Digital preparedness

Rich DCContributor - June 5, 2020

Advice

Full disclosure: some of the staff here know more about this than I do (I’ll likely link shamelessly to their past affiliated sites…) I realize this is a niche topic but wanted to contribute where I could.

If you think of Preparation along the lines of Maslow’s Hierarchy of needs, digital preparedness might be a bit closer to the top in terms or rarity rather than urgency/importance (The base of the pyramid is *more* important than the top, remember) but in situations that fall short of a full grid-down disaster, information can be critical (you are [probably] reading this on a website, after-all!).

You can also think of Digital preparedness as a meta-prep, along the lines of financial-preparedness (of the mutual fund/savings/retirement account variety, rather than the gold/silver investing kind) – something that might help you along the way in anything short of a full-blown apocalypse.

Nothing will ever take the place of learned skills or reference material on printed paper (some digital media you can print out!), but in situations where you’ve prepared for power outages and have your food/water, shelter, and safety taken care of – information certainly can’t hurt.  Even if digital preparedness isn’t essential to your survival scenarios, it can also be helpful for simple organization and maintenance until you have more important things to worry about (similar to financial preparation, where ideally you’ve got savings and retirement accounts in order – and use them as a base to build on your other preps in the event that your savings and retirement accounts don’t exist anymore for exigent reasons).

• Password managers
  • If you buy things online, do online banking/investing, pay bills online – You should really seriously consider a password manager.  They can be a small pain to set up at first but it also forces you to organize and take stock of things.  The better ones will be able to export to standard formats for backup and portability. Good ones integrate with your phone and computer.  See more here:
    • https://www.wired.com/story/best-password-managers/
• Two Factor Authentication
  • By now it’s common enough that you probably have the option for two factor authetication (gmail, your bank, etc).  Enable it.  If you enable it you need to also consider redundancy.  Some sites that offer two factor also provide one time use reset codes – you have to save these and get a limited number.  You can sometimes designate alternate cell phones for two-factor like a trusted family member or friend (or a second backup phone if that’s your thing).  There are different types of two-factor such as cell phone, email, software, or hard token.  Personally I’m OK with cell phone based but your risk-convenience trade offs may differ (and i use a combination of them).  Facebook and Google both have options as well (how much do you trust them though – not saying you shouldn’t just that you should think about it first).  For more information:
    • https://www.wired.com/story/two-factor-authentication-apps-authy-google-authenticator/
• Identity Protection
  • Credit Freezes
    I’ve had my personal information breached at least 4 times that I know of (no true identity theft, but it’s out there for the taking).  Most identity monitoring services tell you when it’s already happened, to [help] prevent it from happening in the first place consider a credit freeze (in the US).  A credit freeze is different from a credit fraud alert – credit fraud alerts are temporary but a credit freeze you control and can turn off/on at your discretion.  Want a new credit card?  Ask the provider which bureau they use and then unfreeze the relevant one – you can even set them to be temporarily unlocked and re-enabled after a set period of time.  It’s not perfect but it may be a deterrent.  You will need to record some private pins/codes – make copies and put them someplace safe you will remember, you might only use them a couple times a decade so plan accordingly.  For more info (I always look for the ftc.gov in the link):
    • https://www.consumer.ftc.gov/articles/0279-extended-fraud-alerts-and-credit-freezes
  • Credit monitoring
    You can pay for credit monitoring if you want (be warned, Equifax had a breach, this is about deterrence, nothing is 100%) but many banks and credit cards offer less-formal credit monitoring options.  I have two separate options and I check them each 1-2 times a month, they’re easy to get to and the next best thing to formal paid services.
  • Consider multiple credit cards
    • For the longest time I had one credit card.  I also paid for everything by credit card (paid it off in full each month).  Once every year or three someone would steal my credit card info and I’d be without a credit card for the 5-10 days it took to replace.  I was not prepared.  Now I have two, one stays in my wallet and one at home locked up.  Also a check card but i avoid using that for my own reasons.
    • Be aware of the impact on your credit score – opening new accounts/cards can cause a hit at first.  You want to balance your credit usage and consider not having a completely inactive card – less of a guide more of an FYI/proceed with awareness (FYI – my at-home card is used for car insurance so it gets some mild usage).
    • For your second+ credit card, consider a different bank (you might get different free services, like that free credit reporting).  Also if one bank gets breached, all your eggs aren’t in one basket (good for money management too I’m told, but thats another topic)
  • You need to consider not just yourself but also anyone you have a joint account with (you may want to reassess your joint accounts – which may have credit score implications if you close older joint cards).  If you are married or have kids, you might want to consider having those chats with anyone you are financially entangled with.
  • Know your public information – If you own property, your name is probably in (multiple) databases linked to your address(es), unless you have an LLC/trust/shell company obscuring your identity.  If you sign up for a grocery store “bonus” card they’re probably selling/sharing your data with someone who is aggregating it.  Not trying to stoke your paranoia or encourage you to change your legal name – just be aware of what you “give out” for free.  Google yourself and see how exposed you really are (sometimes, having a common name comes in real handy, hard to distinguish from all the others!)
• Data backup/archival
  • Do you have files, photos, reference materials, or personal memoirs on your computer that you want to keep forever?  Do you have a backup plan?  There is a lot to consider but sometimes a simple external hard drive and a monthly backup is enough.  Off-site and cloud storage are other options.  Dry acid-free archival quality paper is one of the longest lasting information storage media invented (short of stone tablets?) – but it’s not as portable or convenient.
  • For smaller scale storage, or prep-related storage, you might consider a USB key (think home owners insurance, backup codes for finances, medical records, etc).  There are different types with different features, some claim to be quite impressive.  I *HAVE NOT* vetted this myself, but if you want an upgrade from a basic USB stick for a go bag – something with encryption and security features might appeal to you (seriously do your homework, I’m interested in this but haven’t researched it yet):
    • https://www.ironkey.com/en-US/
  • If you care – many social media and communications platforms allow you to export your data en mass for local use and backup (I *think* you can thank EU data laws for that?) – so there are ways to backup all your facebook photos or emails if that kind of thing is important to you (i’d argue a high quality usb stick with a digital family album stored on it weighs less than the real thing if your house burns down).
• Webpage archival
  • Have you found an article or web page you’ve found helpful and might want to reference in the future?  Maybe you’ve saved it in your bookmarks – what happens when the internet goes down or the website is taken down?  Saving web content offline can be both easy and frustrating.  Dynamic content can be generated on the fly so even if you “save as” to your PC, you might get a blank template when you open it.  Luckily there are solutions:
    • A simple but slower solution is to “print to a PDF.”  It might take 2-3 steps and can be annoying to organize but it will work offline and you can save to your USB/backup storage of choice if you choose to.  Sometimes it messes up formatting but is usually readable.
    • A solution I like (which I *think* can be configured for both offline and cloud based storage) is Apple/Safari Reading lists. Once set up this (in theory) offers me one-click offline storage that (can potentially?) be synchronized across devices.  It’s very much an apple ecosystem tool though.  Bonus – from what I’ve read safari is better for battery life on Macs!
    • There are a number of built in and third party options for this, some with cloud synchronization options.  Too many to research right now, but you have options depending on what works for you.
• Prep logistics
  • Google “My Maps” (https://www.google.com/maps/about/mymaps/) is basically user-friendly digital cartography for the masses – now if you’re a high profile public figure with a secret underground bunker (a general category not a specific reference) you might want to not share that info with Google.  But if you want a list of your friends, family, and locations to consider on the way to a secondary location that are all public knowledge anyway this can be useful.  I mostly use this for planning/brainstorming and personal organization (i would not suggest for an emergency but i would suggest to help you make a hard copy map for emergencies).  I’m unsure if their printed maps are any good but you might be able to make it work.  I believe you can also save these “off line” on your mobile device, even when the internet goes out.
  • Google Docs and Sheets – OK, I’m lazy, there are alternatives for the security conscious but for everyone else, it’s useful to organize.  Contact lists with phone numbers for emergencies (to print out!) and put in your bags – and update as needed.  Scenario planning if you like to write to help you think, even renovations for your primary or secondary residence (if you have a location to “bug out” to). Supply lists for future purchases.  It’s just an organizational tool
  • Accounting – part of the financial meta-prep again.  Since most of my purchases are off amazon it’s easy to see what I’ve spent and what it got me.  I literally have a spreadsheet tallying my prep expenses over time (useful for reassuring the spouse you aren’t “going overboard”)
• Surveillance
  • Wireless cameras – I need to do more research here.  Arlo cameras look appealing to me but I think they require an internet connection to be useful.  Ideally I’d like a wireless-radio camera system, battery powered if possible (even if it uses wifi as the radio mechanism but *does not* require an active internet for monitoring – for scenarios where safety is a concern but you still have power but maybe not internet)
  • Car dash-cams – This was a suggestion off a random prepper site before I settled on The Prepared.  There are versions of these that are set up to record while you’re parked using a battery backup if disturbed or simply record while actively driving your car under power.  After one too many close calls with bad traffic I invested in this more for proof in case anyone tries to sue me but it might have other applications – I like my BlackVue 1 channel with wifi, but I’ve yet to be in an accident with it, so a little hard to test.
• Radio/Communications
  • ThePrepared has an article on ham radios that you should read (https://theprepared.com/survival-skills/guides/beginners-guide-amateur-ham-radio-preppers/) – because my particular breed of “preparation scenarios” gears towards government censorship and net neutrality I’m prone to imagining how ad-hoc mesh networks work or trying to figure out what you can do with a HackRF One software defined radio… but hey, we all need our hobbies.
• Cell Phones
  • Backups – both backup your data and consider having a second phone as a backup.  Backing up your phone is fairly easy, you might do it already but you can go to 7-11 and buy a pay-as-you-go cell phone with a prepaid plan in case your cell phone breaks (is stolen, lost) when you *really* need it.  Be sure to set it up with relevant numbers.  You’ll need to consider battery charge and storage if you don’t use it frequently.  While you’re at it, consider memorizing a couple of important numbers – in case you’re ever arrested (or your battery dies) and don’t have your cell phone to look up the number you need for you one phone call you really need to make.
  • Privacy
    • Consider what kind of encryption your cell phone supports.  For example, Apple has something of a reputation for privacy of mobile devices (i think?) but other vendors may also.
    • Consider what privacy laws apply to forcing you to unlock your phone.  Consider if you trust police or a third party aggressor to honor your rights with regards to fingerprint or face based phone unlock features.  Sometimes an old school strong pass-code is better.
      • Warning: politically adjacent link, but it has valid politically agnostic (and up to date) advice regarding technology usage.  Please don’t ding me for linking to this!
      • https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/
• Devices
  • If you have the means and interest: laptops, tablets, and smartphones are various form factors that are portable.  If it is important to you – you might consider having an old one in a tiered go-bag system (again, consider battery charge issues), or at least having one you can grab on your way out the door.  ThePrepared has reviewed solar chargers that are appropriate for cell phones (and tablets?)
    • https://theprepared.com/gear/reviews/portable-solar-chargers/
  • There are other semi-portable (certainly in a car) solar panel and battery options that might recharge a laptop.  Again, take care of the base of maslow’s needs first (food, water, shelter, protection) but *if you want* there are options available to you.

24  

These are all good suggestions. Another one I’ll add to that is having your data in open formats in regular file storage. For example, a lot of kids failed part of their SAT recently because their iPhones took pictures in Apple’s unusual HEIF format instead of regular JPEG, and the SAT servers couldn’t process HEIF. Another friend lost his Apple Photos library because the database crapped out. I recently discovered that iTunes had deleted some of my music collection. Thankfully, I made a backup before I signed up for Apple Music.

I think it’s also good a good prep to have some sort of Linux system on hand, like an old ThinkPad. Apple has been doing all sorts of screwy things with macOS lately, and whatever Apple does, Microsoft copies. Meanwhile my ThinkPad running Arch Linux runs all the same software it would have ten years ago.

 

Agreed on both counts, great advice.

For a little while, I’ve been mulling over the idea of keeping a spare Raspberry Pi with Raspbian, plus a keyboard and display, in a safe location (possibly Faraday shielded). Having not just a backup of my digital files, but an actual (small) backup computer seems like not the worst idea.

 

I second the bit about data backup. I finally got around to cloud storage of old “important” stuff that had floated from laptop to laptop over the last decade. For documents that aren’t changing, I’m fine with having a copy in both places. And the option I picked is pretty cheap, and I feel so much better about it.

I hadn’t thought about a second phone backup, though. Smart!

 

Definitely good to have accessible backups in addition to any cloud service because sometimes cloud services cease operation or have failures. Another thing that might be helpful for some people is that you can make virtual machines out of all of your old laptops  which you never have time to properly go through and consolidate. I used VirtualBox to put images of 8 old XP and Win7 laptops onto a single drive. If there is some old data I need, I can just launch the VM instead of looking through a zillion old machines.

 

That’s an excellent idea. Transitioning from one laptop to the next has historically been a terrible chore (and a bore). I was hoping that at some point I would be cloud-based enough where there would be minimal things to move over, but that has yet to be the case. Will dig a bit more into virtual machines. Love the concept.

 

@Rich, I’m with you on a lot of your comments. I have a few additional thoughts, some of which overlap with yours.

An older cellphone/mobile can definitely be a valuable asset. For starters, it’s decent for storing backups of documents, equipment manuals, schematics, accessing offline maps, and other reference materials. Just make sure the device is encrypted.

Although there’s no active SIM in my GO device -and because operating silently (or as quietly as possible) is a priority- I keep the battery pulled until it’s needed. When it’s booted and operational, it’s in airplane mode. I also do periodic battery checks and power top-offs, as well as app updates, just to keep things ready.

– If the grid is up and you’re in a bad way, you can still utilize 911, even without a SIM -if that fits your use-case.

– Since most modern cellphones have their own GPS capability, having access to offline maps can help keep you below the radar, too. Check out OSM OpenStreetMap (https://www.openstreetmap.org/) which supports offline navigation.

– I’ve created a number of personalized maps for offline use. These include things like asset locations, hospitals, medical supplies, manually created paths, etc. Once created, export your map to .KML format and import it into OSM OpenStreetMap (offline maps). As you create POIs (points of interest), consider using language only you will understand. I made a map of “quiet, peaceful places” that included things like “Mom’s house”, “$friend’s place”, “the bike path we rode when I proposed” -which, of course, have a totally different meaning for me. Although this is merely obfuscation, it draws less attention than “BUG OUT HERE” or “WEAPONS CACHE HERE”.

– Consider Tor as another tool for your toolbox. (https://www.torproject.org/). While it doesn’t guarantee absolute anonymity, it does bolster your ability to not be surveilled when your laptop or mobile are online.

– Always use a password manager. I highly recommend Password Safe (https://pwsafe.org/)

– Use Signal for end-to-end encrypted text and messaging. (https://signal.org) Moxie Marlinspike and team have created something amazing (their double-ratchet schema is mind-boggling and clever), plus its code has reviewed and lauded by many well-known, top-of-their-game cryptographers.

RE: Unlocking devices for police/authorities.

EFF (Electronic Frontier Foundation), a legal action advocacy organization centered on privacy and security rights, has an excellent series of write-ups entitled “Know Your Rights”. It explains your rights when the police want search your device and what you can/can’t do, etc. There’s also an explainer for border crossings. (https://www.eff.org/issues/know-your-rights)

While I’m here, I’d like to share that reliable digital security consists of 3 things: Something you are, something you have, and something you own. These are the “holy trinity” of modern device security.

Something you are: fingerprint, faceprint, iris
Something you have: Yubikey, 2FA, dongle
Something you know: password/passcode/passphrase

KILLSWITCHES
Killswitches are a viable option for the security/privacy conscious. Some devices have software or hardware killswitches. These vary in implementation.

SOFTWARE KiLLSWITCHES
Some (eg, Garmin smartwatches) have a sw killswitch that, when enabled, wipes the device. Other devices, such as my current mobile (https://www.oneplus.com/) has a software option to “Lockdown” the device. Once initiated, face and fingerprint recognition do not work and the decryption password must be entered to access the device. Pretty handy because you cannot legally be forced to reveal your passcode (something you know) to authorities whereas authorities and bad actors holding your mobile to your face or fingerprint get immediate access. (And, yes, before someone comments, I’m familiar with the possibility of “rubber hose password cracking” method – physical violence, torture), but the idea should work reasonably well for many situations.

HARDWARE KILLSWITCHES
Other devices, such as those made by Purism (https://puri.sm/) have physical hardware killswitches to cut power and disable radios like wifi, bluetooth, or SD card access. This has been a boon for the security and privacy conscious. Their laptops are impressive yet expensive and they’re in the process of developing a mobile with the physical hw killswitches.

FOR THE TRULY SECURITY CONSCIOUS/PARANOID:
PrivacyTools (https://www.privacytools.io) providers, browsers, software, operating systems, & services.
EFF’s Surveillance Self Defence (https://ssd.eff.org) 7 steps to digital security, security modeling/planning, attending protests, defending against social networks, strong passwords,
Tor (https://www.torproject.org/) defend against tracking & surveillance. Circumvent censorship.
Tails (https://tails.boum.org/) is a portable operating system to avoid censorship.

Look into Tripwire.

 

Few few follow ups (thanks for the additional tips & feedback!):

To echo something that @Josh mentions, about macOS specifically (but also applies generally): keep in mind when your platform changes underneath you (Like, every automatic software update you don’t notice…).  For example I went back to test out some of my saved safari-reading lists and a recent update required I use a work-around to get them to load offline (and I needed web based resources to figure it out… Argh!  Prep Failed.) and is also encouraging me to take extra steps to ensure they’re backed up properly/fully.  A nusiance but something I can still work around.  This is not unique to macOs/Apple.  Any service/solution can change without warning rending it less useful, or even useless.  If anything I consider this more incentive to have formalized backup and archival processes in place (and an upvote for the Linux recommendation, probably more stable/backwards compatible?) rather than relying entirely on “easy/convenient” solutions.

@Ef, if you don’t mind sharing/me asking – any particular cloud storage system?  No worries if not.  I assume/hope google has decent network security and I tend to go with google drive for small things in the cloud.

@Matt, I say this in a good humored, appreciative manner: but I feel one upped here!  You have many good comments though and there are much worse things in the world than virtuous feedback loops, much appreciated.  Some additional thoughts inspired by your comments (Even if its not new to you, “sharing with the class”):

• In addition to old cell phones for offline/off grid backups, cell enabled tablets don’t always require cell plans for their GPS functionality to be intact (for the lay-person true GPS is a passive receiver that involves trilateration from multiple known [not locations?  Not 100% sure how the math works for orbiting satellites… but trilateration is the correct concept, not triAngulation – minor trivia fact – I don’t recall if cell phones rely on pure GPS, cell tower locations, or a combination, but the electronics are pretty small either way].  The two iPads I owned never had cell plans activated but research and testing revealed functional GPS units even without a plan. There are probably better explainers but this seemed succinct:
  • https://www.safetrax.in/2017/09/05/gps-cell-tower-triangulation-help-tracking-location/
• Openstreetmap is a good data source but you may need an app to make it work, look into things like OsmAnd (not used directly, but have experience with similar older apps).  Other apps might apply with different features but for those new to this want to give you a place to start.  Note that depending on how much data you pull down, it can take up a bit of space.  On the other hand you might have high quality turn by turn offline navigation for most of the continent.  Different apps might support different scales/download options, its been a while since I’ve used these.
  • https://osmand.net
• Privacy in the world of big data is an interesting, weird, and at times dizzying topic for me.  This is more a wondering out loud: but even if an ISP can’t what you view when you’re using tor, I’d imagine they could tell you’re at least using it?  That alone might paint you as a person of interest unless TOR reaches a tipping point where many people use it for mundane activities all the time.  Anonymity vs privacy is an interesting topic.  IT OPSEC is weird, more than I’m willing to fully commit to, but I found this interesting to browse:
  • https://www.quora.com/What-does-my-ISP-know-when-I-use-Tor

 

@Rich, thanks for elaborating. And, at the risk of looping feedback, here comes my next volley…

I’m totally digging your virgin (never SIM connected) tablet idea(s).

RE: OSM. Yes! I completely overlooked mentioning OSM’s device-specific apps (OsmAnd on Android) and $whateverelse for iOS. So, do that, people. 😉 [Thanks, Rich.]

RE: Tor. Correct, ISPs can see you’re using Tor (if you’re barebacking the interwebs — that is, sans VPN or connecting directly via your home network). And while I’m here, I want to take quick sec to emphasize something to those not familiar: Utilizing Tor isn’t illegal. There’s a lot of FUD (fear, uncertainty, and doubt) sown around out there and you’re going to get the clearest info about Tor from Tor’s project page.

With regard to Tor use being observed (by ISPs): as the saying goes, “Attribution is hard”. To wit, just because someone uses Tor isn’t, in itself, evidence of illegal or nefarious activity. And you’re right, the more people use it for mundane purposes, the better (as it were). To the outside observer, the situation changes from searching for a needle in a haystack of finding a specific needle in a needle stack. On the other hand, Tor is especially critical for journalists and dissidents who might otherwise face targeting, so, the argument could be made that the rest of us looking for mundane things (or nefarious things) could be contributing to inaccessibility for those that truly need it. IOW, use Tor for comms and internet to bolster OPSEC. Want porn? There’s the clear net for that.

Another means of controlling data flow and bolstering OPSEC is to restrict app access to the internet by way of firewall (eg, that Gallery app/Survival Manual app doesn’t need to connect to cell, wifi, or bluetooth, so lock it up) and ad blocking. On mobile devices, these are achieved by rooting the device. There are, as with most things in life, tradeoffs to rooting. XDA-Developers is my goto source for this kind of info. I won’t link it here simply because those that are going to commit to it, will search it out.

Be well. Be safe. Be healthy.

 

You nailed it. I went with Google Drive since I’d been using it for years but mostly to collaborate with people. Fine so far and cheap for the modest amount of storage I need.

 

@Ef, Agreed. Google Drive does a fine enough job. Its ubiquity and services are great for collaboration.

[turns to the rest of the class and tips tinfoil hat]

Cloud Alternatives
Some preppers may not be comfortable using businesses and services that were/are complicit in mass surveillance. The fact is, many users’ sense of trust in companies like Google, Microsoft, Yahoo!, et al. was obliterated back in 2013, when PRISM and other surveillance programs were leaked to the public by one Edward Snowden.

In the wake of these revelations, many a company and community have stepped up to the help provide an opportunity for users to better protect themselves, their interests, and to fortify their personal security/privacy. (Side note for anyone wondering: I write “security/privacy” because security enables privacy and they are intimately intertwined concepts).

I mention all this because (a) there’s probably someone reading this thread and thinking, “Ooh. Google… No thanks!”; and (b) there are many open source/foss/floss communities out there that actively seek to help users keep their data in users’ own hands. Projects and products like ownCloud (https://owncloud.org/) and Nextcloud (https://nextcloud.com/) are options for those that do not trust Google, Amazon, etc. I’ve been watching these two for a number of years and have been really impressed with how far they’ve come in their development.

Cloud/Web of Trust

Here’s another interesting option. If you and someone you know (and trust!) have a product like a Synology NAS (https://www.synology.com/en-us/products/series/home), you can be each other’s cloud backup.

Once my budget enables me to do so, this will be something I implement with a trusted family member.

 

I have two apps that I think would be very useful in a variety of ‘grid-down’ situations.

One is MapFactor navigation. You can download the open-source maps (OSMs) for as much of the globe as you want. I have down to street and individual building maps for all of North America on my phone. Not quite as good information as Google (and may not have complete detail in some more remote areas), but Google doesn’t let you download a copy of their entire North American map. As long as the GPS satellites are still up, you can use MapFactor to navigate by GPS. Even if they’re not, you still have exhaustively detailed, searchable maps on your device and you can navigate by landmark.

The second is Kiwix, which allows you to put an offline copy of Wikipedia on your device. Yes, all of Wikipedia. The version with pictures is a lot bigger, but I thought worth it. Again, searchable etc. in a complete grid-down. I have it on my phone and my laptop.

Lastly, you want to buy a huge (and legit) microSD card to store all of this data on; the internal storage in you phone won’t be enough. I have read that a large fraction of the larger microSD cards on marketplaces like Amazon are fakes, so buy direct from the manufacturer.

I think it’s pretty incredible that I can walk around with detailed maps of a continent and the world’s largest encyclopedia in my pocket, as a afterthought to a device I already use for a bunch of other things. Tech is really pretty incredible when you stop to think about it.

 

@Rich thanks for this topic!

This is very near and dear to me since I really upgraded my digital preparedness last year due to the nature of my work. I have access to many personally identifying information streams and as such I have to take precautions that many wouldn’t have to.

In general though I see this all as preparedness against a phisher, a hacker, an attacker, coffee shops, or someone stealing my laptop. These are the things I mostly did to improve privacy but mostly security focused.

In addition to what you have above these are really important for me to do:

• Auditing my browser extensions once in a while. Only trusted ones. They collect lots of information and as a result I’d rather just not be tracked.
• A VPN Service. This becomes very important in a coffee shop wifi. The fact is that if you use an unsecured wifi (perhaps if you are bugging out) people can watch that traffic. It’s very easy. VPN ensures that nobody can inspect your traffic. It used to be very easy to login to people’s facebook accounts over unsecured wifi for instance.
• No real social media info. The fact is that with my name, my birthday, and my zipcode you can most likely track me down fairly easily. This can be a real problem for phishing attacks. Also Phishers will go onto facebook and see what you like or dislike and use that to get information.
• No social media public comments. Same reason as above. The fact is that Facebook, Instagram, Google, and Twitter own what you say and can do whatever you want with it. Just don’t say anything you wouldn’t want to world to hear.
• Don’t use SMS for 2fa. Get a yubikey, or a secret google voice number. The reason is that it’s very easy to fake an SMS text message.
• Remove unused programs. This is so important, a lot of the time the biggest security threats are what we don’t realize are there.

More _intense_ security measures if someone chooses:

• Protonmail or owning their own email server. Email is not a very secure protocol fundamentally, mainly cause it’s very very old. Protonmail is what I use because I’d prefer things to be securely stored.
• I saw someone else mention Signal. I really like it, it’s encrypted. Also iMessage is encrypted. Apple is actually really good about securing things. Android not as much surprisingly.
• Encryption of Hard Disk. The thing is while many of us have passwords on our computers it’s actually incredibly easy to open up a disk (even if it’s pretty badly damanged) and take whatever someone feels off of it. Since I scan all my financial documents and keep a backup this is really important to me.
• Use a traditional password on your phone unlock. I think someone else mentioned this but you cannot be forced to unlock something with a password. But you can be force to put your fingerprint on something. Legally that is.
• Change your router password please. There’s a wordlist out there of the most common passwords used in routers and it’s generally “password” or some equivalent :-D.
• Hide your wifi router SSID. With a kali linux distribution and a good enough wifi dongle it’s not entirely impossible to break into someone’s wifi. That means someone could be eavesdropping, again not good
• Disable flash in the browser. This is important because flash is an outdated technology and has some vulnerabilities that can turn your computer into a zombie if you run windows.

There’s more suggestions I could add here but at some point it stops paying major dividends for most folks. I also think that some of the tactics to increase cybersecurity can actually do more harm than good. For instance getting rid of all phones for dumb phones, or only using tor, or using crypto currencies. Though it depends on the situation one is in, there are folks I know overseas that need to use these tactics.

Again great topic hope this is helpful! Nice to hear someone else thinking along these lines and love this forum already you all :).

 

@Mike Juliett Kilo,

Browser Extensions
I’m with you on browser extensions. I severely limit how many I have (eg., HTTPS Everywhere, uBlock, PrivacyBadger, ABP [AdBlockPlus], and NoScript). Yes, many extensions to gather data and contact their “mothership”, but many extensions that respect user security and privacy provide options no turn off the “phone hom”.

Trust is a fragile thing and once it’s been abused, it’s hard to ever regain.

And, just as the aforementioned extensions are more or less worthy of some level of trust, it’s always important to keep an eye on any changes the developer may push out. Definitely keep browser extensions updated as they (more often than not) fix issues and vulnerabilities.

VPNs
This is another tough topic. Conceptually, it’s easy, you pay for a service, they protect you. Unfortunately, there are a lot of VPN services out there that have shitty encryption, that have bandwidth issues, or that utilize their own platform for advertising.

TorrentFreak does an annual review of the best VPNs entitled, Which VPN Providers Really Take Anonymity Seriously in 2020? (https://torrentfreak.com/best-vpn-anonymous-no-logging/)

TorrentFreak’s annual list, along with EFF’s Surveillance Self Defense, as well as Privacytool’s and Prism⚡️Break’s (https://prism-break.org/en/) lists of service providers should give the those looking into purchasing VPN services a solid foundation.

What’s your favorite color?
Just a reminder, you don’t have to be truthful or provide any real information when setting up accounts with required fields -or- in response to challenge questions. Instead of answering “What’s your favorite color?” with red, use the opportunity to generate a password in your password manager. Use the password manager for everything you can, even rotating your router access.

/etc/hosts
For those of us dead set on keeping ad networks (read spy platforms that you can’t opt-out of) at bay, you can edit your device’s hosts file to block or redirect that traffic. It’s a pretty in-depth topic, so I’ll spare everyone reading a treatise on how to do this. There are plenty of resources out there with great write-ups. Besides, my comments are long enough anyway.

 

VPNs: News came out today that a lot of “logless” VPN services (which means they promise they don’t store any user data) actually were keeping logs and they were just leaked online. Most of this seemed to come about through Hong Kong, perhaps because of their new “national security” laws, and it affected multiple services that were using the same white-label provider https://www.reddit.com/r/technology/comments/htge8m/seven_no_log_vpn_providers_accused_of_leaking_yup/

If you use UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN — change now!

When buying a VPN, check for trusted reviews and ideally with a company not hosted in China 🤦‍♂️

 

 

This also happened to PureVPN. They were outed in court documents where the FBI details requesting and receiving information from PureVPN which was used in the criminal investigation. But this has very little to do with prepping. Your preparations will not be impacted by a deceitful VPN service.

 

Hello, excellent thread. Pardon the very late reply but there are many useful ideas here.

Based on several of the ideas in this thread, I created the following “Digital Recovery” kit.
I wanted to see: What is the minimal set of items you could put into a small, portable container that would help you regain access to your digital life, perhaps after a fire or other bad event. Something lightweight that you could store with a friend.

The core ‘kit’ is simply:

• A container
• A physical security key. Something that you set up for 2FA access on your digital account(s).

However, I’m sure you could add to this by also including items such as a USB stick with important data; some cash; or other items that may help.

Are there other small, useful items you would include?

 

Export a backup of your passwords from your password manager of choice onto the USB stick as well. I keep a copy of the offline password manager KeepassXC on the USB stick in case my password manager that I normally use is taken offline for some reason. I can import my passwords from a backup and plug them into Keepass and keep going. It also allows for software 2FA tokens if you have the seed codes saved.

Your idea of having a pre-paid sim card is something I haven’t thought of.

Another idea is to store a cryptocurrency hardware wallet in your recovery kit for some decentralized emergency funds.

 

Thank you for the idea on making this digital recovery kit. I just finished off a bottle of medicine and had an extra pill bottle so I decided to make a kit too.

In my kit I have a flash drive containing some important documents and a few pictures, an SD card reader because my laptop doesn’t have a port for it but I need it to connect my camera to my computer, a mini flash light, and a usb charging cable that will charge my phone and the flash light with. All will be wrapped securely with toilet paper, because you never can have too much toilet paper.

 

Hey – fantastic ideas!

Having a card reader; charging cable; and flashlight all sound like excellent items. Kudos!

 

As an older old school prepper I read your excellent article and Matts reply below but came to a slightly different overview. .  I’m now looking at just how much of this technology I can get rid of.  EG my cell phone has been stripped to the bare bones minimum and kept in a Faraday bag. I only have Phone, Text, Downloaded maps and Camera,  Location tracking is turned off.   And the phone is kept turned off until I need to make a call.

I consider much electronic technology contrary to good prepping,though I appreciate many younger people  find technology essential to their lives, But I’m of the KISS principle of planning 🙂

Data / Documents etc I consider essential I download, print off and laminate.   Credit cards I’m weaning myself off,  I only have a DEBIT card now, I’ve disposed of customer loyalty cards as well. Passwords I keep in a notebook, a different one for each website.

 

Being less reliant on digital services is great and something more people should strive for. 

 

Also old-school and as I have seen parts of this thread through email notification, I have wondered in what circumstance the backend of some of these services will remain functional at a time of an emergency so dire that these preparations are needed? I can’t forsee that the people who run these services are going to be sitting at their desks maintaining infrastructure during a crisis so grave that we are all implementing emergency plans.

 

Excellent post and discussion. I’m not super tech-savvy, but one thing I’ve done is to create hard copies of relevant info that I’ve gotten too comfortable having available digitally. I downloaded all my contacts into a spreadsheet, eliminated the marginal ones and cleaned up the data, and printed and laminated a sheet of all my close contacts. 

if you want to get all your contacts out of an iPhone, go into iCloud and download them as a .vcf file, then upload that into your Google account , and it will merge with your gmaiil contacts. You can then pull that into a spreadsheet.

Also basics such as SINs, health insurance numbers, etc. 

 

Create a VeraCrypt volume on a USB. Add non-important files to the outside (photos, music, etc., along with the Windows, Apple, and Linux files for installing VeraCrypt). Make sure your REALLY important files (scans of ID, passports, birth certificate, marriage, mortgage, vehicle deed, password manager files, etc) on the hidden inside volume. 

Put the usb in a waterproof container.

Personally, I think having cash, a map, etc may attract further attention from an adversary. If I saw other things of value, I might consider that the usb’s contents might also be valuable.

 

This is the same process I go through. The downloads for the various VeraCrypt installations can be found at: https://www.veracrypt.fr/en/Downloads.html

You can install a portable version of VeraCrypt on your flash drive that will work with Windows, so that is nice to not have to install it on every Windows computer you come across. But believe that you do need to do a full install on Apple and Linux. 

 

Rich DC, I have read this post several times in the last few years and I always come away with another thing to think about.  Many good ideas here and thank you for taking the time to kick start it.

I work in IT in a hospital and we regularly update and test (somewhat) our Disaster Recovery (DR) and Continuity of Operations Plans (COOP). Much of what we consider tracks this thread with a few exceptions.

Each department in a hospital has a unique COOP because each has specific responsibilities and environments. But all of them have 3 basic assumptions: (1) power is down, limited or sporadic , (2) the Electronic Health Record (EHR) software is down and (3) the ‘network’ is down.

Power is the primary concern; everything else pivots off power.

We have special PCs that store all in-patient information and they are supported by generators. When power goes down, patient records are immediately printed to provide continuity of care.

All COOPs are based on paper and pencil.

Like many others, I have printed copies of key documents and family photos that will be very useful in many disasters.

My blind spot was my extensive Audible and Kindle libraries. Some of those books would be very valuable in a disaster and I have started buying hard copies. The same is true of maps, I am buying many old-school maps and checking for updates when I set the clocks back/ahead (and shake my fire extinguishers and check smoke/CO batteries).

The other blind spot was power. I monitor power across the hospital in many locations and see brownouts every week. Unfortunately, the hospital does not have line conditioning on as much equipment as we should so damage to key electronic equipment is unavoidable.

But I can avoid it at home with a small UPS unit to support my laptops and other equipment.