Early Retirement Extreme Forums

I thought these two episodes were excellent!

https://radicalpersonalfinance.com/461- ... y-podcast/

https://radicalpersonalfinance.com/461- ... y-podcast/

I'm planning on reading some of the practical security and privacy books suggested in the notes. This is a skill set to build, and some of the low-hanging fruit are pretty easy to integrate into our web of goals. For instance, an RFID-blocking wallet is just about the same aesthetically as a standard wallet, but it hinders theft more. Or an encrypted email server like ProtonMail delivers e-mail just as good as Gmail.

Interesting stuff. What do you to protect your privacy and security?

I definitely don't do enough but a couple pretty obvious tips that come to mind:
- 2-factor authentication on as many things as you can bear the additional annoyance with
- never send passwords, credit-card details etc. unencrypted (e.g. as plain text)
- install Prey on all of your devices (this helps just as much with losing your phone as if it gets stolen)
- password-protect all of your devices

In general though I think tools such as gmail, Google Drive, WatsApp etc. are pretty damn secure for the average user.

Any other thoughts? As relatively HNW people, we do have more to lose than most~

Some things which I do:

- use, long random passwords that I don't even know. Kept in encrypted password manager program
- use random answers to challenge questions
- 2FA when possible (use authenticator app as 1st preference, SMS second)
- veracrypt containers for sensative data kept on computer
- regular system backups to protect against ransomeware attacks
- updated anti-virus software
- run malwarebytes regularly to check for malware
- use Epic privacy browser and sandbox software if looking at higher risk sites or more privacy needed

-Lastpass with a yubikey second-factor authentication. After the password manager is installed, use it to generate extremely long gibberish passwords.

-VPN for both privacy and security for both computer and phone

-Setup two factor wherever possible and encrypt everything.

-Setup accounts to email or text you when transactions occur. If you use a google voice number it will send to both email & text

-Use Signal for text and encourage others to do the same.

-For privacy, run https://panopticlick.eff.org/ to see if your browser is trackable.

-Use a throwaway email when registering for sites that are not important.

-I plan to change my nationality with the various tech companies once the GDPR comes into force next May to aquire the additional protections it provides.

https://www.wired.co.uk/article/what-is ... fines-2018

I used this to create very long but memorable passwords:
http://world.std.com/~reinhold/diceware.html

I use keepass to manage passwords from an executable on an encrypted USB drive, that way every service has a unique password. I don't like last pass because it stores your passwords remotely. Anyone could get hold of your passwords if they intercept your master password with a keylogger. At least keepass keeps the database locally, that sort of acts like a two factor authentication. Yes, of course this is not fool proof either, but it's an extra step.

I also delete/ban cookies on all devices. It means logging into websites more often, but it means you are harder to track, and your accounts are more secure. Also, never let another app remember your passwords etc, I use keepass only. two-factor auth. is essential for any e-mail addresses that are required to reset passwords. I used Tor for a while, but gave up on it because I don't browse the web looking for 'sensitive' stuff anyway.

Secure means less user friendly, so the degree to which you protect your data depends on the damage that could be done by someone accessing that data. I don't make my living on a PC, so at best, all I have to protect are personal photos, financial logins and email privacy. Any data I consider important and essential is backed up to multiple devices, including encrypted SD cards hidden in plain sight around the house. I'm glad I'm that anal about it, because my 1TB HDD failed without warning last week, and I might have lost all my digital media.

I can't login to my online banking without my USB drive (it is backed up in a secure location), but that makes it so much safer. For instance, no one could extort me for money if I don't have my USB drive on person. I literally don't know my passcodes for the majority of services, e-mail included.

Ego's advice is excellent, but I also think it's worth bearing in mind that identity theft and whatever else you're trying to protect against rarely happens by someone attacking you directly. You're interesting or valuable enough to target. Your data leaks when massive amounts of millions of people's data are bulk harvested from companies which for one reason or another have screwed up their security. And there's next to nothing you can do about that save making all-cash in-person transactions.

What these suggestions do is try to limit the damage and that's good, but it's not the same as being "secure" online, which no one is by virtue of the medium. So while all this stuff is good advice, it's also useless when your data is being stored outside your control, which is its every time you connect, for example, your credit card to an email address to get a reciept emailed to you (something I've noticed is increasingly common).

I always use "passphrases" instead of passwords. Think of a decently long sentence you will not forget, add a few numbers at the end, and you have a super long password that is much more difficult to hack.

onewayfamily wrote: ↑

Sat Aug 19, 2017 7:33 am

- install Prey on all of your devices (this helps just as much with losing your phone as if it gets stolen)

Anyone else using one of these? Some of the other options are Lojack, Computrace and Cisco Meraki.

https://haveibeenpwned.com/
The above site will tell you if your email has been hacked.

https://haveibeenpwned.com/Passwords
The articles they have on passwords are scary.

Google launched Advanced Protection for accounts today.

They use two physical security keys, the Yubico USB key for computers and the Feitian bluetooth enabled key for mobile devices. May be overkill for most.

https://www.wired.com/story/google-adva ... n-accounts

https://landing.google.com/advancedprotection/

Isn't google who we're protecting ourselves from?

Nah, we're protecting ourselves from super-cute, submissive looking robots. SFW
https://theconversation.com/super-cute- ... them-84428

Ego wrote: ↑

Tue Oct 17, 2017 7:19 pm

Nah, we're protecting ourselves from super-cute, submissive looking robots. SFW
https://theconversation.com/super-cute- ... them-84428

Hmm, cuteness must certainly be in the eye of the beholder, 'cause to me those things are damned ugly!

JWJones wrote: ↑

Wed Oct 18, 2017 7:24 am

Ego wrote: ↑

Tue Oct 17, 2017 7:19 pm

Nah, we're protecting ourselves from super-cute, submissive looking robots. SFW
https://theconversation.com/super-cute- ... them-84428

Hmm, cuteness must certainly be in the eye of the beholder, 'cause to me those things are damned ugly!

Don't worry, they will take that quote into consideration when presenting you with a version that YOU think is cuter that anything you could have imagined.

One thing that I should aim to become better at is isolating my "personas" (identity) from each other while online. Some browsers/OSes offer such features for advanced users but I'm not sure to what extent they help keep you in check (e.g. warn/remind you if attempting to log in to any accounts, allow a blacklist of sites?).

I have two email accounts, one is pretty secure (riseup.net) and the other is more so (protonmail.com). I have no social media accounts; not interested in being data-mined for advertising purposes.

I use the SeaMonkey browser with HTTPS Everywhere and uBlock Origin plug-ins, and also the Epic browser to access the web. I do not use any Google products (search, gmail, Drive, etc.). I do not allow the Flash plug-in on my computers, and only sometimes allow Java to run.

In the past, I went to even greater lengths for computer/web security. I used OpenBSD on both my laptop and desktop, and the xombrero browser.

As for IRL security, I carry a minimalist wallet, in my front pocket. I have studied various martial arts since the age of five (I'm 51 now), and practice "situational awareness." I also have a CCL, although I rarely carry.

For those interested, J.J. Luna's book "How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life" is pretty decent, in my opinion.

JWJones wrote: ↑

Thu Oct 19, 2017 11:12 am

For those interested, J.J. Luna's book "How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life" is pretty decent, in my opinion.

Concur. Its focus is on the real world. It is limited and out of date for the online world. What many forget is that the real world is important and is more important than the online world.

General Snoopy wrote: ↑

Wed Oct 25, 2017 8:13 pm

It is limited and out of date for the online world. What many forget is that the real world is important and is more important than the online world.

Yup, for the digital world, I would recommend this one:

https://www.amazon.com/dp/152277890X/