Episode 23: How To Remove Your Data From The Internet

How (and Why) to Remove Yourself From The Internet's Biggest Data Brokers

Photo by Rishi Deep on Unsplash

The Background

From time to time, we’re all advised to Google ourselves. This is especially true before a job interview or any important, personal or business venture. Why? Simple: it’s best to know what’s publicly available about us on the Internet. If there’s any information that’s embarrassing or damning out there, it’s best to know about it before others do, so we have the chance to edit or delete it.

However, as good as this advice is, it overlooks a far more crucial priority: our public contact information. I don’t want anyone in the world to have easy access to my current home address and phone number, my previous addresses and phone numbers, my auto & real estate loans, or members of my immediate and extended family.

Unfortunately, all of that information is free, publicly available, and easily accessible to anyone who searches for it. “Data broker” websites provide these kinds of data to the public. In fact, here’s a link to one example which includes scores of individuals who happen to share my name:


Spokeo.com is easy to search and provides a TON of personal information about every David Koff listed, including age, gender, relatives and - get this - a map to a recent address. The cost to access this amount of data? Free. #TotallyCreepy

For an additional fee - of just $0.95!! - phone numbers, email addresses, marital status, and court records can be provided. If you think I’m joking, just check out this image:

And, by the way, if you’re reading this and you just happen to be David Brian Koff of Denver, Colorado: my most sincere apologies. All David Koffs should stick together, so keep reading: I’ll explain how to delete your data! :)

The Latest

Spokeo, of course, isn’t the only data broker. Not by a long shot. Just have a look at this list. Or this one. Or this one. There are hundreds of data brokers that are publicly available, easy-to-find, and super easy-to-use. They specialize in collecting data about you and me which they can then either give away or sell.

I don’t know about you, but I don’t want my personal data being so publicly available for so many people to find. Or buy. Or use in ways that I can’t control. That’s why I deleted my information from Spokeo. And that’s why I then took the extra step of scrubbing my data from every other data broker I could find.

How I did that is a two-chapter short story:

  • Part One: I invested about 15-20 hours of my time over a week and went to every data broker website on this list and followed the instructions for how to scrub my info. 15-20 hours is a lot of time for me, especially with a child at home.

  • Part Two: I managed the email confirmations from each of the various web brokers and went back to each site a second time to confirm that my data was, indeed, wiped.

That’s it. The peace-of-mind I have now is worth far more than the time I invested. Now, when I Google myself or visit any of the largest data brokers on the planet, my personal data isn’t shown. Now look: I’m no dope. I’m sure that SOME of my data is still available - somewhere out there on the Internet, available to law enforcement agencies should they need it or to the most sophisticated hackers - but, by and large, I’ve made finding out info about me far more difficult.

And that was my goal.

Even better, as a result of my time investment, I now also get little to no junk mail through the US Mail. That includes no catalogs, brochures, credit card solicitations, and more. So, yeh, I’d have to say that my privacy (and the amount of paper that gets wasted on me) is now #MuchBetter

The Method

As I mentioned above, scrubbing your data from the Internet only requires an investment of your time to do some manual work: going to websites, filling out forms, and then waiting for responses. Some websites can scrub your data within 24 hours. Others take a few days to a week. All of the legit businesses should notify you if you provide a valid email address.

If you don’t have the time (or desire) to do this yourself: stay tuned. I’ll share another solution for you folks in the section below called “The Alternative Solution”.

To Begin:
  1. Start with this list. The author has clear instructions with (mostly) accurate links, and back-up phone numbers in case a call is necessary to the data broker.

  2. Be sure to opt-out at the Direct Marketing Association because that stops your data from being shared with others who wish to market and mail things to you. That means reducing junk mail substantially.

  3. When you’re done with that list, I’d tackle this list next.

Good To Know:

Most data brokers allow you to scrub your data from their website for free; a few - cuz they suck - charge a fee. Most data brokers have an automated system on their websites that allow you to make a simple removal request; a few - cuz they suck - ask you to provide record IDs, links, or other specifics from their websites to honor your request. Most data brokers don’t ask you to prove who you are when you request that they scrub your data; a few - cuz they suck - will ask for tangible proof, like a driver’s license.

If You Need It:

Some data brokers may ask you to provide a short, written request to authorize your opt-out. Here is the stock letter which I use. Feel free to copy it, if you like:

Thank you in advance for removing all of my personal information from this and any other subsidiary website of yours. I do not authorize any of my personal data to appear on any website of yours for any reason without my express written consent in advance. This includes, but is not limited to: my names, mailing addresses, phone numbers, email addresses, cities, states, countries, possible or actual family members or contact information of any kind. Thank you so much in advance for your help! Here is the data which I'd like removed:

Then, just list any pertinent information, links, or record IDs that you’d like purged from the brokers website(s).

Total Time Commitment:

I’d budget 15-20 hours of time to do this work. If you don’t have the time (or desire) to do this yourself: scroll down to the section below called “The Alternative Solution”.

The Confirmation

Here’s a typical confirmation email which, in this case, I received from a data broker called PeopleByName. As you can see, in PeopleByName’s case, I had to submit “RecordID” numbers associated with my name/information on their website:

As my longtime readers know - and as you can see from the screengrab above - I never EVER provide my personal email address to anyone. That rule goes doubly when contacting a data broker. Instead, I use two email services: 33mail (which I’ve known about for years) and Erine.email (which I discovered thanks to a TechTalk subscriber!). Using these services accomplishes three goals:

  1. They provide me with an infinite number of fully customizable emails

  2. All emails get auto-forwarded to my personal email so I don’t have to go to another website to retrieve them.

  3. I’m able to block any of my custom email alias at the press of a button. In fact, just check out the image above: at the top of the email header in a green box, you’ll note how 33mail mail provides a link - in every email!!! - to block any further correspondence from any of the aliases I create. Nice!

The Alternative Solution

While all of us would probably like to see our data scrubbed from the largest data brokers on the Internet, not all of us have the time to do the work involved. If that’s the case, the alternative solution is to pay a reasonable fee to let others do the work for you.

After I learned how to successfully remove my personal data from data brokers, I began offering the same service to family and friends. I offer my services to the general public for a fair price of $350, but I’ll tell you upfront that you can absolutely find companies to do this work for cheaper. In fact, here’s a link to a popular service called DeleteMe right here that charges between $129 to $350/year depending on the level of service you purchase. I give you this information up front for two reasons:

  1. If you’re on a budget, DeleteMe may be a reasonable option

  2. As always, we get what we pay for

There are a small handful of providers that offer data wiping services. The DeleteMe service offered by Abine, Inc is one but of them. However, as far I can tell, none of the companies offering this service has 25+ years of experience in tech and security; none of them guarantee, upfront, that they’ll reduce or eliminate your physical junk mail (the kind that comes to your home); and none of them state, upfront, that they only hire Americans who work for a fair hourly wage.

I offer these promises for my data wiping services. To learn more, click here to visit my consulting website: TheMacDweeb.com.

The Takeaway

You’ve got options if you want to scrub a ton of your personal data from the web.

If you invest 15-20 hours of your time, you do the work yourself using the guides here, here, and here. Alternatively, you can pay a reasonable fee for others to do the work for you. Regardless of how you choose, just remember these four things…

  1. If you’re concerned about privacy and/or security, you should do whatever you can to reduce your personal data being available online.

  2. If you pay for others to remove your data for you, that’s fine: just be sure you can trust the individual or company to whom you’ll provide some of your personal data.

  3. There’s no known way to remove ALL of your personal data from the web. No doubt there are many local, state, and federal agencies that have data on every one of us. No doubt those data are available via the web to the most malicious hackers.

  4. The goal is never to remove ALL of your personal data from the web: it’s to remove as much of it as possible. And that goal, dear friends, is 100% doable.

Go for it.

And that’s a wrap for today’s episode, everyone. Thank you again, for reading and for being a subscriber. Let me know your thoughts in the comments section.

And remember: if you’d like me to write about a topic, drop me a line on our still-open discussion thread at this link.

As always… surf safe.

Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.

Episode 22: The 10 Commandments of Digital Parenting

Setting House Rules for Tech to Keep the Focus on What's Truly Important

Photo by Samantha Sophia on Unsplash

The Backdrop

Ah, the holidays! Here in the good ol’ US of A, we gorge on turkey and cranberry sauce and then—the very next day—we begin spending billions of dollars. Hundreds of billions, actually. In fact, we’re on track to spend about $730 billion for the 2019 holiday season, a huge amount of money.

This holiday season, however, I’d like to offer all of you a gift that doesn’t involve consuming, although you will need to digest it. It’s the kind of gift you can use repeatedly for no additional cost, and—even better—it’s the gift of helping children.

Technology is hip, cool, and exciting, and it makes modern life both enjoyable and possible. Social media! Dating apps! Transportation as a service! Watches that count steps and tell the time?! Neato-! There’s so much to love and so much to explore. It’s endlessly fascinating and shiny.

The Problem

However, technology also has a dark side. It’s very, very, very addictive, especially to young minds. The science behind how technology affects young, developing minds is becoming clear, and it may even cause brain damage, health problems, depression, and loneliness as well as safety and sleep problems. This is serious, heavy stuff, and it shouldn’t be dismissed. It’s also why some tech executives are following in the footsteps of Steve Jobs and Bill Gates and restricting or eliminating their own children’s tech time at home.

Technology in your home is your responsibility. Do it safely or don’t do it.

The good news is that with a few common-sense changes to how we understand and use technology, we can help our children in some beneficial ways. Here are a few of the mindsets, philosophies, and methods I’d recommend to any parent when dealing with technology in the home. Because I’m dramatic and have a flair for the exciting, let’s call these “The 10 Commandments of Digital Parenting.”

1. Technology Isn’t Your Babysitter

As a parent, you’re responsible for far more than just handing your child a tablet and saying, “Have fun!” Having and using technology in the home is an investment in your child’s future, and that investment necessarily requires your personal time, patience, and dedication.

If you’re not ready to understand and monitor how technology gets used by your kids, then please, don’t give them any. I know that sounds harsh, but as parents, you’ll not only need to educate yourself about technology, but you’ll also need to get involved with it to be able to implement it safely for your children.

Technology in your home is your responsibility. Do it safely or don’t do it at all.

2. Teach Your Children To Be Upstanding Netizens

Do you let your children run screaming through the supermarket? Do you let them flash their genitals at the coffee shop? Do you stand idly and watch as they push or bully a child who doesn’t look like them?

No? Then under no circumstance should you ever let them behave that way online.

Good netizens start with good parenting. Take the time to teach your children how to be kind, both in-person and online. Show them the difference between kind and rude comments and make sure they understand the difference. And when you talk about “the birds and the bees,” include the part about online sex. That includes selfies, sexting, and nudity, even in pictures that disappear like the kind that Snapchat offers.

Disappearing pictures of your junk is still pictures of your junk.

Parents are responsible for ensuring their children understand that no one should ever touch them inappropriately or send them inappropriate photos. Ditto for teaching your children not to be the ones to do the touching or the sexting. Good netizens start with good parenting.

3. Limit, Restrict, or Prevent Screen Time for Any Minor

If you were born before, say, 1984, then you grew up without smartphones and tablets. Hell, you grew up without the Internet!! Instead, you found and played with actual frogs instead of looking at frog videos on an app; you played on the jungle gym in the backyard with friends instead of gathering online in a chat room; you played board games in person—seated at the very same table!—rather than being separated by technology and playing your turn in isolation.

And, somehow, magically, you turned out just fine. So remember: like you, your children will benefit from the same approach. Make that decision for them and help them become healthy, socialized humans in the process. Life online awaits them for the rest of their adult lives, but they only have one childhood. Let them enjoy it in the ways that you remember enjoying it too.

Invest in some Legos, Lincoln Logs, electronic science kits, and good old-fashioned trips to museums, theaters, and planetariums. And don’t forget hikes in the forest, walks on the beach, and paddling out on the lake to experience some nature up close.

4. Technology at Home Should Be an Earned Privilege, Not a Right

I encourage parents to think of technology—and social media in particular—as my parents used to think about television when I was a kid: a limited privilege only allowed in limited quantities and in limited locations. When we got home from school, we were permitted to watch one hour of cartoons on the TV in the basement before needing to start our homework. Homework was done in our bedrooms, where there were no TVs, phones, and computers. If our grades or behavior were poor, the privilege of TV was revoked, sometimes for as much as a month.

These same concepts are true for today’s parents regarding technology, so don’t shy away from strict rules and guidelines. Limit the total time online or in front of a screen, don’t allow computer technology in the bedroom, and treat technology as a privilege. More importantly, be vocal and let your kids know that you’re watching what they do, both in the real world and online. Remind them that this is for their own safety and for the safety of others.

5. Only Give Children Smartphones After They’ve Demonstrated Respect for the Technology and Balance With Its Usage

It’s important for you, as the parent, to understand the difference between a want and a need. Your 10-year-old child might want to text, email, and post on social media, but there’s no life-threatening need for this. Conversely, you - as the responsible parent - might need for your child to be able to contact you in an emergency situation. The first scenario requires a smartphone; the second only requires a “dumbphone,” like a flip phone. Flip phones are very inexpensive and still quite good at making phone calls.

Remember that using a smartphone requires a level of self-regulation that your children might not demonstrate until later than their peers. If you hold off on buying a smartphone, they’ll complain that their friends all have them. It’s probably true. Maybe they’ll complain that they look stupid without one or that they feel left out. Perhaps they will.

My advice? Smile, give them a hug and explain the truth to them: Tech addiction is real and can sometimes lead to depression and suicide. Tell them that you love them too much to give them this awesome tool and challenging responsibility before it’s time, regardless of what other families have decided to do.

6. Monitor What Your Children Do Online

Other than cartoons, we watched TV together as a family so that my folks could supervise what we watched. The same approach applies when your kids surf online. If you decide to allow your child to have and use a smartphone, you’re now also responsible for whatever that minor does with the smartphone—not just conceptually but legally. Many states will hold parents civilly liable for the abusive online actions of their children.

Give your children — and yourselves — the gift of human interaction.

There are many applications you can install on your smartphones or computers to monitor online activity. Be upfront about it with your children. Let them know you’re watching what they do both for their own safety and for the safety of others. You no more want your kid to be cyberbullied or stalked by a creeper than you’d want to learn that your child is the one doing the bullying or stalking. If you decide to allow your children to have and maintain social media accounts, inform them that you’ll be following them on those platforms—and then actually do that.

Treat their smartphone like you’d treat their bedroom: as a parent, you should always get access. Ensure you know the phone’s password to gain access. Include your finger or FaceID print in the phone’s memory as well. If you love your children, be transparent about this and be willing to confirm they’re keeping up their end of the bargain. That means you also get to follow their finsta accounts. :)

7. Restrict or Avoid Social Media

There’s no easy way to put this, so I won’t sugarcoat it: You should protect your children (and yourselves) from using social media for as long as you can. Jean Twenge, a San Diego State University psychologist, wrote in the Atlantic that “teens who spend three hours a day or more on electronic devices are 35 percent more likely to have a risk factor for suicide, such as making a suicide plan. (That’s much more than the risk related to, say, watching TV.)” Considering that in 2011 for the first time in more than two decades, suicide caused more teen deaths than homicide, that kind of research is something to take seriously.

A 13-year-old girl Twenge interviewed said, “We didn’t have a choice to know any life without iPads or iPhones. I think we like our phones more than we like actual people.” In most cases, social media isolates people. That isolation, in turn, causes loneliness, fear of missing out (also abbreviated as “FOMO”), and comparing someone’s curated online life of seeming-perfection to the varied, flawed lives we all actually live. Teens, whose minds are still developing, don’t understand this concept and are at high risk without your help and structure. Help your children not only by educating them about the differences between online life and real life but by giving them a real-life away from any electronic devices.

8. Strongly Restrict What Your Children Do Online

If you have children, I’m guessing you don’t want them surfing porn on your home network. Ditto for their friends when they’re visiting at your home. My advice is to make it impossible for that to happen.

Free tools are available for you to filter your home Wi-Fi network, blocking any or all questionable websites. The tool I use is OpenDNS, which works by changing just one set of preferences on your home Wi-Fi router to route all information from your router through the OpenDNS servers instead of through your internet service provider (ISP). This allows you to prevent content from any of the categories pictured below from loading on any device that connects to the internet via your router. Magic! And don’t worry: OpenDNS provides easy instructions on how to change the preferences for every kind of router.

Categories of websites you can block using the free OpenDNS service.

9. Make Mealtime About People, Not Technology

Nowadays, when my wife and I go out for dinner, we’re shocked by the number of families we see sitting at the dinner table who are all on their smartphones and tablets, not even interacting with one another. Sadly, we see the same when we visit the homes of our friends and family. We wonder how something like that could have happened, given that it wasn’t even possible 20 years ago.

Give your children—and yourselves—the gift of human interaction. Leave the technology away from the table when you’re eating together as a family. No text, social media post, email, or phone call is more important than family time. The likely only exception is when you’re a first responder on call.

10. Be a Parent, Not a Friend

Your children’s friends and acquaintances will—at some point—encourage your children to do wild, wacky, and sometimes unsafe things. You’ll do the opposite, of course, and advise, protect, and encourage your children to grow into responsible adults. Your child is not your friend. That means you’ll be saying “no” to a lot of crazy requests, ideas, and notions.

Get comfortable with that when it comes to technology. If you see your child asking her aunts and uncles to see their smartphones upon first seeing them, explain to them why this isn’t okay with you. Also: make sure this isn’t okay with you!

Do you have other rules or policies that you implement in your home? Have I missed any obvious ones? Share your tips, tricks, and thoughts in the responses so we can all discuss it together.

And that’s a wrap for today’s episode, everyone. Thank you again, for reading and for being a subscriber. Let me know your thoughts in the comments section.

And remember: if you’d like me to write about a topic, drop me a line on our still-open discussion thread at this link.

As always… surf safe.

Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.

Episode 21: Smart Devices Require A Smart Approach

How the "Internet of Things" Might be Making You Less Secure

Photo by John Tekeridis from Pexels

The Background

Technology has the power and the promise to make our lives easier, richer, and more manageable. Devices like those in the Amazon Echo family, the Google Home family, and the Siri family - to name just a few - can use our voices to play music, watch videos or TV, add items to our shopping lists, or to even ask general questions for the internet to provide with answers. It’s pretty futuristic stuff. When paired with other devices like smart thermostats, smart doorbells, smart blinds, smart door locks, and smart security cameras, much of our home life can now be programmed, automated, and leveraged in some remarkable ways. For people living with physical disabilities, smart home automation can be a game-changer. For those with children running around the home and needing an extra set of hands, the same.

In our rush to automate our lives, we often forget that every device can be hacked. This requires us to educate ourselves and think before bringing additional technology into our homes and businesses. Most of us forget to take this step, but - as recent headlines prove - we shouldn’t…

The Latest

Ring, a company now owned by Amazon, makes smart doorbells and smart security cameras for consumers to place in their homes. Once connected to your WiFi network, these devices allow you to talk through them from anywhere in your home or from anywhere on the planet where you can connect to the internet. The potential upsides are pretty great.

Unfortunately, the company has a poor track record when it comes to security. Worse, these track records aren’t always clear to consumers. That might be why a couple in Northern Mississippi decided to install one of the company’s devices in their daughter’s room. Their daughter suffers from seizures and her parents thought that having the devices would be a reliable, extra security measure to be there for their child in the event of an emergency.

However, the family discovered that a man hacked into their Ring camera. Worse, when they dug through their video archive they found the audio of the man talking to their daughter, using racial slurs. This article written about their experiences in the Washington Post and the accompanying video is, generally, one of the creepiest things I’ve seen in a while. So know that before clicking the link.

Ring is no stranger to controversy. #Hardly:

Have these security holes and lax security practices been fixed? Yes. Have a few, notable publications begun recommending that consumers avoid Ring devices? Most definitely. Is Ring the only company with security holes and breaches on their hands? No. Every company has issues with its smart devices including Google, Apple, and Amazon.

By the way, I should also mention the growing partnership between Ring and local police forces around the US to create localized surveillance networks. Ted Cook, the police chief in Mountain Brook, Alabama was quoted in this article saying that his department thinks of Ring’s technology and Neighborhood app “as trying to create a digital neighborhood watch."

Maybe you think that’s creepy and maybe you not. But I sure do. That stuff’s creepy as hell, so thank you: but no. I’m not a buyer.

The Method

So what’s a consumer to do?! For me, the obvious answer begins with going analog. Somehow - miraculously!! - I’ve gotten along just fine for decades without a smart doorbell, a smart voice assistant, a smart thermostat or a smart security camera. If I decide to upgrade my lifestyle, I always rely on the same four questions to help guide me when considering the purchase of new technology:

  1. What specific problem(s) will purchasing this piece of technology solve? For example, will it save me money or time? Will it enable or empower me to do things I couldn’t do previously in a safe and private way? Put simply: is this device something that you need?

  2. What privacy or security concerns will I face if I bring this device into my home or business? Does it record and store my voice and the voices of my friends, family or colleagues? What information, if any, will the company that manufactures the device collect when I use it? Does the manufacturing company, by default, have access to my device? If so, can I shut that access off?

  3. What can happen if the device is hacked? If we assume that all devices can be hacked - and we should - then how can strangers or potential enemies use this device to collect data about me, harass me, or monitor me?

  4. What simple measures can I take when setting up this device to ensure that it provides the maximum level of security? Can I, for example, buy a device that’s already made with security and privacy in mind? If multiple companies make a voice-activated music streaming device or a smart doorbell, does one company have a better track record of privacy and security than their competition?

Sometimes, answering these questions makes clear that the device I want - say, an Watch - isn’t a device that I actually need or that solves any problems. So I don’t buy it. Alternately, sometimes the answers to these questions lead me to purchase a smart device - say, an Echo Dot - that brings more joy, automation, and music to my home… after I’ve locked the device down.

In the end, answering these questions forces me to make smarter, more informed choices. Often, it leads me to purchase well-reviewed items from companies with excellent track records on personal security and privacy. That’s how we arrived at the baby monitor we purchased: it’s one of the few that doesn’t broadcast its signal over the internet.

The Prevention

Once you’ve determined that you truly need a new piece of “smart” technology in your home, you’ll need to set it up smartly and with your security and privacy in mind. Here are some additional and required steps to utilize for your set up process. Please note: these steps might not be explained or included in your manuals, so take note and save this information. We are always responsible for our own security, privacy, and safety with our technology.

  1. Create and use a never-before-used email address when you register your device. This ensures that no current, compromised email addresses of yours can be used by a hacker to attempt to log into your device. To accomplish this task, I use a service called 33mail. Here’s how it works. Let’s say your name is “Bobbi Block”. Sign up with 33mail and pick the username "bobbiblock". Now, any email address ending with @bobbiblock.33mail.com will be forwarded to you. The next time you visit a website or register a device that asks for your email address, instead of giving them your real email address, create one based on the name of the service or device. Setting up a Nest home thermostat? Then make things easy by creating and using the email MyNest@bobbiblock.33mail.com.

  2. Create and use a never-before-used password when you register your device. This ensures that no current, compromised passwords of yours can be used by a hacker to attempt to log into your device. To accomplish this task, I use a free, open-source password manager called BitWarden.

  3. Enable two-factor or two-step authentication on Amazon, Google, and Apple accounts. This enables a double layer of protection should a hacker somehow manage to gain access to your email address and password. Enabling two-factor or two-step authentication on key accounts (Amazon, Google, Apple, Facebook, etc.) ensures that would-be hackers would ALSO need access to your phone to gain access to your account. Here’s a guide on how to enable two-factor authentication (or 2FA) on most mainstream accounts. Here’s another from Authy, the system I personally use.

  4. Change the device’s default password. This ensures that any hacker using the known default password for your device will be thwarted. Known default passwords are EASILY FOUND online, so do me a favor and don’t argue with me on this one, young grasshopper. #ChangeThePassword

  5. Create a separate WiFi network for your smart-home gear. This ensures that your main network - the one with your phones, computers, and tablets - will be separated from any smart home devices, better protecting them and you. Most modern routers support multiple networks, so do yourself a huge favor: create two different networks: that means two different WiFi network names, each with their own unique password. Note: never include your name or address in your WiFi network names. That means avoiding names like “Jimmy Dean’s Special Network” or “The Danes Family 134 East Main St., Apartment #4”. You get the drift.

  6. Disable any non-essential services on your new hardware and software and harden (make stronger) any essential services. If you have a device that is always listening or watching, lockdown some of its core functionality:

    • Power off the device when you’re not using it. If that sounds inconvenient, use an old-fashioned outlet timer. That way, your always-listening device is powered off in the middle of the night, every night. Or when you’re away at work during the day. Or both.

    • Change the wake word, if possible.

    • Prevent the parent company from listening to your voice recordings.

    • Delete any old recordings that may have already been saved previously.

For instructions on how to lock down your Alexa device, use this link.

For instructions on how to lock down your Google device, use Google’s info page here or at this secondary link here.

For instructions on how to lock down your Apple HomePod, use this link.

The Lessons Learned

Technology is a fabulous and amazing part of our everyday life. But convenience in our homes and businesses is not a substitute for thinking smartly about our security and privacy. That responsibility will always fall to us, not to the companies who sell us their products.

Caveat emptor, roughly translated from Latin means "Let the buyer beware". That’s never been more important than in the world of technology. I promise that if you employ the method I’ve outlined here (both asking the questions and implementing the device security preferences), you’ll not only be living in a more automated environment but also one that helps protect your security and privacy more.

And that’s a wrap for today’s episode, everyone. Thank you again, for reading and for being a subscriber. Let me know your thoughts in the comments section.

And remember: if you’d like me to write about a topic, drop me a line on our still-open discussion thread at this link.

As always… surf safe.

Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.

Thanksgiving Week AMA ("Ask Me Anything")

Hi subscribers! Happy Thanksgiving to one and all. This week, I’m opening up the conversation to ANYTHING you want to ask me about privacy, security, or technology. That means you can:

  1. Ask about/make requests for future episodes!

  2. Ask a brief question about a technical problem you’re experiencing!

  3. Ask for my advice on a particular piece of software or hardware!

I spend a lot of time thinking up topics that I hope will engage you. But this week, I’m turning over the reigns to you, so… ASK ME ANYTHING!!!

View 6 comments →

Episode 20: How to Lock Down Your Email

Rethinking Email for Privacy and Security

The Background

There’s one technology we all use that’s not really evolved since the 1960s: electronic mail or… email. Email was born before the Internet, making it nearly 60 years old. Originally, the technology was intended for a small number of users to communicate with each other on a shared Unix mainframe (a giant computer with 50-100 user accounts) and with other mainframe computers in other locations. For that specific purpose at that specific time, email was great! But the 1960s were a different time and very few people had access to a Unix mainframe computer to send one another electronic mail.

The Latest Info

60 years later and it’s astounding to see what’s happened to humble email. Despite newer messaging technology like texting, social media, Slack and even video chatting, email is not only still going strong, it’s actually thriving. In 2017, 296 billion emails were sent on average… per day.

This is nothing short of miraculous and highly questionable because email isn’t very safe, very private or very convenient. Let’s take a look at the most glaring vulnerabilities of email and offer a few solutions to help reduce or eliminate them.

Vulnerability #1: One-Factor Authentication

“If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” — White House Cybersecurity Advisor, Richard Clarke

By default, all it takes to gain access to your email is a username and password, something tech professionals refer to as “one-factor authentication”. One-factor authentication doesn’t present much of a challenge to a clever and malicious hacker, so ask yourself: what legal, medical or financial information would be available with access to your email? Worse, what damage could be inflicted upon you, your friends, your family, and your business partners with such access? Ask Mat Honan: a popular writer for such publications as WIRED, Honan was famously hacked in 2012 and saw his Gmail, Twitter and iCloud accounts all get hijacked, defamed and then outright destroyed. While that sucked for Mat, it was almost 100% preventable. Let’s take a look at how…

How to Prevent It:

Solution #1: Implement two or more factors of authentication. One of the simplest ways to help protect against one-factor authentication is to require everyone, including you, to pass through multiple security checkpoints to gain access to your email. While this adds an extra 5–10 seconds of time to your login process, it may save you lost weeks or even months of damage control due to a malicious hack. The rationale behind using multi-factor authentication is sensible: if your email credentials were stolen, any malicious hacker would still be forced to provide a second (or third) challenge to gain access to your email. That simple fact stops most hacks dead in their tracks. Fortunately, the most popular webmail services offer the use of two-factor authentication and help pages to learn how to activate them.

Pro tip: I highly recommend using the free app “Authy” on your iOS and Android devices. It allows TouchID/FaceID confirmation on newer iPhones, stores encrypted backups of your data and allows your two-factor authentication (also known as “2FA”) codes to be shared across a number of devices. That makes it an ideal tool for individuals, families or small businesses who may use different iOS and Android devices to generate challenge codes.

Time Required to Implement:

If you’re not familiar with 2FA, I’d leave an hour of time to download Authy, set up the app on your smart devices and then step through the process of linking your webmail (and other sensitive) accounts. Authy provides easy-to-follow guides on how to set up two-factor authentication on many popular websites and services. I use Authy to safeguard my DropboxTwitterAmazon & Facebook accounts because I NEVER want those accounts hacked.

Vulnerability #2: Sending Data Via Clear Text

“Hardware is easy to protect: lock it in a room, chain it to a desk, or buy a spare. Information poses more of a problem. It can exist in more than one place; be transported halfway across the planet in seconds; and be stolen without your knowledge.” — Bruce Schneier

If we assume that we’re always at risk when working online (and we should!), then sending email (or any text via the internet) is a very risky proposition. That’s primarily because — by default — email is sent in clear text, a format that’s not encrypted. That makes the content of your messages very easy to read by curious or malicious individuals that work for your ISP or for your company IT team. It also makes it possible to view and capture your email address so that whoever intercepts the message also knows who sent it.

How to Prevent It:

Solution #1: Protect your general surfing by using a commercial VPN. Corporations have been using virtual private networks (or VPNs) for years because the software ensures that all network data is encrypted. Individuals can purchase and use VPN services as well, usually for about $60-$70/year. It’s a powerful tool if you can afford it. Here’s why: even if you and a would-be hacker were on the same public WiFi network, your data would be encrypted by using a VPN and thus rendered nearly inaccessible. I’ve written in-depth about how to pick the very best VPN service to protect your data and your privacy. There is only a small group of VPN providers that work hard to protect you. For that reason, I’m a fan of the following five VPN programs:

Solution #2: Protect your email by using either PGP or Proton Mail. PGP, which stands for “pretty good privacy”, is one of the oldest, best and safest tools available for encrypting your email. Emails encrypted with PGP can’t be read by anyone, except for you and your intended recipient(s). So, if you dislike Google, Yahoo, Outlook, and other email providers from having the ability to access and reading your email — and they do! — then encrypting your emails is a simple and smart way to prevent anyone from snooping on your communications. PGP has only two obstacles:

  • If you send emails encrypted with PGP, then all of your recipients will also need to set up and install PGP as well.

  • PGP can be challenging to set up and install for the average person, even with easy-to-follow guidelines like these.

For a simpler way to implement PGP, just use ProtonMail. The service is a free and easy-to-use webmail client that implements PGP automatically in the background. Nice touch… Even better, there’s no set up needed: if you already use Gmail, Yahoo, or Outlook, you’ll know how to use ProtonMail. There’s only one requirement: if you send emails encrypted with ProtonMail’s version of PGP, then all of your recipients will also need to have a free or paid ProtonMail account as well.

Solution #3: Protect being tracked online by using the Brave web browser. This amazing and free browser helps eliminate trackers, most intrusive ads, and forces users to only surf to secured (or https) websites. It’s available for macOS, Linux, Windows, Android and iOS, so there’s no reason not to use it.

Time Required to Implement:

Downloading, enabling and configuring good VPN software should only take 15min of time. Downloading and using the Brave web browser only takes 5min. Setting up a free ProtonMail account takes 5-10min. PGP setup can take 30-60min.

Vulnerability #3: Transmission, One-Factor Receiving & “Eternal” Email

“If privacy is outlawed, only outlaws will have privacy.” — Philip Zimmermann

I’ve grouped these vulnerabilities together because they form some of the core concepts around which email is built. But what if those core concepts could be challenged or changed?!?

  1. Email requires transmitting your message from point A to point B. Does it though? For those who believe that sending encrypted data isn’t safe enough, suppose we re-designed this core functionality of email to halt the transmission of data? This raises an obvious question: if there’s no transmission of data, then how would our emails get sent? The short answer: they wouldn’t be sent. #MindBlown

  2. We can’t force our email recipients to also use two-factor authentication. If we can’t be 100% certain that all of our recipients are protecting our data, then we can’t be 100% certain that our data is safe. But what if we could force our recipients to have and use multi-factor authentication?

  3. We have no control over how long our messages last on other people’s servers. With the amount of space that free webmail providers like Google, Yahoo and Microsoft offer, there’s hardly a need to ever throw emails away. Therefore, even if we’re diligent about deleting all sensitive messages from our own servers, we can’t force others to do the same. But what if we could prevent sensitive messages from being stored on other servers in the first place?

So if you’re curious about how in the world any of this is possible - and you should be - keep reading…

How to Prevent It:

Solution #1: Force recipients to use a password in order to view email. InfoEncrypt is a clever and free service that allows you to send encrypted emails that don’t pass through their servers. Additionally, you’re required to provide a password to both encrypt and decrypt your message. Provide this password to your intended recipient(s) and you’ve got a reasonably secure and easy method of forcing two-factor authentication upon your recipients.

To use InfoCrypt, head to their website and type your message. Enter your password & confirm it in the spaces provided. When ready, click the “Encrypt” button as shown here. You’ll see your message encrypted a few moments later.

If you like, you can now copy/paste and send this encrypted message via any normal method - email, text, etc. - and know that snooping eyes won’t be able to view your note. All that’s left is for you to give the password to your recipients (via some method other than email, of course) for them to view and read the message intended for them. Magic! One neat, new feature: just send a link to your message instead!

Solution #2: Just use ProtonMail. There’s a reason that ProtonMail gets my highest recommendation as the ultimate email solution. Designed by scientists at CERN and MIT, the system is thought to be NSA-proof:

  • it’s kept on servers in Switzerland, who - as a country - maintains far stricter privacy laws than those of the US

  • all servers are located in a secure vault 1000 meters under the rock, making them near impossible for malicious actors to access physically

  • it offers groundbreaking security features in its free tier such as automatic PGP encryption between ProtonMail users, expiring messages, and the ability to send encrypted messages to people off the system

Initially, ProtonMail looks just like any other webmail interface. But once you’ve logged in, you’re prompted for a second password that decrypts your account. If you include two-factor authentication using Authy (and you should), that’s three-factors: quite secure.

ProtonMail is just as easy to navigate and use as any other webmail service. By default, messages from one ProtonMail user to another are encrypted with a version of PGP: zero set up is required. That’s pretty incredible. However, you can also encrypt messages to anyone outside the ProtonMail system. This function works similarly to how InfoEncrypt works, but is more seamless because it’s built right into the system. You’ll still need to choose an encryption/decryption password for your message but ProtonMail allows you to include a hint for that password when your notification is delivered! #WayConvenient Recipients don’t receive your email, but rather a link to view that email on ProtonMail’s servers, encrypted to everyone who doesn’t possess the password.

Finally, ProtonMail allows you to set an expiration time on the message. This tool ensures that only the intended can view messages you want only them to see. By default, ProtonMail messages don’t expire. If you choose to leverage this amazing tool, the longest expiration you can set is for four weeks. I personally set sensitive messages to 2 hours or less. Occasionally, someone misses that window of opportunity. That’s fine: I’d rather be safe than sorry when it comes to very sensitive communication, so I’m always willing to resend. It’s worth the peace-of-mind.

Time Required to Implement:

Using InfoEncrypt only takes minutes of time. Setting up and using a free ProtonMail account takes 5-10min.

Episode Review:

In brief, here are the tools to help you fix the most common email and data communication problems:

  • Secure your email accounts by implementing two or more factors of authentication. Do this by using the free Authy app on your iOS or Android device to manage your authenticator codes.

  • Use PGP or ProtonMail to encrypt your email communications

  • Purchase and use a commercial VPN to help encrypt all of your day-to-day internet surfing. Choose a worthy VPN company that protects your privacy and security.

  • Install and use the free Brave Web browser on all of your computers and smart devices to

  • Use InfoEncrypt for free to encrypt and password protect emails that you can send in any common email program.

  • Use ProtonMail for free to combine sending links, forcing the use of a password to view your emails and expiring messages in one powerful tool.

And that’s a wrap for today’s episode, everyone. Thank you again, for reading and being a subscriber. Let me know your thoughts in the comments section or by email.

As always… surf safe.

Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.

Loading more posts…