When the SHTF and society breaks down Preppers know they will need to practice the arts of concealment, evasion and camouflage.
Whilst the SHTF moment is not yet upon us (debatable) the Digital Prepping practices covered in this post are the essentially the very same arts of concealment, evasion and camouflage – just in the digital world.
In this Digital Prepping post we have provided a Digital Prepping Guide on how to:
- Stay anonymous online
- Reduce your digital footprint and fingerprint
- Reduce your digital threat surface
- Cover your digital tracks
- Conceal your digital presence
Digital Prepping Basics: BACKUP DATA
Before we get started a word on data backups.
Heard of the 3-2-1 rule of backup? No?
Then listen up and do this 1st as nothing and no-one can ever be totally hidden digitally or un-hackable.
Back up you data.
- 3 backups,
- 2 locations,
- 1 of them offsite.
If you get hacked and your data is encrypted by others and then ransomed for a fee to decrypt – this is very bad. If you pay, maybe you get the data back, maybe you don’t, but someone else has your data.
You can avoid the hack to begin with following some of the hints and tips below. If you do get hacked, because you have a backup, wipe the drives and restore form your backups.
Painful, time-consuming but cheaper and safer…but they still have your data!
We have divided these digital prepping practices into simple, moderate and advanced sections assuming that if you choose to read the advanced you have already got yourself covered with the Simple and Moderate strategies and tactics.
None of these are mutually exclusive, in fact they should be stacked together to reduce your digital threat surface, visibility and fingerprint.
Finally, we have provided all of this information in the hope that you will be safer and achieve your concealment and anonymity goals – not so you can do ‘bad things’ to anyone or any group.
Digital Prepping Guide Content List
This is what we have covered in the post below.
Simple Digital Prepping Practices
- Update all your software regularly
- Cover Your Cameras
- Fix your Facebook Privacy settings – if you use Facebook 😉
- Don’t Open Phishing Emails
- Use WhatsApp for Messaging
- Turn off or disconnect computers from the internet if not in use
- Have a Proper Password Strategy
- Reduce the Number of Platforms You Use
- Use DuckDuckGo search engine instead of Google
- Turn off Geotagging for Photos in iOS device
- Always use HTTPS version of websites
- Always use Private/Incognito mode on ALL devices to browse the Internet
- Disconnect your SmartTV from the Internet
Moderate Digital Prepping Practices
- Stop your WiFi Router from broadcasting its name (SSID)
- Install a quality (Paid) Antivirus and Malware solution
- Use Two Factor Authentication (2FA)
- Invest in a VPN (Virtual Private Network)
- Use the TOR browser
Advanced Digital Prepping Practices
- OS Virtualisation
- Encrypting your hard drives
- Test your Online Fingerprint
- How visible, concealed, safe and anonymous are you on the internet?
- How many of these Digital Prepping Strategies do you deploy?
- How do you rank compared to others?
Simple Digital Prepping #1: Update all your software regularly
This is simple and with some systems, automatic.
Whilst I personally like to wait a month or so for standard updates to OS’s in case there are reports of things not working correctly, if a security update is released for any platforms iOS, Android, Windows macOS – I’ll make sure these are applied immediately – its one of your best and easiest defences with very low technicality or involvement from you required.
Also ensure all of you web browser/s are updated.
Google Chrome provides a little notice on the right of the tool bar if you browser is out of date so look for that and check regularly yourself.
Simple Digital Prepping #2: Cover Your Cameras
Whether its on your mobile device, you laptop or desktop PC or MAC with an external webcam, make sure you cover them with a sticker to tape.
Hackers can remotely activate these cameras and spy on you. Why? Social engineering.
You can put any type of non-transparent sticky tape over the camera and you can even buy little, re-usable stickers for different devices from eBay or Amazon as some other tapes leave behind a residue.
Cameras on MAC products have an LED which is hardware linked in the operation of the camera, that is if the camera is on the light is on. On other systems these lights can be disabled so you would never know if the camera was on or not. Just cover-up.
Simple Digital Prepping #3: Fix your Facebook Privacy settings – if you use Facebook 😉
This is a personal thing but I recommend you set everything to friends only.
Anything tighter than this and you should ask yourself why you are on Facebook – unless you’re a spy, lurker, stalker, creep?
Make sure you’re not fully public for photos, timeline etc.
These are perfect places for social engineering hackers to run their game.
Simple Digital Prepping #4: Don’t Open Phishing Emails
If you receive any email from anyone you don’t know, delete it.
If its important they’ll call or message you.
Phishing emails essentially pretend to be from a real organisation such as a financial institution and provide fake links for you to follow to ‘update’ your accounts etc.
If you follow these links, they capture the data you enter and/or malware is installed on your computer and all manner of different outcomes can occur such as the hackers using your machine as one of the zombie machines in a DDOS attack, encrypting all of your files for a ransomware attack, spreading itself to your contacts via emails etc.
The same is true for links in SMS you receive from unknown numbers. Just delete the message.
Simple Digital Prepping #5: Use WhatsApp for Messaging
WhatsApp is a free messaging service that provides always-on encrypted messaging.
That is, only you and your recipients can read the messages and even Facebook ( who own WhatsApp now) cannot read or know the content of your messages.
Facebook messeneger also has this capability but at this time you must activate it manually on each chat. See how to do this on facebook here: https://lifehacker.com/how-to-turn-on-encryption-in-facebook-messenger-1787401627
Simple Digital Prepping #6: Turn off or disconnect computers from the internet if not in use
Another simple step because if your computers are not online – and its still in your possession – your safe(r).
This is much easier with a PC or MAC as you can simply shut it down, unplug the ethernet cable or turn off the WiFi. Mobile devices are a different matter due to the way we use them.
A good rule of thumb is to turn your mobile device to airplane mode when you are in a meeting or go to sleep at night. This of course depends on your situation – for example if you have someone who is elderly or sick and depends on you, you may have to have these devices on 24/7.
By turning them off you are reducing your threat surface and visibility.
Alternatively you may have a specific device that you do all of your internet banking, facebooking, forum-ing, emailing on. This is somewhat inconvenient and difficult to adhere to in today’s modern world.
Simple Digital Prepping #7: Have a Proper Password Strategy
In 2018 its all about pass-phrases, not passwords.
Pass-phrases are typically longer, which is always a good thing with passwords from a security perspective, and are easier to remember than a single random word. Depending on how often you type it, you could even make it some motivational message “keepitsimplesurvive” for example.
But, to crack longer passwords, crackers are adding bible passages, book quotes and even online discussions to their dictionaries, increasing the odds of finding passwords based on common phrases so be sure to pepper your phrases with punctuation and some of the funny characters on the key board like ^&@~%.
This breaks up the phrase even further making it harder to crack.
See if you can figure out this one. (not used anywhere!)
Ideally you will have a seperate pass-phrase for every different login, for example:
- Your computer
- Your tablet
- Your mobile device
- Your private email
- Your work email
- Australia Preppers forum 😃
- Your internet banking
- Your amazon account
- Your home automation cloud
- your iCloud account
So that’s a lot of different pass-phrases and many people have many more!
An easy way to remember them all is to choose a topic you are passionate about and make the phrases about that topic.
You can then provide a positive phrase and a negative phrase about 1 part of that topic, and append each phrase with an identifier for yourself to help remember which pass-phrases are for what service. For example:
If you choose not to change or update and you use 1 password of everything, when you fall victim to a phishing attack from 1 account and/ or someone gets access to your computer or mobile device, does some social engineering on facebook – they could steal your identity entirely.
Simple Digital Prepping #8: Reduce the Number of Platforms You Use
The most effective way to reduce your footprint is to reduce your usage and quantity of platforms you use.
Whilst this becomes harder and harder every day especially if you are a heavy internet or technology user, limiting the number of different platforms you use is a start.
Review all the platforms you have ever signed up for.
If you are not using any of them, delete the accounts and get out.
Sometimes the deletion process will happen right away and sometime it can makeup to a month before the deletion actually occurs.
Manage your email, emails.
Part of this process should also be to UNSUBSCRIBE from all newsletters you no longer want to read regularly. Scan you inbox over the last few months, find those newsletters, and use their required unsubscribe buttons.
When you do this now, yes your data will still be there for a while, but the longer you’re off it the less likely they are to have it in a few years. This reduces your threat surface significantly as these companies have data about you and if they’re hacked, the hackers get that data too!
Consider closing down or abandoning these email addresses completely if they are out of control.
At a very minimum, create 1 email address for any social media platforms and have a completely different one for family and friends.
Simple Digital Prepping #9: Use DuckDuckGo search engine instead of Google
Essentially when you are searching, a lot of data about you, your location and you devices is shared to Google and the website you click on from a Google search.
DuckDuckGo does not do this, reducing your digital visibility.
Whilst I do believe that Google’s search results are better – more relevant and accurate – this is due to all the extra data they’re able to collect from everyone! This double edged sword of convenience over privacy will be forever prevalent.
You can download the Chrome browser extension here and it will automatically use duckduckgo service to ensure your visibility is low during search.
Simple Digital Prepping #9: Turn off Geotagging for Photos in iOS device
Geotagging is essentially adding geographical information to media files. With this information it would be possible to identify exactly where a photos was taken – like your best BOL(Bug out location)!
If you are in your BOL and you take ap hot with this on, then people know where you have been. If you are trying to be ‘grey’ its a) not good to have your photo taken b) not good to have those photo geo tagged – if they get published that info remains with them forever unless specifically stripped.
If you have ‘no-receiption’ when the photo was taken then the last known location ( when you last had service) is likely used.
It is possible to prevent your iPhone from recording location Information by turning the geotagging feature off in the Camera App on your iPhone or iPad.
Go to: Setting —> Privacy —> Location Services —> Select Camera —> change to Never.
This can be done for all apps – Facebook App for example.
Simple Digital Prepping #11: Always use HTTPS version of websites
HTTPS identifies a site as being secure – that is all traffic to and from that websites server and your browser inputs are encrypted- safe from snooping.
Every website you visit should have this feature today. If they don’t, don’t visit them.
You can make your browsers always select the secure site by using a simple browser extension/plugin called HTTPS everywhere.
Simple Digital Prepping #12: Always use Private/Incognito mode on ALL devices to browse the Internet
All browsers on all devices provide this functionality now so use it.
Remember this DOES NOT hide you from the outside (ISP’s websites, others), it just makes sure that none of the sites you have visited store cookies or any other information on your device.
A majority of people over-estimate what this does for you so far as privacy and protection.
This simply means that should anybody gain access to your device or computer they will not be able to view your history or search for cookies and find anything. – unless of course you visited when NOT in incognito or private mode of course.
Websites, search engines, internet service providers, and governments can still easily track you across the web if all you are using is incongnito.
Simple Digital Prepping #13: Disconnect your SmartTV from the Internet
I know it kind of removes the reason for having a SmartTV but this reduces your threat surface, footprint and eliminates yet another webcam, microphone and intrusion device.
Just do it and use a secure browser in incognito mode over a VPN (see below) to watch Netflix…remember though because you subscribe to Netflix they know how you are…and where you live…and how many and what type of devices you have already!
Moderate Digital Prepping Practices
These digital prepping strategies are called moderate because they need a little more skill or may have a cost associated with them.
Moderate Digital Prepping #1: Stop your WiFi Router from broadcasting its name (SSID)
This is security through obscurity and whilst not recommended as a general strategy as it quite weak, this is a solid strategy for your Wifi.
You WiFi has a name – It’s SSID – which it can broadcast – or not.
Standard functionality means it is broadcast so that anyone in range can see it and try to connect. Of course your should be using a secure solution here so even if they can see it they still have to hack it.
But when you turn this broadcast off, unless they have more advanced tools and are doing some wardriving (scanning for open networks whilst driving around), you’ll be better off.
To turn of this SSID broadcasting you will have to login into router/modem and find the option to do this.
Just google or duckduckgo the name and model of your router to find the manual online. If you have already changed the password good for you. If not they’ll be in the manual…change them too using our password recommendation as detailed above.
Learn everything you always wanted to know about Wardriving here: http://www.wardrive.net/
Moderate Digital Prepping #2: Install a quality (Paid) Antivirus and Malware solution
Don’t use free stuff. It might be good for a quick scan now and again, but you want active protection from the best.
My recommendation is Malware bytes, they’ve been around since 2006 and works on Windows, macOS and Android.
Pay for it, install it on all devices. make sure its always on. ‘Nuff said.
Moderate Digital Prepping #3: Use Two Factor Authentication (2FA)
A lot of services are now starting to offer this additional security feature.
Essentially if your password is stolen or hacked and someone tries to use it to login to an account where you have enabled 2FA, because you have to use another device to confirm the login when 2FA is activated – like your mobile phone – if they don’t have that device to confirm the login, they don’t get in…but neither do you if you don’t have the device with you.
Every time you login anew you will need to sign as per normal AND use an authenticator APP on your mobile device to approve the login. Yes its a bit painful sometime, but worth it to stay secure.
These services have it enabled:
- Amazon web service
- Some Microsoft products
Here’s an awesome review of all the 2FA sites and how to set them up!
Here’s a simple exapliner video from Google about it too.
Moderate Digital Prepping #4: Invest in a VPN (Virtual Private Network)
If you are concerned about anybody knowing who you are – anonymity – what you are doing, where you are or what your internet usage is like then get a VPN.
Buy it and install it on all your devices and have it on all the time.
If you want to be really anonymous, go to a free public WiFi spot, buy your VPN with crypto currency (bitcoin or darkcoins) so the transaction cannot be linked back to you, whilst using a TOR browser (see below). All depends on the threat model you are working with to how serious you want to get.
Whether you’re at home or not and especially if you’re in a coffee shop, airport or using some other public WiFi spot – only use them if you have your VPN on!
- Visiting Facebook. Turn it on.
- Emailing? Turn it on.
- Shopping on eBay? tTurn it on.
Your visibility is significantly reduced by using a VPN and is one the best investments you can make for all your internet connected devices from a security and anonymity perspective.
The VPN ensures that ALL traffic from your computer is encrypted, cannot be viewed and if intercepted could not be decrypted.
It also means that your real IP Address ( your location ) is not known and you could be in Sydney, Australia but websites and ISP and governments (maybe) would think that you were based in London for example.
My favourite is HideMyAss.
Here’s a link: https://www.hidemyass.com/en-au/index
Moderate Digital Prepping #5: Use the TOR browser
If you want total anonymity on the web this is it.
According to Wikipedia “Tor is free software for enabling anonymous communication.”
TOR protects a users privacy but does not hide the fact that you are using TOR and some website restrict the use of TOR browsers.
Get it here: https://www.torproject.org/index.html.en
Use it if you like…Some believe that downloads of TOR are being tracked as is usage – remember its is known if you are using a TOR so you can be “deanonymised”.
It is possible that just by using it you are defining your digital fingerprint (see below) to be unique enough to be identified as you!
So download it with your VPN on (the one you bought with crypto)- you’ve got it on all the time anyway don’t you…?
Use it only with your VPN on.
Read about that here: https://thetinhat.com/tutorials/darknets/tor-vpn-using-both.html
Advanced Digital Prepping Practices
The following digital prepping practices are taking it to the next level and will need some more advanced knowledge and spend and when layers or stacked with everything else we have discussed provides a comprehensive (but not unbreakable) digital fortress.
Advanced Digital Prepping #1: OS Virtualisation
This is more to do with protecting yourself from viruses as opposed to being anonymous. Its a threat surface reduction strategy.
If you wanted to download something you were suspicious of, then you would do that in your virtual machine, disconnect the VM from the network and install and run the software.
There are few good ones – some free like VirtualBox which runs on Windows, Mac and Linux.
For Windows only try Microsoft’s version its free too: https://www.microsoft.com/en-au/download/details.aspx?id=3702
Advanced Digital Prepping #2: Encrypting your hard drives
Even though your computer has a great password (now), if someone does get in all your files are open to see as they are not encrypted.
Both windows and Apple provide a way for you to encrypt your files on your computer.
Apple’s version is called FileVault and you can find instructions here directly from Apple: https://support.apple.com/en-us/HT204837
Windows user must be on Windows 7 or above to use Bitlocker – their version. Here’s a great guide on how to set that all up:
Advanced Digital Prepping #3: Test your Online Fingerprint
Even with all of these things in place your computer leaves behind an online digital fingerprint that is (almost) unique to you.
Essentially your goal is to obfuscate yourself amongst all the other data that is being transmitted such that, you cannot be identified by this. The more data the more obfuscated you are but your browsers identifies itself and especially with identifiers like the fonts installed on your machine/ in your browser.
These fingerprints allow others to be able to statistically estimate how likely traffic came from you based on this fingerprint 1in 100, 1 in 1,000, 1 in a million – for example.
Obviously the lower the number the more likely the data belongs to you, just like a fingerprint.
You can test how well your browsers, VPN, TOR protect you by doing the test below which is a research project of the Electronic Frontiers Association.
Do it with a chrome browser then do it with your TOR and see the difference.
If you want to check your online footprint – not finger print – the just google your name and see what comes up!