A millenial's guide to staying safe online.

Just as I was about to publish this post, I saw this article about a Florida man 🙃 who received an email from Google that the police had requested his information because he’s a suspect in a crime case. All because Google was tracking his every single step. This is why everyone should care. This could be anyone. Who wants to have to deal with legal fees because their phone is spying on them and they happened to be jogging or running around a certain place.

---

I’ve had the plan to write a post on all of the things listed here but never felt like it would be substantial. So I’ve been waiting. But that could take forever so I’ve decided to consolidate tiny posts into one. As the title suggests, these are some guidelines I abide by to be a little safer online. I wont say “stay protected” because none of the things here are a guarantee but they will certainly reduce the probability of the negative. Some of these, notably the section on Facebook, are less of a technical defense than they are a mental and psychological one.

Here’s the TL;DR References and links will be in the actual paragraphs.

• Use virtual credit card numbers
• Delete Facebook … ? 🤷🏾‍♂️
• Use a password manager
• Set up Two-Factor authentication
• Use an encrypted messaging platform
• Use a privacy-focused browser (e.g. not Chrome), or at least an ablocker.

---

Virtual Card Numbers

This has been high on my list of things I wanted to write about. What really grinds my gears was my experience with AMC’s A-list subscription. I decided to cancel A-list and lo-and-behold. I CAN’T. Seriously, if you have A-list. Go and try to cancel your membership. It’s not possible. Well, you won’t be able to do it yourself. You have to contact their customer service. Which, besides the ridiculous time wasted, would involve some nonsense back-and-forth where the rep will try and convince you that you absolutely need to stay. I could be wrong. Maybe it only takes five minutes. But its ridiculous I have to contact them to cancel my account! It literally took me two minutes (probably less) to sign up for the subscription. If I had to contact customer service to sign up for an account, I probably wouldn’t have. But they had to make it harder for me to leave. This, is a Dark Pattern. I briefly mentioned this in my post about social media in society.

This is almost turning into a rant. The moral of the story is. I didn’t want to contact their customer service. If it was easy to join, it should be easy to leave. So I created a virtual credit card number on my Capital One Venture card, added it to my account, removed the old card, and disabled the new virtual number. I waited until billing time, at which time I got to laugh at the “We couldn’t process your payment” emails. My account got cancelled. And now I’m happy. This really isn’t the best argument for a virtual card number but it’s one of the good ones. It gives peace of mind. One of the better scenarios to be glad to have a virtual card, which coincidentally also happened to me: you order from an online store; make a payment with a virtual card number; the store gets hacked⧉. You disable the card. And live on like nothing happened. My two best recommendations for this are privacy.com (for any kind of card) and capitalone.com if you’re willing to sign up for a card if you don’t already have one. I believe Citi card also offers this I, so some research might be worthwhile.

Delete Facebook.

‘Nuff said.

Password Managers

I hope everyone has at least heard of password managers. It’s a huge undertaking to adopt them. And I’ll admit to not really thinking about that when I advise people to start using a password manager. A password manager is basically an application that runs on your phone and computer. It allows you to store all your passwords in it. And whenever you need to log into a website or another application, it will surface the password and auto fill it for you. Sometimes the auto-fill isn’t seamless, so you just copy the password, and paste it into wherever. Pretty simple.

“This is isn’t better than my diary of passwords” you say. Well, you’re right. This is not the right way to use a password manager. Also, if your diary gets stolen or lost, you’re fudged. Now, the right way to use a password manager is: after migrating all your existing (and probably bad) passwords, you generate new passwords. A unique password for each website. And for every new, site, you get a unique password too. Now that’s security! This is where “I memorize my passwords” just doesn’t cut it. Also, you can’t really memorize that many passwords. Well I guess you could memorize “passowrd1”, “password2”… but , come on. We all know better than that. My recommendations: Lastpass (Free), 1Password (I use this), and Dashlane. I wouldn’t recommend using just any password manager. These are your passwords after all.

Two Factor Authentication

Having two-factor authentication (2FA) on an online account is just as important as having a good password. One common place 2FA is required is online banking. Most banks now require users to provide both a password and a code sent to the user’s device before they can access their online account — especially if its from a new computer or new location. This usually comes in the form of an SMS sent to the user’s phone number. Having 2FA an accout means having a compromised password doesn’t mean a compromoised account. SMS authentication is good and its still a strong recommendation if its the only avaialable option for an account. However, it’s not the best method, as the hack of Twitter’s CEO shows⧉. Fret not, there are other options including using a hardware token and a software token. Using a software token is more convenient option. Google authenticator is probably the most popular app for this but my recommendation (I use this for all my accounts) is Authy⧉. If you’re curious which of your accounts support 2FA, there is actually a website dedicated⧉ to providing that info as well as the options avaiable. So go forth and be secure!

Encrypted Messaging

Encrypted messaging apps are not a particular necessity, unless you’ve got a target on your head and someone important really wants to know what you’re up to or you live in a surveillance state and just need some level of privacy and autonomy. However, out of principle, I think they’re important. Imagine having someone follow you around, recording everything you say to everyone, and uploading those recordings to their employers to listen to. This isn’t really a wild thought. If you use an app like Facebook messenger or Twitter/Instagram DMs, this is a pretty apt analogy. I’m sure most people wouldn’t be okay with having their voice conversations recorded but are somehow more okay with text. Even though we’re saying the same things!

So here are my recommendations: Signal, iMessage (if you have an iPhone) and, reluctantly WhatsApp. These apps are the only ones that are backed by trustworthy organizations (Signal) or verified technology (iMessage, WhatsApp). Although Telegram is more secure than pretty much every other messaging app, I’d still choose from the top 3 first.

Web Browsers

I think of web browsers as the cars we use to drive through the roads of the internet. Some are very bare-bones and some are decked out. But at the end of the day, you just want to enter a (web) address and want your browser to go there. Like cars, its important your browser is helping you navigate online safely. I strongly discourage against using Google Chrome as a daily driver because of all the tracking Google does — it’s a lot of tracking. My all around preference is Firefox, Mozilla, the company behind Firefox has made a lot of effort into positioning themselves as suppporters of freedom and openness on the internet. I currently use Brave, its very similar to Chrome (based on it even) but it primarily exists as an antithesis to all of Chrome’s attack on user privacy. The founder of Brave (Brendan Eich) is also a very fascinating character, he created JavaScript, the language that powers pretty much all websites and some mobile sites. He was actually at a point the CEO of Mozilla. So here are my recommendations: Firefox, Brave; in that order.

If you really have to use Chrome, (and you don’t) Brave is more or less a drop in replacement. But if you do, you have to have have uBlock origin⧉ installed. This is actually available for Firefox and Brave as well. I want to recommend Safari. I really do. But Apple has basically killed extensions in Safari so no way to properly block ads. And ads can be bad. Like, infect-your-computer-with-a-virus bad.

Tidbits

• When setting up a Windows computer, don’t connect to internet until everything is set up. If you do, Microsoft will force you to sign in with a Microsoft account before you can use your computer.
• Fakespot⧉ for amazon reviews. Yes, a lot of “five-star” reviews are fake.
• Get a virtual phone number. This is slightly similar to the virtual card numbers. It’s important because phone numbers are a critical identification method. Your phone number is tied to critical information like address and birthday. Tied together makes identity theft easier. Google voice is a great free service for this. There’s a resounding irony of me bashing google and recommending them at the same time but it’s really hard to beat Google voice. And at the end of the day. That’s what’s most important. Choosing what’s best - for you.