[HN Gopher] Ask HN: What tech advice are you giving to those aro...
___________________________________________________________________
Ask HN: What tech advice are you giving to those around you for
2023?
You have probably given advice to the vulnerable young and older
people (as well as to self-declared "technotwits") about technology
in the coming year. What are your top 5 tips for the coming year?
I'm advising: * Do upgrade any device that doesn't receive OS
updates (mobile devices are a particular concern) * On mobile,
_do_ use an encrypted chat app (e.g. Messages with RCS, Signal,
&c) * Don't use identifying information as a password and don't
re-use passwords * Don't answer phone calls from unknown sources
* End any communication where someone asks you to do something
insecure (e.g. "give me your password so I can check your account")
Author : heresie-dabord
Score : 38 points
Date : 2022-12-27 18:08 UTC (4 hours ago)
| devinegan wrote:
| If you are in the Apple ecosystem of products update all your
| devices and turn "Advanced Data Protection" on.
| culi wrote:
| We should make a browser extension that encapsulates all this
| advice. Or at least the ones relevant to the way you use the web.
| Much easier to get your non-tech savvy family install an
| extension that will continuously help them (and that we can
| continuously update) rather than just giving them a wall of
| advice they'll forget
| wildrhythms wrote:
| Use the unsubscribe links or 'mark as spam' feature in your
| emails. It takes an extra few seconds, but you'll be happy when
| your inbox only contains things that matter to you.
| solardev wrote:
| Stop using so much tech and get outside more. Let go of the FOMO
| and you'll be much happier. Delete all your social media.
|
| (I should listen to this advice too).
| agumonkey wrote:
| I did that to an extent but depending on the weather and moods
| (sometimes both) I get FOMOing again.
|
| There was a documentary about a solitary girl shepherd in the
| mountains. Most things in her life were source of life and
| liveliness. Nature, hill sights, calm, animals.. the more she
| did, the happier she got. So even if her life looks poor or
| lacking .. its quite the opposite.
| heliophobicdude wrote:
| If you grant an application access to your contacts, you are
| sharing the private data, perhaps PII, of others.
| worldsavior wrote:
| While they share mine.
| nathanaldensr wrote:
| The advice I'm giving people is to avoid tech as much as possible
| --to simplify one's life. Tech has long ago left the realm of
| useful tool and is instead being used to spy on people, foment
| and continue addiction, manipulate our brains' chemistry, and, in
| general, to _do evil_. I 'm not saying all tech is evil, but a
| sufficient amount of it is for me to try and eliminate it from my
| life as much as possible.
|
| You should see my kids' behavior when grounding them and banning
| video games; they are addicts going through withdrawal.
|
| Source: 28 years in software development and adjacent roles.
| 1270018080 wrote:
| - Switch off of Chrome to Firefox if you can and install ublock
| origin.
|
| - Don't do anything crypto/blockchain related (this is more of an
| annual reminder).
|
| - Stop getting news from Facebook, it's melting your brain.
|
| - Set up 2fa on everything you can.
| jesuscript wrote:
| Print back up codes for iCloud/gmail. Get a small bank lockbox
| and put it there.
|
| And stop giving data to these companies. It may not matter in the
| broader society since the average person won't stop, but we devs
| can stop giving data to things like copilot. Switch off GitHub.
| Use Brave or Firefox.
| karp773 wrote:
| Do not use Telegram. It is an FSB (ex-KGB) operation.
| whydat_whodat wrote:
| Thanks! Very interesting. I wasn't aware of this. Looks like
| there's a discussion here:
|
| "Telegram Cooperates with FSB (Rus)"
|
| https://news.ycombinator.com/item?id=30661335
|
| I'll research this more.
| CharlesW wrote:
| My single, multi-step recommendation is to commit to improving
| password hygiene.
|
| 1. Use a good1 password manager for everything.
|
| 2. Upgrade at least critical logins to use 2FA, which becomes
| much easier when using a password manager.
|
| 3. Use password manager features that allow you to detect weak
| and compromised passwords, and fix those.
|
| 1 I'm recommending 1Password to less-technical friends/relatives,
| and 1Password or Bitwarden to tech-savvier folks.
| kevdev wrote:
| Why would you recommend 1Password over Bitwarden for less
| technical folks? Asking because I am about to setup a family
| plan on Bitwarden for me and my less-technical wife. I already
| use Bitwarden and have for some time, so seeing if there may be
| a compelling reason for us to go with 1Password instead.
| CharlesW wrote:
| > _Why would you recommend 1Password over Bitwarden for less
| technical folks?_
|
| Primarily out of personal unfamiliarity with Bitwarden,
| although I feel safe recommending it to certain users because
| of its reputation with HN users. Because 1Password is my (and
| my family's) daily driver, it's easier for me when people who
| are new to password managers invariably come back to me for
| help.
|
| Other considerations: My impression from reading "vs" reviews
| is that 1Password edges out Bitwarden in terms of user
| experience and features. Also, I do (possibly unfairly)
| assume that Bitwarden is focused more on corporate IT and
| technical users based on the availability of self-hosting,
| etc.
| throwaway378037 wrote:
| Stop using LastPass
| lloydatkinson wrote:
| Disable browser push notifications or do it for them
| https://www.lloydatkinson.net/posts/2022/consider-disabling-...
| whydat_whodat wrote:
| A couple bits of advice I've recently given are focused on IT-
| skills knowledge sources.
|
| - Explore KodeKloud.com as a Udemy alternative, especially to
| learn more about general internet infrastructure (especially if
| you lack a CS or CIS degree, as I do), cloud providers, etc.
| (From what I've read it's more recently updated than ACloudGuru)
|
| - Explore Roadmap.sh for a roadmap of knowledge necessary to
| become a web app, infrastructure, or phone app engineer.
| monetus wrote:
| Thank you for sharing links.
| birdymcbird wrote:
| If you consume online content that makes you angry at one group
| or another group, the reality of it likely isn't so black and
| white. You're likely being fed a narrative to shape your opinion.
| skyyler wrote:
| I've been trying to tell people about this since the lead-up to
| the 2016 election.
|
| It's lost me some friendships, which is sad, but I'm not going
| to stop.
| pydry wrote:
| I dont think the people who most need to hear this message are
| receptive to it.
| c7DJTLrn wrote:
| Reddit front page is a good example. Pure propaganda.
| kgwxd wrote:
| Including the narrative that some objectively bad groups aren't
| as bad as some people say they are.
| nonoesp wrote:
| Learn how to encrypt and decrypt sensitive data
| insomniacity wrote:
| De-Google your life. Perhaps Search is fine - but absolutely
| remove all dependency on Gmail or Google Accounts.
| culi wrote:
| same with Twitter. Elon's been explicit about the need to sell
| users' data more. I'd update your privacy settings at the very
| least
| andrei_says_ wrote:
| Haven't used twitter, Reddit, Facebook, Instagram or TikTok
| in a month ... love my life.
| roey2009 wrote:
| If you question whether your electronic device is compromised, it
| probably is.
|
| If you question if your electronic device has exploitable
| vurnabilities, the answer is absolutely yes.
|
| Don't store private info on your electronics, if you can't handle
| them leaking. (Nude photos, bank credentials)
|
| Commercial VPNs are not as useful and secure as you think.
|
| I personally cover the front facing cameras on my laptop and
| mobile, on the assumption that if someone were to gain access to
| my phone, that's the first thing they would look at.
|
| Don't connect to random public WiFi. If you do, don't login to
| any online account on it, or send confidential information.
| culi wrote:
| is the public wifi advice still relevant today with HTTPS?
| Liuser wrote:
| > Don't connect to random public WiFi. If you do, don't login
| to any online account on it, or send confidential information.
|
| Why? TLS establishes secure channels over insecure networks.
| SamuelAdams wrote:
| Mitm attacks are still a thing, but personally I wouldn't
| bother with it. It's much easier to go the social engineering
| route, ie post on Facebook a picture of my "old" dog (really
| a random dog) with the text "flash back to my first dog
| Tessie! You will always have a place in my heart :) post in
| the comments about your first dog"
|
| And boom now you have their answers to security questions to
| reset their passwords.
| Liuser wrote:
| > Mitm attacks are still a thing
|
| TLS directly addresses this.
| tqi wrote:
| > boom now you have their answers to security questions to
| reset their passwords.
|
| Are there any example of this actually happening? It seems
| like an old wives tale. The simpler explanation for why
| these posts are so popular is that they generate a lot of
| engagement, especially in the form of unique comments and
| number of commenters, which is a signal used for ranking
| and helps increase reach of these accounts.
| leftcenterright wrote:
| > Don't connect to random public WiFi. If you do, don't login
| to any online account on it, or send confidential information.
|
| While this is good advice in general, I have seen that people
| do end up having to connect to public WiFis in general
| (airports, traveling in a foreign country, lost LTE
| connections). I advise people never to accept "Insecure
| connection" warnings in browsers, with TLS in place and HSTS,
| practically the risk is very low.
| SeriousM wrote:
| MitM on android works very well if you just use an app
| without a browser view. Android don't tell you that the
| certificate was changed and the app developer usually don't
| care to pin the certificate or check for the issuer. When
| using a random wifi, use a vpn just to be sure.
| ericpauley wrote:
| Which certificate authority does this new cert chain from?
| No reputable authority will issue valid certs for public
| WiFi MitM.
| BjoernKW wrote:
| > Commercial VPNs are not as useful and secure as you think.
|
| That's highly contingent on the "as you think" part.
|
| For example, I use ExpressVPN on public WiFi networks because I
| trust them a whole lot more than random public WiFi providers.
| Sure, they have access to the URLs I've accessed while using
| their service. Then again, so does my ISP.
|
| The crucial part is, said random public WiFi providers won't
| have access to that data.
|
| Additionally, and much more importantly, some public WiFi
| providers try to MITM secure connections, which is effectively
| prevented when using a trustworthy VPN.
| unshavedyak wrote:
| Yea, i use it to avoid Comcast mostly out of spite.
|
| "Aren't as secure as you think" seems to imply Comcast or the
| foreign wifi has what, broken the encryption? If so, tell me!
| But i kinda doubt it.
| mimiminimi wrote:
| If you value your privacy, don't own/use a mobile phone.
| fsflover wrote:
| * Use Linux (and I install it for them)
|
| * Use Firefox (same)
|
| * Use PrivacyBadger Firefox plugin (same)
|
| Works like a charm (fortunately they do not require any Windows-
| specific apps)
| glasss wrote:
| Which distro do you recommend?
| leftcenterright wrote:
| - Use 2fa everywhere
|
| - Showed them how to use ublock origin, they love it
|
| - If you _have_ to enter your PII and the site /service doesn't
| really need it, try to not give them correct information
| (fictitious date-of-births for example work on a lot of sites
| which honestly don't really need it but do ask for it to harvest
| data or do age verification etc.)
|
| - Take a phishing quiz to be aware of what's out there:
| https://phishingquiz.withgoogle.com/
|
| - Request data deletion under GDPR (if applicable) for sites
| which you no longer use but still have accounts on
___________________________________________________________________
(page generated 2022-12-27 23:01 UTC)