Episode Transcript
This is a computer-generated transcript. While our team has reviewed it, there may be errors.
Morgan Sung, Host: A lot of us might feel pretty confident about our online privacy. But how confident are you, really? Enough to challenge Josemonkey?
JoseMonkey, Guest: I’m JoseMonkey and I find people who ask to be found.
[Clip 1 from JoseMonkey TikTok video]
Hey, JoseMonkey, where am I?
[Clip 2 from JoseMonkey TikTok video]
Tell me where I am, JoseMonkey.
[Clip 3 from JoseMonkey TikTok video]
JoseMonkey, please come and find me
Morgan Sung: You may have seen Jose’s videos on TikTok or YouTube. He’s a content creator, online privacy advocate, and amateur geolocation researcher.
JoseMonkey: People send me videos recorded from all over the world, and I try to figure out where those videos were recorded and say, you know, here is where you were when you did that.
Morgan Sung: Oversharing is the social norm online. Take one scroll through any social media app, and count how many posts you see of someone else’s private life.
I, for one, tend to be overly cautious when it comes to posting and privacy. As a journalist, and also someone who’s been maybe too online since a young age, I don’t know how to not post. But I also take my privacy very seriously and take precautions when I post. I scrutinize every photo and video to make sure that there’s nothing identifiable like street names or even window views.
I share my location with trusted loved ones on “Find My Friends,” but you’ll never catch me publicly posting about where I am until after I’ve left. I don’t like the idea of total strangers knowing where I am at any given moment.But for the sake of content and this show, I faced my fears and asked Jose to find me.
[Morgan video for JoseMonkey 1]
Hi Josemonkey, I’ll give you a hint. I am somewhere in Los Angeles.
Morgan Sung: So I recorded that video, wiped the location metadata and then triple checked that it was in fact wiped, and then sent it off to Jose. We got on a call a few days later.
JoseMonkey: Well, I have to say that video, um, I don’t know if, if it is possible for me to find it or not. I will be, you know, totally transparent and say that,
Morgan Sung: Honestly? I went out of my way to give Jose a bit of a challenge. I recorded this video across the street from a strip of bars and restaurants in East Los Angeles. I took it at night, with the flash on, so the background was pretty dark. In fact, Jose wasn’t able to find me by the time I interviewed him a few days later.
JoseMonkey: There’s not a lot of writing. I think there was the word public, um, it looked like, uh, behind you, um, on a building. But other than that, there really wasn’t a lot to see there.
Morgan Sung: I was convinced that I had done it. I was the one who stumped JoseMonkey.
My stranger danger philosophy finally paid off. Until Jose emailed me two weeks later with Google Maps coordinates. There, on Eagle Rock Boulevard, was a little red pin where I had parked and recorded the video before heading to the wine bar. So, I called up Jose again.
JoseMonkey:When I, I found an area that looked like it might be right, so I was like checking to look at, and I, and I panned over and I saw the words on there and I was like, wait a minute. And I was like, if that says public, and, uh, I, I audibly gasped. I could not believe I found it. It was a bit of needle in the haystack.
Morgan Sung: I also can’t believe you found it. And it’s funny because I went through the effort of like, I even cropped in the video a bit, so you couldn’t even see, I don’t think you could see any street signs. I was like, I’m gonna make sure you can’t even see the corner of the sidewalk. In case that’s like a hint.
JoseMonkey: [Laughs] Right.
Morgan Sung: I basically sent you a video that I would’ve recorded and put online myself, um, knowing that I am a little bit paranoid about this kind of thing.
JoseMonkey: Right. So I think that’s a really good point and I think that’s why it’s a good example because while I like to, you know, come up with clever ways to find people, um, the important takeaway here is that a sufficiently motivated individual who has an attention to detail and time to spend can find you from a video like that now. Again, I don’t wanna scare people by saying that, but, uh, people should know it is possible.
Morgan Sung: And it’s not just what you post that makes your privacy vulnerable. Your digital footprint includes all of your online activity. Passwords, location data, banking details, and tons of other sensitive information can be obtained regardless of your social media use. That information, in the hands of bad actors can be used for scams, stalking, and a whole slate of nefarious activities.
So what does practicing digital hygiene entail? How do you make yourself less findable, without giving up on the internet entirely? And, the burning question: How did JoseMonkey find me?
This is Close All Tabs. I’m Morgan Sung, tech journalist and your chronically online friend, here to open as many browser tabs as it takes to help you understand how the digital world affects our real lives. Let’s get into it.
Morgan Sung: So this is a practice known as Personal OpSec. That’s short for Operations Security. It involves assessing risk and taking precautions to protect your personal information. Essentially, trying to minimize your digital footprint. And this can be super overwhelming, especially if you, like many other people, have used the internet for the last 20 years.
Let’s start by breaking down how bad actors get a hold of this information. And it usually starts with details that are already posted on public social media accounts.
Time to open our first tab.
How do you find someone online?
Jose spent a lot of time trying to find me.
JoseMonkey: So for the, the video that you sent me from Los Angeles, there was not really a lot of information there. Honestly, it was a grind. I was looking at just many, many different locations.
Some of the things I observed, um, as I did that is that your video had utility poles on the side of the road that you were on, as well as on the other side. And, um, it seems like a small detail, but not every street in LA has those kinds of utility poles and doesn’t necessarily have them on both sides. The intersection that you were sort of close to wasn’t at like a 90 degree intersection. It was at sort of an angle and I could tell that there was a road kind of coming into another road where there was what appeared to be, like, a median in the middle because we have a bush that appears just like in the middle of the road. So I knew that, that that had to be a divided road, which again, you know, helps to, helps to limit the number of possible places, right? So, um, so long story short, and I probably spent hours. It was multiple hours for sure.
Morgan Sung: It’s worth noting that Jose doesn’t have a background in privacy or security. He was a geolocation hobbyist for over a decade—a hobby that revolves around online maps and location data. This hobby made him more aware of how much people were sharing about themselves online and how that information could be used against them. So a few years ago, he decided to raise awareness by using an approach that would actually get people to pay attention.
JoseMonkey: I had this idea that maybe I could demonstrate that, through a video in which I would walk through the process of how I could look at a seemingly, you know, um, you know, mundane video that doesn’t show very much and show how I was able to figure out exactly where it was. And I, I thought that might be something that people would think was both interesting, but maybe slightly unsettling and then they would, you know, pay attention to this, um, this idea of, of, uh, internet safety.
Morgan Sung: When someone first, uh, tags you in a video and they’re like, hi, JoseMonkey, please find me. Um, you pull up that video, what’s the first thing you do?
JoseMonkey: First I download the videos so that I can get them on a big screen. I can, you know, freeze frame, slow it down, zoom way in, all the things that are gonna give me the best shot at seeing everything that’s in the video.
Morgan Sung: Jose isn’t using highly technical or exclusive tools in his process.
JoseMonkey: People often joke that like, oh, you must be with one of the three letter agencies. Nah, I’m just a regular guy and I’m just using, you know, the same stuff that, that you have access to on your computer.
Morgan Sung: You might see this one tag on his videos: OSINT. That’s the practice of using open source intelligence or publicly available sources to collect and analyze information. Those sources can include public government databases, mapping tools like Google Maps, or crowdsourced projects like OpenStreetMap, a collaborative map of the world. And sometimes, it gets a little more niche. You know those sites where train hobbyists track railroad routes, or preservationists archive old headstones in cemeteries? Turns out, those niche sites are super helpful for geolocation.
JoseMonkey: Just the other day I posted a video in which I found someone who was standing in a, a park near a, a bridge and I happen to know that there is a website that catalogs historic bridges and that you can search for them by various different characteristics of those bridges, like, what kind of bridge it is, what, what the bridge carries, how many spans it has, things like that. And, um, I was able to find them actually fairly quickly just by using, you know, that database to look up, uh, the bridges that matched the criteria I was looking for. So that was a very specific case. Like I knew I needed a bridge, so I used a bridge website, right.
But sometimes I will need to correlate bits of information I see in the video, like, you’re at a particular brand of gas station and it’s close to a water tower and also very close to, I don’t know, say like a, a golf course. Like, if I can see all those things in a video, there are tools that you can use to, uh, find those things in close proximity to each other.
When people record videos, usually if you record a video that you’re posting on the internet or a photo, whatever it is, you are usually very focused on the things in the foreground: yourself, your cat, whatever you’re, you know, you’re recording a video of. But it’s all the things in the background that I’m looking at. So I’m just trying to see was there a sign you didn’t realize was there? Is there, uh, a car with a license plate that might tell me what state this is, things like that. I’m looking at all the details in the background. Very specifically, anything with writing on it is always, um, something that to me, um, you know, is, is likely to be useful in my search.
Morgan Sung: Sometimes, a person might not even need those little details to find someone else’s location, because an app will do the work for them.
So before Jose was able to find my first location in Los Angeles, I had actually sent him a second video, as a backup, in case he couldn’t find me.
[Morgan video for JoseMonkey 2]
Here’s a hint … I am not in LA anymore … Good luck with the search!
Morgan Sung: He was able to locate that one pretty quickly and wanted to highlight a specific tool he used.
JoseMonkey: Um, some of the things we can see in that video are what appears to be an outdoor hockey rink. Um. It’s, uh, it is near a fairly large body of water. I didn’t know if it was a lake or a river or a bay or what it was.But it looked pretty big. Across the water. We can see some, some buildings and they look like older buildings, maybe brick buildings.
Morgan Sung: Jose started looking for outdoor hockey rinks near bodies of water.
JoseMonkey: So I used a different tool and this is a thing that I feel like people should know about. I used a reverse image search tool. The specific one I used is Google Lens, which many people are probably, uh, familiar with. What it does is you can take a picture, whether it’s just a photograph or a still frame from a video and plug that into this tool, and it will try to find images online that match that thing. And frequently it can tell you where a place is. So I, I guess you were in Queens, like Bayside, right?
Morgan Sung: Yeah. Exactly there.
JoseMonkey: I was able to plug that into Google Lens and it showed me somebody’s Instagram post, which was taken very near there. And it wasn’t obvious at first exactly where it was, but it was pretty straightforward from there.
Morgan Sung: Jose doesn’t like to use Google Lens for his videos, because he said it takes the fun out of the game. For him, finding people is like solving a puzzle. But he pointed out that AI-powered tools like Google Lens are becoming increasingly common.
JoseMonkey: You know, there are fancy tools and sophisticated queries that you can do to find all sorts of places, and I love doing that. But sometimes it’s either somebody with access to something like Google Lens that we all have access to, or somebody who’s just willing to look at the streets of Los Angeles for hours on end. Um, so people need to know that. Those are all possibilities.
Morgan Sung: Okay, so now that we understand how people can be found through their videos, let’s talk about how to avoid being found. And no, you don’t necessarily have to move off the grid and stop using the internet entirely to do that. We’re talking about internet safety … that’s after this break.
Let’s open a new tab.
How do you post safely?
Morgan Sung: We’re back with JoseMonkey. He’s the TikTok creator who finds people, but only if they want to be found. If you don’t want to be found? He’s going to walk us through some of the most common mistakes that people make when posting photos or videos of themselves online.
JoseMonkey: One mistake that is really easy to rectify is really to just review what you’re posting before you post it. Many people really don’t, they record something and they just press send, whatever the button says in the app.
So, you know, if they’re recording those things and not really reviewing them, they may not even realize that there was like some big thing that they forgot that they didn’t want to include. And sometimes fixing that is so easy. Most of the social media apps, even if you record a video in app, they give you editing tools to trim and, you know, edit or, or put a sticker, right?
So like, even if you recorded a video and you realize after the fact, once you review it, that, oh no, there was a street sign right behind me that tells everybody where I was. You can either trim that piece out, sometimes you can put a sticker over it in the app and you know, those can be good ways to obscure the information or, you know, if there’s time you might be able to just rerecord it.
But if you never reviewed it, you wouldn’t even have a chance to figure that out and it might be out there before you even realize what you know, what information you revealed. So I’d say that’s a really big one.
Morgan Sung: I feel like there are very obvious ways to find people. Like I see so many videos of people posting their new apartment tours or posting their walk from their home, from the front door of their home all the way to like, walking their kids to school, you know, and like kind of showing that whole walk. And that’s pretty obvious, like, that is a safety risk. But what are the more, I guess, subtle tells that people should be more aware of?
JoseMonkey: The more you move the camera, the more information you’re going to show. So I think people don’t realize sometimes, it’s definitely true that like if you’re out for a walk somewhere, people can see everything around you.
Sometimes people record videos in their car, even in moving cars, which I don’t really recommend because it’s not particularly safe. But I think people underestimate how much you can see through the windows of your car. I think they think that, like, they’re in their car, it’s kinda like being in their house and, you know, nobody’s gonna see anything. But that is not always the case. Sometimes you can see quite a lot through the rear windshield, through the windows, sometimes even in the mirrors.
Another thing I would say about cars is that sometimes people really don’t think about the fact that most of us have a GPS in our car that tells you where you are at any given time. And if you just happen to be recording in your car and you just are looking around and you show people your GPS, well you just told everybody where you are. So I think that it is good to consider each individual video, or photo or whatever you’re creating.But it’s also important to consider the aggregate.
So it may be that you only revealed one little piece of information in your video that tells people something, but you may not remember that like three years ago, you posted something that’s still there on your account that revealed some other bit of information. Right?
Another thing that I would say is your digital footprint is really bigger than one account or one platform. Chances are you have lots of different accounts and now it’s like, okay, well now I have this whole, you know, just wealth of data about you.
So if, two years ago, you tweeted something and it kind of gave people a vague idea of what city you lived in. And then over on Instagram you posted something else that shows your face, right? And so now people they know what city you live in, they know what you look like.
And then maybe on some other social media site, maybe you use your real name, right? Like, maybe your LinkedIn is connected there and now that says like your full name and where you work. So now people have like, you know, all these bits and pieces of information about you, right?
I think that it’s really worth everyone’s time to consider like, how much of my information do I want out there? And if you feel like, you know, well, I’m not really at risk there, well then, you know, you can roll the dice and see what happens.But people’s information ends up getting leaked even when they’re being relatively good about it. So some people are just like, well, you know, why should I bother? But you don’t necessarily need to make it easier for people. Right? Just because it’s already possible that they might get your information some other way.
So I would say there’s never a better time to start, you know, policing your own internet hygiene than when you realize you made a mistake. Practicing it is really the best thing you can do because it becomes easier when you’re in the habit of reviewing the video, you’re in the habit of saying like, oh wait, what was in shot when I took, that photo? It becomes a bit second nature, I think.
Morgan Sung: Digital hygiene involves more than just what you post. Your social accounts might be private, or, you might not use social media at all. But you probably still use the internet—for online shopping, or job applications, or just logging into your banking app. All of that involves a feast of personal data which might land in the wrong hands. So how do you protect it?
Let’s open a new tab.
What is a threat model?
Eva Galperin is the director of cybersecurity at the Electronic Frontier Foundation, a nonprofit organization that advocates for digital privacy and free speech.
Eva Galperin, Guest: So trying to protect everything from everybody all the time is, uh, is overwhelming and confusing, and honestly, you don’t need to do it. The only way to protect everything from everybody all the time is to go live as a hermit, on a mountain and fling all of your devices into the sea, uh, which is presumably located near this mountain.
Don’t panic though, Eva’s going to explain why you don’t need to do all that just to stay safe.
Eva Galperin: Threat modeling is, uh, a way of thinking about. Uh, what you wanna protect, who you want to protect it from, uh, in such a way that leads you to the appropriate mitigation so that you do the stuff that protects the things that are important in cases that are likely to happen instead of spending all of your time just becoming a hermit and fleeing your devices into the ocean.
Morgan Sung: Threat modeling is important, because everyone has different security needs. It involves asking yourself a series of questions: what you want to protect? who you want to protect it from? How do you want to protect it? how bad will the consequences be if you fail? And how far are you willing to go to protect it?
Like, I have a very precious American Girl doll that I’ve had since I was a kid—that’s what I want to protect. Who do I want to protect it from? My rambunctious family members who are a bit too young to play with it. How bad are the consequences if I fail? Well, my doll’s hair will probably never be the same. How much trouble am I willing to go through to prevent that? I’m not going to go as far as locking the doll away in some museum grade case—keeping it on a shelf that the kids can’t reach until they’re older will probably be enough.
That’s threat modeling, but the cherished childhood toy is your personal information. Who you want to protect it from, and how you need to protect it, depends on your situation. And threat modeling looks different for everyone.
For example, abortion is now illegal in 13 states. Let’s look at the needs of those involved in abortion access—a group that will want to protect themselves and patients from government surveillance.
Someone who volunteers to drive patients to and from their abortions might use a VPN and a secondary, anonymous social account for their volunteer work. They may use an encrypted messaging app like Signal to communicate with patients.
Eva Galperin: Presumably you are not interested in having some sort of third party get their hands on those messages. A lot of the time people will tell you, you know, our messages are encrypted. Encryption is a term that could mean a lot of different things. And sometimes what it means is that the message is encrypted in transit, meaning that like, a third party, like the telco, can’t read it. And sometimes it is end-to-end encrypted, meaning that even the platform that you are on is unable to read your messages. And this is really important because if governments and law enforcement wanna get their hands on your messages, what they do is they show up with like, a warrant or a subpoena to the telco or to the company.
And so if the telco or the company doesn’t have that information, then they need to show up to you in order to get that information, or they need to show up to the person who is on the other end of that conversation, and that gives you the ability to go lawyer up and potentially fight this subpoena and to know when your information is being handed out, which is a thing that you would not, uh, necessarily know otherwise. So what you should be looking for in your messaging service is end-to-end encryption.
Morgan Sung: Anyone involved in abortion access may also disable location services or turn off their phone when they’re around reproductive healthcare clinics. And why does that matter? Well …
Eva Galperin: So there is an entire industry of people who run around building up sort of profiles of people based on who they are and where they’re going, and what websites they look at, and what apps they download and where they are located, what their preferences are, what they buy.
And what they do is they gather up all of this information. Uh, sometimes they, uh, gather it from many different sources and then they aggregate it in order to make an even more detailed and clear picture about who you are. And then they turn around and they sell this information usually to advertisers, or to people who are interested in sort of targeting certain kinds of groups with advertising but also to governments and law enforcements and even to individuals. You can sign up for, uh, all kinds of data broker services. They market themselves as people finder sites and you can find out a lot about people simply by subscribing to one of those and entering the information that you want about somebody into one of those.
Morgan Sung: A journalist covering abortion, on the other hand, will have a different threat model, especially when it comes to protecting their sources and themselves.
Eva Galperin: Some of the other things that you might want to do as a journalist is you might wanna think about the way in which you communicate with your sources, especially if your sources prefer to remain anonymous. You wanna make sure that you can protect them. So you might wanna communicate with them through Signal, for example, instead of over WhatsApp or over SMS or carrier pigeon.
You may also wanna think about anti-harassment. One of the big problems that journalists face, especially female journalists and journalists from marginalized groups and communities, is they disproportionately face harassment for their work.
And you might wanna think about just doing a full review of what it is possible to find out about you online through like, a simple search engine search. And if you find stuff that you think is, may potentially be used against you by harassers, you can take that stuff down. You can lock it up. You can make those posts private, If it is on a platform that has, uh, you know, the ability to make private posts, um. Or if somebody else is hosting it, this is actually one of the most common sources of, uh, sort of data leaks about our private lives. It’s not, uh, our posting stuff about where we are and what we’re doing, but our friends posting stuff and often they will.
It would also behoove journalists to talk to their friends and family and their colleagues about how they talk about each other in public spaces. And I don’t mean like at the cafe, I mean like in digital public spaces where, where everything can be seen, where you just make an agreement that you’re not going to post stuff about each other, uh, without permission. So if you’re gonna post a photo that your friend is in, you just ask your friend in advance.
Morgan Sung: And sometimes the threat isn’t anonymous trolls, the government, or friends from afar. It could be the people you live with.
Eva Galperin: Threat modeling for domestic abuse situations is actually incredibly hard. Uh, one of the reasons for that is because you are dealing with a person who has physical access to your stuff, who may be able to compel you to hand over your passwords to your various devices, who knows you and your friends and where you are likely to go.
It’s very difficult to come up with a way to fool someone with whom you have a very close romantic connection because they could, you know, they could call up your friends and family and tell them, I’m just really concerned about my partner and their wellbeing, so if you could just tell me where they are.
And that’s one of the things that I see the most often and so when I talk to survivors of domestic abuse who are looking for a way to leave their abuser, the very first thing that I do is I try to help them just come up with like one account or one device, or one platform where they know their communications are safe.
Morgan Sung: So, threat modeling looks different for everyone. If you’re not a journalist, or an activist, or celebrity, or influencer, or anyone else in a public-facing, highly scrutinized career, what’s the threat? For most people, it’s the scammers.
Eva Galperin: One of the big problems that we have right now is that we are in a golden age of grift. This is, if you exist in the digital world at all, if you have a phone, if you have an email address, if you have ways of getting messages sent to you, then you’re constantly getting messages from scammers and from criminals, and often they’re, they’re after different things. In the long term what they’re after is usually money, sometimes. In the short term what they’re after is access to your accounts, or access to other people who trust you.
Morgan Sung: One common method is known as ransomware, which is a type of malware, an umbrella term for malicious software. Bad actors trick you into downloading software that locks up your device and holds it hostage until you pay a ransom. Do they unlock your device once you pay? Not always. Sometimes, adversaries use malware to spy on you, control your devices, and steal your information.
A more common threat is known as phishing. That’s phishing with a PH. Sometimes, it arrives in your inbox with the same logo and name as your bank, inviting you to log in. But if you look closer, the email address is slightly off. Or it could look like someone claiming to be your boss, instructing you to log into your work account as soon as possible. They even impersonate family members and partners.
Basically, phishing scams pretend to be someone you trust, and they lure you to click on a link, or log into their fake site, in order to obtain your username and password. Sometimes, clicking on a phishing attack link also installs malware, so it’s a real double whammy of security hell.
Eva Galperin: Some of the stuff to look for as a sort of indicator of a scam is a sense of urgency. Something is on fire, an emergency is happening, or like you could get rich if you click here in the next like five minutes. And that sense of urgency is aimed at overriding your common sense. And a lot of us feel very smart because, you know, every day we get targeted with like six of these things and we don’t fall for it.
But what’s really important to understand is that all the scammer needs is for you to have one bad day. If they come at you half a dozen times a day, eventually you’re gonna be tired, you’re gonna be cranky. Something’s gonna look plausible to you. And even the smartest person, even the most, you know, technically adept and aware person can get scammed and can end up sort of the, the victim of one of these grifters.
We have to stay humble. We need to maintain eternal vigilance and also we need to not blame the people who fall for these things. I think that there’s a lot of like, well, you’re, you’re just too dumb. You didn’t see it. I wouldn’t have clicked on that. And I think that kind of victim blaming really is counterproductive.
Morgan Sung: Ok, so we’ve covered threat modeling. Luckily, there are precautions you can take that might give you a few extra layers of protection in case you do fall for one of these scams. They’re also just good habits for everyone. What do they look like in practice?
Let’s open one last tab.
Digital hygiene checklist.
Eva Galperin: Well the good news is that there’s some just basic like wash-your-hands, data privacy hygiene that everyone can engage in that will make things safer for them from most of the kinds of threats that most people face every day,
Morgan Sung: First on the checklist: Passwords
Eva Galperin: Secure your accounts. In order to secure your accounts, you wanna make sure that all of your passwords are different from one another, and that they are long.
Because a long password is what makes a password harder to crack. But then you are left with the question of how are you going to remember all of these very long, strong passwords that are different from one another? And for that, you use a password manager. So I recommend that everybody install a password manager on their devices.
Your password manager will be unlocked with a single password. That single password, again, should be long and strong and easy for you to memorize. In order to make it easier for you to memorize, I usually recommend a pass phrase, like five or six words chosen at random, because that’s easier to remember than just like 40 or 50 random numbers and letters.
There are a couple of things that you should think about. The most important one is to go to your nearest friendly search engine and do a search on the name of the passport manager and security incident. So you wanna go look to see whether or not it has a history of being broken into, a history of being untrustworthy. If it has a history of being untrustworthy, don’t touch it. If you don’t find a bunch of security incidents, it’s probably okay or good enough. The best password manager is the one that you actually use.
Morgan Sung: Then there’s a nifty little shield called two-factor authentication.
Eva Galperin: So two-factor authentication just means that in order to get into this account, you now need two things instead of one thing. You need the password and you need an authentication code, which is sent to you in some fashion. The most common way in which we receive authentication codes is usually over SMS.
So you are sent a text message. That text message goes to your phone. This is the least secure way of securing an account. And the reason for this is SMS messages are not encrypted, which means that it is possible to intercept them, for example, at the Telco.
It is much easier for other people to get their hands on these messages and to use them to log into your account. Uh, it is still better than nothing in most cases. Having 2FA over SMS is in most cases probably better than having no 2FA at all.
But the better way in which to have your second factor of authentication work is through an authenticator app. So you install an app on your device, and what it does is you sync it to your account and when you are logging in you go to the app and it will give you the code that you enter in addition to your password. This is safer because it is not sending that data over SMS.
Morgan Sung: For extra security, some people might opt for a physical key, which is almost like a little keychain-sized flash drive you stick into your devices to log in.
Eva Galperin: Now this is both good and bad, if you lose your physical key, you are permanently locked out of your device. So the bad news is it works. This also means that if you break your physical key and you don’t have like, a backup key somewhere, you can end up locked out of your account.
And most importantly, if you are in a situation in which you need to secure your account against somebody who has access to your stuff, who has physical access to you, who might get their hands on your key chain, where you have put all of your physical keys, then this is especially unsafe. So this is not a solution that I recommend, uh, to survivors of domestic abuse, whose abusers still have physical access to them or the spaces they’re in or to their stuff.
Morgan Sung: Then, there’s dodging the data brokers.
Eva Galperin: The other thing that you might wanna do is, with your web browser, you might want to install Privacy Badger, which is a web extension which eats tracking cookies. One of the ways in which data brokers figure out where you’re going from one website to another and what you are doing is through the use of cookies. And if you have a web extension that makes it impossible for those cookies to follow you across the web, that makes things more difficult. So those are the basic things that are probably very good for everyone to do and that will take care of most of your problems most of the time.
Morgan Sung: See, that’s not so bad, is it? You don’t need the shiniest, most expensive, top of the line cybersecurity tools just to stay safe online. Most of the time, a little digital hand washing goes a long way.
Eva Galperin: The truth here is that trying to protect everything from everybody all the time is a good way to drive yourself insane.
Morgan Sung: Some people are almost like either overwhelmed by the idea of having to lock it all down, or some people are almost like resigned to a world without privacy because that’s just the new normal. What would you say to them? Why does privacy still matter?
Eva Galperin: Well to begin with, you don’t have to lock it all down. You really don’t. You can still exist in the world. The whole idea behind privacy is not that, again, you should be a hermit who lives on a mountain with no devices. The idea behind securing your digital existence and understanding your footprint on the internet is to enable you to do the things that you want to do and that are important to you in the safest possible way.
Morgan Sung: So, before you post yourself, and especially before posting other people, consider practicing a little digital hygiene—at least a spritz of some digital hand sanitizer. As you can hear from my voice today, it’s flu season, after all.
Morgan Sung: We also teamed up with KQED’s audience news team on a digital guide that breaks down everything we talked about today in a convenient, shareable format. You can find that guide, and a bunch of other great explainers, at KQED.org/explainers. And check the show notes for more privacy and security resources.
Morgan Sung: And one more quick thing before we go, we’re working on a Valentine’s Day episode and we want to hear from you! When do you think is the right time, if ever, to share your location with a significant other? Do you have a hot take on this, or a juicy story? Send us a voice note at closealltabs@kqed.org.
Ok, now let’s close all these tabs.
Close All Tabs is a production of KQED Studios, and is reported and hosted by me, Morgan Sung.
This episode was produced by Maya Cueva and edited by Chris Hambrick.
Chris Egusa is our senior editor, and also composed our theme song and credits music. Additional music by APM.
Brendan Willard is our audio engineer.
Audience engagement support from Maha Sanad. Jen Chien is KQED’s Director of Podcasts. Katie Sprenger is our Podcast Operations Manager, and Ethan Toven-Lindsey is our Editor in Chief.
Some members of the KQED podcast team are represented by The Screen Actors Guild, American Federation of Television and Radio Artists. San Francisco Northern California Local.
Keyboard sounds were recorded on my purple and pink Dustsilver K-84 wired mechanical keyboard with Gateron Red switches.
Ok, and I know it’s podcast cliche, but if you like these deep dives, and want us to keep making more, it would really help us out if you could rate and review us on Spotify, Apple podcasts, or wherever you listen to the show. Don’t forget to drop a comment and tell your friends, too. Or even your enemies! Or… frenemies? And if you really like Close All Tabs and want to support public media, go to donate dot KQED dot org slash podcasts!
Also, we want to hear from you! Email us CloseAllTabs@kqed.org. Follow us on instagram at “close all tabs pod.” Or TikTok at “close all tabs.” Thanks for listening.
