Lockdown: Personal Security in the Age of Surveillance

When any rando can drop an AirTag into your belongings and follow you home by retracing your digital breadcrumbs, and a cellular-enabled GPS tracker is available through popular retail establishments for less than the cost of a video game, it’s clear that regular folks are going to need to step up their game in terms of protecting themselves, their privacy, and their assets.

Consider this a living, breathing document. We’ll add to it from time to time and try to help you navigate through the maze of things you might not have thought possible.

  1. Your phone and other mobile devices
    • Lock down your phone. Passcode, facial ID, fingerprint, whatever you have access to.
    • The master email tied to your phone? Multi-factor that shit. Apple, Gmail, whatever. Get an authentication device if you can. Gmail supports the Titan security key, which forces you to use a USB device when authenticating on an unrecognized device.
    • Don’t install questionable apps. Look for many many positive reviews. Like 50K and above.
  2. Your computer(s)
    • Don’t store passwords in the browser if you can help it. Use a password management tool such as Keepass. NEVER use the same password for multiple websites. Why? Say one website suffers a breach and your password ends up on a public list. There are simple scripts to try the same username and password on all of the major services. Keep them separate, and keep them long and complicated.
    • Use full-disk encryption if you are able. Never trust that your computer will never be out of your hands.
    • Use a long and complicated password for your computer login. Check to make sure no other logins have been enabled. Make sure your screen locks to a password-protected state. That significant other could be temporary, and you don’t want them having the keys to your digital farm.
    • Keep backups. Importantly, make sure those backups are encrypted. It’s no good having a backup of an important encrypted system if the backup is not encrypted.
    • Your home wifi is a key entry point into your digital ecosystem. Secure it. Use long and complex passwords, because anything less can be sniffed and cracked fairly trivially. If you MUST share your wifi passwords with friends, change them periodically. If your wifi router has guest internet capability, use it.
      • Advanced: If you’re savvy, you can usually exercise even more controls on your home network. Example: Set your router’s DHCP to serve only a fraction of your home network IP space. Move all of your known device to static DHCP leases outside of that space. Set the non-static portion as a no-internet range in your router. This way anyone who CAN connect to your wifi, i.e., by stealing the password, cannot use it to get to the internet. With effort, you can set it to ONLY serve static DHCP leases so that new devices won’t even get an IP address on your network.
    • Keep all of your OSes up to date. Run Windows Update on Windows machines, check for updates periodically on Macs, update your tablets, phones, TV firmware, etc. An unpatched device is an entry point.
    • Just because you never configured your wifi on your smart TV doesn’t mean it’s not vulnerable. They often ship with a default network, and they can be abused.
  3. Your home
    • Get a Ring or Simplisafe security system, at the very least. They are very affordable, very manageable, and should at a minimum alert you on unauthorized entry into your home and provide video of all egress points. If you don’t know someone has been in your house, you don’t know what damage they could have done.
    • Get a safe. Bolt it to a floor or wall. Fireproof is best. Don’t skimp. Get a good, strong safe. Keep important documents in it. Passport, insurance, and lists of emergency passwords and recovery phrases.
  4. Your online presence
    • [to come]
  5. Your banking
    • [to come]
  6. Your personal life, work life, etc.
    • You can’t always keep from making enemies. Sometimes your success alone is enough to trigger someone into hating you. Be especially wary if you work in a field populated with psychopaths and sociopaths. You know what I’m talking about.
    • Watch out for people that seem too interested in you too quickly.
    • If your spidey-sense is tingling, and you have an instinctual (gut) feeling that someone has ulterior motives toward you, journal about it and put it in your safe, so that your loved ones have someone to look at more closely after they fish your lifeless body from the river.
    • As mentioned in the intro, a stranger can drop an airtag on you in public without being noticed. An AirTag device, or similar, is a crowd-sourced locator — it is a low-energy transmitter that beacons out periodically. Those beacons are captured by any phone nearby that has the software installed, and the location of the tag and its beacon are reported to the central server, so that whoever owns the beacon that has been dropped on you can follow you around digitally with ease and without being observed. They will know where you live and work, what bars, restaurants and coffee shops you frequent and when, and more. There are apps to detect rogue tag devices. The way they work is if you are travelling, and the app receives beacons from a tag consistently wherever you go, then it asks you if you know about a nearby tag. If you don’t, there’s a good chance it’s a rogue tag that has been planted to track your comings and goings. You’ll need to track it down to determine whether it’s in your vehicle, or in a bag, box, or article of clothing. Once you do, it’s up to you to decide what to do with it. Maybe leave it in a cab, uber, an airplane, or in a police station parking lot.
  7. Solving problems and answering questions systematically:
    • TAKE NOTES. Specific notes. What happened? When did it happen? Why do you THINK it happened? Who stands to gain from it happening? If you tell people crazy things that are happening to you you might be branded as paranoid or delusional. But if you take very good notes on the things that are happening, along with any video or other evidence to corroborate it, someone who knows some things about the technology in question might be able to explain it and help you understand why it does or does not look like malfeasance. “Any sufficiently advanced technology is indistinguishable from magic.” -Arthur C. Clarke