Discussions
Reply to: What to do about a personal data leak or breach – Before and After Posted 16 hours ago
Reply to: What to do about a personal data leak or breach – Before and After Posted 2 days ago

This is an area where many people only do something about it after the fact. Like the person who thinks about food storage after the hurricane is announced and the store shelves are already empty. It’s already too late. So for you to give some proactive tips on things we can do before is a better way to look at things. It won’t be as organized, but here are some of my random ramblings on what you can do before: Know that whatever information you provide to a doctor, store, or even government, as we are seeing here, will be leaked at some point. Don’t lie on important forms, but maybe don’t, put in your personal email address. So create some alternative email accounts that you can pass out like one for shopping and another for just junk. I have created an alias name, phone number, and email that I use for things that don’t really matter. Does my grocery store rewards card really need my true name, phone number, email, or address? No. Can you change your name in which you receive items from Amazon? Yes. Maybe my real name is James Gentry but I receive packages to my house in the name of Harry Yonker. I still get my packages but Amazon and the different people and companies shipping out my stuff don’t know my real name. Little things like that will lower your attack surface and who cares if it leaks online someday, it will show that Harry Yonker lives at my address instead of me and people trying to target me will have a bit harder time doing so. Can I offer another service in addition to the very well recommended and free encrypted messenger Signal? There is another app called MySudo. It’s a very organized and easy way to set up some of these aliases or different compartmentalized areas of your life. You can get 1-9 additional phone numbers and email addresses that then can be given out to places instead of your personal number and email. So maybe you give out one phone number and email to all government organizations, another is used only for banking, and another is just for absolute junk and can be used on all those dumb websites that need an email address to continue viewing the site. It’s a very cheap and easy way to protect different areas of your life. I wrote a post about how to view your credit report and place a freeze on it. I wouldn’t pay money for a credit or identity theft protection. Placing a freeze on your credit, and enabling good practices such as password manager, 2FA, shredding documents with your info on them, etc.. will probably do more good than any of these services. Your homeowners or renters insurance might even cover expenses incurred if you are the victim of identity theft, mine does. When you are involved in a leak or breach, because it will happen, here are some tips I have on what to do (AFTER). Take a breather and know that it will be okay. It’s too late to change the past, but lets keep a calm head for the future damage control and cleanup we have to do. As soon as you become aware of the leak or breach, go into that account and access the damage. If everything they have on you was included, what would the damage be? Maybe only phone numbers were leaked, but it usually takes some time before the organization themselves knows the full extent of the damages. Still, the first thing that I do is go into the online account and change my password, even if the company says passwords weren’t included in the breach. I’ve seen before that they later come out and say that passwords were included after all.  You should be using a unique password for every site, see brownfox-ff’s tip on password managers, but if you didn’t, you will need to change your password on every site in which you used that ‘recycled’ password. Be aware of phishing scams following a breach. Tmobile has had many breaches over the past few years of data being stolen. And by being aware of that breach allows me to put up my guard that if I receive a call from Tmobile in the coming months asking me to confirm information, then I know it could be a scammer taking that breach data and then calling everyone and getting more info from them. In this case I would politely say to them “What is this call about? Okay, well I’ve been scammed by receiving calls like this in the past (even though I haven’t) and I will call the main corporate number or go into a local Tmobile store and talk with them about the issue.” I then hang up.

Reply to: News roundup for Fri, Jul 01, 2022 Posted 2 days ago

Much of the media is calling the database exposure of California gun information a breach. The article you linked to called it by the correct name of a leak. A breach is when someone illegally breaks into a system and steals information. In this case the information was publicly available on their website due to poor security. California created a map on their website in which people could type in a county and see how many registered gun owners there were in that area. The thing though is this database that served and generated the map pulled from the actual database with people’s reals names, addresses, etc… So if you knew how to read that data being transmitted you could download the entire database. This leak includes information such as name, race, address, date of birth, and what type of concealed carry permit they have (I.e. civilian, law enforcement, judge, etc…) You see how valuable that information is to a bad guy or someone wanting to target a particular demographic like all African Americans, judges, or law enforcement? What can we do about it? Well your address, name, and date of birth are already pretty much everywhere on various people search sites and in county tax records, so although it stings and feels like a privacy violation (it sure is) it might not be that big of an impact. I’m sure there will be many people who will say “Eh, I have nothing to hide.” or “I don’t care if they know I have a gun, let someone come at me and I’ll show them who’s boss!” For operational security purposes, though it might be damaging if you would rather not tell the world that you own a firearm. Criminals now know that your house contains a firearm that they could steal and use to commit crimes. But even if you don’t own a gun and aren’t included in this leak, people now know that your house doesn’t have a registered weapon and your house might be a bigger target for a home invasion. And even a minor consequence might be that gun magazines or rights organizations will take this database and serve ads to your house in the future. There is no good benefit of this information being out there, even if it is just a minor stress. We all have enough stress as it is and don’t need someone leaving harassing voicemails after the next mass shooting calling you a child killer just because you own a gun.

Reply to: A review of NextDNS. Stop unwanted content from ever reaching your internet connected device Posted 1 week ago

I’m sure people would love to see a pi-hole guide, I would. The nice thing about pi-hole is that you aren’t trusting a third party for your DNS and can keep it all local. The downside is more tinkering, and if your device leaves that home network you are unprotected. So I still like NextDNS for on-the-go devices like your smart phone. I do think that NextDNS is very simple and easy to set up for the average person. The only thing the newbie might get caught up on is how to add a site to the Allowlist or how to identify which part of the site is being blocked. For example, site A might load fine but so many websites also talk to other sites and have imbedded plugins to function how the web designer intended. An easy enough fix and one that I do, is if I load a site and it looks weird, I go into the log section of NextDNS, then try loading the site again and the new inquery will show up at the top and you can see which part is being blocked. Just copy and paste that to the Allowlist and you are good to go. I’ve only had to do this once so far this week, which means that the filters don’t have many false positives for my use case. Right now I am at 19,125 queries, 4,108 of those have been blocked, which means 21.48% of my traffic is stuff I don’t want even coming to my device. Almost 1/4! I definitely like using this. And it’s not just full sites that are being blocked, that would only be like 0.5%, most of what is being blocked is the back end of websites, plugins, and other creepy trackers. A project I am going to be working on this week is to have NextDNS loaded on my laptop, boot up my other computer and watch all the queries come in from Windows trying to call home. I imagine there should be a lot. I then can notate all those addresses and add to my Denylist.  Do I trust NextDNS? For my threat model, yes. They have a very short, clean, and impressive privacy policy and give users control over their data. Once I am done playing with them and know I want to stick with this service for a while, I will probably turn off logging for some additional privacy.  One thing I would have liked to see implemented is 2FA on the user’s account.

Reply to: A review of NextDNS. Stop unwanted content from ever reaching your internet connected device Posted 1 week ago
A review of NextDNS. Stop unwanted content from ever reaching your internet connected device
4
14
Posted 2 weeks ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago
Reply to: News roundup for Fri, Jun 03, 2022 Posted 4 weeks ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago

Welcome to prepping and the forum! Here’s another forum thread I previously commented on with a list of which documents to carry. Now to answer a few of your questions.  These are my opinions, so don’t take it as what you should do, but do what makes sense for you. I do think you should duplicate important documents in each family member’s bag. If they get separated then they will have all the valuable info they need still. USB flash drives are cheap and it’s easy to just copy and paste your important documents. You may not want to have the full load out of paper docs in each bag, but at least do digital. In the parent’s bags, have a copy of everything. All of your info, your spouses’ info, and that of your kids. But your kids don’t necessarily need to have all your documents. If you encrypt the documents on a flash drive then there is no worry if it gets stolen because they can’t access it without the password. And it should be a password that you will remember and store in a password manager. But I do see your concern with paper documents getting stolen. But they could get stolen in your house at any time if someone were to break in anyways right? I strongly recommend looking into a password manager if you are worried about forgetting passwords and how to store account numbers. In my password manager, I have all my banking info, username, password, account numbers, etc… plus all the accounts for utilities, mortgage, Facebook, and every online account I have. It’s a great place to store all your info under one strong master password that you won’t forget. If you are interested, I recommend checking out Bitwarden.

Reply to: News roundup for Fri, Apr 29, 2022 Posted 2 months ago
Reply to: News roundup for Fri, Apr 29, 2022 Posted 2 months ago
Reply to: Digital preparedness Posted 2 months ago
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 19, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022

The Sandisk Ultra Fits are very cheap, incredibly small, and work wonderfully. They are made of a completely plastic material though and I’ve had one crack from being used so much. They had a good warranty though and replaced it. I would also skip the cruise ones that have moving parts and have it slide in and out of a housing. It just leaves more points open to failure. The Sandisk Ultra Flair looks to be good with a full metal body design. It comes in up to 512GB, so should be plenty of space for the essentials for a bug out bag. If you do need larger, stay away from mechanical hard drives that are prone to breaking from vibration and movement. Get an SSD. I’ve heard these are pretty solid and come in sizes up to 4tb Last note is to make sure you have appropriate adapters to connect it to the devices you would be bugging out with or possibly run into while bugging out. Keep it in a sealed waterproof container.

Load more...
A review of NextDNS. Stop unwanted content from ever reaching your internet connected device
4
14
Posted 2 weeks ago
List of 3D Printing files for preppers
1
8
Posted March 12, 2021
Get free weekly credit reports – prevent identity theft and fraud
2
9
Posted January 26, 2021
Reply to: What to do about a personal data leak or breach – Before and After Posted 16 hours ago
Reply to: What to do about a personal data leak or breach – Before and After Posted 2 days ago

This is an area where many people only do something about it after the fact. Like the person who thinks about food storage after the hurricane is announced and the store shelves are already empty. It’s already too late. So for you to give some proactive tips on things we can do before is a better way to look at things. It won’t be as organized, but here are some of my random ramblings on what you can do before: Know that whatever information you provide to a doctor, store, or even government, as we are seeing here, will be leaked at some point. Don’t lie on important forms, but maybe don’t, put in your personal email address. So create some alternative email accounts that you can pass out like one for shopping and another for just junk. I have created an alias name, phone number, and email that I use for things that don’t really matter. Does my grocery store rewards card really need my true name, phone number, email, or address? No. Can you change your name in which you receive items from Amazon? Yes. Maybe my real name is James Gentry but I receive packages to my house in the name of Harry Yonker. I still get my packages but Amazon and the different people and companies shipping out my stuff don’t know my real name. Little things like that will lower your attack surface and who cares if it leaks online someday, it will show that Harry Yonker lives at my address instead of me and people trying to target me will have a bit harder time doing so. Can I offer another service in addition to the very well recommended and free encrypted messenger Signal? There is another app called MySudo. It’s a very organized and easy way to set up some of these aliases or different compartmentalized areas of your life. You can get 1-9 additional phone numbers and email addresses that then can be given out to places instead of your personal number and email. So maybe you give out one phone number and email to all government organizations, another is used only for banking, and another is just for absolute junk and can be used on all those dumb websites that need an email address to continue viewing the site. It’s a very cheap and easy way to protect different areas of your life. I wrote a post about how to view your credit report and place a freeze on it. I wouldn’t pay money for a credit or identity theft protection. Placing a freeze on your credit, and enabling good practices such as password manager, 2FA, shredding documents with your info on them, etc.. will probably do more good than any of these services. Your homeowners or renters insurance might even cover expenses incurred if you are the victim of identity theft, mine does. When you are involved in a leak or breach, because it will happen, here are some tips I have on what to do (AFTER). Take a breather and know that it will be okay. It’s too late to change the past, but lets keep a calm head for the future damage control and cleanup we have to do. As soon as you become aware of the leak or breach, go into that account and access the damage. If everything they have on you was included, what would the damage be? Maybe only phone numbers were leaked, but it usually takes some time before the organization themselves knows the full extent of the damages. Still, the first thing that I do is go into the online account and change my password, even if the company says passwords weren’t included in the breach. I’ve seen before that they later come out and say that passwords were included after all.  You should be using a unique password for every site, see brownfox-ff’s tip on password managers, but if you didn’t, you will need to change your password on every site in which you used that ‘recycled’ password. Be aware of phishing scams following a breach. Tmobile has had many breaches over the past few years of data being stolen. And by being aware of that breach allows me to put up my guard that if I receive a call from Tmobile in the coming months asking me to confirm information, then I know it could be a scammer taking that breach data and then calling everyone and getting more info from them. In this case I would politely say to them “What is this call about? Okay, well I’ve been scammed by receiving calls like this in the past (even though I haven’t) and I will call the main corporate number or go into a local Tmobile store and talk with them about the issue.” I then hang up.

Reply to: News roundup for Fri, Jul 01, 2022 Posted 2 days ago

Much of the media is calling the database exposure of California gun information a breach. The article you linked to called it by the correct name of a leak. A breach is when someone illegally breaks into a system and steals information. In this case the information was publicly available on their website due to poor security. California created a map on their website in which people could type in a county and see how many registered gun owners there were in that area. The thing though is this database that served and generated the map pulled from the actual database with people’s reals names, addresses, etc… So if you knew how to read that data being transmitted you could download the entire database. This leak includes information such as name, race, address, date of birth, and what type of concealed carry permit they have (I.e. civilian, law enforcement, judge, etc…) You see how valuable that information is to a bad guy or someone wanting to target a particular demographic like all African Americans, judges, or law enforcement? What can we do about it? Well your address, name, and date of birth are already pretty much everywhere on various people search sites and in county tax records, so although it stings and feels like a privacy violation (it sure is) it might not be that big of an impact. I’m sure there will be many people who will say “Eh, I have nothing to hide.” or “I don’t care if they know I have a gun, let someone come at me and I’ll show them who’s boss!” For operational security purposes, though it might be damaging if you would rather not tell the world that you own a firearm. Criminals now know that your house contains a firearm that they could steal and use to commit crimes. But even if you don’t own a gun and aren’t included in this leak, people now know that your house doesn’t have a registered weapon and your house might be a bigger target for a home invasion. And even a minor consequence might be that gun magazines or rights organizations will take this database and serve ads to your house in the future. There is no good benefit of this information being out there, even if it is just a minor stress. We all have enough stress as it is and don’t need someone leaving harassing voicemails after the next mass shooting calling you a child killer just because you own a gun.

Reply to: A review of NextDNS. Stop unwanted content from ever reaching your internet connected device Posted 1 week ago

I’m sure people would love to see a pi-hole guide, I would. The nice thing about pi-hole is that you aren’t trusting a third party for your DNS and can keep it all local. The downside is more tinkering, and if your device leaves that home network you are unprotected. So I still like NextDNS for on-the-go devices like your smart phone. I do think that NextDNS is very simple and easy to set up for the average person. The only thing the newbie might get caught up on is how to add a site to the Allowlist or how to identify which part of the site is being blocked. For example, site A might load fine but so many websites also talk to other sites and have imbedded plugins to function how the web designer intended. An easy enough fix and one that I do, is if I load a site and it looks weird, I go into the log section of NextDNS, then try loading the site again and the new inquery will show up at the top and you can see which part is being blocked. Just copy and paste that to the Allowlist and you are good to go. I’ve only had to do this once so far this week, which means that the filters don’t have many false positives for my use case. Right now I am at 19,125 queries, 4,108 of those have been blocked, which means 21.48% of my traffic is stuff I don’t want even coming to my device. Almost 1/4! I definitely like using this. And it’s not just full sites that are being blocked, that would only be like 0.5%, most of what is being blocked is the back end of websites, plugins, and other creepy trackers. A project I am going to be working on this week is to have NextDNS loaded on my laptop, boot up my other computer and watch all the queries come in from Windows trying to call home. I imagine there should be a lot. I then can notate all those addresses and add to my Denylist.  Do I trust NextDNS? For my threat model, yes. They have a very short, clean, and impressive privacy policy and give users control over their data. Once I am done playing with them and know I want to stick with this service for a while, I will probably turn off logging for some additional privacy.  One thing I would have liked to see implemented is 2FA on the user’s account.

Reply to: A review of NextDNS. Stop unwanted content from ever reaching your internet connected device Posted 1 week ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago
Reply to: News roundup for Fri, Jun 03, 2022 Posted 4 weeks ago
Reply to: Tech security question, having critical docs online safely Posted 4 weeks ago
Reply to: Dealing with documents/important info when SHTF Posted 4 weeks ago

Welcome to prepping and the forum! Here’s another forum thread I previously commented on with a list of which documents to carry. Now to answer a few of your questions.  These are my opinions, so don’t take it as what you should do, but do what makes sense for you. I do think you should duplicate important documents in each family member’s bag. If they get separated then they will have all the valuable info they need still. USB flash drives are cheap and it’s easy to just copy and paste your important documents. You may not want to have the full load out of paper docs in each bag, but at least do digital. In the parent’s bags, have a copy of everything. All of your info, your spouses’ info, and that of your kids. But your kids don’t necessarily need to have all your documents. If you encrypt the documents on a flash drive then there is no worry if it gets stolen because they can’t access it without the password. And it should be a password that you will remember and store in a password manager. But I do see your concern with paper documents getting stolen. But they could get stolen in your house at any time if someone were to break in anyways right? I strongly recommend looking into a password manager if you are worried about forgetting passwords and how to store account numbers. In my password manager, I have all my banking info, username, password, account numbers, etc… plus all the accounts for utilities, mortgage, Facebook, and every online account I have. It’s a great place to store all your info under one strong master password that you won’t forget. If you are interested, I recommend checking out Bitwarden.

Reply to: News roundup for Fri, Apr 29, 2022 Posted 2 months ago
Reply to: News roundup for Fri, Apr 29, 2022 Posted 2 months ago
Reply to: Digital preparedness Posted 2 months ago
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 19, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022
Reply to: Good portable hard drive or flash drive for bug out bag? Posted March 18, 2022

The Sandisk Ultra Fits are very cheap, incredibly small, and work wonderfully. They are made of a completely plastic material though and I’ve had one crack from being used so much. They had a good warranty though and replaced it. I would also skip the cruise ones that have moving parts and have it slide in and out of a housing. It just leaves more points open to failure. The Sandisk Ultra Flair looks to be good with a full metal body design. It comes in up to 512GB, so should be plenty of space for the essentials for a bug out bag. If you do need larger, stay away from mechanical hard drives that are prone to breaking from vibration and movement. Get an SSD. I’ve heard these are pretty solid and come in sizes up to 4tb Last note is to make sure you have appropriate adapters to connect it to the devices you would be bugging out with or possibly run into while bugging out. Keep it in a sealed waterproof container.

Reply to: C. Crane Skywave and Skywave SSB out of stock – What is the best alternative? Posted March 18, 2022
Load more...