 7/30/2019
No More Ransom project has prevented ransomware profits of at least $108 million 82 tools that can be used to decrypt 109 different types of ransomware; ZD; 7/26/2019
How to protect yourself from online scams including ransomware and more PC; 7/16/2019
Georgia's courts hit by ransomware Ryuk; Ars; 7/1/2019
Florida LAN: Someone clicks link, again, giving Key Biscayne ransomware Ars; 6/28/2019
Sting Catches Another Ransomware Firm -- Red Mosquito -- Negotiating With "Hackers" rather than high-tech ransomware solutions; PP; 6/24/2019
A tale of two cities: Why ransomware will just get worse Deal or no deal, either way cities pay through the nose because of failed IT practices; Ars; 6/21/2019
[2] Zero-day attackers deliver a double dose of ransomware—no clicking required Oracle WebLogic; Ars; 4/30/2019
Arizona Beverages, one of the largest drink suppliers in the US, is reeling after a ransomware attack FBI warned them beforehand of a malware infection; TC; 4/2/2019
Here's how personalized ransomware attacks work, and how to protect yourself TNW; 3/28/2019
New ransomware rakes in $4 million by adopting a "big game hunting" strategy Ryuk lies in wait for as long as a year, then pounces on only the biggest prey; Ars; 1/12/2019

Spyware

Wikipedia: Spyware: malware that monitors users' web browsing, displays unsolicited advertisements, or redirects affiliate marketing revenues to the spyware creator.
Wikipedia: Keystroke logging: action of recording (or logging) the keys struck on a keyboard, typically in a covert manner, e.g., passwords
HowStuffWorks: How Spyware Works; How to Avoid Spyware; How to Scan for and Remove Spyware
Spyware Maker NSO Promises Reform but Keeps Snooping recent revelations in India show that the threat from the company’s spyware to activists and journalists isn’t limited to autocratic regimes; NYT; 11/9/2019
Fake veteran hiring site downloads spyware instead of jobs Ars; 9/25/2019
El Chapo Trial: Kingpin Used Spyware to Obsessively Monitor His Wife and Mistress NYT; 1/10/2019

[3] Web Servers

Apache, Drupal, Joomla, WordPress, etc.
Many websites threatened by highly critical code-execution bug in Drupal Drupal is the third most-widely used CMS behind WordPress and Joomla; Ars; 2/21/2019
How to Run a Web Server on iOS with iSH and python OSXD; 2/20/2019

Windows

Best antivirus: Keep your Windows PC safe from spyware, Trojans, malware, and more PC; 8/2/2023
The best antivirus protection CNet; 12/19/2022
Hackers Are Exploiting a Flaw Microsoft Fixed in 2013
optional update; ZLoader; Wired; 1/5/2022
AVG Internet Security review much improved interface along with good protection and solid pricing; PC; 2/3/2021
What you need to know about Windows Security in Windows 10 PC; 1/6/2021
Windows Security review: There are better options, but not for the 'price' PC; 12/12/2019
Why you can stop paying for antivirus software Microsoft's Windows Security (formerly Windows Defender) is now on a par with paid solutions such as McAfee and Norton; PC; 9/24/2019
Why You Should Use Windows Defender's Ransomware Prevention LH; 8/16/2019
How to remove malware from your Windows PC PC; 5/6/2019

Safer Internet: Connection: Turn Off Unnecessary Services

Summary

[1] Review System Preferences to control what information is shared between apps and over the internet
[1] Add Contact Info to Login ('Lock') Screen -- useful for medical emergency or if device found
[1] Enable Find My xx to locate, and optionally erase, your lost/stolen device
[1] Control Access to your Location by apps and sites: maps, local stores, advertisers?
[1] Control Access to your Computer, Keyboard, Camera, Microphone, Screen by apps and sites
[1] Limit Bluetooth Access, e.g., to known contacts only, esp. with AirDrop
[2] Control System and App Notifications
[2] Control Sharing of Speech & Analytics Data, e.g., Siri, Alexa; app crashes
Later sections: Internet of Things (SmartTVs; Game boxes; Amazon Alexa, Apple Siri, Google Home); Share Files Privately
References

[1] Review System Preferences

Besides exploring every option under Preferences / Settings, you can use Search
macOS: System Preferences > Security & Privacy > Privacy : Location Services, Contacts, Calendars, Reminders, Accessibility, Diagnostics & Usage [screenshot]
macOS: System Preferences > Sharing : Screen, Files, Printer, Remote, Internet, Bluetooth [screenshot]
macOS: System Preferences > Extensions : All, Actions, Finder, Photos Editing, Share Menu, Today
iOS: Settings > Privacy : (many) [screenshot]
iOS: Settings > General > Restrictions: (many)
Windows: (File Sharing) {Figure 7. TCYOP-4: 72; TCYOP-3: 59}

[1] Add Contact Info to Login ('Lock') Screen

macOS: System Preferences > Security & Privacy > General (lock message) [screenshot]
iPhone: Health > Medical ID: Medical Conditions, Spouse, Child, Blood Type, Organ Donor
result: "Emergency" link on lock screen
iOS: add a message to your Lock Screen by overlaying text* on an image
You can also set this (or a different) image as your Home Screen (background for app icons).
iOS: Settings > Wallpaper > Choose a New Wallpaper > Camera Roll > [screenshot]
... (tap lock image) > (iPhone:Set) > Set Lock Screen
... (tap home image) > (iPhone:Set) > Set Home Screen
*[2] Use an image app on desktop or iOS to add text to an image; tradeoffs: cost, simplicity, flexibility.
e.g., use Preview on Mac to create 2 appropriately-sized images: one for use with Home Screen, one with text for Lock Screen
macOS: Finder > (select original image) > File > Duplicate; rename with suffix, e.g., 'home'
macOS: Preview > File > Open: 'home' image, e.g., my-ipad-screen-home.jpg
Preview: use rectangular selection tool to highlight a square area corresponding to device's smaller dimension
e.g., iPad Air: 2048x2048, iPhone 7: 750x750; square wallpaper will work with both portrait and landscape screen orientations
macOS: Preview > Tools > Crop; File > Save
macOS: Finder > (select 'home' image) > File > Duplicate; rename with suffix, e.g., 'lock'
macOS: Preview > File > Open: 'lock' image, e.g., my-ipad-screen-lock.jpg
macOS: Preview > Tools > Annotate > Text
add text, e.g., name, email, phone: yours(iPad), spouse(iPhone); customize font, size, etc.
macOS: Preview > File > Save
transfer lock (& home) image file(s) to Photos (iOS) via AirPlay, Messages, Mail, ...
set wallpaper(s) -- per earlier instructions
iOS: Settings > Control Center > Access on Lock Screen If on, someone would be able to enable Airplane Mode on a lost/stolen phone, which would disable Find My iPhone
iOS: Settings > Passcode (or Touch ID & Passcode) > Allow access when locked: Notifications, Siri, Wallet, etc. [screenshot]

[1] Enable Find My iPhone, iPad, Mac, Windows

To use: login to iCloud account
macOS: System Preferences > iCloud > Find My Mac [screenshot]
iOS: Settings > (my acct) > iCloud > Find My iPad/iPhone [screenshot]
[2] iOS: Settings > Privacy > Location Services > System Services > Status Bar Icon: off If your phone is lost/stolen, and you're tracking it, it's better not to advertise it, though this turns off for all location services?
Windows: Windows Settings > Update & Security > Find my Device
Windows iCloud setup for iOS devices

[1] Control Access to your Location

Before
And: Settings > Security & Location > Location > App-Level Permissions: on, off
macOS: System Preferences > Security & Privacy > Privacy : Location Services [screenshot]
macOS: ... Location Services > System Services > Details > Show location icon in menu bar when System Services request your location
macOS: Safari > Preferences > Privacy > Website use of Location Services [screenshot]
macOS: Firefox -- none?
macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Location
iOS: Settings > Privacy : Location Services: Share My Location; Apps; System Services choices: Never, Always, While Using [screenshot]
iOS: Settings > (your acct) > iCloud > Share My Location
After: allow/deny for specific web sites that request access on an adhoc basis

[1] Control Access to your Computer, Keyboard, Camera, Microphone, Screen

An entrepreneur has made a device that can prevent the NSA from spying on you by blocking your laptop's camera. This new high-tech device is... called a small piece of tape.
Avoid snooping on your keyboard and screen over your shoulder in public places; control remote access
macOS: System Preferences > Security & Privacy > Privacy > Accessibility > Allow apps to control your computer [screenshot]
macOS: System Preferences > Sharing > Screen Sharing; Remote Login [screenshot]
macOS: System Preferences > Security & Privacy > Privacy > Camera
older versions: use a piece of cardboard & tape except for specific apps!
macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Mouse cursor; Media (camera, microphone)
iOS: Settings > Privacy > Microphone, Camera, Motion [screenshot]
iOS: Settings > Safari > Camera & Microphone Access
Windows: Windows Settings > System > Remote Desktop

[1] Limit Access to Bluetooth

a wireless technology standard for exchanging data over short distances between "paired" devices, e.g., for keyboard, headset, AirDrop (file sharing), share Internet connection
range: 30-300' depending on device power Class and environmental factors
most modern devices and implementations support encryption
however, if you enable only temporarily when you need it, your device will be more secure, use less power, etc.
macOS: System Preferences > Bluetooth > Turn Bluetooth: On/Off [screenshot]
iOS: [swipe up] > AirPlay
iOS: General > AirDrop: Contacts Only -- or Receiving Off; if Everyone then just temporarily
iOS: Settings > Bluetooth: On/Off [screenshot] -- note: disabling via iOS11 Control Center does not completely turn off!

[2] Control System and App Notifications

Messages that appear in the 'Notification Center' can be useful vs. annoying
risk if someone sees screen, e.g., verification codes via SMS; allow/deny for web sites that request access?
macOS: System Preferences > Notifications [screenshot]
macOS: Safari > Preferences > Websites > Notifications: Allow websites to ask for permission to send push notifications
macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Notifications
iOS: Settings > Notifications [screenshot]
iOS: Settings > Notifications > Show Previews > When Unlocked
Windows: Windows Settings > System > Notifications & Actions

[2] Control Sharing of Speech & Analytics Data

Collecting data about crashes and usage of services can improve system services and applications
Is it anonymized? Read privacy policies
iOS: Settings > General > Siri > About Siri and Privacy (read)
Dictation online: spoken words are recorded and uploaded to Apple's servers for translation
Enhanced (offline) mode more private but requires software install
macOS: System Preferences > Dictation & Speech > Dictation > Use Enhanced Dictation
iOS: Settings > Privacy > iPad/iPhone Analytics: [none/all] Share iPad Analytics (with Apple), Share With App Developers, Share iCloud Analytics (with Apple)
macOS: System Preferences > Security&Privacy > Privacy > Analytics: [select] Share Mac Analytics (with Apple), Share with App Developers, Share iCloud Analytics (with Apple)

References

{TCYOP-4: 72-73; TCYOP-3: 59-60}
sections: Refs: Android; Bluetooth; Camera; iOS; Location; macOS; Microphone; Notifications; Screens; Video; Windows
see also VPN section (for hiding location), Mobile Privacy section
topics: AirDrop, Alexa, autoplay, geofencing, maps, Medical ID, photos, Siri, tape
Wikipedia: Location-based service; Geo-fence; Find My iPhone/Mac
HowStuffWorks: How Location Tracking Works
The Best Thing About Apple's AirTags Is Also the Scariest abusers installing unwanted trackers; Giz; 4/30/2021
6 Privacy-Focused Alternatives to the Apps You Use Every Day Signal for Messaging; Firefox for Web Browsing; DuckDuckGo for Search; OsmAnd for Maps (OpenStreetMap); ProtonMail for Email; Jumbo for Social Media; Wired; 12/13/2020
macOS systems abused in DDoS attacks Apple Remote Desktop enabled; ZD; 10/3/2019
Researcher: devices can be tracked across apps and sites with info from sensors like gyroscope patched on iOS; a minor issue on Android, given poor calibration; ZD; 5/22/2019
iOS 12.2 will be able to block Web access to your iPhone's motion sensors ad agencies are reportedly worried about the change; ApIn; 2/4/2019

Android

Google: Choose which apps use your Android device's location
More than 1,000 Android apps harvest data even after you deny permissions e.g., location; CNet; 7/8/2019
Here's the easiest way to find, lock, or wipe your lost Android phone TNW; 7/1/2019
How to stop location tracking Verge; 4/12/2019

Bluetooth

Wikipedia: Bluetooth; Bluetooth Security
HowStuffworks: How Bluetooth Works; How Bluetooth Surveillance Works
Thieves Are Using Bluetooth to Target Vehicle Break-Ins How to keep your devices safe when you park at a trailhead -- or anywhere; power off or Airplane mode; Out; 12/9/2019
New Attack exploiting serious Bluetooth weakness can intercept sensitive data Key Negotiation of Bluetooth (KNOB) forces devices to use encryption keys that are trivial to break; attacker within 10-400m; Ars; 8/17/2019

Camera

Can Someone Really Spy on Me Through My Webcam or Phone Camera? LH; 12/16/2021
How to Stop Apps from Using Camera on Mac OSXD; 7/11/2019

iOS

Apple: Privacy: Siri and Dictation; Maps; Health
Apple: iOS Security Network security pp. 27-30; 9/2015
Apple: iOS: Supported Bluetooth profiles 3/5/2015
Jamf's Quick Guide to Which iOS Permissions Apps Really Need TB; 8/26/2021
How to Manage Which Apps Access Location Data on iPhone & iPad OSXD; 12/29/2020
How to set up Medical ID on your iPhone MW; 10/21/2020
Double-Check Your iPhone's Medical ID Emergency Contacts TB; 2/18/2020
Stop AirDrop in iOS with Screen Time MW; 2/13/2020
How to See & Change What Apps Can Access Health Data on iPhone OSXD; 1/30/2020
What is the Screen Time Passcode in iOS 12? OSXD; 3/30/2019

Location

How to find, block, and disable an unknown AirTag moving with you MW; 5/2/2023
How to Make Sure You're Not Accidentally Sharing Your Location Wired; 2/12/2023
How the Find My App Became an Accidental Friendship Fixture
introduced 10 years ago, the app has slowly become a popular way to keep track of friends.
But it comes with considerable privacy concerns; NYT; 8/20/2022
Your Phone's Location Access Reveals a Lot. Here's How to Turn It Off. NYT; 6/29/2022
How to find, block, and disable an unknown AirTag moving with you MW; 5/1/2022
Can Controlling Vehicles Make Streets Safer and More Climate Friendly?
geofencing, Sweden; NYT; 3/28/2022
How to Hide / Blur Your Home on Google Maps & Apple Maps OSXD; 3/1/2022
How to find, block, and disable an unknown AirTag moving with you MW; 2/18/2022
How to find, block, and disable an unknown AirTag moving with you MW; 2/11/2022
An update on AirTag and unwanted tracking Apple; 2/10/2022
Apple's New 'Personal Safety Guide' Helps You Deal With AirTag Stalkers Giz; 1/25/2022
Are Apple AirTags Being Used to Track People and Steal Cars? NYT; 12/30/2021
What to do when you find an AirTag, or are told by your iPhone that one is following you ApIn; 12/20/2021
Life360 Family Tracking App Is Selling Its Customers’ Precise Location Data TB; 12/15/2021
How to opt out of the Find My network
participating in Apple’s crowdsourced network for devices and AirTags is optional; MW; 5/28/2021
Six Reasons Why Google Maps Is the Creepiest App On Your Phone
1. Google Maps Wants Your Search History
2. Google Maps Limits Its Features If You Don't Share Your Search History
3. Google Maps Can Snitch On You
4. Google Maps Wants to Know Your Habits
5. Google Maps Doesn't Like It When You're Offline
6. Google Makes It Seem Like This Is All for Your Own Good;
Vice; 11/12/2020
What are geofence warrants? TNW; 9/5/2020
Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users plus ad tracking; Ars; 8/4/2020
How to Remove Location Data from Photos Before Sharing on iPhone & iPad OSXD; 5/29/2020
How to Find a Lost iPhone, iPad, Mac with FindMy on Mac OSXD; 11/25/2019
Find My: How to use Apple's new all-in-one app to find friends and devices MW; 10/14/2019
How to Set Your Google Data to Self-Destruct
option to set search and location data to automatically disappear after a certain time;
myactivity.google.com; NYT; 10/2/2019
How Incognito Google Maps Protects You -- and How It Doesn't Wired; 10/2/2019
How to Disable Location Based Apple Ads on Mac OSXD; 8/30/2019
Researchers find that in four dating apps, including Grindr, any user's location can be determined using the apps' public APIs, if the username is known 8/12/2019
The Terrible Anxiety of Location Sharing Apps Wired; 7/28/2019
EFF Hits AT&T With Lawsuit Over Sale Of User Location Data TD; 7/16/2019
Secret Palantir User Manual Sheds Light on How ICE and Law Enforcement Track Families Vice; 7/12/2019
How Apple's New Find My Service Locates Missing Hardware That's Offline TB; 6/21/2019
iOS 13 will show you where apps have tracked your location, on a map TNW; 6/10/2019
[2] The Clever Cryptography Behind Apple's 'Find My' Feature Wired; 6/5/2019
Study: many iOS apps, including the Washington Post's, use "background app refresh" to send tracking info like location and IP address, even late at night Our privacy experiment showed 5,400 hidden app trackers guzzled our data — in a single week; WaPo; 5/28/2019
Google Is Probably Tracking Your Location Right Now -- Here's How to Stop That MF; 5/5/2019
How to Return a Lost Phone Contact Info (on case; ICE (in case of emergency); Voice Assistant; NYT; 4/24/2019
Tracking Phones, Google Is a Dragnet for the Police NYT; 4/13/2019
Google's Sensorvault Is a Boon for Law Enforcement this Is How It Works; NYT; 4/13/2019
The Chicken Is Local, But Was It Happy? GPS Now Tells The Life Story Of Your Poultry NPR; 2/24/2019
Your phone and TV are tracking you, and political campaigns are listening in 'digital fence' pushed ads onto the iPhones and Androids of all those attending the meeting. Not only that, but because the technology pulled the unique identification numbers off the phones, a data broker could also use the digital signatures to follow the devices home. Once there, the campaign could use so-called cross-device tracking technology to find associated laptops, desktops and other devices to push even more ads; possible solutions? VPN, ad blocking, app settings (or safer apps), TV settings; LAT; 2/20/2019
How to stop Facebook from tracking your location And, iOS; TNW; 2/21/2019
Apple, Google Criticized For Carrying App That Lets Saudi Men Track Their Wives Absher, an app from the Saudi government, helps men in the country track and dictate where women can travel; Sen. Ron Wyden, D-Ore., sent a letter to both companies asking them to remove the app; NPR; 2/12/2019
'Find my iPhone' warned murder victim of assailant's location minutes before death she was shot to death, but it gave her enough time to save her son; ApIn; 2/6/2019
How to Change IP Address & GeoLocation for Web Browsing with Epic OSXD; 1/30/2019
AT&T and T-Mobile say they will stop selling customers' location data to 3rd-party service providers by March; Verizon says it's winding down sharing agreements WaPo; 1/10/2019
Los Angeles sues the company behind the Weather Channel app, which is owned by IBM, for slyly using location data for commercial purposes NYT; 1/3/2019

macOS

How to find out which Mac apps are tracking your location MW; 6/14/2021
How to Prevent Microphone & Camera Access for Websites in Safari on Mac OSXD; 4/22/2021
Feeling Paranoid? Micro Snitch Tells You If Your Mac Is Spying on You TB; 7/22/2020
How to Delete Siri & Dictation History on Mac and Opt-Out of Audio Recording Storage OSXD; 11/21/2019
Apple's AirDrop and password sharing features can leak iPhone numbers AirDrop: Contacts Only? disable Bluetooth? Ars; 8/1/2019
Best Mac remote access apps MW; 7/4/2019
Know When Malware Tries to Access Your Mac's Camera or Mic With This App Oversight; LH; 3/9/2019

Microphone

How to manage camera and microphone permissions on iPhone and iPad ApIn; 7/6/2022

Notifications

How to Take Control of Your Notifications NYT; 2/5/2020

Screens

The Sometimes Catastrophic, but Mostly Just Embarrassing Consequences of Screen Sharing at Work NYT; 3/21/2019
How to Not Ruin Your Life (or Just Die of Embarrassment) With a Screen Share NYT; 3/21/2019

Video

Apple says it has notified app developers to remove code that lets them record how a user interacts with their apps without explicit user consent Glassbox 'session replay' records taps, button pushes and keyboard entry; TC; 2/7/2019
Microsoft introduces background blur feature to Skype, which uses AI to detect the user's hair, hands, and arms, and blur distracting objects in the background Giz; 2/7/2019

Windows

Safer Internet: Connection: Use a Firewall

Summary

Routers typically provide some hardware firewall protection, plus a layer of anonymity.
[1] Enable your device's built-in software firewall; default (mostly inbound) settings are usually adequate
[2] Block/unblock specific ports/services via router or OS, e.g., if you're a gamer or server admin
[3] Install 3rd party software for more advanced inbound and/or outbound firewall
References

[1] Enable your device's built-in software firewall

iOS: not necessary
macOS: System Preferences > Security & Privacy > Firewall > Turn On
[screenshot] you'll need to click the lock and provide your admin password
macOS: {Figure 9. TCYOP-4: 76; TCYOP-3: 62}; Win: {Figure 8. TCYOP-4: 75; TCYOP-3: 61}

[2] Block/unblock specific ports/services

macOS: System Preferences > Security & Privacy > Firewall > Firewall Options [screenshot]

[3] Install 3rd party software

Install 3rd party software for more advanced inbound and/or outbound firewall {TCYOP-4: 66}
macOS: Little Snitch; Lulu; others: Intego NetBarrier; Murus; Norton Security; Radio Silence
macOS: access secondary built-in firewall pf via Terminal, or GUI: Murus
Windows: ZoneAlarm; Windows 8 Firewall Control

References

{TCYOP-4: 74-77; TCYOP-3: 61-63; Use an Outbound Firewall; Beware Analog Snooping, Too}
sections: Refs: macOS, Windows
Wikipedia: Firewall controls incoming and outgoing network traffic; router
Wikipedia: Firewalls and Internet security; Personal firewall
HowStuffWorks: How Firewalls Work

macOS

Apple: firewall
Little Snitch 5.7 TB; 8/24/2023
How to Enable or Disable Firewall on MacOS Ventura OSXD; 5/17/2023
Apple has removed a controversial feature in macOS 11.2 beta 2 that allowed its own apps to bypass third-party firewalls, security tools, and VPNs ZD; 1/14/2021

Win

Wikipedia: Windows firewall

Safer Internet: Connection: Crossword #1

The Puzzle

Interactive version [below]
Check button: Check puzzle for errors; Reveal button: reveal current word
Web version created by Crossword Compiler
Print versions [.pdf]: puzzle; solution
Download for a crossword app [.puz]: puzzle w/ solution
open it in a crossword app, e.g., Mac, Windows: Across Lite (free); Android, iOS: Crosswords

Safer Internet: Connection: Crossword #2

The Puzzle

Interactive version [below]
Check button: check puzzle for errors; Reveal button: reveal current word
Web version created by Crossword Compiler
Print versions [.pdf]: puzzle; solution
Download for a crossword app [.puz]: puzzle w/ solution
open it in a crossword app, e.g., Mac, Windows: Across Lite (free); Android, iOS: Crosswords

Safer Internet: Keep Your Internet Connection Private

Summary

Preview: privacy / security / anonymity via encryption / indirection

References

Safer Internet: Connection: Encrypt Wi-Fi

Quotes

Summary

[1] Connecting to a Wi-Fi Network

[1] Encrypting your Wi-Fi Network

[1] Router: Admin Password

[1] Router: Disable Remote Admin and UPnP

[1] Router/Device DNS

[2] Wi-Fi Connection Problems?

[2] Router: Backup Settings

[2] Router: Update Firmware

[3] Set Device SIM PIN

References

Android

Cellular

DNS, IP Addresses

iOS

ISP; Satellite

macOS

Modem, Router

Wi-Fi

Windows

Safer Internet: Connection: Use a VPN

Summary

Choose a VPN Service

Configure and Use a VPN Service

References

Android

Government

iOS

macOS

Products / Reviews

Windows

Safer Internet: Connection: Avoid Malware

Quotes

Summary

[1] Understand Different Types of Malware

[1] Improve User Practices

[1] Install and Update Approved Apps

[1] Manage / Minimize Plugins, Extensions, Add-ons

[1] Flash: Update, Block or Uninstall

[1] Java: Update, Block or Uninstall

[1] Install Anti-Virus (AV)

[3] Advanced Settings: JavaScript, WebGL, web admin

References

Android

Anti-Virus

Cyber Attacks, CyberWar

Extensions, Plug-ins

Flash, Shockwave [Adobe]

iOS

Java

JavaScript (JS)

macOS

Microsoft Office

Ransomware

Spyware

[3] Web Servers

Windows

Safer Internet: Connection: Turn Off Unnecessary Services

Summary

[1] Review System Preferences

[1] Add Contact Info to Login ('Lock') Screen

[1] Enable Find My iPhone, iPad, Mac, Windows

[1] Control Access to your Location

[1] Control Access to your Computer, Keyboard, Camera, Microphone, Screen

[1] Limit Access to Bluetooth

[2] Control System and App Notifications

[2] Control Sharing of Speech & Analytics Data

References

Android

Bluetooth

Camera

iOS

Location

macOS