Articles


Index


2019201820172016


2019


If you aren’t using two-factor authentication, your accounts are vulnerable

Richie Koch – ProtonMail Blog

Earlier this year, security researchers discovered a fire sale taking place on the dark web: 2.2 billion usernames and passwords that had been stolen in data breaches and compiled into a multi-volume database dubbed as Collection #1-5. With so many passwords leaked, there is a decent chance that yours was among them. If hackers tried to log in to your accounts before you had a chance to change your passwords, only one thing might have saved you: two-factor authentication.


Locking down Signal

Martin Shelton – Freedom of the Press Foundation

Concerned about the privacy and security of your communications? Follow our guide to locking down Signal.


Encryption toolkit for media makers: Disk Utility guide

Olivia Martin – Freedom of the Press Foundation

DiskUtility, available exclusively on macOS machines, is optimized to create encrypted spaces on both your computer and external storage devices.


Encryption toolkit for media makers: An introduction

Olivia Martin – Freedom of the Press Foundation

For media makers working in film, journalism, and the arts, data protection is essential. Learn how you can use encryption to build up your defenses, and protect your work.


Privacy is power

Carissa Véliz – Aeon

Don’t just give away your privacy to the likes of Google and Facebook – protect it, or you disempower us all.


I Visited 47 Sites. Hundreds of Trackers Followed Me.

Farhad Manjoo – The New York Times

Earlier this year, an editor working on The Times’s Privacy Project asked me whether I’d be interested in having all my digital activity tracked, examined in meticulous detail and then published — you know, for journalism.


Encryption toolkit for media makers: A VeraCrypt guide

Olivia Martin – Freedom of the Press Foundation

VeraCrypt, an open source tool available on all major operating systems, is well-suited to meet the data encryption needs of virtually any media team.


How to hear (and delete) every conversation your Amazon Alexa has recorded

Natt Garun – The Verge


Tor Is Easier Than Ever. Time to Give It a Try

Lily Hay Newman – WIRED

Been curious about Tor but worried it’s too complicated to use? Good news!


2018


How to think about data in 2019

The Economist

It is tangible human beings, not abstract “data”, that power the online economy.


Choosing a password manager

Martin Shelton – Freedom of the Press Foundation (FPF)

As password breaches become more frequent, learning how to protect online accounts is more important than ever.


The 25 Most Popular Passwords of 2018 Will Make You Feel Like a Security Genius

Melanie Ehrenkranz – Gizmodo

For the last seven years, SplashData has revealed its annual list of the most commonly used passwords of the year. This time around, the results reveal that, uh, we still have work to do.


The WIRED Guide to Data Breaches

Lily Hay Newman – WIRED

Everything you ever wanted to know about Equifax, Marriott, and the problem with Social Security numbers.


What Constant Surveillance Does to Your Brain

Kaleigh Rogers – Motherboard

Technology is getting more adept at tracking our moves and anticipating our choices, and being watched all the time can make us feel anxious.


How to protect your phone or computer when crossing borders

Ben Wolford – ProtonMail Blog

Border agents have broad powers to search people crossing borders, including their phones and laptops.But there are ways to protect your data when crossing international borders if you understand the technology and the law.


Online security 101: Tips for protecting your privacy from hackers and spies

Zack Whittaker – ZDNet

This simple advice will help to protect you against hackers and government surveillance.


Six really practical ways to protect your privacy online

Amnesty International UK

Help stop companies and governments snooping on you with these 6 easy steps to protect your privacy online.


Internet Safety for Kids – 6 Tips to Protect Children Online

Leah Bachmann – LastPass

The internet is a complicated place. It’s where kids can find adorable dog pictures and the latest news on their favorite band or movie star, but it’s also the host of adult content that isn’t safe for kids. And just like you are at risk of exposure to data breaches and identity theft, so are your kids!


Setting up two-factor authentication (2FA)

National Cyber Security Centre (NCSC)

How setting up 2FA can help protect your online accounts, even if your password is stolen.


How to hear (and delete) every conversation your Google Home has recorded

Stefan Etienne – The Verge


What Does Private Browsing Mode Do?

Martin Shelton – Medium

Most popular web browsers support two types of windows: ordinary windows and “private browsing” mode. I research how people understand the web for a living. Trust me when I say, if you’re not sure what private browsing does, you’re in good company. Researchers have found widespread misconceptions about what information is visible through private browsing. So let’s talk about what it does and doesn’t do.


Three Reasons Why the “Nothing to Hide” Argument is Flawed

DuckDuckGo

Over the years, we at DuckDuckGo have often heard a flawed counter-argument to online privacy: “Why should I care? I have nothing to hide.”
As Internet privacy has become more mainstream, this argument is rightfully fading away. However, it’s still floating around and so we wanted to take a moment to explain three key reasons why it’s flawed.


Two-Factor Authentication for Beginners

Martin Shelton – Medium

Passwords are the brittle wall that keep unwanted visitors out of your accounts. When it comes to account protection, two-factor authentication is one of the most effective defenses available.


The real problem with encryption backdoors

Ben Wolford – ProtonMail Blog

With appeals to “national security,” governments around the world are pushing for encryption backdoors that would allow them to break into the secure data of suspected criminals. Simply put, this is a terrible idea.


GDPR terminology in plain English

Alex Ewerlöf – freeCodeCamp

Learn what the General Data Protection Regulation is all about and in what way it affects users, developers and businesses.


Protect your data, protect your human rights: Amnesty’s three-step guide

Amnesty International UK

A step-by-step guide to protecting your data online, in the wake of the Cambridge Analytica and Facebook scandal.


Facebook Scans the Photos and Links You Send on Messenger

Sarah Frier – Bloomberg

Facebook Inc. scans the links and images that people send each other on Facebook Messenger, and reads chats when they’re flagged to moderators, making sure the content abides by the company’s rules. If it doesn’t, it gets blocked or taken down.


But what if my password manager gets hacked?! A few thoughts on how to talk about security worries with non-experts

Jessy Irwin – jessysaurusrex

Security is not binary, it exists on a scale from 1 to 99 that will never, ever be 100%.


What does a secure web connection actually do?

Daniel Davis – DuckDuckGo

Many websites use “https://” at the beginning of their address rather than “http://“. But what protection does that give you? How much of your surfing data is secure?


How to create a genuinely strong password for your digital life

K.G Orphanides – WIRED UK

What sort of password ensures optimal security? There are a few ways to change and reset your password to make it stronger.


Security Vulnerabilities Explained with Rivers and Parties

Andrea Zanin – freeCodeCamp

Security vulnerabilities can be boring to learn. But you still need to learn them, unless you want some hacker to delete all your production databases. To make it a bit more entertaining, I tried to explain 3 major vulnerabilities in terms of every day life.


How Long is Long Enough? Minimum Password Lengths by the World’s Top Sites

Troy Hunt

I’ve been giving a bunch of thought to passwords lately. Here we have this absolute cornerstone of security – a paradigm that every single person with an online account understands – yet we see fundamentally different approaches to how services handle them. Some have strict complexity rules. Some have low max lengths. Some won’t let you paste a password. Some force you to regularly rotate it. It’s all over the place.


HTTPS explained with carrier pigeons

Andrea Zanin – freeCodeCamp

Learn how HTTPS works by reading about Alice, Bob and a lot of carrier pigeons.


2017


The 25 Most Popular Passwords of 2017: You Sweet, Misguided Fools

Melanie Ehrenkranz – Gizmodo

Every year, SplashData compiles a list of the most popular passwords based on millions of stolen logins made public in the last year. And each time, we own ourselves. Hard. 2017 is no exception.


The Market for Stolen Account Credentials

Krebs on Security – Brian Krebs

Today’s post looks at the price of stolen credentials for just about any e-commerce, bank site or popular online service, and provides a glimpse into the fortunes that an enterprising credential thief can earn selling these accounts on consignment.


A Simple Checklist To Help You Not Get Hacked

DJ Pangburn – Fast Company

There are a lot of in-depth guides to staying safe online. Citizen Lab and a group of security gurus built an interactive tool to keep things simpler.


I’m Sorry You Feel This Way NatWest, but HTTPS on Your Landing Page Is Important

Troy Hunt

We’re on a march towards HTTPS everywhere. Almost 70% of web traffic today is encrypted and organisations not getting with the program are being increasingly penalised for lagging behind.


Have you been ‘pwned’ in a data breach? Troy Hunt can tell

Matt O’Brien – Associated Press

Troy Hunt has collected a trove of 4.8 billion stolen identity records pulled from the darkest corners of the internet — but he isn’t a hacker.


Here’s What I’m Telling US Congress about Data Breaches

Troy Hunt

Last week I wrote about my upcoming congressional testimony and wow – you guys are awesome! Seriously, the feedback there was absolutely sensational and it’s helped shape what I’ll be saying to the US Congress, including lifting specific wording and phrases provided by some of you. Thank you!
As I explained in that first blog post, I’m required to submit a written testimony 48 hours in advance of the event. That testimony is now publicly accessible and reproduced [at the link].


The Safest Conversation You’ll Have This Holiday

Gennie Gebhart, Soraya Okuda, and Jason Kelley – Electronic Frontier Foundation (EFF)

Do your friends and family rope you into providing tech support when you’re home for the holidays? Use this opportunity to be a digital security hero and rescue your family from tracking cookies, unencrypted disks, insecure chats, and recycled passwords.


Your Holiday Cybersecurity Guide

Robert Graham – Errata Security

Many of us are visiting parents/relatives this Thanksgiving/Christmas, and will have an opportunity to help our them with cybersecurity issues. I thought I’d write up a quick guide of the most important things.


How to give your parents the security talk this Thanksgiving

Alfred Ng – CNET

Yes, it can be a pain, but teaching them to avoid phishing emails now will save headaches later. Here’s help.


Two passwords are always better than one

Jessy Irwin – The Outline

Two-factor authentication adoption rates are low. Is it because cybersecurity experts are making the perfect the enemy of the good?


How to Protect Yourself Against Spearphishing

Joyce Rice and Micah Lee – The Nib

The famous “DNC hacks” weren’t hacks – they were phished. Don’t let it happen to you!


The One Valuable Thing All Websites Have: Reputation (and Why It’s Attractive to Phishers)

Troy Hunt

Here’s something I hear quite a bit when talking about security things: “Our site isn’t a target, it doesn’t have anything valuable on it.”
This is usually the retort that comes back in defence of some pretty shady practices and in the mind of the defendant, it’s a perfectly reasonable position. They don’t collect any credentials, they don’t have any payment info and in many cases, the site is simply a static representation of content that rarely changes. So what upside is there for an attacker?


Secure your Chats!

Net Alert

When you send a postcard through the mail, the content is not protected and anyone who handles it could read it. The same is true of SMS text messages–any carrier of the message can potentially read the contents.
When a message is encrypted, it is scrambled so that only the sender and receiver can read it. Think of it like using a sealed envelope to send a letter in the mail instead of a post card.


A Guide to Common Types of Two-Factor Authentication on the Web

Jacob Hoffman-Andrews and Gennie Gebhart – Electronic Frontier Foundation (EFF)

Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it’s becoming much more common across the web. With often just a few clicks in a given account’s settings, 2FA adds an extra layer of security to your online accounts on top of your password.


Decoding two-factor authentication: which solution is right for you?

Nathan White and Anqi Li – Access Now

You may have heard of two-factor — or multi-factor — authentication (2FA or MFA) as a way to add a layer of security on top of your accounts. In addition to your username and password, enabling two-factor lets you use a second form of authentication, which may block thieves from accessing your information. A second factor to show that you are you — not an intruder — could be a hardware key, a dedicated phone application, an SMS text message, or your fingerprint. With so many options, it can be hard to decide which second factor to use. That’s why we created this guide to help you make an informed choice.


The Unexpected Benefits of Encrypted Writing

Standard Notes

I’ve spent about the last decade of my life developing tools for note taking and file management, the most important of which is an encrypted note-taking app. And when I talk to others about how their lives changed once they knew their thoughts and words were private, the response is always the same: “I feel free,” is what I hear. They talk about the subtle, but powerful, difference privacy brings you. You become accustomed to the luxury of knowing what you say will never be repeated.


Living with password re-use

National Cyber Security Centre (NCSC)

In a perfect world we’d use unique passwords for every online service. But the world isn’t perfect…


Passwords Evolved: Authentication Guidance for the Modern Era

Troy Hunt

Up until the last couple of decades, we had a small number of accounts and very limited connectivity which made for a pretty simple threat landscape. Your “adversaries” were those in the immediate vicinity, that is people who could gain direct physical access to the system. Over time that extended to remote users who could dial in – I mean literally dial in via phone – and that threat landscape grew. You pretty much know the story from here: more connectivity, more accounts, more threat actors and particularly in recent years, more data breaches. Suddenly, the simple premise of matching strings no longer seems like such a good idea.


Don’t be fooled: Metadata is the real data

Mo Bitar – Standard Notes

In a crime case, investigators don’t have access to “the truth” — the data, if you will. All they have are clues which can be put together to make as perfect a guess as possible as to what the nature of the truth is. Metadata.


How To Encrypt Your Devices

DuckDuckGo

When data is encrypted, it turns into a seemingly random collection of characters, unless of course you have the decryption key! The ability to encrypt all the data on a device is now usually built-in to its operating system, meaning there is no good excuse not to protect your privacy in this manner.


VPNs Are Absolutely a Solution to a Policy Problem

Mo Bitar – Standard Notes

VPNs are absolutely a solution to policy issues, and we would be wrong to treat them differently.


Encryption Makes a Better World

Mo Bitar – Standard Notes

Changing the nature of governance through encryption.


Privacy is Power

Mo Bitar – Standard Notes

Why the fight for privacy matters.


Upgrading WhatsApp Security

Martin Shelton – Medium

With over a billion users, there’s a good chance you have friends on WhatsApp, an easy-to-use mobile messenger. With some tweaks, you can make it much more secure for routine conversations.


A Followup About AV Test Reports

Robert O’Callahan – Eyes Above The Waves

Well, my post [Disable Your Antivirus Software (Except Microsoft’s) – listed below] certainly got a lot of attention…


For Data Privacy Day, Play Privacy As A Team Sport

Gennie Gebhart – Electronic Frontier Foundation (EFF)

Protecting digital privacy is a job no one can do alone. While there are many steps you can take to protect your own privacy, the real protection comes when we recognize that privacy is a team sport. So as we celebrate Data Privacy Day on January 28, don’t just change your tools and behavior to protect your own privacy—encourage your friends, family, and colleagues to take action, too.


Disable Your Antivirus Software (Except Microsoft’s)

Robert O’Callahan – Eyes Above The Waves

I was just reading some Tweets and an associated Hackernews thread and it reminded me that, now that I’ve left Mozilla for a while, it’s safe for me to say: antivirus software vendors are terrible; don’t buy antivirus software, and uninstall it if you already have it (except, on Windows, for Microsoft’s).


2016


Password Managers for Beginners

Martin Shelton – Medium

Passwords are often the only thing standing between a hacker and your online accounts. This guide helps you choose a password manager to help you create strong, unique passwords. It’s an easy way to make browsing the web easier, faster, and more secure.


How Dropbox securely stores your passwords

Devdatta Akhawe – Dropbox

It’s universally acknowledged that it’s a bad idea to store plain-text passwords. If a database containing plain-text passwords is compromised, user accounts are in immediate danger.


Going dark: online privacy and anonymity for normal people

Troy Hunt

I want to talk about practical, everyday things that people who aren’t deeply technical can do to better protect themselves. They’re simple, mostly free and easily obtainable by everyone.


Page last updated 25 November 2019
Precisely Private is also available as an eBook and a PDF.