Quotes | Summary | Navigating | Malicious | Fraudulent Warnings |
URL status | Shortened URLs | Web Archives |
References: General | Dark Patterns | Fake, Hoax |
Shortening Services | Web Archives

---

Quotes

• What kind of doctor fixes broken websites?... A URLologist.
• "You step in the stream,
  but the water has moved on.
  This page is not here.
  
  The Web site you seek
  cannot be located but
  endless others exist.
  
  This site has been moved.
  We'd tell you where, but then we'd
  have to delete you." ~Haiku error messages
• "The truth is that these companies [social media behemoths]...
  won’t fundamentally change because their entire business model relies on generating more engagement, and nothing generates more engagement than lies, fear and outrage." ~Sacha Baron Cohen

Summary

• [1] Navigate to Valid Sites via bookmarks, password managers, search engines
• [1] Avoid Impostor and Malicious Sites, e.g., don't type in URLs, don't click on links in emails or popups
• [1] Enable Fraudulent Site Warnings, e.g., Phishing, Malware, Plugins
• [1] Learn to Examine and Recognize URLs in status bar; prefer HTTPS:
• [2] Access Shortened URLs Cautiously
• [3] Find Old Versions of Pages or Sites via Web Archives e.g., "Wayback Machine" or search engine caches
• References

[1] Navigate to Valid Sites

• Use browser bookmarks/favorites or a password manager to navigate, rather than type or click on links
• Use browser's built-in Search box, or combo Address field, rather than typing "google.com"
• In search results, look for "Official Site" or at actual URL to determine if expected destination
• Some search engines hide addresses in favor of more human readable names.
• Avoid fake/conspiracy news sites (and this includes a lot of social media)
  -- besides disinformation and wasting your time, they can be an avenue for malware.
• Avoid DNS problems -- see section: Connection : Wi-Fi (Router)

[1] Avoid Insecure, Impostor and Malicious Sites

• Typos & look-alike characters in site addresses (URLs) could lead you
  to malicious, impostor sites -- or insecure versions (HTTP: vs. HTTPS:)
• Think twice before clicking on links in an email
• Think twice before clicking on links in popups, or unknown links in web pages,
  esp. ads which might redirect you to look-alike sites
• Quiz: Can you identify a phishing web site login?

[1] Enable Fraudulent Site Warnings

• macOS: Safari > Preferences > Security > Fraudulent sites [screenshot]
• macOS: Firefox > Preferences > Security >
Block reported attack sites / web forgeries / add-ons
• macOS: Chrome > Settings (advanced) > Privacy >
Protect you and your device from dangerous sites
• iOS: Settings > Safari > Privacy & Security > Fraudulent Website Warning [screenshot]
• Enable phishing/malware/plugin warning: -- see section: Connection : Malware

[1] Learn to Examine and Recognize URLs

• Show links in status bar; inspect before you click
• macOS: Safari > View > Show Status Bar
• Display full address (URL) in address/location bar
• macOS: Safari > Preferences > Advanced > Show Full Website Address
• iOS: Safari > (tap in address bar)
• For secure sites, check HTTPS: and verify status (lock icon or certificate) -- see next section: Use HTTPS:

[2] Access Shortened URLs Cautiously

• Due to shortening or normal redirects, you may not be seeing the 'real', final URL,
  e.g., https://communicrossings.com/olli
• https://bit.ly/20ICWYg, https://tinyurl.com/hg8776o
• There are several sites that follow any redirects and display the final destination
• e.g., CheckShortURL, Unshorten
• If the URL was generated by:
• Bitly: add a plus sign ('+') to the URL and Bitly will display a preview
• TinyURL: place 'preview' in front of the shortened URL
• Instead of this manual process, you could install a browser extension that displays final URL
  via popup, status area (if overlap, hide regular status bar), or in-line (in page itself)
• Safari: Ultimate Status Bar
• Firefox: No Redirect, Long URL Please Mod
• Chrome: LongURL

[3] Find Old Versions of Pages or Sites via Web Archives

• What if a page or site has disappeared, or you want to see an older version?
• e.g., some versions of my web site (currently: communicrossings.com) from past ~25 years --
  most courtesy of the Internet Archive (aka Wayback Machine)
• 1993?-1998?: http://www.netaxs.com/~weyer
• 1999-2000: http://members.bellatlantic.net/~sweyer/
• 2001-2005: http://members.home.net/saweyer/
• 2001-2005: http://users.aol.com/steveweyer/DOS
• 2002-2004: http://home.comcast.net/~saweyer/
• 2002-2006: http://www.kagi.com:80/weyer;
  http://mywebpages.comcast.net:80/saweyer/;
  http://home.comcast.net:80/~saweyer/cc/index.htm
• 2010: http://communicrossings.com:80/
• 2011: http://communicrossings.com:80/
• 2015: http://communicrossings.com/ archive.is

References

• {TCYOP-4: 84-85; TCYOP-3: 68-69}
• sections: Refs: Dark Patterns; Fake,Hoax; Shortening Services; Web Archives
• topics: cybersquatting, DNS hijacking, homographs, Snopes
• Wikipedia: typosquatting aka URL hijacking; e.g., googl.com; URL redirection
• HowStuffWorks: How to Detect Online Scams
• Ever wonder how good you are at telling the difference between a legitimate website
  and one that's a phishing attempt? fake vs. real login pages; OpenDNS
• Google-hosted malvertising leads to fake Keepass site that looks genuine punycode; Google-verified advertiser + legit-looking URL + valid TLS cert = convincing look-alike; 10/19/2023; Ars
• Google Chrome now detects typos in your URLs Verge; 5/18/2023
• MapQuest and Other Internet Zombies NYT; 6/21/2022
• The Ghost of the Soviet Union Still Haunts the Internet .su domain; Wired; 3/29/2022
• The Best of 404PageFound, and Other Primitive '90s Websites That Still Exist LH; 12/14/2021
• Bitflips when PCs try to reach windows.com: What could possibly go wrong?
  domain names that vary by a single mutated character; Ars; 3/4/2021
• New Research Reveals the Hidden Downsides of Link Previews
  it can also leak sensitive data, consume bandwidth, and drain batteries; Wired; 10/28/2020
• Researcher discovers address bar spoofing bugs in Safari, Opera, and Yandex,
  all now fixed, but other popular browsers, like UC Browser, have not issued a patch TC; 10/20/2020
• How to Block Bad Websites—or Just Get Things Done
  block distractions and temptations: BlockSite, LeechBlock NG, Cold Turkey, Freedom; Wired; 10/11/2020
• Wikipedia Is the Last Best Place on the Internet Wired; 2/17/2020
• The .Org Mirage You don’t have to be a nonprofit
  — or meet any special criteria at all (compared to .gov, .edu); NYT; 12/5/2019
• Scammers favor malicious URLs over attachments in email phishing TNW; 11/8/2019
• Who owns that shady website? using ICANN:WhoIs and other databases; PC; 6/20/2019
• How to Spot a Fake Address Bar in Chrome on Android LH; 4/29/2019

Dark Patterns

• Stopping the Manipulation Machines
  hidden unsubscribe links; recurring subscriptions;
  examples: Trick questions; Bait and switch;
  Roach motel; Friend spam; Sneak into basket; NYT; 4/30/2021
• How to Spot -- and Avoid -- Dark Patterns on the Web UX ploys designed to trick you
  into spending money, or make it nearly impossible to unsubscribe; Wired; 7/29/2020

Fake News, Hoaxes

• Wikipedia: Fake news; Fake news website; Snopes (aka Urban Legends Reference Pages)
• How To Use Google's Fact Check Explorer To Verify Claims on the Web
  True? False? Somewhere in between? Google's online tool will tell you
  Giz; 1/23/2024
• Fact Checkers Take Stock of Their Efforts: "It's Not Getting Better" NYT; 9/29/2023
• A Better Way to Think About Conspiracies people will always be interested in conspiracy theories.
  They need a tool kit for discriminating among different fringe ideas; NYT; 3/2/2021
• Don't Go Down the Rabbit Hole
  critical thinking, as we’re taught to do it, isn’t helping in the fight against misinformation; NYT; 2/18/2021
• In a post-truth world, we need Wikipedia more than ever CNet; 1/15/2021
• At 20, Wikipedia has become a refuge from Big Tech's misinformation CNet; 1/15/2021
• Have Trump’s Lies Wrecked Free Speech? a debate has broken out over whether the
  once-sacrosanct constitutional protection of the First Amendment has become a threat to democracy; 1/6/2021
• It's only fake-believe: how to deal with a conspiracy theorist
  1. Hunting an invisible dragon
  2. Fake authority
  3. Coincidence or covert operations?
  4. False equivalence
  5. The thought-terminating cliche
  The art of pre-suasion; Guard; 11/29/2020
• How to Talk to Friends and Family Who Share Conspiracy Theories NYT; 10/25/2020
• Recognize Misinformation on the Internet
  identifying reliable information online is especially urgent, and especially for seniors; NYT' 8/28/2020
• How QAnon Creates a Dangerous Alternate Reality
  conspiracy theory parallels the immersive worlds of alternate reality games; NYT; 8/5/2020
• [2] Adobe's plans for an online content attribution standard could have big
  implications for misinformation mostly images; TC; 8/3/2020
• The anatomy of a fake news headline TNW; 7/12/2020
• How to Spot a Conspiracy Theory
  Contradictory ideas
  Overriding suspicion
  Nefarious intent;
  "Something must be wrong";
  Persecuted victim;
  Immune to evidence;
  Reinterpreting randomness; LH; 5/14/2020
• Democrats counter Trump’s fake coronavirus news with AI that fought ISIS propaganda TNW; 5/4/2020
• These Students Are Learning About Fake News and How to Spot It NYT; 2/20/2020
• Reuters launches a new Reuters Fact Check business unit and blog and partners
  with Facebook to review news headlines, deepfakes, and user generated content TC; 2/12/2012
• Do Not Click OR DOJ; 1/2020
• How to fight lies, tricks,and chaoso nline Verge; 12/3/2019
• How blockchain will kill fake news NYT is one of the first major news publications to test blockchain
  to authenticate news photographs and video content, according to Gartner; CW; 12/2/2019
• How to Tell If an Online Review Is Fake LH; 10/21/2019
• Apple's Tencent privacy controversy is more complicated than it looks
  Fraudulent Website Warning checks URLs in a list; it doesn't share with Google or Tencent; Verge; 10/14/2019
• Why People Keep Falling for Viral Hoaxes
  when confronted with new information, humans don't always do the logical thing and evaluate it on its own merits, Phillips says.
  Instead, we often make snap decisions based on how the information adheres with our existing world views; Wired; 8/22/2019
• Behold, the most (intentionally) poorly designed website ever created User Inyerface; Ars; 7/4/2019
• How to Tell if a News Site Is Reliable UnNews list; LH; 5/1/2019
• Marking 30 years of the web, Tim Berners-Lee calls for a joint fight against disinformation TC; 3/12/2019
• Fun iOS Safari Bug Lets You Trick Your Friends With Fake Website Headlines MR; 2/21/2019
• Google publishes 30-page paper on how it combats disinformation across YouTube, Search, News, Ads
  product improvements, experience with spam, context for users; 2/18/2019
• Facebook struggles to deal with vaccine deniers
  many users have trouble distinguishing between reliable sources and unreliable ones; 2/13/2019
• Snopes quits and AP in talks over Facebook’s fact-checking partnership TC; 2/1/2019
• Fake news sites are simply changing their domain name to get around Facebook fact-checkers Mash; 1/31/2019
• Google Chrome to get warnings for 'lookalike URLs' when accessing mistyped domains; ZD; 1/30/2019
• People older than 65 share the most fake news, a new study finds
  NYU and Princeton study of 3,500 US adults: 11% of those over 65 have shared a hoax article on Facebook,
  while just 3% of those 18 to 29 have done so; and the finding holds true across party lines; Verge; 1/9/2019

Shortening Services

• Wikipedia: URL shortening service;
  
• Wikipedia: Bit.ly; TinyURL; Tr.im
• sites: bit.ly; tinyurl.com; tr.im
• How to Know if a QR Code or a Short URL Is Safe
  avoid QR codes until phone OS offers preview; LH; 1/13/2022

Web Archives

• Wikipedia: Internet Archive, Wayback Machine;
  Wikimedia Downloads
• Internet Archive (aka Wayback Machine); 1996-
• Library of Congress Web Archives 1997-
• archive.is, perma.cc: submit individual pages (similar to the "save page now" feature at the Internet Archive)
• conifer: create personal web archives (previously webrecorder.io)
• Los Alamos National Laboratory Time Travel Service: query multiple web archives; 2002-
• newspapers
• timesmachine: 150 years of New York Times journalism
• newspapers.com
• Library of Congress: Chronicling America: Historic American Newspapers
• The British Newspaper Archive
• Google Won't Let You View Cached Web Pages Anymore (But You Still Can) cached:URL; LH; 2/8/2024
• Google will no longer make site backups while crawling the web: Cached webpages are dead Ars; 2/2/2024
• 7 Fun Ways to Use the Internet Archive MF; 1/11/2024
• The Dream Was Universal Access to Knowledge. The Result Was a Fiasco. Internet Archive vs. publishers; NYT; 8/13/2023
• Wikipedia's Moment of Truth
  can the online encyclopedia help teach A.I. chatbots to get their
  facts right -- without destroying itself in the process? NYT; 7/18/2023
• The World's Digital Memory Is at Risk NYT; 6/21/2023
• A look at four publishers' lawsuit against the Internet Archive, which hinges on defining the legal ownership of ebooks
  Just Because ChatBots Can’t Think Doesn’t Mean They Can’t Lie;
  Or that they haven’t already started to pollute Google searches.
  And if publishers win their lawsuit against the Internet Archive,
  verifying facts and quotes will get a lot harder; Nation; 3/17/2023
• Lost something? Search through 91.7 million files from the ’80s, '90s, and 2000s Discmaster; Verge; 10/19/2022
• 'Wayforward Machine' provides a glimpse into the future of the web
  ongoing threats; Verge; 10/1/2021
• A look at the Internet Archive, a preservation project that grew from 2TB in 1997 to ~100PB now
  issues with scraping paywalled news sites and social media; FT; 10/4/2022
• How to Read a Blocked Website
  hide your real IP address with a proxy connection, e.g., VPN;
  try using TOR (The Onion Browser); LH; 9/2/2022
• Good Luck if You're Forced to Use These Hideous Federal Websites
  throwbacks to the MySpace era; Giz; 7/16/2022
• Travel Back in Time With Street View and Map Archives Wired; 7/10/2022
• Russians Are Racing to Download Wikipedia Before It Gets Banned Slate; 3/21/2022
• A profile of Brewster Kahle and the Internet Archive, which marked
  its 25th anniversary earlier this year and is now home to over 70 PB of data TR; 12/19/2021
• How to Get Past a Paywall to Read an Article for Free
  Paste the headline in Google;
  Try a Facebook redirect: https://facebook.com/l.php?u=URL
  Open the link in an incognito window;
  Disable JavaScript in your browser;
  Edit a couple of elements on the webpage;
  Use an annotation service, e.g., Outline;
  Try browser add-ons;
  Check out paywall bypass shortcuts on iPhone;
  LH; 10/5/2021
• The Wayback Machine's First Crawl 1996 video: 2:05; 8/6/2021
• With the removal of Trump's Twitter account, many of his tweets embedded
  on thousands of web pages were wiped out, creating an ultimate case of 'link rot' Verge; 1/9/2021
• The Internet Archive starts adding banners on some Wayback Machine pages
  with links that provide contextual information from fact-checking organizations 10/30/2020
• How to Link Websites Without the Eventual Broken Links using WBM; LH; 9/8/2020
• You Can Download the Entirety of English Wikipedia to Browse Offline Kiwix; CNet; 7/10/2020
• The Internet Archive's VHS Vault will send you on a 90s nostalgia trip 20,000+ recordings; Verge; 2/28/2020
• Brave browser now automatically points to Wayback Machine on 404 Verge; 2/26/2020
• The Geocities Archive Is Bringing the Early Internet to Life MB; 1/27/2020
• The Archive Team, which wants to save Yahoo Groups content by uploading it to Internet Archive,
  says Verizon has blocked the email addresses of its volunteers ZD; 12/9/2019
• The Internet Archive Is Making Wikipedia More Reliable
  check citations from books as well as the web; Wired; 11/3/2019
• Internet Archive recovers half a million 'lost' MySpace songs 4/4/2019
• Delete Never: The Digital Hoarders Who Collect Tumblrs, Medieval Manuscripts,
  and Terabytes of Text Files Giz; 3/4/2019
• Meet the man archiving the internet Wayback Machine Director Mark Graham; TNW; 2/5/2019

---

Summary | Update | https: | Vulnerable Sites | Insecure Connection | TLS |
References: General | Apple | Certificates | Firefox |
Google/Chrome | OpenSSL, Freak, Heartbleed

---

Summary

• [1] Update System/Browser Software
• [1] Use https: (HyperText Transport Protocol Secure) instead of regular http: whenever a site supports it
• [2] Check for Vulnerable sites
• [2] Use VPN and 2FA to Compensate for an Insecure Connection
• [3] Test Your Browser's TLS; Use sftp:; Install a Certificate
• References

[1] Update System/Browser Software

• Check that your system, browser and application software have latest security updates -- see section: Software Updates
• Otherwise, content could be exposed if security vulnerabilities have not been patched on both ends.

[1] Use https: (HyperText Transport Protocol Secure) instead of regular http:

• More and more sites default/redirect to HTTPS:, e.g.
• wider availability of free certificates for sites, e.g., Let's Encrypt
• automatically from http: paypal.com
• via browser extension, e.g., HTTPS Everywhere for Chrome, Firefox; not avail for IE, Safari -- maybe not needed
• via preference, e.g., linkedin.com: Account > Security
• Some password managers, e.g., 1Password, can check for non-https and vulnerable sites
• Check browser Address Bar: lock icon and/or URL beginning with "https://"
• Be especially aware on login pages and shopping and finance sites.
• Some browsers, e.g., Chrome, will flag 'insecure' sites: any http: page in "incognito" (private browsing) mode, or any http: page with an input field
• Client-server connection with HTTPS: {Figure 6. TCYOP-4: 67; TCYOP-3: 55}.

[2] Check for Vulnerable sites

• Although you can't update the security software on sites, you can minimize your exposure
• Change passwords on any sites with unpatched security vulnerabilities, e.g., Heartbleed; use a password manager to monitor, e.g., 1Password: Watchtower; also PM can flag any non-https: logins
• Otherwise, content could be exposed if security vulnerabilities have not been patched on both ends.

[2] Use VPN and 2FA to Compensate for an Insecure http: Connection

• If insecure site requires login over insecure http:, esp. over WiFi -- see VPN section and Passwords section (2FA)

[3] Test Your Browser's TLS; Use sftp:; Install a Certificate

• Test Your Browser's TLS(SSL): How's My SSL?
• Safari(macOS,iOS) may include some fallback older 'insecure cipher suites' I'm checking if this is serious and/or being fixed; Firefox, Chrome better?
• File transfer: use sftp: instead of ftp:
• Web site admin: free certificate: letsencrypt.org; possible installation cost, configuration issues depending on web host

References

• {TCYOP-4: 66-68; TCYOP-3: 54-56}
• sections: Refs: Apple; Certificates; Firefox; Google/Chrome; OpenSSL, Freak, Heartbleed
• Wikipedia: Uniform Resource Locator (URL): Hyperlink; network location (address) plus access method, e.g., http:
• Wikipedia: hypertext; HyperText Transfer Protocol (HTTP)
• HowStuffWorks: Internet Infrastructure: URL; Ports and HTTP
• Wikipedia: Secure Sockets Layer (SSL), aka Transport Layer Security (TLS)
• Wikipedia: HyperText Transfer Protocol Secure (HTTPS) protocol for secure communication
• Wikipedia: HTTPS Everywhere browser extension
• Wikipedia: File Transfer Protocol (FTP) standard network protocol used to transfer files from one host to another
• Wikipedia: Secure Shell (SSH); SSH FTP (SFTP)
• Wikipedia: SHA-2 (Secure Hash Algorithm 2) used in certificates
• Wikipedia: RC4 (Rivest Cipher 4) stream cipher
• [3] SSL Cipher Suite Details of Your Browser test page
• EFF to deprecate HTTPS Everywhere extension as HTTPS is becoming ubiquitous 9/25/2021
• Hackers can mess with HTTPS connections by sending data to your email server Ars; 6/9/2021
• Security Researchers Take Advantage of Insecure HTTP to Display Fake Videos on TikTok iOS, Android; 4/18/2020
• DuckDuckGo Will Automatically Encrypt More Sites You Visit If a site offers HTTPS, DuckDuckGo's Smarter Encryption will take you there; Wired; 11/19/2019
• Cloudflare, Google Chrome, and Mozilla Firefox add support for HTTP/3, the next major version of the HTTP protocol uses the QUIC (Quick UDP Internet Connections) protocol instead of TCP; built-in TLS (encryption) support; ZD; 9/26/2019
• [2] HTTPS Isn't Always As Secure As It Seems TLS site vulnerabilities; Wired; 3/28/2019

Apple

• How to Fix Safari 'This Connection Is Not Private' Warnings OSXD; 3/17/2021
• Why Does Safari Say 'Not Secure' for Some Webpages on iPhone, iPad, or Mac? http://; OSXD; 3/29/2019

Certificates

• Wikipedia: certificate authority
• Let's Encrypt comes up with workaround for abandonware Android devices Ars; 12/22/2020
• Kazakhstan spies on citizens’ HTTPS traffic; browser-makers fight back Google, Mozilla, Apple, and Microsoft block Kazakhstan's self-signed root certificate; Ars; 12/21/2020
• Kazakhstan government is intercepting HTTPS traffic in its capital third time since 2015 that the Kazakh government is mandating the installation of a root certificate on its citizens' devices; ZD; 12/6/2020
• On Older Versions of Android, Many Let's Encrypt-Secured Sites May Stop Working in 2021 < 7.1.1; 11/6/2020
• Let's Encrypt discovers CAA bug, must revoke customer certificates Ars; 3/3/2020
• HTTPS for all: Let's Encrypt reaches one billion certificates issued Ars; 2/27/2020
• Safari to snub new security certs valid for more than 13 months Reg; 2/20/2020
• Apple, Google, and Mozilla block Kazakhstan's HTTPS intercepting certificate ZD; 8/21/2019
• The Kazakhstan government is making ISPs force users to install a government-issued certificate on all devices and in every browser to intercept HTTPS traffic ZD; 7/18/2019
• [3] Cloudflare aims to make HTTPS certificates safe from BGP hijacking attacks Ars; 7/18/2019

Firefox

• Firefox 83 will automatically switch you to secure HTTPS sites HTTPS-Only Mode will display a warning if a website doesn't have an HTTPS version the browser can load; Eng; 11/18/2020

Google / Chrome

Microsoft

OpenSSL, Freak, Heartbleed

• Wikipedia: OpenSSL; Heartbleed; FREAK

---

Summary | Where/When | Private Browsing | Cookies | Autofill |
Do Not Track | Browser 'Fingerprinting' | Browser History |
Search History | Download History | Caches | Statistics |
References: General | Bookmarks / Favorites | Cookies | FingerPrinting | Google |
History | iOS | macOS | Microsoft | Private (Incognito) Browsing | Tracking

---

Summary

• [1] Understand When and Where Data is Stored Locally by OS, Apps, Browsers, e.g., site history, download history, cookies, flash cookies, web caches, search, passwords; other data might be stored remotely by ISP or visited sites
• [1] Consider Private Browsing to reduce data collected in the first place
• [1] Reduce Cookies, esp. from 3rd parties
• [1] Minimize Browser AutoFill: Passwords, Credit Cards, Contacts
• [2] Reduce Web Site Tracking
• [2] Reduce Browser 'Fingerprinting' based on unique system/browser properties
• [2] Reduce / Clear Browsing History
• [2] Reduce Search History / Suggestions; to reduce remote search history, use a more privacy-oriented search engine, e.g., DuckDuckGo -- see upcoming section Search Privately
• [2] Clear Download History
• [2] Clear Caches: Pages & Images
• [3] Reduce Browser Statistics
• References

[1] When: Before, After; Where: OS, Apps, Browsers

• Some data can be useful to you: speed, convenience, even necessary, e.g., for logins
• Other data could be damaging in the wrong hands
• Two strategies (or combo of both) to minimize this data:
• Before: prevent data from being stored on your device or on servers in the first place -- settings or private browsing
• After: remove stored data later -- manual commands or automatically upon exit from browser / app
• [2] System utilities can remove some caches, history, e.g., macOS: Maintenance, Onyx; Win: CCleaner
• Android: Settings
• iOS: Settings > Notifications, Control Center, Privacy
• macOS: System Preferences > Security & Privacy, Sharing, Parental Controls
• Win: Control Panel / Settings
• Applications that access the internet, e.g., Facebook, Maps, Skype, etc.; also see Email section
• for Location, Notifications: Connection: Unnecessary Services section
• Browsers -- settings vary; meanings of 'history' and 'web data' may vary
• macOS: Safari > Preferences > Privacy, Security
• Firefox > Preferences > Privacy, Security
• Chrome > Preferences (or address: chrome://settings)
• iOS: Settings > Safari
• Windows: IE: Control Panel > Internet Options
• [3] Some browsers come with pre-sets for more privacy/security settings, e.g., Epic, WhiteHat Aviator

[1] Consider Private Browsing

• Typically stored locally & temporarily -- until tab/window closed: cookies; browsing, download, and search histories; form/autofill data; page or image caches
• What's stored / hidden / erased may vary by browser; tradeoffs: performance, convenience
• Another possible benefit: ability to exceed n-article/month limits on certain paywalled sites.
• Potential loopholes: data from plug-ins / extensions; downloaded files still on disk; bookmarks; search engine might store terms on server; cached DNS lookups
• Despite 'private/incognito' label, it does not provide anonymity per se -- just more temporary / compartmentalized browser storage; see VPN, anonymous browsing, e.g., Tor
• Before (all windows by default)
• Possible in some browsers, but not too practical since some sites won't work well; would there still be a way to open a new window in non-private mode?
• macOS, iOS: Safari: not avail
• macOS: Firefox > Preferences > Privacy > History > Always Use Private Browsing Mode
• [3] Chrome -- involves starting with "-incognito" switch in AppleScript (macOS), Properties (Win) or command line
• After (specific new window & tabs)
• macOS: Safari > File > New Private Window
• macOS: Firefox > File > New Private Window
• macOS: Chrome > File > New Incognito Window {Figure 10: TCYOP-4: 91; TCYOP-3: 74}
  
• iOS: Safari > [rects] > Private

[1] Reduce Cookies

• Cookies are usually erased by Private Browsing, but some browser settings are useful anyway
• Recommended: blocking "3rd-party" cookies
• Blocking all cookies means some sites won't work well (or at all)
• Allowing all cookies is a bad idea
• Some badly implemented web sites may require use of 3rd-party cookies and/or cross-site tracking
  -- if you need to use that site: temporarily disable settings, finish your work, then re-enable
• Erasing cookies means you'll have to re-login to sites, and perhaps re-enter a security answer or 2FA code
• Before
• macOS: Safari > Preferences > Prevent Cross-Site Tracking: on; Block All Cookies: off
• macOS(older): Safari > Preferences > Privacy > Cookies and website data > Allow from websites I visit [screenshot]
• macOS: Firefox > Preferences > Privacy > History > Accept Third-party Cookies > Never; Keep until:(expire, close Firefox); {Figure 11: TCYOP-4: 93; TCYOP-3: 76;}
• macOS: Chrome > Preferences > Advanced Settings > Privacy > Content Settings > Cookies > Block third-party cookies and site data
• iOS: Settings > Safari > Prevent Cross-Site Tracking: on; Block All Cookies: off
• iOS10: Settings > Safari > Privacy & Security > Block Cookies > Allow from websites I visit [screenshot]
• After
• macOS: Safari > History > Clear History and Website Data (cookies, history, other data)
• macOS: Safari > Preferences > Privacy > Cookies and website data > Remove All Website Data [screenshot]
• macOS: Firefox > History > Clear Recent History
• macOS: Chrome > Preferences > Advanced Settings > Privacy > Clear Browsing Data
• macOS: System Preferences > Flash Player > Storage > Delete All (flash cookies)
• iOS: Settings > Safari > Clear History and Website Data (cookies, history, other data) [screenshot]
• [2] macOS: System Preferences > Flash Player > Storage > Delete All, i.e., "Flash Cookies"
• see section Malware : Flash for more about Flash cookies or uninstalling Flash

[1] Minimize Browser AutoFill: Passwords, Credit Cards, Contacts

• Most browsers can provide autofill; however, info is only as secure as device admin password
• Backup? Share between browsers on same device?
• Share between devices -- esp. if different vendors?
• Generally, it's better to use a password manager
• Before
• macOS: Safari > Preferences > Autofill (contacts, passwords, credit cards)
• macOS: Firefox > Preferences > Security > Logins > Remember Passwords for Sites
• macOS: Chrome > Preferences > Advanced Settings > Passwords and forms > Enable AutoFill to fill out web forms in a single click; Offer to save your web passwords
• iOS: Settings > Safari > Passwords & AutoFill (contact, passwords, credit cards)
• iOS: Settings > Accounts & Passwords: edit
• Win: Edge > Settings > View Advanced settings > Autofill: Save Passwords/Cards: off; Manage
• After
• macOS: Safari > Preferences > Passwords > Remove All (or selected)
• macOS: Firefox > Preferences > Security > Logins > Saved Logins
• macOS: Chrome > Clear Browsing Data
• iOS: Settings > Safari > Passwords & AutoFill > Saved Passwords / Credit Cards

[2] Reduce Web Site Tracking

• Turn off tracking in browser, even though some web sites may ignore this (optional) request;
  Apple has removed this setting in latest macOS & iOS (see below for older) --
  since it wasn't effective, and perhaps gave false sense of security?
• macOS: Safari > Preferences > Privacy > Website tracking > Ask websites not to track me [screenshot]
• macOS: Firefox > Preferences > Privacy > Tracking > Tell websites I do not want to be tracked
• macOS: Chrome > Preferences > Advanced Settings > Privacy > Send a "Do Not Track" request with your browsing traffic
• iOS: Settings > Safari > Privacy & Security > Ask websites Not To Track Me [screenshot]
• Win: Edge > Settings > View Advanced settings > Privacy and services > Send Do Not Track Requests: on
• Avoid "Single Sign On" login feature on 3rd-party sites using your Google, Facebook, Twitter credentials
• In addition to controlling cookies (next), see section Ad Blocking to further reduce tracking

[2] Reduce Browser 'Fingerprinting'

• Your unique combination of system settings and browser properties can enable web sites to identify you,
  even if you're minimizing/clearing cookies, using private browsing, etc.
• Currently, some systems/browsers are better at minimzing fingerprinting,
  e.g., Safari, Firefox; -- and iOS generally; see Refs: Fingerprinting
• Check your web browser's tracking settings, fingerprint uniqueness: EFF: Cover Your Tracks
• Unfortunately, Cover Your Tracks doesn't advise on how to fix this...
• Maybe use more defaiult browser settings -- to become less unique?
• Hopefully other tools/approaches will be forthcoming.

[2] Reduce / Clear Browsing History

• list of sites visited; usually erased by Private Browsing and utilities, e.g., Ghostery, Blur {TCYOP-4: 97, 101}
• history may be accessible by other users, e.g., nosy friend, cybercafe, law enforcement
• you can also use Bookmarks or Password Manager to save / return to important sites, rather than rely on history list
• Before
• macOS: Firefox > Preferences > Privacy > History > Remember my browsing and download history
• After
• macOS: Safari > Clear History and Website Data (cookies, history, other data)
• macOS: Safari > History > Clear History and Website Data
• macOS: Safari > General > Remove History Items (time) [screenshot]
• macOS: Firefox > History > Clear History
• macOS: Firefox > Preferences > Privacy > History > Clear history when Firefox closes (Settings: browsing, downloads)
• macOS: Chrome > Clear Browsing Data
• iOS: Settings > Safari > Clear History and Website Data (cookies, history, other data)
• iOS: Settings > Safari > Frequently Visited Sites

[2] Reduce Search History / Suggestions

• Usually erased by Private Browsing
• Before
• macOS: Safari > Preferences > Search
• macOS: Firefox > Preferences > Search
• macOS: Firefox > Preferences > Privacy > History > Remember search and form history
• macOS: Chrome > Preferences > Advanced > Privacy > Use a prediction service to help complete searches and URLs typed in the address bar or the app launcher search box; searches still saved and not clearable?
• iOS: Settings > Safari > Search Engine Suggestions
• After -- same as browsing history?

[2] Clear Download History

• usually erased by Private Browsing -- though files may still be Downloads
• Before
• macOS: Safari > General > Remove Download List Items (time) [screenshot]
• macOS: Chrome > Preferences > Advanced > Privacy > Content Settings > Automatic Downloads
• After -- same as browsing history?
• macOS: Safari > Show Downloads (far right icon)l > Clear
• macOS: Firefox > Tools > Downloads > Clear Downloads
• macOS: Chrome > Clear Browsing Data

[2] Clear Caches: Pages & Images

• usually erased by Private Browsing and utilities
• Before
• macOS: Firefox > Preferences > Advanced > Network > Cached / Offline Content
• After -- same as browsing history?
• macOS: Safari: shift+click on the Refresh page button -- clears cache for only that page
• macOS: Safari > Preferences > Advanced > Show Develop menu in menu bar -- add Develop menu
• macOS: Safari > Develop > Empty Caches

[3] Reduce Browser Statistics

• Diagnostic data may be useful to vendors for bug fixes and improvements -- optional: it's up to you
• macOS: System Preferences > Security & Privacy > Diagnostics & Usage
• macOS: Firefox > Preferences > Advanced > Data Choices
• macOS: Chrome > Preferences > Advanced Settings > Privacy > Automatically send usage statistics and crash reports to Google

References

• {TCYOP-4: 87-98; TCYOP-3: 71-78; Live Data, Historical Data, Avoid or Remove Local Data, Private Browsing Modes, Browser Privacy Settings, Do Not Track}
• sections: Refs: Bookmarks / Favorites; Cookies; FingerPrinting; Google; History; iOS; macOS; Microsoft; Private (Incognito) Browsing; Tracking
• topics: autofill, super/zombie cookie
• Wikipedia: browser privacy mode; browsing history; web cache
• Wikipedia: web storage HTML5 local storage
• How to Reload Your Tabs When Your Browser Unexpectedly Quits LH; 2/9/2023
• Thousands of Popular Websites See What You Type—Before You Hit Submit Wired; 5/11/2022
• How to Use Browser Profiles to Separate Work and Play Wired; 5/2/2021
• Please Refresh Your Browser So Websites Actually Work Giz; 12/4/2020
• How to Customize Your Web Browser's Homepage (and Why You Should) Giz; 9/2/2020
• Apple updates Safari’s anti-tracking tech with full third-party cookie blocking Verge; 3/24/2020
• How to stop those annoying website notification prompts Verge; 7/18/2019
• How to Clear Your YouTube History via YouTube app or web browser; 6/8/2019
• How to Leave No Trace on a Borrowed Computer private browsing; history, downloads, searches; apps: Recent Files; Giz; 3/29/2019
• Why Are Bots Unable to Check "I Am Not a Robot" Checkboxes? CAPTCHA, browser history; MF; 2/25/2019

Bookmarks / Favorites

• How to Sync Safari Bookmarks with Google Chrome OSXD; 12/5/2021

Cookies

• Wikipedia: Cookie small piece of data sent from a website and stored in a user's web browser; Flash cookies
  cartoon credit: humoresquecartoons.com
• Wikipedia: ever cookie; zombie cookie
  
• HowStuffWorks: How Cookies Work; What is an Internet cookie?; How to Delete Computer Cookies; Quiz
• How to Block Those Annoying Cookie Banners That Follow You From Website to Website
  Super Agent browser extension; MF; 5/27/2022
• You Can Block Those Annoying Cookie Banners on Every Website LH; 5/17/2022
• How to Avoid Those Infuriating Cookie Pop-Ups
  Reject All Cookie Consent Notices; Turn Off Cookies;
  Use a Privacy-First Web Browser; Wired; 5/22/2021
• Yes, This Site Uses Cookies, Because Nearly All Sites Use Cookies, And We're Notifying You Because We're Told We Have To TD; 5/21/2020
• No need to mourn the death of the third-party cookie marketers, publishers and audiences are all better off; TNW; 5/14/2020
• How to clear cookies from your browser PC; 6/6/2019

Fingerprinting

• Wikipedia: Device Fingerprint
• dnsleaktest.com, ipleak.net check if IP address private
• The Quiet Way Advertisers Are Tracking Your Browsing Wired; 2/26/2022
• [2] How browser fingerprints identify you even when you have cookies turned off TNW; 4/24/2020
• Firefox 69 now blocks cryptominers and tracking cookies by default fingerprinting; TNW; 9/3/2019
• 'Fingerprinting' to Track Us Online Is on the Rise collected device characteristics; Safari(iOS/macOS): minimizes what's shared; Firefox: enable fingerprint blocking; extensions; mobile? NYT; 7/3/2019
• Apple Is Removing 'Do Not Track' From Safari to prevent potential use as a 'fingerprinting variable' (i.e., ironically for tracking); no websites actually honor the request not to be tracked because the government never forced them to comply with it; Giz; 2/6/2019

Google

• Chrome bug meant browser didn't respect user requests to delete Google site data Verge; 10/21/2020
• How to automatically delete the web activity and location history data in your Google account PC; 7/9/2019
• Google will now auto-delete location and search history by default for new users compromise between privacy and ad-targeting data -- after 3-18 months; Verge; 6/24/2020
• A significant majority of consumers do not expect Google to track their activities across their lives, their locations, on other sites, and on other platforms 4/3/2019

History

• Wyden Pulls Support for Privacy Amendment After Rep. Adam Schiff Downplays Impact to NYTimes Giz; 5/26/2020
• Mozilla, Twitter, and a coalition that includes Facebook, Apple, and Google, call on Congress to protect search and browser data from warrantless access CNet; 5/22/2020
• Senate passes spying bill without search and browsing history protections Ars; 5/14/2020
• Firefox Will Give You a Fake Browsing History to Fool Advertisers Using the 'Track THIS' tool opens up 100 tabs at a time that will make you seem like a hypebeast, a filthy rich person, a doomsday prepper, or an influencer; MB; 6/26/2019

iOS

• How to Clear Cookies Only from Safari on iPhone & iPad
  while keeping history, etc.; OSXD; 10/8/2021
• How to Check Privacy Report in Safari on iPhone & iPad iOS/iPadOS 14+; OSXD; 1/21/2021
• How to Change Safari Download Location on iPhone & iPad OSXD; 9/30/2020
• How to Clear Cache in Safari on iPhone & iPad Settings > Safari > Clear History and Data (caches, browsing data, cookies, browsing history); OSXD; 3/17/2020

macOS

• How to clear Safari's cache and cookies on Mac MW; 3/3/2023
• How to Check Privacy Report for Websites in Safari on Mac Safari 14+; OSXD; 1/25/2021
• How to Remove Web History in Safari While Keeping Cookies & Other Web Data on Mac OSXD; 1/20/2021
• How to modify the Start Page in Safari 14 for macOS instructions on how to adjust the categories that appear and add a background image; MW; 10/2/2020
• [3] Enabling the Debug menu in Safari 14 on Big Sur and Catalina in order to disable tab previews; 9/22/2020
• [2] How to troubleshoot and fix strange website errors with macOS Safari if a site loads fine in private browsing or another browser, stored data may be problem: Safari > Preferences > Privacy > Manage Website Data > Remove; MW; 2/21/2019

Microsoft

• You Can Make It Way Harder for Cookies to Track You in Edge LH; 5/17/2022
• How to Keep Your Work and Personal Browsing Separate on Edge Chromium LH; 5/20/2020

Private Browsing

• Incognito Mode Isn't As Incognito As You Might Think NYT; 7/21/2022
• Does Safari always request fresh logins to your sites? If it does, there’s a reason MW; 8/5/2020
• Incognito Mode May Not Work the Way You Think It Does limited privacy; Wired; 8/2/2020
• What 'Incognito Mode' Can and Can't Do to Protect Your Data LH; 6/3/2020
• Suit Claims Google’s Tracking Violates Federal Wiretap Law Google tracked and collected users’ browsing history even in so-called private browsing (Incognito) mode; NYT; 6/3/2020
• Don’t trust Google Chrome’s incognito mode what it doesn't save: Browsing history, Cookies and Site Data, Information entered into forms; it does save: Bookmarks and downloads; who can still track: Websites you visit (via IP, device id), Your employer or school, Your ISP; TNW; 12/3/2019
• The New York Times is still detecting Chrome 76 Incognito Mode after Google's fix 8/9/2019
• Chrome 76 prevents NYT and other news sites from detecting Incognito Mode Ars; 7/19/2019
• Incognito mode won't keep your browsing private browser compartmentalization (different browsers for different activities); FC; 4/12/2019
• Chrome to patch loophole that allows sites to block Incognito mode users Verge; 2/18/2019

Tracking

• Wikipedia: website visitor tracking; Do Not Track (DNT)
• Google Chrome
• Firefox
• Microsoft Edge
• Microsoft IE
• Safari (iOS)
• Safari (OS X)
• Google Analytics Opt-out Browser Add-on
• Facebook Change Ensures Tracking by Preventing URL Stripping TB; 7/19/2022
• Brave takes on the creepy websites that override your privacy settings
  'bounce tracking' can still set cookies; Ars; 3/9/2022
• DuckDuckGo wants to stop apps tracking you on Android Ars; 11/20/2021
• Browser 'Favicons' Can Be Used as Undeletable 'Supercookies' to Track You Online MB; 2/9/2021
• How to disable favicons in Safari on Mac Safari > Preferences > Tabs > Show website icons in tabs; 11/29/2020
• Now you can enforce your privacy rights with a single browser tick Global Privacy Control; Ars; 10/8/2020
• The high privacy cost of a 'free' website trackers; TNW; 9/27/2020
• Firefox 79 clears redirect tracking cookies every 24 hours 8/4/2020
• How to get bill-pay and financial sites to work in Safari may need to disable cross-site tracking setting -- later, re-enable; MW; 4/22/2020
• I Visited 47 Sites. Hundreds of Trackers Followed Me. NYT; 8/23/2019
• Microsoft brings tracking prevention to its Edge browser EG; 6/27/2019
• Chrome, Safari and Opera criticised for removing privacy setting 4/9/2019
• How the tragic death of Do Not Track ruined the web for everyone FC; 3/17/2019
• DuckDuckGo Warns that Google Does Not Respect 'Do Not Track' Browser Setting plus Facebook, Twitter; 2/5/2019

---

Quotes | Summary | Block Pop-ups | Avoid Pop-ups |
Install Ad Blocker | Unblock Sites | Remove Adware |
References: General | Android | Chrome |
Firefox | iOS | macOS | Windows | Wipr

---

Quotes

• NYT crossword clue: 8A. Internet nuisance... or a hint to four answers in this puzzle : POPUPAD
  *Themed answers each include the letter sequence AD, which has "POPPED UP" into the line above, e.g.,
AVOCADO <= 17A. Shade of green
ROPE■■OPE <= *19A. Classic strategy in the boxing ring (ROPE(AD)OPE)

SIDEROAD <= 24A. It’s off the beaten path
■■■DEC■■ENT <= *28A. Hedonistic (DEC(AD)ENT)

BREADED <= 40A. Like many chicken cutlets
CAN■■IAN <= *42A. Like seven teams in the N.H.L. (CAN(AD)IAN)

NOTSOBAD <= 46A. Better than expected
■■■TRE■■MILL <= *54A. Where you may be going nowhere fast (TRE(AD)MILL)
  ~NYT Wed, 10/24/2018

Summary

• [1] Block Pop-ups to avoid annoying and possibly dangerous ads
• [1] Avoid Pop-ups/Pop-unders -- some are 'malvertising' or 'click-bait'
• [1] Install an Ad-blocking Extension (aka 'Content Blocker'):
  less data usage, faster page load times, longer battery life, decreased clutter, reduced tracking
• [1] Use your browser's "reader mode" to reduce ads, clutter
• [2] Selectively Allow Ads?
• [3] Prevent / Remove Adware
• References

[1] Block Pop-ups

• Some browsers have a site-by-site preference, others global -- for no/all sites
• macOS: Safari > Preferences > Web Sites > Popup Windows: Block, Block&Notify, Allow
• macOS: Firefox > Preferences > Content > Block pop-up windows [screenshot]
• iOS: Settings > Safari > Privacy & Security > Block pop-ups [screenshot]
• If necessary for some sites to function, re-enable temporarily, then re-disable.

[1] Avoid Pop-ups

• Some pop-up windows may occur despite block settings, esp. 'pop-unders' which appear to 'hijack' your browser
• Some may warn of detected malware, and offer software, services, scams, or scans
• Although you should already be protected (see Software Updates, Malware sections),
  you might still be vulnerable to "drive-by" malware -- so, do not click on links or close the popup, or respond to the threats/offers (would reputable organizations/companies act this way?)
• Instead, close the browser entirely ('forcibly' if necessary), then run your own malware scan.
• I haven't encountered this problem in iOS, but if you need to force-close a window or force-quit Safari:
• iOS: (diagonal pinch gesture; window thumbnails) > tap "x" in upper left of window
• iOS: (4-finger swipe up gesture; all open apps; flick left/right if Safari not visible) > swipe up on Safari
• macOS: Safari (in Dock) > ctrl-click > Quit (or Force Quit)
• Safari icon > click w/ Shift key -- to reopen w/o previous windows
• Win: (task bar) > right-click (on window) > Close
• [2] Win: ctrl-alt-del > Task Manager > Applications > (browser) > Close

[1] Install an Ad-blocking Extension (aka "Content Blocker")

• Several different approaches / business models:
• 'avoidance': avoid ads in first place: find alternatives to ad-heavy sites, apps, services, e.g., Facebook, Google
• 'consensual': block all except those you allow via your 'allow list' or opt-in; e.g., Privacy Badger; too drastic? support small publishers? some publishers may detect ad blockers and block content access; some, e.g., Spotify, consider ad blocking grounds to terminate your account!
• 'acceptable ads'; block all ads except vendor allows, e.g., Adblock Plus; who decides which sites are allowed or blocked? publisher payoffs?
• 'anonymised tracking': block ads but provides summary data; e.g., Ghostery
• 'some blocking free': pay for additional blocking; e.g., Disconnect and 1Blocker
• Some (free) apps may display advertising (and track you); consider a paid version that removes ads, check tracking/ad preferences (if any), or do you really need the app?
• Before: If using HTTPS: or VPN, some ads not inserted by your ISP; a VPN may also make it more difficult for ad sites to identify you
• Before: If using WPA2 (WiFi), avoid local 'man-in-the-middle' ads/malware
• Before: if you use Safari's "Reader View" (if available), most ads, navigation and sidebars are removed
• Before: use an ad blocker to remove adds and reduce tracking
• other advantages: speeds up page loading; downloads less data, esp. important for limited data plans.
• many good extensions are free; some paid tools are waste of money, and possibly malware
• may block ads/tracking only in web browsers, not apps
• Note: OS handling of browser extensions, especially content blockers, continues to evolve
• Content blocker Steve is currently using with Safari (iOS12+, macOS 14+): Wipr: $2;
  it's simple to set up, and blocks ads fast and effectively
• These previously recommended general tools (& example settings) may or may not work with your system and browser:
  AdBlock Plus; IronVest (Blur); Ghostery; Privacy Badger; [3] uBlock Origin
• Ghostery: {Figure 12: TCYOP-4: 97; TCYOP-3: 79}
• macOS: Safari > Preferences > Extensions > Get Extension : AdBlock Plus
• macOS: AdBlock Plus > [deselect] Allow some non-intrusive advertising
• iOS: Settings > Privacy > Advertising > Limit Ad Tracking
  Enabling this will cut down on unnecessary network traffic, but doesn't totally block
• iOS: Settings > Safari > Content Blockers
• If a site doesn't work properly (esp. for 'mobile-friendly' sites):
• macOS & iOS: Safari > [press refresh icon] > Reload Without Content Blockers
• iOS: Safari > [press refresh icon] > Request Desktop Site

[2] Selectively Allow Ads: Add Sites to 'Allow List'?

• "We respect your use of an ad blocker... Some of us use one too. Will you please make an exception to support us? It really helps!" ~Support DuckDuckGo by disabling ad blockers on our page
• macOS: AdBlock Plus > Disabled on this site
• macOS: AdBlock Plus > Options > Allow some non-intrusive advertising : on / off

[3] Prevent / Remove Adware

• Before: obtain software only from official app stores, and pay attention to installation options
• After: tools to remove adware, e.g., Windows: AdwCleaner

References

• {TCYOP-4: 71, 96-97, 101; TCYOP-3: 58, 78-80}
• sections: Refs: Android; Chrome; Firefox; iOS; macOS; Windows; Wipr
• Support DuckDuckGo by disabling ad blockers on our page
• Wikipedia: pop-up ad; clickbait; ad blocker/filter; Superfish
• Wikipedia: Adblock Plus, Ghostery
• Wikipedia: PrivacyBadger EFF; Firefox, Chrome "browser add-on that stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web"
• HowStuffWorks: How Pop-up Blockers Work; How do advertisers show me custom ads?; How do you remove adware from your computer?
• The App Tracking Transparency (ATT) recession
  Apple's effect on digital advertising and tracking; 1/11/2023
• Even the FBI says you should use an ad blocker TC; 12/22/2022
• The 10 Worst New Places You're Going to See Ads in 2023 Giz; 12/18/2022
• You're Still Being Tracked on the Internet, Just in a Different Way
  Apple and Google are pushing privacy changes, but a shift in digital tracking is giving some platforms a bigger advertising advantage; NYT; 4/6/2022
• The plain-text internet is coming 3/27/2022
• Our Favorite Ad Blockers and Browser Extensions to Protect Privacy NYT; 9/30/2021
• The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous MB; 9/23/2021
• How Your Ad Blocker Can Track You Across the Web Giz; 8/10/2021
• Millions of web surfers are being targeted by a single malvertising group Tag Barnakle infecting ad servers; Ars; 4/19/2021
• I tried to use the ad tech industry's tool to opt out of personalized ads. Did it work? Digital Advertising Alliance (DAA) AdChoices; TNW; 3/28/2021
• 4 major browsers are getting hit in widespread malware attacks Chrome, Firefox, Edge, and Yandex are all affected in widespread ad-injection campaign; Ars; 12/10/2020
• Bizarre internet 'dot' glitch lets you watch ad-free YouTube vids and bypass paywalls PW; 6/12/2020
• Popular VPN And Ad-Blocking Apps Are Secretly Harvesting User Data Android: Free and Unlimited VPN, Luna VPN, Mobile Data, Adblock Focus; iOS: Adblock Focus, Luna VPN; BF; 3/9/2020
• Adblock Plus's Till Faida on the shifting shape of ad blocking TC; 1/21/2020
• Senator Wyden Wants Paid Ad Blocking 'Allow Lists' Investigated TD; 1/14/2020
• Browsers [Chrome, Firefox] Are Fixing the Internet's Most Annoying Problem invasive pop-ups asking for notification permission; Wired; 1/14/2020
• Your Digital Detox May Be Toxic for Advertising NYT; 1/5/2020
• Adware Is the Malware You Should Actually Worry About Wired; 7/21/2019
• How to Fight Back Against Data Broker Advertising on Facebook LH; 7/12/2019
• I Used Google Ads for Social Engineering. It Worked. ad campaigns that manipulate searchers' behavior are frighteningly easy for anyone to run; NYT; 7/7/2019
• The Best Browsers for Ad Blocking (That Aren't Chrome) Brave, Firefox, Opera, Chromium, Edge; LH; 5/30/2019
• The future of AT&T is an ad-tracking nightmare hellworld everything you watch, everywhere you go; Verge; 5/22/2019
• Apple unveils Privacy Preserving Ad Click Attribution, a new web technology aimed at preserving user privacy without reducing effectiveness of ad campaigns TC; 5/22/2019
• These Ads Think They Know You in an experiment, the NYT bought and displayed ads targeting 16 profile attributes to reveal what advertisers think they know about users seeing targeted ads; NYT; 4/30/2019
• 83% of Consumers Believe Personalized Ads Are Morally Wrong, Survey Says Forbes; 2/9/2019
• Spotify's new Terms of Service, which go into effect on March 1, will give Spotify the authority to immediately terminate accounts that use ad blockers Verge; 2/7/2019
• How to Allow Pop-Up Windows in Safari for Mac Safari > Preferences > Web Sites > Popup Windows: Block, Block&Notify, Allow; OSXD; 2/5/2019

Android

• 18,000 Android Apps Track Users by Violating Advertising ID Policies BC; 2/15/2019

Chrome

• Here comes the Google Chrome change that worries ad blocker creators CNet; 12/9/2020
• Malicious adblockers should be removed now Chromium versions of Nano Adblocker or Nano Defender; Ars; 10/20/2020
• The Best Chrome Extensions to Prevent Creepy Web Tracking Wired; 9/25/2020
• Google debuts a Chrome extension to show how many ads are loaded on a web page, what advertisers are involved, and what user data was used for personalized ads ZD; 8/2/2020
• Chrome will soon block resource-draining ads. Here’s how to turn it on now Ars; 5/14/2020
• Google backtracks on Chrome modifications that would have crippled ad blockers ZD; 2/16/2019
• Remove All The Ads and Sponsored Products From Amazon With This Extension Amazon Lite for Chrome; LH; 1/19/2019
• Google Chrome's ad-blocking feature will roll out worldwide in July 2019 TNW; 1/10/2019

Firefox

• Firefox's address bar has ads now, but you can disable them Verge; 10/7/2021
• Mozilla set to offer ad-free browsing in Firefox for $5 7/5/2019

iOS

• 96% of US users opt out of app tracking in iOS 14.5, analytics find Ars; 5/7/2021
• To Be Tracked or Not? Apple Is Now Giving Us the Choice iOS 14.5; NYT; 4/26/2021
• How to block ad tracking on your iPhone keep your apps from uploading your data -- mostly; Verge; 3/8/2021
• The 5 Best Ad Blockers For iOS, Ranked 6/29/2020
• Webkit zero-day exploit besieges Mac and iOS users with malvertising redirects Flaw rendered ad-sandboxing protections "entirely useless," researchers say; already fixed in both Mac and iOS Safari; Ars; 9/30/2019

macOS

• The Best Safari Ad Blockers Adguard, Wipr, and 1Blocker; LH; 12/16/2022
• Ghostery Slowing Down Safari Performance? Here’s a Fix OSXD; 6/4/2022
• How to enable Reader View automatically for websites in mobile and desktop Safari MW; 1/6/2020
• Report: since Apple debuted Intelligent Tracking Prevention, the cost for advertisers to reach Safari users has dropped 60%+, as such ads are less desirable it looks to have almost totally eliminated the ability for advertisers to market to specific demographics; 12/9/2019
• 1Blocker 3 review: Safari extension revamps its content-blocking for macOS Catalina MW; 11/18/2019

Windows

• Microsoft: Microsoft Safety Scanner remove adware
• WikiHow: How to Close an Internet Pop Up; How to Get Rid of a Window That Won't Close in Windows XP

Wipr

• Wipr Site

---

Summary |
References : General | 1Password | Multi-Factor Authentication | Android | Apps | Biometrics; Passkeys |
Bitwarden | Breaches / HaveIBeenPwned | Browser (as PM) | Chrome | Credential Stuffing | DashLane | Edge |
Facebook | Firefox | Freq. of Changing | iCloud/KeyChain | iOS | LastPass | macOS | Password Managers |
Safari | Security Questions | SMS, SIM hijacking | SSO (Single Sign-On | Password Strength | Windows

---

Summary

• Passwords are now covered in a separate 3-session OLLI course: P@s$w0rdz
• Passwords:Intro (from earlier in this course) now summarizes highlights from P@s$w0rdz.
• This section originally provided more details about other password issues, e.g., secret answers, biometrics, 2FA, etc.
• This section now provides only Reference articles (below) [for P@s$w0rdz] -- it will continue to be updated.

References

• {TCYOP-4: 99-100; TCYOP-3: 81-83}
• e-Books: Take Control of...: Your Passwords, 1Password; Passwords cheat sheet
• haveibeenpwned.com check if you have an account that has been compromised in a data breach
• SYSTEM: Please enter your new password.
• USER: cabbage
• SYSTEM:... Sorry, the password must be more than 8 characters.
• USER:... boiled cabbage
• SYSTEM:... Sorry, the password must contain 1 numerical character.
• USER:... 1 boiled cabbage
• SYSTEM:... Sorry, the password cannot have blank spaces.
• USER:... 50bloodyboiledcabbages
• SYSTEM:... Sorry, the password must contain at least one upper case character.
• USER:... 50BLOODYboiledcabbages
• SYSTEM:... Sorry, the password cannot use more than one upper case character consecutively.
• USER:... 50BloodyBoiledCabbagesShovedUpYourArseIfYouDon'tGiveMeAccessNow!
• SYSTEM:... Sorry, the password cannot contain punctuation.
• USER:... ReallyPissedOff50BloodyBoiledCabbagesShovedUpYourArseIfYouDontGiveMeAccessNow
• SYSTEM:... Sorry, that password is already in use.
• Wikipedia: Password; Authentication; Backdoor method of bypassing normal authentication
• HowStuffWorks: Authentication
• Wikipedia: Password manager; Password strength
• Wikipedia: Password entropy derived from # character choices (# of bits) * length of password
• Wikipedia: FIPS-181 Fed. Info Processing Std.: Automated Password Generator
• Wikipedia: Random password generator; Diceware
• Wikipedia: Password cracking depends on info entropy; number, speed of CPU/GPUs, # of permitted attempts;
  e.g., 2008: A user-selected eight-character password with numbers, mixed case, and symbols,
  reaches an estimated 30-bit strength, according to NIST. 30 is only one billion permutations
  and would take an average of 16 minutes to crack
• Wikipedia: salt random data that is used as an additional input to a one-way function that hashes a password or passphrase
• zxcvbn (password strength tester): testing page; intro; source code
• Beware of Attacks Using Password Reset Request Notifications TB; 3/26/2024
• Back Up and Secure Your Digital Life
  product reviews: ...
  Password manager: free, paid;
  Two-factor authentication; ...
  NYT; 3/7/2024
• Suspects can refuse to provide phone passcodes to police, court rules
  phone-unlocking case law is 'total mess,' may be ripe
  for Supreme Court review; Ars; 12/14/2023
• Largest Study of its Kind Shows Outdated Password Practices are Widespread GAtech; 11/17/2023
• Cloaked manages your logins with proxy emails, phone numbers and a built-in password manager $10/mo.; TC;10/3/2023
• Top Ten Password Security Standards 6/21/2023
• Everything you've been told about passwords is a lie
  Aim for longer password phrases; Use a password manager if you can;
  Consider two-step authentication on your important accounts;
  WaPo; 1/10/2023
• A Breach at LastPass Has Password Lessons for Us All
  reassess whether to trust companies to store our sensitive data in the cloud; NYT; 1/5/2023
• How to Set Up Google Password Manager's On-Device Encryption for iOS, Chrome, and Android Giz; 6/22/2022
• Steps to Simple Online Security: 1: Always use strong passwords;
  2: Set Up Two-Factor Authentication NYT; 4/1/2022
• Lapsus$ found a spreadsheet of passwords as they breached Okta, documents show TC; 3/28/2022
• Why You Should Sign Into All of Your Accounts Every Now and Then
  inactive accounts -- inaccessible due to invalid email address;
  account deletion -- policies vary: 6 mo. - 2 years;
  LH; 11/30/2021
• Why the Password Isn't Dead Quite Yet
  some drawbacks to new authentication methods;
  often newer devices are required; Wired; 7/6/2021
• PSA for US Congresspeople: Please do not enter your phone’s passcode on TV Verge; 5/25/2021
• How to See Who's Using Your Streaming Passwords
  Netflix; Hulu; Disney+; Amazon Prime Video; Spotify; Giz; 5/3/2021
• The 5 Best Ways to Store Passwords Safely
  Use your browser; 1Password; LastPass; Dashlane; NordPass; Giz; 2/9/2021
• Microsoft takes on Keychain with Autofill features on iOS, macOS
  via Microsoft Authenticator app and a Google Chrome extension; ApIn; 2/6/2021
• Lost Passwords Lock Millionaires Out of Their Bitcoin Fortunes
  But what happens when you can’t access that wealth because you forgot the password to your digital wallet? NYT; 1/12/2021
• Here's how many Americans still secretly use their ex's passwords
  password sharing even after breakup; ZD; 10/12/2020
• How Do I Get Into My Email If I've Lost My Recovery Codes? LH; 8/7/2020
• Why Am I Locked Out of My Netflix Account? (password oversharing?) LH; 7/31/2020
• How to Change Your Email Address LH; 6/17/2020
• Neo-Nazis Are Spreading a List of Emails and Passwords for Gates Foundation and WHO Employees MB; 4/21/2020
• Silicon Valley Legends Launch Beyond Identity in Quest to Eliminate Passwords Beyond Identify; 4/14/2020
• Three old password rules that are dumb today
  Don't be afraid to write down your passwords; Do share your accounts;
  Don't constantly change your passwords; CNet; 3/11/2020
• How to Share Your Online Accounts Without Sharing Your Password
  via password manager; Amazon Prime 'Household Package'; Spotify, Apple Music, YouTube Music: family plan;
  Netflix, Hulu, Disney Plus: share pw, but setup profiles; Wired; 2/23/2020
• More than 38,000 people will stand in line this week to get a new password
  on paper, at German university; ZD; 12/18/2019
• How Can I Close Accounts for Old Services I Don't Use Anymore?
  Check through your email for notices, confirmations, etc.; Search for old passwords in your browser
  and password managers; Google your username; Clear out permissions for other apps; LH; 12/5/2019
• Who’s Hacking Your Spotify? NYT; 12/5/2019
• Why Sharing Your Disney+ or Netflix Password Is a Bad Idea
  use unique password,2FA; Giz; 11/29/2019
• Suspect can’t be compelled to reveal “64-character” password, court rules Ars; 11/23/2019
• Nikki Haley lost her password, so she sent sensitive info over unclassified system
  OpenNet; Ars; 11/20/2019
• How to use Sign In With Apple and manage your log in information ApIn; 11/7/2019
• Please get your digital affairs in order password manager, backup codes; TC; 9/15/2019
• How to create a backup plan to restore passwords if your system fails
  iCloud, password manager; MW; 9/3/2019
• Fernando Corbató, a Father of Your Computer (and Your Password), Dies at 93 timesharing; NYT; 7/12/2019
• Hacker Lexicon: What Is Credential Dumping? extracting usernames and passwords from a victim computer,
  so that they can be used to reenter that computer at will and reach other computers on the network; Wired; 7/7/2019
• [2] A quarter of major CMSs use outdated MD5 as the default password hashing scheme
  Offenders include WordPress, osCommerce, SuiteCRM, Simple Machines Forum, miniBB, MyBB,
  SugarCRM, and others; ZD; 6/17/2019
• 5 alarming facts in honor of World Password Day
  1. Data breaches are happening more often;
  2. Data breaches are getting worse;
  3. Data breaches may not be detected and reported promptly;
  4. The more online accounts you have, the more vulnerable you are;
  5. We can't seem to shake our bad password habits; PC; 5/2/2019
• Introducing the 1Password Internet Password Book
  ;-) bad handwriting is the best form of encryption; 4/1/2019
• WebAuthn: What you need to know about the future of the passwordless Web
  while OS and browser makers now support the WebAuthn API,
  it's unclear when and how Web sites will begin implementing it; PC; 3/7/2019
• The web just took a big step toward a password-free future
  WebAuthn is here to kill the password; uses USB key or other biometrics;
  already supported by most browsers (Chrome, Firefox, Edge, and Safari); Verge; 3/4/2019
• Once Again, Sharing Streaming Passwords Is Not 'Piracy' Or 'Freeloading'
  most actual streaming companies view as marketing and source of new accounts; TD; 3/1/2019
• [2] Cryptocurrency wallet caught sending user passwords to Google's spellchecker
  Coinomi wallet bug sends users' secret passphrases to Google's Spellcheck API via HTTP, in plaintext; ZD; 2/27/2019
• Millions of utility customers’ passwords stored in plain text and sent in plain text via email; Ars; 2/25/2019
• When Your Shared Netflix Account Outlasts The Relationship NPR; 2/14/2019
• You happily share passwords for Netflix, HBO and more, despite risks CNet; 2/12/2019
• Digital exchange loses $137 million as founder takes passwords to the grave cryptocurrency; Ars; 2/2/2019
• How to Stop Worrying About Every 'Mega' Password Breach That Comes Along
  1. Enable 2FA;
  2. Get a password manager;
  3. Buy a physical security token, e.g., Yubikey, Google Titan;
  4. Enjoy; Giz; 1/17/2019

1Password

• wikipedia, 1password.com, Take Control Books
• 1Password 8.10.30 TB; 4/22/2024
• 1Password review -- Keep your passwords safe and secure MW; 4/17/2024
• 1Password expands its endpoint security offerings with Kolide acquisition TC; 2/20/2024
• Our Favorite Password Manager Remembers All of Your Logins So You Don’t Have To NYT; 11/24/2023
• Issues with Legacy 1Password 6 and 7 from Mac App Store
  "1Password app is damaged"; TB; 11/21/2023
• 1Password detects 'suspicious activity' in its internal Okta account 1Password CTO says investigation found no compromise of user data or sensitive systems; Ars; 10/23/2023
• Two-Factor Authentication, Two-Step Verification, and 1Password not true 2FA, but 2SV; TB; 7/10/2023
• 1Password launches a passkey public beta for Chrome, Edge, Safari, Firefox, and Brave but not its mobile apps 1PW announced passkey support in Nov. 2022; Verge; 6/6/2023
• 1Password is finally rolling out passkey management
  save passkeys and synchronize them across devices and platforms after 6/6; Verge; 5/16/2023
• How 1Password is designed to keep your data safe, even in the event of a breach 1PW; 1/10/2023
• Now 1Password remembers sites that use third-party accounts like Google or Facebook to log in Verge; 12/1/2022
• 1Password 8 arrives on Android and iOS with a big redesign and personalized home Verge; 8/9/2022
• 1Password now lets you securely share files and documents with just a link Verge; 6/29/2022
• Twitter pays $150M fine for using two-factor login details (phone #, email) to target ads Ars; 5/26/2022
• 1Password 8.0 TB; 5/9/2022
• 1Password 8 for Mac brings autofilling passwords to native apps Verge; 5/3/2022
• 1Password 7.9.4 TB; 4/8/2022
• Moving from 1Password to KeePass TB; 4/11/2022
• 1Password now lets you easily store crypto wallet details Verge; 2/23/2022
• 1Password 8 for Windows is here 1PW; 11/16/2021
• Psst! Now you can securely share 1Password items with anyone 1PW; 10/12/2021
• Protect your privacy with 1Password and Fastmail 1PW; 9/28/2021
• Sync options compared 9/28/2021; Is it safe to sync my data over the cloud? 11/3/2021
• [2] syncing: other folder, cloud e.g., Box, Dropbox, Google Drive, Microsoft OneDrive, SpiderOak, SugarSync; 11/12/2021
• [2] from local file e.g., USB drive; some browsers restrict access
• Guide: Setup Touch ID 9/22/2021
  How safe is it to use Touch ID to secure my vault?
  settings for how often to re-enter master password; 9/22/2021
• 1Password has plans to get companies to actually use one password
  supplement rather than compete with SSOs like Okta; Verge; 1/21/2022
• 1Password 7.9.2 TB; 12/10/2021
• 1Password 7.9 Adds Secure Password Sharing
  blog.1password.com;
  one-use or expiring link, optional email verification; TB; 10/19/2021
• 1Password 7.8.8 TB; 10/11/2021
• 1Password gets its own 'hide my email' feature
  Create Masked Email -- unique email aliases for logins, much like
  Apple's iCloud Plus Hide My Email function but integrated and not only for Apple users;
  video; Verge; 9/28/2021
• 1Password Releases Safari Extension for iOS 15 and iPadOS 15 MR; 9/20/2021
• Accel doubles down on 1Password, which just raised $100M more at a $2B valuation TC; 7/27/2021
• 1Password 7.8.5 TB; 6/3/2021
• 1Password acquires SecretHub and launches new enterprise secrets management tool TC; 4/13/2021
• How to Pay Using Virtual Credit Cards in 1Password each tied to a separate merchant
  -- linked to debit card or checking account (not credit card); one-off & recurring payments;
  can also use privacy.com directly w/o 1PW; LH; 9/24/2020
• Toronto-based password manager 1Password raises $200M Series A
  led by Accel, its first external round of funding in its 14-year history; 11/14/2019

Multi / 2 Factor Authentication (2FA) / 2 Step Verification

• Wikipedia: Two factor authentication; multi-factor authentication
• Wikipedia: Two step verification; One-time Password (OTP); TOTP = Time-based OTP
• List of websites and whether or not they support 2FA
• Apple: Apple ID (iCloud, iTunes, App Store) Frequently asked questions about two-step verification
• Apple: Two-factor authentication for Apple ID upgrade from 2-step verification; 5/11/2017
• Google: 2-Step Verification Authenticator (app); App Passwords; Backup codes
• The Best Two-Factor Authentication App Authy; NYT; 4/12/2024
• Authy Desktop to Reach End-of-Life on 19 March 2024 TB; 2/14/2024
• The Best Security Key for Multi-Factor Authentication NYT; 1/5/2024
• How to Automatically Delete Passcode Texts on Android and iOS Wired; 8/6/2023
• Google Authenticator finally, mercifully adds account syncing for two-factor codes
  but it's not E2EE (end-to-end encrypted) yet; Verge; 4/24/2023
• How to set up two-factor authentication on your online accounts Verge; 4/14/2023
• Still using authenticators for MFA? Software for sale can hack you anyway
  AitM (adversary in the middle) works by placing a phishing site between the user and the desired site; Ars; 3/14/2023
• How to set up two-factor authentication for your Apple ID and iCloud account MW; 5/5/2022
• Getting started with 2FA: Add an extra layer of protection to your passwords MW; 5/5/2022
• How to add your verification codes to Apple Passwords
  iOS/iPadOS 15, Safari 15 for macOS; MW; 4/5/2022
• Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA Ars; 3/28/2022
• More than 1,200 phishing toolkits capable of intercepting 2FA detected in the wild stealing authentication cookies; 12/27/2021
• How to Manually Get Apple 2FA Codes on Mac OSXD; 12/17/2021
• Google wants every account to use 2FA, starts auto-enrolling users Ars; 11/3/2021
• The Booming Underground Market for Bots That Steal Your 2FA Codes
  user cooperation necessary; Vice; 11/2/2021
• The White House's Plan to Stop Government Employees From Getting Phished
  focus on hardware security keys; Vice; 10/15/2021
• How Coinbase Phishers Steal One-Time Passwords 10/13/2021
• Google is about to turn on two-factor authentication by default for millions of users
  set up the Inactive Account Manager while you still can; Verge; 10/5/2021
• How to move Google Authenticator to your new iPhone ApIn; 9/24/2021
• You Should Use Your iPhone's New Built-in Two-Factor Authentication
  instead of 3rd-party app; LH; 9/23/2021
• Microsoft adds a passwordless option for Microsoft accounts
  In place of a password, Microsoft will use its Microsoft Authenticator app for your phone,
  Windows Hello, and codes sent to your email or phone; PC; 9/15/2021
• Wireless Carrier Injects Ads Into Two-Factor Authentication Texts TD; 7/1/2021
• This Agency's Computers Hold Secrets. Hackers Got In With One Password.
  New York City's Law Department had old unpatched software, did not implement 2FA; NYT; 6/18/2021
• Google will make two-factor authentication mandatory soon PC; 5/6/2021
• How to set up two-factor authentication for your Apple ID and iCloud account MW; 5/4/2021
• Why You Should Use a Physical Key to Sign Into Your Accounts Giz; 4/30/2021
• Two-Factor Authentication: Who Has It and How to Set It Up PCMag; 4/27/2021
• How to Move Google Authenticator Account to a New iPhone OSXD; 1/27/2021
• No emails have leaked from the 2020 election campaigns yet
  -- tiny USB sticks may be one reason why CNBC; 12/23/2020
• Trump Twitter 'hack': Police accept attacker's claim BBC; 12/16/2020
• SolarWinds hackers have a clever way to bypass multi-factor authentication Ars; 12/14/2020
• With Google Authenticator's Latest iOS Update, You Really Have No Excuse Now
  like Android version, supports account transfer to a different device; Giz; 12/3/2020
• Use 2FA to Stop This New WhatsApp Account Attack LH; 11/28/2020
• Microsoft urges users to stop using phone-based multi-factor authentication
  use app-based authenticators and security keys instead; ZD; 11/12/2020
• A Dutch security researcher says he logged into Trump's Twitter account,
  which didn't have 2FA, using the password 'maga2020!'
  the account has now been secured w/ 2FA; 10/22/2020
• Gatekeeper Two-Factor Authentication review: Needs a consumer-grade overhaul
  GateKeeper Wireless Security Key; PC; 10/15/2020
• Zoom’s mobile and desktop apps now support two-factor authentication previously only available via the web; Verge; 9/11/2020
• How to transfer your Google Authenticator 2FA to a new phone Verge; 9/2/2020
• Musk says Tesla two-factor authentication 'embarrassingly late' but coming soon Verge; 8/15/2020
• Apple has finally embraced key-based 2FA. So should you Advanced Protection Program (APP); Ars; 7/17/2020
• How Two-Factor Authentication Keeps Your Accounts Safe Wired; 7/12/2020
• [2] Choosing 2FA authenticator apps can be hard. Ars did it so you don’t have to
  technical; doesn't discuss 1Password at all (except in reader comments); Ars; 5/27/2020
• No-password logon surges for Microsoft services to 150 million people
  three no-password logon options for its online services on Windows machines:
  a hardware security key combined with Windows Hello face recognition technology or fingerprint ID;
  a hardware key combined with a PIN code;
  or a phone running the Microsoft Authenticator app; CNet; 5/7/2020
• Google will switch on mandatory two-factor authentication for Nest accounts this month TH; 5/5/2020
• You Should Set Up Two-Step Verification on Your Nintendo Account Right Now LH; 4/20/2020
• How to bypass Apple’s multi-device two-factor system with Messages auto-fill except uses SMS; MW; 3/24/2020
• How Do I Switch From One 2FA Authentication App to Another? LH; 3/13/2020
• Microsoft: 99.9% of compromised accounts did not use multi-factor authentication
  Only 11% of all enterprise accounts use a MFA solution overall; ZD; 3/6/2020
• What you need to know about security keys on iOS and macOS e.g., YubiKey; ApIn; 3/2/2020
• Researchers find an Android malware strain Cerberus that can extract and steal
  one-time passwords generated by Google's Authenticator mobile app ZD; 2/27/2020
• Google now treats iPhones as physical security keys Verge; 1/15/2020
• Alternative Ways to Protect Yourself from Being Spearfished
  Prioritize Your Accounts;
  Use Strong, Unique Passwords & 2FA;
  Provide Fake Answers to Security Questions;
  Think You're Important;
  Your Cell Phone Number Is the Weak Link;
  The Problem With Authenticator Apps (most poorly designed);
  Google Voice as an Alternative to Authenticator Apps and Cell Phone Numbers; TB; 1/31/2020
• The Best Authenticator Apps for Protecting Your Accounts
  Google Authenticator; Microsoft Authenticator; Authy; LastPass; Duo Mobile;
  (it didn't mention 1Password); Giz; 1/1/2020
• Does Apple ID two-factor work if you leave the country?
  Make sure you know what devices and phone numbers you trust
  (e.g., set up a free or inexpensive phone number that can receive text messages,
  e.g., Google Voice or Skype); MW; 12/10/2019
• How to add trusted phones to your Apple ID two-factor authentication MW; 12/3/2019
• Twitter will finally let you turn on two-factor authentication without giving it a phone number
  You could switch to another option later (like Google Authenticator, or a physical Yubikey)
  -- but to turn it on in the first place, you were locked into giving Twitter a phone number
  and using SMS; TC; 11/21/2019
• [2] Why One Secure Platform Passed on Two-Factor Authentication Keybase; Wired; 10/25/2019
• What Happens If I Use Two-Factor Authentication and Lose My Phone?
  write down your backup codes; use a 3rd-party authentication app, such as Authy;
  get a replacement phone for backup SMS authentication codes; what to do if you
  get locked out (and haven't prepared); LH; 10/18/2019
• No One Knows About Two-Factor Authentication, and It's Putting Their Security at Risk
  28% can identify (Pew survey); LH; 10/9/2019
• Beware a New Scam That Asks for Your Bank PIN on the Phone LH; 10/9/2019
• Twitter Took Phone Numbers for Security and Used Them for Advertising MB; 10/8/2019
• How to use 2FA on older Apple devices that won't let you enter a verification code MW; 8/14/2019
• How to Set Up Two-Step Authentication on Your Amazon Account LH; 7/6/2019
• I'll be passing on Google’s new 2fa for logins on iPhones and iPads Ars; 6/12/2019
• What is two-factor authentication, and which 2FA solutions are best? PC; 6/5/2019
• Here Are the Best Account Security Methods, According to Google LH; 5/22/2019
• Here's the Best Way to Protect Your Accounts From Hacker Takeovers
  security key or device-based (rather than knowledge-based) challenges; LH; 5/17/2019
• When 2FA isn't 2FA: How Apple's iCloud authentication system fails to protect your account MW; 4/12/2019
• Two-factor authentication explained: How to choose the right level of security for every account PC; 4/10/2019
• How to set up two-factor authentication on all your online accounts
  Apple, Instagram, Facebook, Twitter, Amazon, Google, Snapchat, Slack, Microsoft,
  Dropbox, WhatsApp, PayPal, Nest, Signal; Verge; 3/27/2019
• Protecting Your Internet Accounts Keeps Getting Easier. Here's How to Do It.
  four methods for setting up two-factor authentication; 1. text-messaged codes, e.g., Instagram;
  2. authenticator app, e.g., Facebook; 3. Google Prompt, e.g., gmail; 4. physical key, e.g., Twitter; NYT; 3/27/2019
• [3] How to Set Up Two-Factor Authentication for Multiple Apple IDs on One Device MR; 2/20/2019
• [2] How to use two-factor authentication on popular PC gaming platforms
  Steam; GOG Galaxy; EA’s Origin; Battlenet; Uplay; Epic Games; TNW; 2/19/2019
• [3] Apple to require two-factor authentication for developer accounts ApIn; 2/13/2019
• Push notifications are the future of multi-factor authentication
  verifies the identity of users by sending a push notification to a mobile device associated
  with their account during the login process; TNW; 2/9/2019
• Apple being sued because two-factor authentication on an iPhone or Mac takes too much time
  and abusive since it can't be rolled back to a less safe login method after 14 days; ApIn; 2/9/2019
• Two-Factor Authentication Might Not Keep You Safe still vulnerable to phishing attacks; NYT; 1/27/2019

Android

• Your mobile password manager might be exposing your credentials "AutoSpill": Android autofill; TC; 12/6/2023
• How to Use Your Android Phone's Built-In Password Manager LH; 5/12/2022
• Google Authenticator’s first Android update in years lets you move your account between devices Verge; 5/6/2020
• Now you can use Android phones, rather than passwords, to log in to Google*
  * = For now, fingerprint or lock screen authentication applies only to one Google service; Ars; 8/12/2019
• Google says any Android device running 7.0 or later can now be used as a security key
  for two-factor authentication Verge; 4/10/2019
• With latest version of Google Play Services, Android 7.0 and up now supports the FIDO2 standard
  which lets users login to services using fingerprints or PIN Verge; 2/25/2019

Apps

• Use an application to encrypt a file (.txt, .doc, spreadsheet, .pdf)
  -- assuming AES-128 or AES-256 (better) level encryption, with latest version of software.
• Microsoft Office (2016-; 365-); Acrobat (X -)
• compression utils.: WinZip (9.0-); 7-Zip; Keka
• discussion: P@s$w0rdz: Storing: Secure (Encrypt) Your Passwords

Biometrics, Fingerprints, Facial Recognition; Passkeys

• Biometrics; Fast IDentity Online (FIDO)
• HowStuffWorks: How will biometrics affect our privacy?
• Google and Apple use passkeys to capture users by locking credentials into their platforms
  and have made the UX of passkeys worse than that of password managers 4/26/2024
• Cops can force suspect to unlock phone with thumbprint, US court rules Ars; 4/18/2024
• I Stopped Using Passwords. It's Great -- and a Total Mess
  Passkeys are here to replace passwords. When they work, it's a seamless vision of the future.
  But don't ditch your old logins just yet; Wired; 2/8/2024
• Google begins prompting users to create passwordless passkeys by default Verge; 10/10/2023
• Passkeys: all the news and updates around passwordless sign-on Verge; 9/29/2023
• Windows 11 gains support for managing passkeys TC; 9/21/2023
• 1Password rolls out public passkey support to its mobile apps and web extensions Verge; 9/20/2023
• Passkey: Which popular apps and services offer the new feature? ApIn; 9/6/2023
• How to use Passkeys on your iPhone, iPad, and Mac MW; 6/22/2023
• 1Password is finally rolling out passkey management
  save passkeys and synchronize them across devices and platforms after 6/6; Verge; 5/16/2023
• Passkeys may not be for you, but they are safe and easy -- here's why
  answering common questions about how passkeys work; Ars; 5/12/2023
• How to Use Passkeys on Your iPhone or Mac LH; 5/11/2023
• Embrace the Passwordless Future of Passkeys LH; 5/9/2023
• Google's passkey offering is refined and comprehensive enough to recommend but the ecosystem is incomplete, despite PayPal, Kayak, and others using passkeys; Ars; 5/8/2023
• Google now lets you access your account with passkeys rather than passwords TC; 5/3/2023
• 1Password is trying for zero passwords
  create and unlock 1Password accounts using biometric-based passkey tech; Verge; 2/9/2023
• Everything to Know About Passkeys for a Password-Free Future passkeys; NYT; 1/11/2023
• The Password Isn't Dead Yet. You Need a Hardware Key Wired; 12/30/2022
• The passwordless experience you deserve passkeys; 1PW; 11/17/2022
• Dashlane is ready to replace all your passwords with passkeys Verge; 8/31/2022
• Why Passkeys Will Be Simpler and More Secure Than Passwords TB; 6/27/2022
• Apple ‘passkeys’ could finally kill off the password for good TC; 6/6/2022
• Another Step Toward a Password-Free Future TB; 5/5/2022
• Apple, Google, and Microsoft will soon implement passwordless sign-in on all major platforms
  unlocking phone to enable access; Verge; 5/5/2022
• Some of tech's biggest names want a future without passwords -- here's what that would look like CNBC; 4/24/2022
• A Big Bet to Kill the Password for Good
  after a decade of work, the FIDO Alliance says it's found the missing piece in the bridge to a password-free future; Wired; 3/17/2022
• What You Need to Know About Facial Recognition at Airports NYT; 2/26/2022
• IRS will end use of facial recognition after widespread privacy concerns
  ID.me facial recognition/sign-in issues; Verge; 2/7/2022
• The smart toilet era is here! Are you ready to share your analprint with big tech? Guard; 9/23/2021
• Researchers Create 'Master Faces' to Bypass Facial Recognition MB; 8/10/2021
• Apple demos passkeys, to let users set up accounts with just Face ID or Touch ID,
  joining Microsoft and Google in advocating for passwordless authentication CNet; 6/10/2021
• John Gruber Analyzes Apple's Secure Intent TB; 6/4/2021
• How to Log In to Your Devices Without Passwords Wired; 4/11/2021
• Inside FIDO Alliance's vision of a future free of passwords
  FIDO2 combines W3C's Web Authentication (WebAuthn) specification and FIDO Alliance’s
  corresponding Client-to-Authenticator Protocol (CTAP). This allows you to use your phone
  or laptop to identify yourself safely to a web service. To reduce the risk of phishing or
  any other attacks, the FIDO2 method doesn't involve storing your credentials on a server.
  Instead, it uses features such as biometric authentication to validate your identity so the
  password never leaves your device; TNW; 10/9/2020
• Face ID and Touch ID Logins Coming to Websites With Safari Web Authentication API 6/24/2020
• The case for biometric authentication -- and why we should ditch passwords TNW; 6/6/2020
• Apple is making iPhones easier to unlock without Face ID while many wear masks CNet; 4/29/2020
• How to turn off Face ID and use a PIN to unlock your iPhone instead e.g., if wearing mask; TNW; 4/17/2020
• Attackers can bypass fingerprint authentication with an ~80% success rate:
  using fake fingerprints for ~20 attempts fine for most people, but it's hardly foolproof; Ars; 4/8/2020
• This Smart Toilet Will Know You by the Shape of Your A*****e MB; 4/7/2020
• How YubiKey Bio could make remote security concerns a thing of the past PC; 3/31/2020
• Google Pixel 4 face unlock works even when you're unconscious
  Your eyes don't need to be open to access the phone; CNet; 10/18/2019
• Samsung says it will issue a patch for a fingerprint recognition bug on its
  Galaxy S10 phone that allowed any fingerprint to unlock the phone Reut; 10/17/2019
• [2] Biometrics using ear canals Giz; 9/19/2019
• How to Thwart Facial Recognition
  1) disappear: go offline and off the grid; 2) flood the system with weird, incongruous data.
  Wear someone else's likeness or lend out your own; NYT; 7/30/2019
• The Pentagon has a laser that can identify people from a distance—by their heartbeat
  unique cardiac signature from 200 meters away, even through clothes; MIT; 6/27/2019

Bitwarden

• wikipedia, bitwarden.com
• Bitwarden begins adding passkey support to its password manager Verge; 11/2/2023
• Bitwarden review: This free password manager has few restrictions, and little polish PC; 8/25/2022

Breaches / HaveIBeenPwned

• How to verify a data breach TC; 3/15/2024
• Have I Been Pwned adds almost 71M email addresses tied to stolen accounts from the Naz.API dataset
  it allegedly contains 1B+ lines of stolen credentials; BC; 1/18/2024
• Troy Hunt (pwned) scours the dark web for your stolen data 9/22/2023
• What to Do if Your Password Is Exposed in a Data Breach Giz; 7/27/2022
• The NCA shares 585 million passwords with Have I Been Pwned
  UK National Crime Agency; US FBI had shared earlier; 12/20/2021
• Have I been Pwned (HIBP) goes open source
  HIBP will now also receive compromised passwords discovered in the course of FBI investigations; ZD; 5/27/2021
• How to tell if your password has been stolen
  HaveIBeenPwned; Hass-Platner-Institut;
  Google Password Checkup; Firefox Lockwise; Microsoft Edge Password Monitor;
  password managers: LastPass, Dashlane, 1Password; PC; 2/10/2021
• Have I Been Pwned is going open source tells you if passwords were breached; Verge; 8/7/2020
• How Have I Been Pwned became the keeper of the internet’s biggest data breaches
  10 billion+ breached accounts; TC; 7/3/2020
• After a breach, users rarely change their passwords, and when they do, they're often weaker
  to make things worse, users' new passwords were overall more similar to passwords they use on other accounts; 5/27/2020
• 10 Billion Wrecked Accounts Show Why You Need 'Have I Been Pwned' LH; 4/9/2020

Browser (as PM)

• Hackers can force iOS and macOS browsers to divulge passwords and much more speculative execution, WebKit; Ars; 10/25/2023
• How to Access Saved Passwords in Chrome OSXD; 5/8/2023
• How to Check for Reused & Compromised Passwords in Safari for Mac OSXD; 7/22/2021
• Why your browser's password manager isn't good enough
  browser-specific; mobile support? less robust than standalone PM; PC; 1/25/2021
• Chrome and Edge want to help with that password problem of yours Ars; 1/22/2021
• Safari Autofill on Mac: How to Add Logins & Passwords, How to Update & Edit Saved Passwords OSXD; 9/8/2020
• How to Use Chrome, Firefox, or Safari to Change All of Your Bad Passwords
  check for bad, vulnerable pw; a PM still preferable; LH; 7/14/2020
• [2] Easily Reveal Hidden Passwords In Any Browser LH; 12/5/19

Chrome

• Chrome's password safety tool will now automatically run in the background Verge; 12/21/2023
• How to Delete Your Autofill Passwords in Chrome (and Move to Something More Secure) LH; 5/9/2022
• How to Manage Your Passwords in Google Chrome LH; 5/28/2021
• Chrome now uses Duplex to fix your stolen passwords TC; 5/18/2021
• How to View Saved Passwords in Chrome on Mac OSXD; 6/18/2020
• Chrome Will Automatically Scan Your Passwords Against Data Breaches Wired; 12/15/2019
• Google's Chrome 79 will warn you if your password has been stolen—or will be PC; 12/10/2019
• Google's new Password Checkup tells you if your accounts can be compromised
  Chrome; reused, compromised and weak passwords; PC; 10/2/2019
• Google's Password Checkup plugin for Chrome can warn you if your password was stolen PC; 2/5/2019

Credential Stuffing

• FBI says credential stuffing attacks are behind some recent bank hacks ZD; 9/14/2020
• One out of every 142 passwords is '123456'
  '123456' was spotted 7 million times across a data trove of one billion leaked credentials,
  in one of the biggest password re-use studies of its kind; average password length is
  usually of 9.48 characters; most security experts recommend using passwords as long
  as possible, and usually in the realm of 16 to 24 characters, or more; only letters (29%);
  only numbers (13%); include special character (12%); ZD; 7/2/2020
• Hundreds of Thousands of People Are Using Passwords That Have Already Been Hacked, Google Says
  New ‘Password Checkup' Chrome extension found 1.5 percent of all website logins use
  compromised credentials, a figure that's higher for porn websites; MB; 8/15/2019
• Hacker Lexicon: What Is Credential Stuffing?
  attackers take a massive trove of usernames and passwords (often from a corporate megabreach)
  and try to "stuff" those credentials into the login page of other digital services. Because people
  often reuse the same username and password across multiple sites, attackers can often use
  one piece of credential info to unlock multiple accounts; Wired; 2/17/2019

DashLane

• wikipedia, dashlane.com
• Dashlane review: Passwords and plenty more MW; 4/17/2024
• Dashlane Authenticator app discontinued 5/13/2024 3/28/2024
• Dashlane is getting rid of its insecure master password Verge; 5/3/2023
• Dashlane publishes its source code to GitHub in transparency push TC; 2/2/2023
• Dashlane's new $3.99 password manager plan is cheaper but might not beat free
  unlimited passwords but only on 2 devices; Verge; 4/29/2021
• Profile of the popular password management app Dashlane, which has raised $110M last spring
  and is airing its first ever Super Bowl ad Superbowl ad: Password Paradise; Wired; 2/2/2020

Edge

• Microsoft Edge can finally generate new passwords for you PC; 1/21/2021
• Microsoft Edge can now auto-generate passwords, but only via your phone PC; 12/16/2020

Facebook

• One million Facebook users had passwords stolen by fake apps ApIn; 10/7/2022
• Facebook Did Not Securely Store Passwords. Here's What You Need to Know. NYT; 3/21/2019
• Facebook has urged users to enable phone number-based 2FA,
  but the numbers are used in a user lookup feature with no opt out and to target ads
  Settings > Mobile: remove all numbers; setup 2FA with an authenticator app/PM; TC; 3/3/2019

Firefox

• Mozilla will end support for Firefox Lockwise app
  still available via Firefox's desktop and mobile browsers;
  CNet; 11/23/2021
• The Firefox password manager now tells you when you use leaked passwords
  Firefox Lockwise; Firefox Monitor: checks whether a website has suffered a security breach; ZD; 5/5/2020
• How to Recover Your Missing Firefox Passwords LH; 6/18/2019
• Firefox to Warn When Saved Logins are Found in Data Breaches via partner haveibeenpwned.com; BC; 7/17/2019
• Firefox to get a random password generator, like Chrome ZD; 6/27/2019

Frequency of Changing

• Microsoft says mandatory password changing is "ancient and obsolete" Ars; 6/3/2019
• Microsoft drops password expiration requirement
  with the Windows 10 May 2019 Update, suggests organizations implement other
  password security practices; Ars; 4/25/2019

iCloud

• Using Apple's iCloud Passwords Outside Safari TB; 4/1/2024
• Why iCloud Keychain asks for an old device's password -- and why you don't need to worry MW; 7/4/2023
• How a Passcode Thief Can Lock You Out of Your iCloud Account, Possibly Permanently TB; 4/20/2023
• How to Use Apple's New All-In-One Password Manager Wired; 4/11/2023
• What kinds of passwords, tokens, and keys can Apple manage for you? MW; 3/24/2023
• How to update your passwords with Apple's Security Recommendations MW; 3/16/2023
• If both your iPhone and passcode get stolen, you're in deep trouble ApIn; 2/24/2023
• How to use iCloud Keychain on Windows and how it differs from macOS and iOS ApIn; 8/1/2022
• The macOS Monterey user's guide to Keychain Access password management ApIn; 7/29/2022
• How to use Apple's Keychain password manager in Google Chrome TNW; 2/1/2021
• How to use iCloud Keychain, Apple's built-in and free password manager ApIn; 2/14/2022
• How to use iCloud Keychain, Apple's built-in and free password manager ApIn; 12/29/2021
• If you lock a file in Apple's Notes, don't lose your password MW; 12/27/2021
• How to Install iCloud Passwords Extension on Microsoft Edge OSXD; 12/4/2021
• [2] How to use Keychain Access to view and manage passwords on your Mac MW; 11/18/2021
• How to Import and Export Passwords From iCloud Keychain to Other Password Managers
  requires macOS Monterey; LH; 10/29/2021
• Add Two-Factor Codes to Password Entries in iOS 15, iPadOS 15, and Safari 15 TB; 10/7/2021
• You Should Use Your iPhone's New Built-in Two-Factor Authentication
  instead of 3rd-party app; LH; 9/23/2021
• Designate Account Recovery and Legacy Contacts
  only iCloud+ ($); MW; 6/8/2021
• iCloud 12.5 for Windows finally lets you manage passwords in Keychain MW; 8/16/2021
• How to master your passwords using iCloud Keychain MW; 5/6/2021
• How to set up two-factor authentication for your Apple ID and iCloud account MW; 5/4/2021
• How to take control of your passwords using iCloud Keychain on your iPhone, iPad, and Mac MW; 2/15/2021
• Apple releases Chrome extension for iCloud passwords Verge; 1/31/2021
• Why iCloud Keychain may prompt you for a device password used with other Apple hardware you own
  Apple doesn't store your password; MW; 1/25/2021
• How to share a password via AirDrop from iOS 14, iPadOS 14, or macOS
  from KeyChain, even if iCloud syncing off; MW; 10/23/2020
• How to Reset Keychain on Mac OSXD; 7/29/2020
• How to Create a New Keychain on Mac OSXD; 7/25/2020
• iPhone & iPad (KeyChain): How to Manually Add Passwords; How to Edit Saved Passwords,
  How to Find Duplicate Passwords OSXD; 6/21/2020
• Apple's iOS 14 may turn iCloud Keychain into a true 1Password and LastPass competitor 2FA support; Verge; 4/1/2020
• How to Use iCloud Keychain on iPhone & iPad OSXD; 3/30/2020
• macOS Keychain Security Flaw Discovered by Researcher
  but Details Not Shared With Apple Over Bug Bounty Protest; MR; 2/6/2019

iOS

• Wikipedia: Touch ID 4-digit PIN: 10,000 possibilities; fingerprint 50,000 but only 5 tries; stored locally not in cloud
• Apple: If you forgot the passcode for your Apple Watch 11/3/2022
• Apple: Use Touch ID instead of your passcode 3/17/2022
• Apple: About Touch ID security on iPhone and iPad 9/11/2017
• 1Password & Touch ID
• Apple to Introduce Stolen Device Protection in the Upcoming iOS 17.3 TB; 12/14/2023
• How iOS 15.4 could finally eliminate password hell MW; 2/7/2022
• How to Get Verification Codes For Apple ID on iPhone & iPad OSXD; 9/8/2021
• How to Check for Compromised or Leaked Passwords on iPhone & iPad with Security Recommendations OSXD; 2/5/2021
• How to check if your passwords saved in Keychain were compromised on iOS 14 TNW; 10/16/2020
• How to Generate Strong Passwords on iPhone and iPad using iCloud KeyChain; how strong? editable? 9/24/2020
• How to Use Third Party Password Managers on iPhone & iPad Instead of Keychain OSXD; 6/10/2020
• How to Turn Off Screen Time Password on iPhone or iPad OSXD; 3/15/2019

LastPass

• wikipedia, lastpass.com
• Multifactor Authentication
• LastPass goes independent over a year after serious breaches
  spunoff from GoTo; Verge; 5/1/2024
• LastPass review -- Does the original password manager still have what it takes? MW; 4/17/2024
• LastPass now requires 12-character master passwords for better security BC; 1/3/2024
• Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach Krebs; 9/5/2023
• Lastpass Publishes More Details about Its Data Breaches TB; 3/3/2023
• LastPass says employee's home computer was hacked and corporate vault taken Ars; 2/27/2023
• Additional GoTo Data Stolen in the LastPass Breach TB; 1/26/2022
• LastPass Data Breach: It's Time to Ditch This Password Manager Wired; 12/28/2022
• LastPass users: Your info and password vault data are now in hackers' hands
  “Encrypted fields [username, passwords, notes] remain secured with 256-bit AES encryption
  and can only be decrypted with a unique encryption key derived from each user's master password"; Ars; 12/22/2022
• LastPass warns users of 'security incident' that may have exposed personal data MW; 12/1/2022
• LastPass developer systems hacked to steal source code
  user passwords/vaults should be safe; BC; 8/25/2022
• LastPass no longer requires a password to access your vault Eng; 6/6/2022
• Some LastPass users say their master passwords were compromised and used in blocked login attempts from unknown IPs; LastPass blames “credential stuffing” BC; 12/28/2021
• Big Changes Are Coming to LastPass, but Unfortunately Not Its Prices Giz; 12/14/2021
• LastPass is going to become an independent company Verge; 12/14/2021
• How to Export LastPass Passwords OSXD; 6/20/2021
• Security researcher finds seven embedded trackers in the Android app for LastPass password manager
  LastPass says users can opt out if they want; Reg; 2/25/2021
• How to leave LastPass and move to another password manager Verge; 2/24/2021
• LastPass's free password manager is about to become a lot less useful
  free tier will limit you to one type of device starting 3/16; PC; 2/16/2021
• LastPass will warn you if your passwords show up on the dark web paid subscription only; En; 8/5/2020
• LogMeIn lays off more than 300 workers Boston Biz Journal; 2/21/2020
• Watch Out for Lastpass' New Log-off Bug LH; 2/7/2020
• LastPass to Drop Support for Native Mac App and Replace it With Universal Web App MR; 1/30/2020
• LastPass is in the midst of a major outage
  issue appears to impact users with accounts dating back to 2014 and earlier; ZD; 1/20/2020
• LogMeIn sells to private equity firms for $4.3 billion
  parent of LastPass supposedly "becoming a private company will help fuel its next phase of growth and product investment"
  (S: often private equity acquisitions don't have such rosy outcomes); ZD; 12/17/2019
• LastPass Parent Company (LogMeIn) Sold to Private Equity Firms PC; 12/18/2019
• Password-exposing bug purged from LastPass extensions
  bug could let malicious websites extract your last used password; Ars; 9/16/2019
• What Happened When the DEA Demanded Passwords from LastPass Forb; 4/10/2019

macOS

• Apple: Frequently asked questions about two-step verification for Apple ID
• How to Recover Recently Deleted Passwords on Mac OSXD; 10/18/2023
• macOS Monterey Features Dedicated Password Section in System Preferences,
  Built-In Authenticator and More MR; 6/11/2021
• How to Find Forgotten / Lost Web Site Passwords on Mac OSXD; 7/27/2020
• [2] How to find and insert special characters in macOS MW; 2/11/2019

SSO (Single Sign-On); OAuth

• Wikipedia: Single Sign On (SSO); OpenID users authenticated by certain co-operating sites
  (known as Relying Parties or RP) using a third party service; security issues
• Wikipedia: OAuth open standard for authorization; security issues
• OpenID / OAuth allow you to use your Google, Twitter, Facebook credentials to log into other sites
• You Can Disable Google Sign-in Pop-ups on All Websites LH; 12/20/2022
• She clicked sign-in with Google. Strangers got access to all her files. WaPo; 10/24/2022
• Behold, a password phishing site that can trick even savvy users Ars; 3/21/2022
• How to Use 'Sign In With Apple' on iPhone & iPad to Hide Email from Apps & Signups OSXD; 8/5/2020
• Remove Apps Linked to Your Facebook Account That You're Not Using LH; 7/3/2020
• How Google's New 'One Tap' Android Sign-Ins Work
  how secure if someone can access your device or Google account? LH; 6/16/2020
• Sign in with Apple FAQ: What you need to know about Apple's single sign-on feature
  compared with Facebook, Google, or Twitter sign-in options:no tracking;
  fake email with free anonymous email forwarding; requires 2FA;
  (also usable on non-Apple devices; still avail on fewer SSO sites?); MW; 4/7/2020
• Your smart watch will soon log you into your accounts without a password TNW; 10/23/2019
• ‘Sign In With Apple' Is Way Better Than Passwords -- If You Can Find It
  anonymized email address; no personal info sharing (like Google, Facebook); WSJ; 9/18/2019
• Google bans logins from embedded browser frameworks to prevent MitM phishing
  Google previously banned logins initiated from browsers where JavaScript had been disabled; 4/18/2019
• Behold, the Facebook phishing scam that could dupe even vigilant users
  HTML block almost perfectly reproduces Facebook single sign-on Window; single sign-on, or SSO,
  is a feature that allows people to use their accounts on other sites -- typically Facebook, Google,
  LinkedIn, or Twitter—to log in to third-party websites; security and cryptographic mechanisms
  under the hood usually allow the the login to happen without the third party site ever seeing
  the username password; Ars; 2/16/2019

Password Managers

• Wikipedia: password manager; 1Password; Bitwarden; Dashlane; KeePass
• HowStuffWorks: How Password Management Software Works
• Best Free Password Manager Bitwarden; CNet; 5/14/2024
• Our Favorite Password Manager Remembers All of Your Logins So You Don’t Have To NYT; 11/24/2023
• Best Password managers to protect your data on iOS and macOS
  Keychain, 1Password, Bitwarden, Dashlane, Keeper, NordPass; ApIn; 11/4/2023
• Are password managers safe? 1PW
• The Best Password Managers to Secure Your Digital Life discussion of browsers and passkeys;
  Bitwarden, 1Password, Dashlane, Nordpass, Enpass, KeePassXC; Wired; 12/5/2023
• Best password manager to use CNet; 8/19/2023
• Best password managers: Reviews of the top products PC; 8/8/2023
• Proton launches its password manager Proton Pass TC; 6/28/2023
• Best free password managers: Better online security doesn't have to cost a thing
  Best free password manager for most people: Bitwarden
  Best free password manager for DIYers: KeePass
  Best free password manager for simplicity: Google, Apple, or Firefox
  Free vs. paid password managers; PC; 4/13/2023
• Proton releases end-to-end encrypted password manager for desktop and mobile TC; 4/20/2023
• The Best Password Managers NYT; 3/1/2023
• KeePass disputes vulnerability allowing stealthy password theft BC; 1/30/2023
• NortonLifeLock warns that hackers breached Password Manager accounts BC; 1/13/2023
• Seven free alternatives to the LastPass password manager
  Bitwarden; Zoho Vault; Dashland; KeePass;
  LogMeOnce; NordPass; RoboForm;
  Verge; 1/6/2023
• Bitwarden vs. LastPass CNet; 8/29/2022
• Mindpass Password Manager makes 3D password control super simple
  4 sequence of objects, similar to 4 word phrase; gimmick? MW; 6/5/2022
• Why 1Password Is Now the Best Password Manager for Mac LH; 5/20/2022
• Best password managers for Mac MW; 5/5/2022
• McAfee Total Protection review: A new look, but more work is needed
  to improve the experience with its password manager; PC; 3/1/2022
• LastPass vs. 1Password: Which password manager should you use? CNet; 1/13/2022
• 7 of the Best Password Managers to Choose From Before (Firefox) Lockwise Shuts Down
  Firefox Browser; Bitwarden; LastPass;
  iCloud Keychain; 1Password; KeePass;
  Dashlane; LH; 12/6/2021
• Best Password Manager Tools for Linux
  LastPass; Keeper; KeePass; SpiderOak Encryptr; EnPass; RoboForm; Buttercup; Bitwarden; Passmgr; 8/25/2021
• LogMeOnce review: The passwordless password manager
  master password still needed to create vault, but biometric, numeric PIN, and/or photo can access; PC; 8/17/2021
• NordPass review: Streamlined password management PC; 7/29/2021
• Vulnerability in the Kaspersky Password Manager
  generated guessable "random" passwords; 7/6/2021
• Backdoored password manager stole data from as many as 29K enterprises Passwordstate; Ars; 4/23/2021
• Isn't local storage better for password database security?
  in the end, the use of any well-regarded password manager is more secure than most people’s habits,
  regardless of where the password data is stored; PC; 4/14/2021
• Mastering your password manager: 5 must-know tips PC; 3/18/2021
• Should I Keep Using My Password Manager? if it's not in Top 10? e.g., Roboform; LH; 11/27/2020
• 5 Password Manager Perks You Might Not Be Using
  Check for Compromised Accounts;
  Find Sites That Support Two-Factor Authentication;
  Store IDs and Credit Cards;
  Share Passwords With Other People;
  Safely Store Your Important Documents; Wired; 8/21/2020
• Password manager showdown: LastPass vs. 1Password 8/14/2020
• Dropbox launches password manager, computer backup, and secure ‘vaults’ out of beta 8/12/2020
• Apple announces open-source project for password manager developers ApIn; 6/5/2020
• Trend Micro Password Manager review: Basic and a little buggy PC; 5/28/2020
• Now's The Perfect Time to Start Using a Password Manager Wired; 5/24/2020
• The best password managers in 2020 Dashlane, LastPass, Keeper, Enpass, 1Password, Zoho Vault, RoboForm; Toms; 5/8/2020
• How Do I Access My Work Passwords From My Home Devices? Chrome sync; password managers; LH; 3/27/2020
• Roboform Everywhere review: Solid password security PC; 11/20/2019
• Password Boss review: Managing your passwords with authority PC; 11/7/2019
• Keeper review: Security is the greatest strength of this password manager PC; 10/30/2019
• It Is Time to Outsource Your Passwords to an App Your brain has better things to do than store secure passwords.
  Get a dedicated password manager to keep your login data synced and secure across all devices;
  The Best Password Managers to Secure Your Digital Life (abridged version); Wired; 10/22/2019
• Why You Need a Password Manager. Yes, You.
  aside from using two-factor authentication and keeping your operating system and Web browser
  up-to-date, it’s the most important thing you can do to protect yourself online; NYT; 9/2/2019
• Don't be an idiot -- here's how to store and remember all your passwords LastPass, 1Password; TNW; 8/25/2019
• Best Password Managers 2019 Tom; 8/23/2019
• The Best Password Managers BitWarden, KeePass, LastPass, 1Password; from readers; LH; 7/5/2019
• [2] Before You Use a Password Manager excessive(?) critique; 6/5/2019
• 4 Best Password Managers of 2019 (Paid, Family, and Free)
  1Password, Dashlane, LastPass, KeePassXC; Wired; 5/26/2019
• [2] Severe vulnerabilities uncovered in popular password managers
  passwords stored in RAM could lead to theft, only if attacker has already compromised
  your Windows system; ZD; 2/20/2019
• Forgot password? Five reasons why you need a password manager
  Browser Integration; Password Generation; Phishing Protection; Cross Platform Access; Surveillance Safeguard
  plus debunking these questions:
  "I already have a perfectly good system for managing passwords."
  "If someone steals my password file, they have all my passwords."
  I don't trust someone else to store my passwords on their server."
  "I'm not a target."; ZD; 2/7/2019
• Data of 2.4 million Blur password manager users left exposed online
  company says data breach didn't expose any actual passwords stored inside users' Blur accounts; ZD; 1/2/2019

Questions

• These Phishing Tactics Disguised as 'Fun' on Social Media. Here's What to Look For CNet; 3/27/2022
• Choosing and Using Security Questions Cheat Sheet 2021
• Online Security Questions Are Not Very Effective. I Still Love Them. NYT; 7/15/2021
• Why Social Media Name Games Are a Security Risk seemingly innocuous personal information
  (your full name + the street your grew up on + your first car, etc.); LH; 12/15/2020
• Why You Shouldn't Play That 'Fun Quarantine Game' on Facebook
  the answers to all those fun games are also the same things you might enter when you’re trying
  to verify your identity on a website in order to reset your password; LH; 4/16/2020
• Why you should steer clear of "Florida Man Challenge"
  some posts/sites ask for personal info: maiden name, pet, street, etc.; Ars; 3/24/2019

Safari

• When Safari flashes a 'Compromised Password' warning, pay attention MW; 11/30/2021
• How to Import Passwords & Logins from Chrome to Safari on Mac OSXD; 1/23/2021
• How to get a Safari password to save it in a password manager iOS, macOS; MW; 8/16/2019
• macOS browser now autosubmits logins. Here's how to disable it MW; 4/15/2019
• How to use Safari's saved passwords in other Mac apps ApIn; 1/4/2019

SMS, SIM swapping/hijacking

• Google backs Apple's SMS OTP standard proposal
  for humans: 747723 is your WEBSITE authentication code.
  for browser/apps: @website.com #747723
  benefits? autofill, reduce phishing (but not SMS hijacking); ZD; 4/7/2020
• How to Tell if You're the Victim of a SIM-Swapping Attack LH; 1/14/2020
• Hackers Are Breaking Directly Into Telecom Companies to Take Over Customer Phone Numbers MB; 1/10/2020
• 'SIM-Swap' Scams Expose Risks Of Using Phones For Secondary I.D. NPT; 10/25/2019
• T-Mobile Has a Secret Setting to Protect Your Account From Hackers That It Refuses to Talk About
  NOPORT setting can protect your phone number from SIM swapping; MB; 9/13/2019

Password Strength; Diceware

• Wikipedia: List of the most common passwords
• SplashData: List of current 100 worst
• Articles about each year's 'worst 25' list: 2019; 2018; 2017; 2016; 2015; 2014; 2013; 2012; 2011 mostly Gizmodo
• password lists
• Wikipedia: Diceware
• XKCD cartoon: correct horse battery staple
• How to Calculate Password Entropy?
• EFF: How to Make Super-secure Passwords using Dice
• Passwordle guess a 12-char password
• TV Tropes: Embarrassing Password; The Password Is Always "Swordfish"
  It seems that most characters in fiction missed the memo on making a good Secret Word or pass phrase.
  They are almost invariably single words, names, or dates of significance to a character which can be
  easily deduced using a little detective work: the clue is often right there on the desk, in the form of
  a picture or memento. Or simply spelled out in bold lettering on your commemorative plaque or a wall poster.
• Dumb Password Rules list of sites
• A "ridiculously weak" password causes disaster for Spain's No. 2 mobile carrier Ars; 1/4/2023
• Iran-linked cyberattacks threaten equipment used in U.S. water systems and factories hackers used "1111" default password; NPR; 12/2/2023
• We cracked more than 18,000 passwords. Here are our tips. multifactor authentication; passphrases; WaPo; 8/2/2023
• The Password Game Is Fun, Frustrating, and Educational TB; 6/30/2023
• The Password Game will make you want to break your keyboard in the best way game; Ars; 6/28/2023
• People Sure Are Bad at Creating Passwords LH; 6/14/2023
• A fifth of passwords used by federal agency cracked in security audit
  89% of the department's high-value assets didn't use multi-factor authentication; Ars; 12/10/2023
• Make Your Passwords Stronger With These 5 Tips CNet; 5/5/2022
• Never Change Your Password
  1) If it's sufficiently strong;
  2) If you created a unique one for each account
  3) Unless there's a security breach where it's stored;
  TB; 3/5/2022
• The 20 Most Commonly Leaked Passwords on the Dark Web MF; 3/3/2022
• Olympics Broadcaster Announces His Computer Password on Live TV
  video; MB; 7/26/2021
• Russian Military Hackers Have Been On a Worldwide Password Guessing Spree
  according to U.S. and U.K. government officials, the Russian cyber spies of Unit 26165
  have been using brute force attacks to target hundreds of organizations; Giz; 7/1/2021
• Did weak wi-fi password lead the police to our door?
  BBC; 5/23/2021
• How to create strong, secure passwords by learning how to crack them
  it gets harder to crack a password if it's 10 characters or longer
  -- but complexity matters too, of course. PC; 5/5/2021
• COMB: The Big Password Leak intl; pw reuse; 4/26/2021
• How to pick the perfect password PC; 4/6/2021
• Breached water plant employees used the same TeamViewer password and no firewall Ars; 2/10/2021
• Rules for strong passwords don't work, researchers find. Here's what does CNet; 11/12/2020
• The Police Can Probably Break Into Your Phone
  phone-hacking tools typically exploit security flaws to remove a phone's limit on passcode attempts
  and then enter passcodes until the phone unlocks. Because of all the possible combinations,
  a six-digit iPhone passcode takes on average about 11 hours to guess, while a 10-digit code takes 12.5 years; NYT; 10/21/2020
• A computer can guess more than 100 billion passwords per second -- still think yours is secure? TNW; 9/22/2020
• 'DiceKeys' Creates a Master Password for Life With One Roll Wired; 8/21/2020
• 'Weird' Nintendo Switch Issue Makes it Easier to Guess Passwords
  highlights ok when first 8 characters entered correctly; MB; 5/22/2020
• Suspected DNC & German Parliament Hacker Used His Name As His Email Password TD; 5/6/2020
• FBI recommends passphrases over password complexity
  Longer passwords, even consisting of simpler words or constructs, are better than
  short passwords with special characters; ZD; 2/21/2020
• It's Time to Nervously Mock the 50 Worst Passwords of the Year Giz; 12/18/2019
• 'Iloveyou' and the 24 Other Worst Passwords of 2019 LH; 12/18/2019
• Disney+ 'hack' panic stresses why you need to use unique passwords
  bad password behavior is more to blame than a breach on Disney’s part; PC; 11/18/2019
• This Bank Had the Worst Password Policy We've Ever Seen
  A European bank (FinecoBank) makes customers pay to change their passwords,
  and suggests they Google their password to check if it is secure; MB; 11/15/2019
• Equifax used 'admin' as username and password for sensitive data 10/18/2019
• [2] Forum cracks the vintage passwords of Ken Thompson and other Unix pioneers Ars; 10/10/2019
• 600,000 GPS trackers left exposed online with a default password of '123456' ZD; 9/5/2019
• When a Company Asks You to Reset Your Password, Should You Be Worried?
  may be proactive, not actual attack, but change anyway; LH; 8/23/2019
• Instead of Changing Your Passwords, Upgrade Them LH; 7/8/2019
• Most hacked passwords revealed as UK cyber survey exposes gaps in online security 4/21/2019
• Why 'ji32k7au4a83' Is a Remarkably Common Password
  'ji32k7au4a83' (Taiwanese keyboard transliteration) translates to English as 'my password'; Giz; 3/4/2019
• Use an 8-char Windows NTLM password? Don't. Every single one can be cracked in under 2.5hrs
  NTLM is an old Microsoft authentication protocol that has since been replaced with Kerberos,
  but it's still used for storing Windows passwords locally or in Active Directory; Reg; 2/14/2019

Windows

• Microsoft Has a New Trick for Keeping Your Password Safe
  Warn me about password reuse; Warn me about unsafe password storage; LH; 9/26/2022
• How to type special characters on a Windows 11 PC Verge; 4/26/2022
• How to type special characters on a Windows PC Verge; 3/26/2021

---

Quotes | Summary | Search Providers | Search Suggestions | Local Search |
References: General | AI | Apple | Bing | DuckDuckGo | Google | iOS | macOS

---

Quotes

• "The Web site you seek...
  Cannot be located, but
  Countless more exist." ~Haiku Error Messages
• Google won't search for Chuck Norris because...
  it knows you don't find Chuck Norris, he finds you.
• SEARCH ENGINES ARE SILLY...
  I USED ONE TO LOOK FOR A NEW
  LIGHTER BUT INSTEAD I GOT
  NEARLY A MILLION MATCHES
  ~Google Binged Universal Sunday Crossword, 11/25/2018
• "We have compiled a list of nine proofs which definitively prove Google is...
  the closest thing to a 'god' human beings have ever directly experienced." Omniscient; Omnipresent; Answers Prayers; Immortal; Infinite; Remembers All; Omnibenevolent; Prevalence; Evidence; ~The Church of Google
• "Q: What did the turkey say to the computer?... A: Google, google, google!"
• "Knowledge is of two kinds... We know a subject ourselves,
  or we know where we can find information upon it." ~Samuel Johnson, 1775

Summary

• "Free" search services are big business,
  e.g., Apple may have been paid $9.5B by Google in 2018 to stay default Safari search option
• [1] Change Search Provider, e.g., DuckDuckGo or StartPage
  to eliminate/minimize search profile stored by provider
• [2] Turn Off Search Suggestions to further improve privacy
• [2] Check Local Search Settings
• [2] Unclutter search results with a browser extension?
• References

[1] Change Search Provider

• Most 'free' search providers (aka 'engines'), e.g., Google, Bing, store identifiable search history remotely on server
• Change search provider to one that does not collect your search data, e.g., DuckDuckGo
• macOS: Safari > Preferences > Search
• macOS: Firefox > Preferences > Search
• macOS: Firefox > Preferences > Privacy > History > Location Bar
• macOS: Chrome: duckduckgo.com; click button: 'Add DuckDuckGo to Chrome'; help
• macOS: Chrome > Preferences > Search > Manage Search Engines > Make Default
• note: if using an ad blocker, you might consider allowing DuckDuckGo
  to show a few ads; section: Browsing : Block Ads
• iOS: Settings > Safari > Search Engine
• If you relied on Home page or new window to access search site, e.g., google.com, be sure to change there also
• macOS: Safari > Prefs > General > New Window Opens With & Homepage [screenshot]
• If you find that you don't like the new search results (format, number, etc.),
  you can easily switch to a different search engine -- just be sure to read the privacy policy
• If you'd still prefer Google searches for some results, use startpage.com, which is more private
• Other private search sites/engines: search.brave.com; ecosia.org; peekier.com; qwant.com
• Deleting Search History or using Private Browsing -- see earlier section Browsing : Managing Data
• FrogFind (powered by DuckDuckGo) is optimized for vintage computers and browsers,
  including the Newton, by converting the search result pages to extremely basic HTML.
• [2] Some search engines support "right to be forgotten" (content about you) -- submit a form on Bing or Google site

[2] Turn Off Search Suggestions

• If you're not using Private Browsing, do you want to share your searches or see others' phrases?
• Maybe speed things up, reduce crashes
• macOS: Safari > Preferences > Search > Include Safari Suggestions
• iOS: Settings > Safari > Search Engine Suggestions
• If you're using a smart home device, e.g., Amazon Alexa, Google Home, check search engine settings;
  also settings for search history & suggestions

[2] Check Local Search Settings

• Allow internet searches in 'local' search results; settings only in older versions < macOS 10.12, < iOS 10?
• macOS: System Preferences > Spotlight > [list] Spotlight Suggestions [off]
• macOS: System Preferences > Spotlight >
[checkbox] Allow Spotlight Suggestions in Look up [off]
• iOS: Settings > Siri & Search > Suggestions in Search [?],
Suggestions in Lookup [?] specify by app
• iOS: access Spotlight search:
  1) while on the Home screen, pull down from anywhere between the status bar and Dock;
  2) from the Lock screen or first page of the Home screen, swipe right to enter the Widgets screen,
  which features a Spotlight search box
• It's unclear if Spotlight still uses Bing rather than your preferred search engine
• Allow Siri request logging?
• iOS: Settings > General > Siri > About Siri and Privacy (read)

References

• {TCYOP-4: 101-102; TCYOP-3: 83-85}
• sections: Refs: AI; Apple; Bing; DuckDuckGo; Google; iOS; macOS
• also Browsing:Correct Site:Web Archives, Newspapers
• Wikipedia: internet search engines: Yahoo
• Wayback Machine 475 billion web pages saved over time
• HowStuffWorks: How Internet Search Engines Work
• Ethical.net: Search engines
• Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage Wired; 11/26/2023
• Neeva, the would-be Google competitor, is shutting down its search engine
  privacy first, ad-free, $5/mo.; Verge; 5/20/2023
• The Ask Jeeves-ification of online search Verge; 5/12/2023
• Five Things Scammers Are Hoping You Google [Company] customer service number;
  Free credit report; High paying remote job; Free people finder; Best crypto wallet; LH; 5/4/2023
• There's Already a Better Search Engine Than Google. It's YouTube. NYT; 2/3/2023
• 8 Google Alternatives: How to Search Crypto, the Dark Web, and More
  how to surf in more private and more environmentally friendly ways; Giz; 2/1/2023
• A New Chat Bot Is a 'Code Red' for Google's Search Business NYT; 12/21/2022
• How to Use ChatGPT and Still Be a Good Person NYT; 12/21/2022
• The New Chat Bots Could Change the World. Can You Trust Them? NYT; 12/10/2022
• The best search engines to use, if you're tired of Google
  Bing, DuckDuckGo, Brave Search, Ecosia, Startpage, Ask.com, Yahoo; ApIn; 11/10/2022
• How a Burner Browser Hides My Most Embarrassing Internet Searches
  Firefox Focus, DuckDuckGo, Tor Browser; NYT; 5/17/2022
• This Digital Library Contains Answers to All the Mysteries of the Universe, If You Can Find Them LH; 10/18/2021
• How to Set Ecosia as the Default Search Engine on iPhone & iPad OSXD; 10/9/2021
• How to Make Your Web Searches More Secure and Private
  Brave; DuckDuckGo; Limiting Google; Wired; 7/11/2021
• How to Opt Out of the Most Popular People Search Sites LH; 3/4/2021
• Brave Is Launching a Privacy-First Search Engine to Take On Google Giz; 3/3/2021
• 6 Privacy-Focused Alternatives to the Apps You Use Every Day Signal for Messaging; Firefox for Web Browsing;
  DuckDuckGo for Search; OsmAnd for Maps; ProtonMail for Email; Jumbo for Social Media; Wired; 12/13/2020
• 9 Browser Extensions to Help You Search the Web Better Wired; 12/6/2020
• US Library of Congress launches AI tool that lets you search 16 million old newspaper pages for historical images
  dataset includes more than 1.5 million newspaper photos: Newspaper Navigator; TNW; 9/16/2020
• How Link-Begging Became the Most Annoying Search Engine Tactic MB; 8/3/2020
• US federal and state authorities are asking detailed questions about how to limit Google's search business,
  as part of antitrust investigations according to DuckDuckGo CEO; Bloom; 6/4/2020
• How to change your default search engine on Google Chrome TNW; 3/13/2020
• Is Yahoo's [Verizon's] New 'OneSearch' Engine Good for Privacy? LH; 1/16/2020
• Verizon offers no-tracking search engine, promises to protect your privacy
  with "OneSearch," Verizon promises no cookie tracking or personal profiling; Ars; 1/14/2020
• How to Opt Out of the Most Popular People Search Sites
  Family Tree Now, Whitepages, Spokeo, Instant Checkmate, Pipl; LH; 12/12/2019
• Five Custom Searches You Should Enable In Your Browser Right Now
  Search for pages within the past year on Google;
  Search Wikipedia for TV episodes or music albums;
  Get driving directions to an address via Google Maps;
  Search whatever site you're currently viewing;
  Search any site you can think of: Look up words in a Dictionary or Thesaurus;
  Translate words on Google; Find out if a website is down for the count; LH; 11/7/2019
• How to Change Firefox's Default Search Engine for Private Browsing
  in Firefox 71, different engines can specified for regular vs. private browsing; LH; 10/8/2019
• 6 Google Tricks That Will Turn You Into an Internet Detective (many other search engines support also);
  Use quotation marks to find a specific phrase; Exclude words with the minus sign; Narrow your search to a specific time period;
  Search your favorite sites with the "site:" operator; Add search shortcuts to your browser's address bar;
  Find the source of a photo with reverse image search; NYT; 8/21/2019
• Endless AI-generated spam risks clogging up Google's search results Verge; 7/2/2019

AI

• OpenAI's ChatGPT LLM (Large Language Model); GPT (Generative Pretrained Transformer)
• Google's Bard LaMDA (Language Model for Dialogue Applications)
• Ten Ways AI Will Change Democracy 11/13/2023
• The Humane AI Pin is a bizarre cross between Google Glass and a pager Ars; 11/10/2023
• Chatbots May 'Hallucinate' More Often Than Many Realize
  when summarizing facts, ChatGPT technology makes things up about 3%
  of the time, according to research from a new start-up.
  A Google system’s rate was 27 percent; NYT; 11/6/2023
• An Industry Insider Drives an Open Alternative to Big Tech’s A.I. Allen Institute for AI; NYT; 10/19/2023
• IBM Tries to Ease Customers’ Qualms About Using Generative A.I.
  NYT; 9/28/2023
• Doomsayers, Reformers and Warriors: The Bitter Battle for the Future of A.I.
  a contest about control and power, about how resources should be distributed
  and who should be held accountable; NYT; 9/28/2023
• The Internet Is About to Get Much Worse
  AI vs. human content creators; NYT; 9/23/2023
• What OpenAI Really Wants Wired; 9/5/2023
• A New Worry for a New College Year: A.I.-Generated Admissions Essays
  A.I. chatbots could facilitate plagiarism on college applications or
  democratize student access to writing help. Or maybe both; NYT; 9/1/2023
• The A.I. Revolution Is Coming. But Not as Fast as Some People Think. NYT; 8/29/2023
• AI Glossary: Basic Terms All ChatGPT Users Should Know CNet; 8/28/2023
• What’s the future of generative AI? An early view in 15 charts McKinsey; 8/25/2023
• How Schools Can Survive (and Maybe Even Thrive) With A.I. This Fall NYT; 8/24/2023
• A jargon-free explanation of how AI large language models work Ars; 7/31/2023
• 'A certain danger lurks there': how the inventor of the first chatbot turned against AI Joseph Weizenbaum & Eliza; Guardian; 7/25/2023
• Google Tests A.I. Tool That Is Able to Write News Articles NYT; 7/20/2023
• We're Using A.I. Chatbots Wrong. Here's How to Direct Them.
  to mitigate the production and spread of misinformation from chatbots,
  we can steer them toward high-quality data; NYT; 7/20/2023
• 'Human Beings Are Soon Going to Be Eclipsed' NYT; 7/13/2023
• AI Fatalism Won't Help Us Deal With Its Actual Risks
  What is AI? Challenges posed by today’s AI systems;
  Is AI really an existential risk for humanity? Giz; 7/2/2023
• Uncensored Chatbots Provoke a Fracas Over Free Speech NYT; 7/2/2023
• The True Threat of Artificial Intelligence digital neoliberalism; NYT; 6/30/2023
• The Huge Power and Potential Danger of AI-Generated Code
  programming can be faster when algorithms help out, but there is evidence
  AI coding assistants also make bugs more common; Wired; 6/29/2023
• How Christopher Nolan Learned to Stop Worrying and Love AI Wired; 6/20/2023
• America Is Dangerously Lonely Ezra Klein on Her; NYT; 6/20/2023
• AI shakes up way we work in three key industries
  professional services, filmmaking and coding are among the
  first to use the technology in everyday operations; FT; 6/17/2023
• Humans Aren't Mentally Ready for an AI-Saturated 'Post-Truth World'
  the AI era promises a flood of disinformation, deepfakes, and hallucinated "facts."
  Psychologists are only beginning to grapple with the implications. Wired; 6/18/2023
• The Optimist's Guide to Artificial Intelligence and Work
  A.I. can complement human labor rather than replace it; Workers can focus on different tasks;
  New technology can lead to new jobs; NYT; 5/20/2023
• Silicon Valley Confronts the Idea That the ‘Singularity’ Is Here NYT; 6/11/2023
• A Univ. of Vienna philosopher used ChatGPT to create a 40-minute church service
  including the sermon, prayers, and music, led by four AI-generated avatars; AP; 6/10/2023
• How Could A.I. Destroy Humanity? NYT; 6/10/2023
• The A.I. Revolution Will Change Work. Nobody Agrees How. NYT; 6/10/2023
• Big Tech Is Bad. Big A.I. Will Be Worse. political and economic oppression by tech giants; NYT; 6/9/2023
• Marc Andreessen Is (Mostly) Wrong This Time Why AI Will Save the World; Wired; 6/8/2023
• New A.I. Chatbot Tutors Could Upend Student Learning
  children as test subjects for A.I. experiments? NYT; 6/8/2023
• Not Just Math Quizzes: Khan Academy’s Tutoring Bot Offers Playful Features
  Khanmigo allows students to chat with simulated historical figures or co-write stories with the software; NYT; 6/8/2023
• 'The machines we have now are not conscious'
  Sci-fi writer Ted Chiang:'intelligence' vs. applied statistics; FT; 6/2/2023
• ChatGPT took their jobs. Now they walk dogs and fix air conditioners WaPo; 6/2/2023
• AI researchers say ChatGPT and rival chatbots are significantly less capable in languages
  other than English, exacerbating the bias against non-English speakers Wired; 5/31/2023
• Big Tech Isn't Prepared for A.I.'s Next Chapter open source is changing everything; Slate; 5/30/2023
• A.I. Poses ‘Risk of Extinction,’ Industry Leaders Warn NYT; 5/30/2023
• The Race to Make A.I. Smaller (and Smarter)
  BabyLM: teaching fewer words to large language models; NYT; 5/30/2023
• Is Generative AI Bad for the Environment? carbon footprint; Giz; 5/28/2023
• We Blew It With the Internet. Let's Not Blow It With A.I.
  distraction and division; reliability, trustworthiness; filtering the noise; deeper insights and connections;
  Beyond the 'Matrix' Theory of the Human Mind; Ezra Klein; NYT; 5/28/2023
• Get the Best From ChatGPT With These Golden Prompts
  privacy, accuracy caveats; "Act as if." "Tell me what else you need to do this."
  "Use the framework of (a book)"; NYT; 5/25/2023
• AI Is Steeped in Big Tech’s 'Digital Colonialism' Wired; 5/25/2023
• A.I.'s Threat to Jobs Prompts Question of Who Protects Workers NYT; 5/24/2023
• The incredible creativity of deepfakes -- and the worrying future of AI TED 2023
• ChatGPT Is Already Changing How I Do My Job journalism; NYT; 4/21/2023
• A.I.-Generated Content Discovered on News Sites, Content Farms and Product Reviews
  Findings in two new reports raise fresh concerns over how AI may transform
  the misinformation landscape online; NYT; 5/19/2023
• A.I. Is Having a 'Netscape Moment'
  allow people to recognize the possibilities around an existing technology, leading to new innovation; NYT; 5/19/2023
• To See One of A.I.'s Greatest Dangers, Look to the Military NYT; 5/19/2023
• In Battle Over A.I., Meta Decides to Give Away Its Crown Jewels
  is it dangerous to publicly release its latest A.I. technology so people can build their own chatbots? NYT; 5/18/2023
• Another Side of the A.I. Boom: Detecting What A.I. Makes
  identify whether photos, text and videos are made by humans or machines; NYT; 5/18/2023
• 10 Signs That the AI 'Revolution' Is Spinning Out of Control Giz; 5/17/2023
• OpenAI CEO Sam Altman plans to tell Congress that AI regulation is "essential"
  stress the need for government flexibility, and recommend safety measures; FinTimes; 5/16/2023
• Microsoft Says New A.I. Shows Signs of Human Reasoning NYT; 5/16/2023
• Help! My Political Beliefs Were Altered by a Chatbot!
  AI assistants may be able to influence users without them being aware; WSJ; 5/13/2023
• You’re Probably Underestimating AI Chatbots
  Just as the first iPhone reviews mostly missed the device’s huge potential,
  it's folly to draw conclusions from today’s unrefined technology; Wired; 5/12/2023
• Law firms and companies' legal teams are experimenting with AI tools
  that can handle work done by entry-level lawyers potentially reducing billable hours; WSJ; 5/11/2023
• Google's answer to ChatGPT is now open to everyone in US
  Bard; many features, more languages, image inputs; Ars; 5/10/2023
• The disappearing computer -- and a world where you can take AI everywhere
  Imran Chaudhri; TED 2023; video, transcript
• AI gains "values" with Anthropic's new Constitutional AI chatbot approach
  list of guiding AI values draws on UN Declaration of Rights -- and Apple's terms of service; Ars; 5/10/2023
• What if AI could rebuild the middle class? NPR; 5/9/2023
• AI machines aren’t 'hallucinating'. But their makers are
  Hallucination #1: AI will solve the climate crisis;
  Hallucination #2: AI will deliver wise governance;
  Hallucination #3: tech giants can be trusted not to break the world;
  Hallucination #4: AI will liberate us from drudgery;
  wealthiest companies in history unilaterally seizing the sum total of human knowledge that exists in digital,
  scrapable form and walling it off inside proprietary products, many of which will take direct aim at the humans
  whose lifetime of labor trained the machines without giving permission or consent; Naomi Klein; Guardian; 5/8/2023
• What Does Sentience Really Mean?
  the fact that AI isn't alive doesn't mean it can't be sentient,
  the sociologist Jacy Reese Anthis argues; Atlantic (paywall); 5/8/2023
• ChatGPT is powered by these contractors making $15 an hour NBC; 5/6/2023
• AI text generators are quietly authoring more of the internet
  possiblty fewer clients buying human-written content; WaPo; 5/6/2023
• Will A.I. Become the New McKinsey?
  as it's currently imagined, the technology promises to concentrate wealth and disempower workers.
  Is an alternative possible? Ted Chiang; New Yorker; 5/4/2023
• Can We Build Trustworthy AI? motives, incentives, capabilities; who trained it and benefits? Giz 5/4/2023
• A.I. Could Actually Be a Boon to Education Khan; NYT; 5/3/2023;
  The Amazing AI Super Tutor for Students and Teachers Sal Khan; Khan Academy; TED; 5/1/2023
• Meta warns malware actors are increasingly spreading their infrastructure across platforms
  it has blocked 1,000+ ChatGPT-themed malicious URLs since 3/2023; Wired; 5/3/2023
• My Weekend With an Emotional Support A.I. Companion
  "Pi" assists people with their wellness and emotions; NYT; 5/3/2023
• UO experts to weigh in on the use of AI in higher education 5/3/2023
• We Must Regulate A.I. Here's How. Lisa Khan, FTC; NYT; 5/3/2023
• We Are Opening the Lids on Two Giant Pandora's Boxes Friedman; NYT; 5/2/2023
• This company adopted AI. Here's what happened to its human workers NPR; 5/2/2023
• How Do We Ensure an A.I. Future That Allows for Human Thriving? Gary Marcus; NYT; 5/2/2023
• AI is being used to generate whole spam sites fake news stories and blog posts; Verge; 5/2/2023
• When A.I. Chatbots Hallucinate NYT; 5/1/2023
• 'The Godfather of A.I.' Leaves Google and Warns of Danger Ahead Geoff Hinton; NYT; 5/1/2023
• Quiz: Can You Tell the Difference Between ChatGPT and a Doctor?
  a new study found the AI answers online medical questions better and more empathetically than real doctors; Giz; 4/30/2023
• Watch an A.I. Learn to Write by Reading Nothing but ...
  Jane Austen and Shakespeare; Federalist Papers; transcripts of the TV show “Star Trek: The Next Generation”;
  “Moby Dick”; Harry Potter novels; NYT; 4/27/2023
• 6 Tips for Using ChatGPT to Brainstorm Better Wired; 4/27/2023
• 10 of the First Things You Should Try With ChatGPT
  quickly convert time zones; book recommendations;
  plan your next holiday; solve programming problems;
  write (or punch up) your resume; summarize long YouTube videos;
  quickly create calendar events; solve math problems;
  discover new music; summarize long articles, e.g., summarize .pdfs; LH; 4/25/2023
• How Artificial Intelligence Can Aid Democracy Slate; 4/21/2023
• Want More Out of Generative AI? Here Are 9 Useful Resources Wired; 4/18/2023
• How 35 Real People Use A.I.
  "It's like collaborating with an alien."
  "Everything is becoming much easier."
  "It feels like I've hired an intern."
  "What used to take me around a half-hour to write now takes one minute."
  "It’s enormous fun."
  Plan gardens, workouts, meals;
  Make a gift (book); Design parts for spaceships; Organize a messy computer desktop;
  Write a wedding speech, write an email Get a first read; Get feedback on fiction; Play devil’s advocate;
  Build a clock that gives you a new poem every minute; Organize research for a thesis;
  Skim dozens of academic articles; Cope with ADHD and dyslexia; Sort through an archive of pictures;
  Transcribe a doctor’s visit into clinical notes; Appeal an insurance denial; Write Excel formulas;
  Get homework help; Learn Chinese; Get help when English is your second language;
  Create an app when you’ve never coded before; Fix bugs in your code; Play Pong or 3D games;
  Build entirely new games; Teach people to curl like a pro; Create new proteins in minutes;
  Identify diseases in banana plants; Draw like Sol LeWitt; Describe entire Dungeons & Dragons worlds;
  Make a Spotify playlist; Play with language; NYT; 4/14/2023
• Can Intelligence Be Separated From the Body? NYT; 4/11/2023
• Why A.I. Might Not Take Your Job or Supercharge the Economy Ezra Klein; NYT; 4/7/2023
• Why ChatGPT and Bing Chat are so good at making things up Ars; 4/6/2023
• ChatGPT vs Google Bard: Which is better? we put them to the test in 7 categories; Ars; 4/5/2023
• NYT tech series:
  How to become an expert on A.I. part 1; 3/27/2023;
  How Does ChatGPT Really Work? part 2: large language model (LLM), Generative Pretrained Transformer (GPT); 3/28/2023;
  What Makes A.I. Chatbots Go Wrong? part 3: hallucinating software; 3/29/2023;
  How Should I Use A.I. Chatbots Like ChatGPT? part 4: LLMs are already good at a wide variety of tasks; 3/30/2023;
  What's the future for A.I.? part 5; 3/31/2023
• Tinkering With ChatGPT, Workers Wonder: Will This Take My Job? NYT; 3/28/2023
• Can a Machine Know That We Know What It Knows? theory of mind; NYT; 3/27/2023
• A.I. Is Being Built by People Who Think It Might Destroy Us NYT; 3/27/2023
• If We Don’t Master A.I., It Will Master Us Yuval Harari; NYT; 3/24/2023
• The Best ChatGPT Alternatives Worth Checking Out Giz; 3/23/2023
• The A.I. Chatbots Have Arrived. Time to Talk to Your Kids.
  experiment together; talk about how chatbots make you feel;
  get to know the technology and its limitations; stay on top of new developments; NYT; 3/22/2023
• The Age of AI has begun Bill Gates; 3/21/2023
• Our New Promethean Moment Tom Friedman; NYT; 3/21/2023
• A.I. Is About to Get Much Weirder. Here’s What to Watch For. Ezra Klein; NYT; 3/21/2023
• Testing Google Bard NYT; 3/21/2023
• 10 Ways GPT-4 Is Impressive but Still Flawed NYT; 3/14/2023
• This Changes Everything Ezra Klein; NYT; 3/12/2023
• The False Promise of ChatGPT Noam Chomsky; NYT; 3/8/2023
• The Chatbots Are Here, and the Internet Industry Is in a Tizzy NYT; 3/8/2023
• Why Chatbots Sometimes Act Weird and Spout Nonsense NYT; 2/19/2023
• ChatGPT Is a Blurry JPEG of the Web
  lossy vs. lossless compression; blurriness vs. fabrication;
  'hallucinations' as compression artifacts; NewYorker; 2/9/2023
• The Chatbot Search Wars Have Begun Wired; 2/9/2023
• OpenAI Used Kenyan Workers on Less Than $2 Per Hour to Make ChatGPT Less Toxic Time; 1/18/2023
• Artificial Intelligence and The Matter with Things
  Dr. Iain McGilchrist, keynote video; AI World Summit 2022;
  neuroscientist McGilchrist's latest book: The Matter with Things: Our Brains, Our Delusions and the Unmaking of the World
• Knowledge Navigator video about intelligent assistant; Apple; 1987

Apple (generally)

• see also: Refs:iOS; Refs:macOS
• Wikipedia: Spotlight system-wide search feature of Apple's OS X and iOS operating systems
• Lawsuit Says Google Pays Apple to Keep Away From Internet Search Market 1/4/2022
• Apple develops alternative to Google search Ars; 10/28/2020
• Apple may launch its own web-based search engine ApIn; 8/27/2020
• Spotlight: Don't take your Mac's powerful search engine for granted MW; 4/10/2019

Bing

• Wikipedia: Bing
• Bing (Yes, Bing) Just Made Search Interesting Again NYT; 2/8/2023

DuckDuckGo

• Wikipedia: DuckDuckGo
• DuckDuckGo Releases Its Own ChatGPT-Powered Search Engine, DuckAssist
  mostly answers from Wikipedia; Giz; 3/8/2023
• DDG has a tracker blocking carve-out linked to Microsoft contract
  DuckDuckGo's mobile browsers do not block advertising requests made by Microsoft scripts on non-Microsoft web properties; TC; 5/24/2022
• Fed Up With Google, Conspiracy Theorists Turn to DuckDuckGo
  DuckDuckGo uses Bing search engine; NYT; 2/23/2022
• DuckDuckGo's Quest to Prove Online Privacy Is Possible Wired; 6/16/2021
• Privacy-focused search engine DuckDuckGo is growing fast BC; 9/16/2020
• A Feisty Google Adversary Tests How Much People Care About Privacy
  DuckDuckGo displays ads at the top of each search page.
  But unlike others, it does not track the online behavior of its users to personalize the ads; NYT; 7/15/2019
• Google quietly adds DuckDuckGo and other privacy-focused search engines as an option
  for Chrome users in more than 60 markets based on new usage statistics; TC; 3/13/2019
• Privacy-focused search engine DuckDuckGo announces it will use Apple Maps
  to power map and address-related searches using Apple's MapKit JS framework; Verge; 1/15/2019
• DuckDuckGo denies using fingerprinting to track its users 'false positive'; 1/7/2019
• Why should I use DuckDuckGo instead of Google? 10 Reasons:
  1. Google tracks you. We don't.
  2. Block Google trackers lurking everywhere.
  3. Get unbiased results, outside the Filter Bubble.
  4. We listen (and respond).
  5. We don’t try to trap you in our 'ecosystem.'
  6. We have !bangs to search other sites directly, e.g., !w (wikipedia), !a (amazon)
  7. We strive for a world where you have control over your personal information.
  8. Our search results aren't loaded up with ads.
  9. Search without fear.
  10. Google is simply too big, and too powerful; 1/2019

Google

• Wikipedia: Google
• myactivity.google.com: view/remove search history
• view cached page result for a site -- usually via menu on search results page,
  or webcache.googleusercontent.com e.g., https://webcache.googleusercontent.com/search?q=cache:http://example.com/;
  similar to web.archive.org
• Google Says Switching Away From Its Search Engine Is Easy. It's Not. NYT; 9/20/2023
• Why You Need to Stop Clicking Sponsored Google Links LH; 2/27/2023
• Your Google Searches Are Quietly Evolving. Here’s What's Next Wired; 11/21/2022
• Here's How to Use Google's New Privacy Tool to Scrub Your Personal Info From Search Results MF; 10/5/2022
• The Best Google Search Alternatives if Privacy Is Your Thing
  DuckDuckGo; StartPage; Brave Search; SwissCows; MetaGer;
  etc. Giz; 3/4/2022
• How to Google without words: The coolest searches you may not know
  Live images, sounds and pictures can give you some of the best Google search results; CNet; 2/3/2022
• How to Get Google Search Results That Are Actually Useful Wired; 10/3/2021
• The Most Helpful Google Search Modifiers Everyone Should Be Using LH; 9/9/2021
• Google spending $15B to remain default iOS search engine to block Microsoft ApIn; 8/27/2021
• How to Password Protect Your Google Search History and Hide Your Secrets LH; 5/25/2021
• DuckDuckGo Calls Out Google Search for 'Spying' on Users After Privacy Labels Go Live MR; 3/15/2021
• My Attempt to Prepare for a Future Without Google NYT; 1/28/2021
• The Blurred Lines and Closed Loops of Google Search what's an ad? seemingly small design tweaks
  to the search results interface may change how and where people find information online; Wired; 8/31/2020
• 15 simple tips to get better search results on Google TNW; 4/30/2020
• Google Will Require Proof of Identity From All Advertisers
  a slew of scams and misleading ads pushed the search giant to expand its verification policy; NYT; 4/23/2020
• Google now alerts you when search results suck TNW; 4/23/2020
• Why Google Backtracked on Its New Search Results Look NYT; 1/31/2020
• Google is testing how to make ads sneakier in search results TNW; 1/24/2020
• My Decade in Google Searches Decade of Distrust; Images pulled from Google search; NYT; 12/27/2019
• Get Google's Search Results With More Privacy By Using Startpage
  startpage.com: actual Google search results w/o tracking; LH; 12/1/2019
• I Ditched Google for DuckDuckGo. Here's Why You Should Too Wired; 12/1/2019
• How to Set Your Google Data to Self-Destruct myactivity.google.com; search and location data; NYT; 10/3/2019
• Apple may have been paid $9.5B by Google in 2018 to stay default Safari search option ApIn; 2/12/2019

iOS

• How to Change Default Search Engine on Chrome for iPhone & iPad OSXD; 1/4/2022

macOS

---

Quotes | Summary |
References: General | Censorship, Journalism, Wikileaks |
Dark Web / Deep Net | NSA, CIA | Tails | Tor

---

Quotes

• NSA:... No Such Agency
• "Anonymous sources are a practice of... American journalism in the 20th and 21st century, a relatively recent practice. The literary tradition of anonymity goes back to the Bible." ~Joe Klein

Summary

• [3] Use Tor "The Onion Router" and Tails OS "The Amnesic Incognito Live System"
• Advantages: more anonymity for targeted users, e.g., political dissidents, investigative journalists, whistleblowers, criminals, trolls, hate groups
• minimizes associating your actual IP with routing/server activities
• more encryption (like VPN); random routing via multiple nodes
• Disadvantages: difficult to guarantee 100% anonymity, and likely to attract unwanted attention
• difficult to setup; slow; government monitoring / filtering / blocking / censoring
• network {Figure 14: TCYOP-4: 104; TCYOP-3: 87}
• configuration {Figure 15: TCYOP-4: 105; TCYOP-3: 88;}

References

• {TCYOP-4: 103-105; TCYOP-3: 86-88}
• sections: Refs: Censorship, Journalism, Wikileaks; Dark Web / Deep Net; NSA, CIA; Tails; Tor
• topics: China, Iran, ISIS, Silk Road, Snowden, Turkey
• Wikipedia: anonymous browsing; Privacy software
• HowStuffWorks: How Internet Security Works; How to Surf the Web Anonymously; Can the government see what Web sites I visit?
• EFF: Surveillance Self-Defense Tips, Tools and How-tos for Safer Online Communications: Overviews, Tutorials, Briefings, Playlists
• How to Read a Blocked Website
  hide your real IP address with a proxy connection, e.g., VPN;
  try using TOR (The Onion Browser); LH; 9/2/2022

Censorship, Journalism, Wikileaks

• "Censorship reflects a... society's lack of confidence in itself.
  It is a hallmark of an authoritarian regime." ~Potter Stewart
• "As to the evil which results from a censorship,...
  it is impossible to measure it, for it is impossible to tell where it ends." ~Jeremy Bentham
• "Wikileaks' silencing was sought by antidemocratic governments worldwide --
  including China, whose censors work mightily to block all access to the site.
  Wikileaks' plug was pulled, ironically,... not in China, but by a federal judge in San Francisco." ~Peter Scheer
• Wikipedia: Internet censorship; internet filter
• Wikipedia: WikiLeaks publishes secret information, news leaks, and classified media from anonymous sources
• HowStuffWorks: How Internet Censorship Works
• Russia May Have Found a New Way to Censor the Internet throttling rather than blocking; Wired; 4/8/2021
• Tuber browser, which let Chinese users register and access banned services like YouTube, has been blocked and removed from China's third-party Android stores BB; 10/10/2020
• I wrote this law [Section 230] to protect free speech. Now Trump wants to revoke it Wyden; CNN; 6/9/2020
• The Internet's most important—and misunderstood—law, explained Section 230 is the legal foundation of social media, and it's under attack; Ars; 6/10/2020
• China's Global Reach: Surveillance and Censorship Beyond the Great Firewall EFF; 10/10/2019
• Ron Wyden wrote the law that built the internet je still stands by it — and everything it's brought with it; 5/16/2019

Dark Web / Deep Net

• see also: Shopping: Cryptocurrency
• Wikipedia: Deep Web (aka Deepnet, Invisible Web, or Hidden Web) is not indexed by standard search engines
• Wikipedia: DARPA's Memex search engine for the dark web vs. Memex: 1945 paper that inspired hypertext and the World Wide Web
• Wikipedia. online black markets: Agora; Evolution; Silk Road
• HowStuffWorks: How the Deep Web Works
• Google brings dark web monitoring to all U.S. Gmail users BC; 5/10/2023
• Darknet markets generate millions in revenue selling stolen personal data Ars; 12/3/2022
• The Hunt for the Dark Web's Biggest Kingpin -- The Rise and Fall of AlphaBay:
  Part 1: The Shadow Wired; 10/25/2022;
  Part 2: Pimp_alex_91 11/1/2022;
  Part 3: Alpha Male 11/8/2022;
  Part 4: Face to Face 11/15/2022;
  Part 5: Takedown 11/22/2022;
  Part 6: Endgame 11/29/2022
• The Difference Between the Dark Web and the Deep Web
  surface web: collection of sites indexed by search engines;
  dark web: collection of private networks accessed only by special browsers and/or protocols;
  deep (aka hidden) web: unindexed pages requiring login; LH; 3/15/2022
• Should You Use a 'Dark Web Scan' to Protect Your Identity? LH; 10/23/2020
• Can You Really Hire a Hit Man on the Dark Web? generally scams; NYT; 3/4/2020
• What's Actually on the Dark Web MB; 1/30/2020
• A look at the rise of murder-for-hire marketplaces on the dark web, the vast majority of which are schemes to pilfer money from gullible users Harpers; 12/15/2019
• Feds Bust One of the Dark Web's Biggest Child Porn Sites Thanks to Tremendously Bad Opsec MB; 10/16/2019
• The CIA Will Use its New Dark Web Site to Collect Anonymous Tips MB; 5/7/2019
• What is a “Dark Web Scan” and Should You Use One? 3/26/2019
• The Evolution of Darknets 1/23/2019

National Security Agency (NSA); CIA

• Wikipedia: National Security Agency; Freedom of the Press Foundation
• Wikipedia: Crypto wars; Backdoors
• HowStuffWorks: How the NSA Works

Tails

• Wikipedia: Tails OS The Amnesic Incognito Live System; "a live operating system, that you can start on almost any computer from a DVD, USB stick, or SD card. It aims at preserving your privacy and anonymity, and helps you to: use the Internet anonymously and circumvent censorship; all connections to the Internet are forced to go through the Tor network; leave no trace on the computer you are using unless you ask it explicitly; use state-of-the-art cryptographic tools to encrypt your files, emails and instant messaging."
• Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it Verge; 6//23/2020
• Facebook Helped Develop a Tails Exploit 6/12/2020
• Tails, the security-focused OS, adds support for UEFI Secure Boot ZD; 4/8/2020

Tor

• Wikipedia: Tor ("The Onion Router"); .onion pseudo-top-level domain host suffix for Tor
• Tor Browser for Apple Silicon Macs is Now Available OSXD; 12/17/2022
• Tor is under threat from Russian censorship and Sybil attacks Ars; 12/8/2021
• Someone Is Running Hundreds of Malicious Servers on the Tor Network and Might Be De-Anonymizing Users Giz; 12/3/2021
• What Is Tor and Why Should I Use It? LH; 12/7/2020
• Does Tor provide more benefit or harm? New paper says it depends more harmful in 'free countries'? licit vs. illicit services; Ars; 11/30/2020
• BBC Launches Tor Mirror Site To Thwart Media Censorship NPT; 10/24/2019

---

Summary | Correct, Secure Site | Credit Cards | Other: Paypal, Bitcoin,... |
References: General | Amazon | Apple |
Crytocurrency, Bitcoin | Google | Payment, Credit | Paypal

---

Summary

• "Remote shopping, while entirely feasible,... will flop." ~Time magazine, 1966; fake quote
• [1] Use Correct, Secure Site / App
• [1] Protect Credit Card Info: store in password manager -- not browser, not vendor site
• Provide a temporary (instead of your actual) credit card number,
  e.g., Apple Pay; Virtual Account Number (Citi), digital wallet,
  privacy.com linked to debit card or checking account, with 1Password integration,
  when possible, esp. for one-off purchases on smaller / lesser-known sites
• [2] Consider other Forms of Payment, e.g., Paypal; [3] Cryptocurrency?
• References

[1] Use Correct, Secure Site / App

• Many of these already covered in other sections:
• Be sure to navigate to correct web site, esp. not via ads / impostor links
• Use HTTPS: for login & entering contact / payment details -- see section
• Clear purchase history on sites?
• If using an app, make sure it's authentic & up-to-date: app store, exact name, ratings, etc.

[1] Protect Credit Card Info

• Save credit card info in a password manager rather than browser -- more secure, sync across browsers/platforms
• macOS: Safari > Preferences > AutoFill > Credit Cards: off
• iOS: Settings > Safari > AutoFill > Credit Cards: off
• Avoid storing credit info on merchant site, if possible -- though some may require a card on file
• This should be less of an issue for major vendors, e.g., Amazon, Apple -- who can invest more on security
• If you misplace your card, you can lock your card with some credit card companies (and unlock it later when you find it).
• Check your credit card statements monthly, or more frequently, to detect fraudulent charges
• Enable account notifications (email/text) if supported, e.g.,
• for an international charge
  
• for an online, phone or mail charge
• for an amount over $x
• Check Apple Pay (or similar) settings, if applicable
• iPhone: Settings > Wallet & Apple Pay
• iPhone: Settings > Safari > Check for Apple Pay
• Rank credit cards by importance and impact; what happens if one is compromised?
• Use different credit cards for different purposes/sites, e.g., online only, regular automatic payments, one-time purchases with new vendors, etc.
• A single-use, virtual credit card number linked to a credit card (or bank account) provides additional security
• Virtual Account Numbers creates a temporary credit card # & security code; you set expiration date and credit limit; e.g., Citi not avail for Costco Visa apparently
• Bank of America formerly offered virtual card numbers via "ShopSafe", which has now been discontinued in favor of Digital Wallets?
• Check with your bank or credit card company

[2] Consider other Forms of Payment

• PayPal can be linked to checking account or credit card; vendor doesn't see credit card info
• Downsides: yet another account; does not provide same protection for contesting charges; may block some quasi-legal purchases, which use VPN or violate their definitions of copyright, decency, etc.
• Other services can be used to transfer cash, e.g., Square, Messenger, Venmo -- understand possible fees and consumer protections
• [3] Avoid cryptocurrency, e.g., Bitcoin
• Although a cryptocurrency might provide more anonymity and can be used to hide transactions, it's also unreliable, variable and hackable; also, definitely not an 'investment'

References

• {TCYOP-4: 106-109; TCYOP-3: 89-90}
• section: Refs: Amazon; Apple; Crytocurrency, e.g., Bitcoin; Google; Payment, e.g., credit card, money transfer; Paypal
• topics: Cyber Monday, E-commerce, GoFundMe, Google Play/Wallet, Square, Venmo
• Wikipedia: Online shopping; micropayment
• HowStuffWorks: How Electronic Payment Works; 5 Ways to Send Money Online
• Tips for Canceling Online Subscriptions
  it's easy to sign up but not always so easy to stop a service.
  F.T.C. is proposing rules to change that; NYT; 7/7/2023
• Canceling Online Subscriptions Is Confusing, Difficult and Absurd... by Design
  many companies use tactics called "dark patterns" to make it difficult to cut ties; CNet; 4/4/2022
• Why the Internet Is Turning Into QVC
  greed, fear and China; NYT; 11/14/2021
• How to Protect Yourself From Online Card Fraud
  be wary of websites that offer brand-name goods at steep discounts;
  credit cards have federally mandated protections; NYT; 10/22/2021
• How to cancel your account at Netflix, Amazon Prime, and others Verge; 1/15/2021
• It's Time to Audit Your Autopay Subscriptions average American spends $237 a month; LH; 10/9/2020
• How to Protect Yourself From the Newest Mobile Banking Malware LH; 6/11/2020
• They See You When You’re Shopping How Sephora, Gucci, Kiehl’s and more track about 20 million online shoppers every day; NYT; 11/26/2019
• How to Not Get Phished When Shopping Online Make sure the URL is safe and accurate; Use a browser with DNS over HTTPS; Don’t click on suspicious email links or attachments; Bookmark the real website and/or login pages; Use a password manager; Use the official mobile apps for online stores/services; LH; 11/18/2019
• E-Commerce Promised the World. Are We Happy With Our Purchase? It's been 25 years since the first online transaction, but we are still struggling with the balance between convenience and security; NYT; 8/10/2019
• 7 Ways Artificial Intelligence Can Help Protect Us Against Online Fraud
  1. AI Can React Immediately To Suspicious Activity.
  2. AI Can Help Spot Fraudulent Online Ads.
  3. AI Is Helping Humans Do More Work.
  4. AI Learns From A Variety Of Businesses.
  5. AI Could Make Transactions Faster, Not Slower.
  6. AI Can Assess Where The Most Likely Threats Are Coming From.
  7. AI Can Help Us Identify Social Engineering Hacks; MF; 7/2/2019
• How Dark Patterns Change Our Behavior LH; 7/1/2019
• How to avoid Internet fraud, scams, phishing and other cybercrime PC; 6/25/2019
• How E-Commerce Sites Manipulate You Into Buying Things You May Not Want dark patterns; fake notifications; default options; NYT; 6/24/2019
• How to Find and Report Fake Businesses on Google Maps LH; 6/21/2019
• Apple Pay vs. Google Pay vs. Samsung Pay: Mobile payments compared CNet; 6/17/2019
• In Stores, Secret Surveillance Tracks Your Every Move Bluetooth 'beacons' work well at short-range, indoors; remove retailer & spy apps, shut off location services and Bluetooth where they are not needed; NYT; 6/15/2019
• Stanford Team Aims at Alexa and Siri With a Privacy-Minded Alternative Almond virtual assistant software is decentralized and connected by programming standards that will make it possible for consumers to choose where their information is stored and how it is shared; NYT; 6/14/2019
• Loyalty programs cost you your personal data -- are the rewards worth it? TNW; 6/12/2019
• Don't Use a Debit Card at the Gas Pump card skimmers; use digital wallet (e.g., Apple/Samsung/Android Pay) or credit card (fraud protection); LH; 2/22/2019

Amazon

• How to Download Everything Amazon Knows About You (It's a Lot) LH; 1/25/2022
• 10 Privacy Settings Every Amazon User Should Enable Right Now LH; 11/4/2021
• Life Without Amazon (Well, Almost) NYT; 12/29/2020
• Amazon Knows What You Buy. And It's Building a Big Ad Business From It. NYT; 1/20/2019

Apple

• How to Delete Your Apple Pay Information Remotely If Your Device Is Stolen LH; 4/6/2021
• Apple Card Now Available to All US iPhone Users TB; 8/20/2019
• How to Get the Most from Your Apple Card Benefits TB; 8/14/2019

[3] Cryptocurrency, e.g., Bitcoin

• Wikipedia: Bitcoin; Cryptocurrency; Ethereum; Initial coin offering (ICO)
• HowStuffWorks: How Bitcoin Works
• What Is Blockchain? The Complete WIRED Guide Wired; 2/2/2023
• The Crypto Story: an in-depth look at crypto and blockchains
  bitcoin and the underlying tech, the uses and meaning, the crypto financial system, and trust, money, and community; Bloom; 10/25/2022
• Here's what to know about "the Merge." NYT; 8/26/2022
• Ethereum's "Merge" is about to put every ether miner out of work
  ambitious change from proof-of-work to proof-of-stake is expected to cut
  energy consumption by a factor of 1,000; Ars; 8/19/2022
• Cryptocurrency tech is vulnerable to tampering, a DARPA analysis finds NPR; 6/21/2022
• How 'Trustless' Is Bitcoin, Really? blockchain leakage; NYT; 6/6/2022
• Understand Cryptocurrency, but Don't Invest in It TB; 4/20/2022
• NFTs Are a Privacy and Security Nightmare
  the blockchain isn't as "anonymous" as you might think; Wired; 4/5/2022
• The Latecomer's Guide to Crypto
  What are NFTs?: nonfungible tokens
  What is web3?: internet services built using decentralized blockchains;
  What are DAOs?: decentralized autonomous organizations;
  What is DeFi?: decentralized finance;
  NYT; 3/18/2022
• Maybe There's a Use for Crypto After All
  Helium, a wireless network (for IoT) powered by cryptocurrency, hints at the practical promise of decentralized services; NYT; 2/6/2022
• Cracking a $2 Million Crypto Wallet Verge; 1/24/2022
• We All Need to Stop Only Seeing the Dark Side of Crypto
  in some parts of the developing world, cryptocurrency is changing lives for the better; Wired; 12/19/2021
• Cryptocurrency faces a quantum computing problem
  cracking public key cryptography; CNet; 11/12/2021
• Widely Used Bitcoin ATMs Have Major Security Flaws, Researchers Warn Giz; 9/30/2021
• Bitcoin Cosplay Is Getting Real NYT; 9/14/2021
• Crypto Banking and Decentralized Finance, Explained NYT; 9/5/2021
• The Brutal Truth About Bitcoin NYT; 6/14/2021
• Bitcoin and Encryption: A Race Between Criminals and the F.B.I. NYT; 6/12/2021
• New Rule: Crypto Mania! Real Time with Bill Maher (HBO); 4/30/2021
• Ars Technica's non-fungible guide to NFTs
  is blockchain item authentication a speculative fad or a technological sea change? Ars; 3/29/2021
• Want to really understand how bitcoin works? Here’s a gentle primer Ars; 12/26/2020
• Cryptocurrency Hardware Wallets Can Get Hacked Too Wired; 5/18/2020
• Bitcoin Has Lost Steam. But Criminals Still Love It. NYT; 1/28/2020
• 3 pivotal Bitcoin figures thought to be Satoshi that you should know about Harold Finney, Nick Szabo, David Kleinman; TNW; 8/21/2019
• Terrorists Turn to Bitcoin for Funding, and They're Learning Fast NYT; 8/18/2019
• Was Bitcoin Created by This International Drug Dealer? Maybe! Paul Le Roux; Wired; 7/16/2019
• How Libra Would Work for You Facebook's cryptocurrency; NYT; 6/18/2019
• After the Bust, Are Bitcoins More Like Tulip Mania or the Internet? NYT; 4/23/2019
• Kurt Russell's New Bitcoin Crime Movie 'Crypto' Looks so Awful I Must See It an instant so-bad-it's-good classic ala 1995's 'The Net'? MB; 3/12/2019
• Cryptocurrency wallet caught sending user passwords to Google's spellchecker Coinomi wallet bug sends users' secret passphrases to Google's Spellcheck API via HTTP, in plaintext; ZD; 2/27/2019
• You Do Not Need Blockchain: Eight Popular Use Cases And Why They Do Not Work 2/22/2019
• A brief history of cryptocurrency and blockchain white papers TNW; 2/21/2019
• The differences between cryptocurrencies, virtual, and digital currencies TNW; 2/19/2019
• Why storing your Bitcoin private keys on Google Drive is a terrible idea or any cloud service -- if the chosen password isn't strong/unique; TNW; 2/13/2019
• Blockchain and Trust Schneier; 2/12/2019
• How Bitcoin Could Help Iran Undermine U.S. Sanctions NYT; 1/29/2019
• Why the Ethereum Classic hack is a bad omen for the blockchain the 51% attack is real, and it's easier than ever; Verge; 1/9/2019

Google

• Google is tracking your purchases through Gmail every time a store sends a confirmation to your Gmail account, Google adds it to your list of purchases; see, manage here; CNet; 5/17/2019
• Update Your Google Pay Privacy Settings Now LH; 3/16/2019

Payment

• All the Ways Your Credit Card Info Can Be Stolen LH; 7/27/2023
• How to Look Up an Unauthorized Charge on Your Credit Card WhatsThatCharge.com; LH; 11/7/2022
• Why You Shouldn't Pay for Anything With Zelle LH; 10/7/2022
• Insomnia, addiction, depression: The dark side of life trading crypto WaPo; 4/29/2022
• The Easy Way I Protect My Credit Cards Online and Keep Free Trials Free privacy.com; NYT; 4/26/2022
• Fraud Is Flourishing on Zelle. The Banks Say It's Not Their Problem. NYT; 3/6/2022
• Venmo gets more private—but it's still not fully safe Ars; 7/25/2021
• Yes, You Should Be Using Apple Pay or Google Pay paying with a smartphone is actually more secure and more efficient than using a credit card; Wired; 11/7/2020
• How to Pay Using Virtual Credit Cards in 1Password each tied to a separate merchant -- linked to debit card or checking account (not credit card); one-off & recurring payments; can also use privacy.com directly w/o 1PW; LH; 9/24/2020
• How to Reduce Credit Card Fraud NYT; 6/8/2020
• Beware the Fees That Come With Some Money Transfers on Apps treated as cash advances, with interest accruing immediately? Paypal? Venmo? Square? NYT; 4/24/2020
• A Case for Paying With Your Phone NYT; 2/5/2020
• How to Use Up the Last Few Dollars on a Prepaid Gift Card buy an Amazon e-gift card for the exact amount on the Visa gift card; LH; 2/4/2020
• How Scammers Can Use Your Old Credit Card Numbers use only 1 credit card (or virtual cards) for online purchases; LH; 1/6/2020
• How I Survived a Week Without My Wallet with just smartphone; NYT; 9/27/2019
• What it Costs to Send Money Internationally With Wire Transfer Apps MoneyGram, TransferWise, Xoom, Western Union, WorldRemit; LH; 9/3/2019
• Deep dive into the byzantine tracking and analytics industry around credit card purchases and steps that consumers can take to improve their privacy WaPo; 8/26/2019
• MoviePass exposed thousands of unencrypted customer card numbers TC; 8/20/2019
• Here's Why Everyone Already Has Your New Credit Card Expiration Date auto-updater services; LH; 5/17/2019
• Unless you want your payment card data skimmed, avoid these commerce sites Ars; 5/8/2019
• Apple Card will be the most secure credit card ever, and here's why AI; 4/2/2019
• Apple Card FAQ: Interest rates, rewards, sign-up and everything else you need to know MW; 3/27/2019
• Apple Card has a rotating security code that is protected by Touch ID or Face ID, helping better prevent credit card fraud TC; 3/25/2019
• A new rash of highly covert card-skimming malware infects ecommerce sites Ars; 3/14/2019
• Check Your Credit Report Even If Your Credit Is Frozen a freeze does not prevent someone from using an existing account to make fraudulent charges, which is far more common; LH; 3/8/2019

Paypal

• Why You Should Skip PayPal and Donate Directly to Organizations LH; 6/3/2020

---

The Puzzle

• Interactive version [below]
  Check button: check puzzle for errors; Reveal button: reveal current word
  Web version created by Crossword Compiler
• Print versions [.pdf]: puzzle; solution
• Download for a crossword app [.puz]: puzzle w/ solution
  open it in a crossword app, e.g., Mac, Windows: Across Lite (free); Android, iOS: Crosswords

---