1. Use cash whenever possible instead of credit cards. This is good not only for your fiscal health, but also for your privacy.

2. Disable your account access with all credit-rating agencies. When you need to establish a new credit line, you can unblock it and after that, block it again.

3. When discarding paper-mail, documents and package wrapping, make sure to destroy the name, address, account number, etc – from the envelope as well as from the document itself.

4. Do not volunteer ANY personal information to ANYBODY if you don't know and trust them. They might lure you with attractive promises. They might threaten you with legal actions or arrests. They might demand urgent action on your part. Those are known tactics of so called "bad actors". Verify all such contacts BEFORE you give away any information, no matter how important or unimportant that information might seem to you.

General remarks on computer use

Every computer should have the best available antivirus program installed and used to detect and avoid the traps to which you are directed by hackers.

In the old days of Microsoft's "glory", viruses and malware existed almost exclusively on the Windows platform. Apple's Mac platform did not have this problem, because for hackers it did not pay to waste time creating viruses that would affect only a tiny percentage of computers. Therefore, Apple computers were almost completely safe for use without any anti-virus programs. Those times are long gone. Apple platform began to acquire an increasing part of the computer market. As a result, for at least a decade, more and more malware designed specifically for Apple computers has started to appear. Still, on the Windows platform there are a thousand times more viruses and malware (modestly counting) than on the Mac platform, but at the current stage, the use of any computer without anti-virus software is tantamount to asking for trouble.

If you can afford it, always choose Apple computers and phones rather than Windows- or Android-based ones, because those two are an open-book for malware creators. Always install operating system updates as soon as they are available, because they usually fix new security risks and exploits.

Before you start the daily use of your new computer, it is necessary to make some preparations that will allow you to work at ease, without big surprises, avoiding malware and using the Internet as safely as possible. The same protections should be used at every stage of use – even if the computer is not new. It is never too late. Remember that the most important safeguards always apply to the computer's operating system. Always keep your operating system and browser version up-to-date. As soon as new updates are released, install them immediately.

When purchasing a new computer, make the necessary additional purchase, which is a spare external drive. Make sure the drive is of the right type and with the appropriate connectors, so that it can work with your computer. This drive will be intended for nothing else but making regular and most common copies of everything on your computer. Therefore, the capacity of this drive must be at least the same as the internal startup-disk capacity of the computer (better is significantly larger external drive capacity, to accommodate more copies from different days). There are special programs that automatically copy at a specific time. In the event that the main internal drive fails (which must happen sooner or later), you will not lose anything when your backup was properly and recently made.

Preparation for use

1. The first step after buying a computer should be to protect it with an administrator password, which is easy for you to remember, but difficult to guess by other people (do not use the same password for different purposes). Therefore, passwords such as names of children or pets, dates of birth, place of residence, etc. should not be used. An intelligent approach and a bit of imagination are always the best ways to reduce the threat of all types of computer attacks. If the computer is intended for use by more persons than just the owner, everyone should have separate accounts installed with separate passwords and have access only to the content they have created.

2. The second step is to check all operating system settings and make sure that they match the rules of common sense. All processes that you do not need should be turned off. Not only will that provide more security, but it will also speed up your computer's performance.

3. If the computer's operating system allows the use of encryption of content, you should use this (IMPORTANT: be sure that the password for encryption/decryption is properly secured – if you lose it, you can permanently lose access to your documents).

4. "Clone" the entire contents of the new computer to the backup drive. Later, over time, regular backups will ensure that in the event of failure, fire, robbery, or other unforeseen circumstances, you will never lose the latest version of your computer's contents. It should be remembered that only copies of the encrypted content are also encrypted. If the computer's content was not encrypted, the backup copy also remains unencrypted, in which case the access by unwanted persons to the backup copy is equivalent to the access to the computer's content itself.

5. The first program that should be installed and used on every new computer should be the best antivirus program you can afford. No free program should even be considered, as some of them are a threat in themselves (especially from companies such as Avast or Kasperski).

6. Before you connect your computer to the Internet for the first time, you should check all settings of your web browser and router (in case of a router, change its default password), to make sure there are no surprises that can help hackers access your account on your computer and your browser's accounts.

7. The most important thing is to disable most operations that occur automatically, including automatically installing any updates (if possible). A large proportion of attacks on your computer use these automated processes. Automatic opening of files downloaded from the Internet should also be blocked. For a similar reason, automatic access to your address book should be blocked. Of course, it is very important to regularly manually update the operating system and software, including the web browser. There are apps that help you keep track of updates to your operating system and security updates.

8. Next, you should disable Java software (not to be confused with JavaScript, which is required to view most websites, including this one).

9. Uninstall some programs, such as Adobe Flash Player, which is one of the worst sources of continuous security holes since its creation two decades ago. You absolutely don't need this program, because it is being replaced by newer and more secure technologies, although there are still some websites that require its use. I would not visit those websites. If you encounter the need to install the Flash Player app, at least make sure you download it directly from the original developer, that is from the website belonging to the Adobe company. The same applies to all other programs – the only sources to download them to a computer should be websites belonging to the creators of those programs and the Apple Store and Google Store. All other sources are a potential security threat.

Preparations before getting rid of your computer

All the above steps should be done at the very beginning – before you start using your computer on a daily basis. Whereas, the last steps before getting rid of the old computer (scrapping, selling or gifting) should ensure that it will be "cleaned" of all information about its owner and users.

A. First, it is necessary to make a complete copy of the contents of the administrator's account and the accounts of other computer users (a copy of the internal disk) in order to be able to transfer this content to the new computer.

B. Secondly, you must log out of all programs that impose a limit on the number of users or the number of computers on which they can be installed. If you do not, these programs will likely not work on your new computer.

C. Thirdly, keep in mind that simply dropping files into the trash and emptying the trash bin cannot effectively delete information stored on the disk. They can be easily recovered using a special program. Therefore—in accordance with the procedure for your particular operating system—reformat the internal drive of the computer. For greater security, the disk should be erased in a way that prevents retrieval of old information. This is done by writing zeros and ones to the whole disk. There are special programs for this purpose, and even your operating system should be able to do so. After completely cleaning the disk, reinstall the operating system. This will additionally protect you against retrieving the old information. Of course, the safest and the most recommended method is to remove the internal drive from your computer – if you know how to do it. This last method is especially important in case when your computer is equipped with a solid state drive (SSD), i.e. a device containing non-volatile flash memory, used instead of a hard disk. One of the characteristics of an SSD drive is that it is not possible to completely erase everything that has been written on it. That is why it is important to use automatic encryption of content – provided that your computer's operating system allows it.

Everyday use of a computer

Between the initial preparations for using the computer and the final preparations for getting rid of the computer, which I described above, there should be certain rules for everyday use.

1. Turn off your computer's camera and microphone in software and physically put an opaque cover on the camera in your computer monitor or laptop.

2. Install and use respected anti-malware application like INTEGO VirusBarrier for your computer. There is no better app than this one. Worth every penny. Never use free or cheap anti-malware apps, since they are a security risk themselves (AVAST, KASPERSKY).

3. Use a trusted password manager that comes with data breach monitoring (1 Password). Never use free or cheap password managers, since they are a security risk themselves (LastPass, etc).

4. Do not enable internet connection (or info gathering) in any peripheral equipment. The use of Amazon 'Alexa' and similar devices is definitely not recommended for privacy and security reasons.

5. Do not use Google 'Maps' because this app is a spying tool. Instead, use Apple 'Maps' or other similar, but trusted app. Same goes for e-mail services like G-mail, Yahoo-mail and Hotmail. Instead, choose a secure and private e-mail provider like Proton or Tutanota, who provide end-to-end encryption.

6. Do not download and install applications from unknown or downright shady sources. Hacked software available as license-free or sold for only a fraction of an original price is always full of malware!

7. Even a computer without an Internet connection should be protected against access by unauthorized persons. Examples include co-workers, computer experts who "help" us get rid of viruses and even friends, children and other family members who may unknowingly put your computer at a security risk.

8. Under no circumstances let any third party (unless you know you can absolutely trust them – both personally and technically) connect to your computer any devices, such as external drives, portable memory, or even CD, DVD and BlueRay disks. Each of these devices may contain viruses that can be automatically installed on your computer. Even connecting certain cables can be a threat under specific circumstances.

9. Then, there is the issue of access to information on the computer by technicians who repair the computer or assist in installing and running specific software. Such services should be performed only by reputable companies known for their reliability, professionalism and accuracy. Free or extremely cheap services are always a potential threat. Usually, technicians need access to an administrative account, which—in practice—gives them the same privileges to read, write, edit and delete information that the owner of the computer has. That is why it is important to use the proper system of encrypting the content of your account on the computer. No one except you should have a password to the encrypted content.

10. Finally, before each computer repair, the internal disk must be fully cloned to an external drive, in case something goes wrong. Make sure that only you are in possession of any such clones.

General remarks on using the Internet

The subject of security on the Internet is like an ocean. New threats arise every day. It is not possible to cover the whole problem without writing daily updates. Therefore, in the following chapter, I will try to only briefly describe these threats and general ways to avoid or eliminate them, but—as always—the surest defense against all the dangers lurking on the Internet is your common sense, constant vigilance and gaining knowledge about how a computer and the Internet works.

First of all, you have to realize that if you use the Internet, then—to a great extent—your privacy no longer exists, and sometimes, your computer's security is vulnerable to attacks by cyber-criminals, spies and government agencies. That does not mean that we cannot do anything to make it more difficult or almost impossible for them to accomplish. On the contrary, we should do all we can.

The Internet is a very dangerous place. You move in a jungle full of predators and all kinds of criminals. Most people using the Internet do not recognize that fact. Danger is lurking when you open an email from an unknown source (and sometimes even from a source that looks familiar), when you click on a link that will lead you to a trap and even when you go to a website that you know well, but that is not protected against hackers.

The largest Internet companies such as Google, Facebook or Instagram use these more or less covert methods of getting all information about you. The main business of these companies is gathering the maximum possible information about Internet users. They created entire ecosystems comprising of free products and services to entice unsuspecting users to divulge all the information they can obtain legally (and sometimes illegally). The most covert and perfidious ways are used by Facebook, because they are designed in such manner that their users can't resist sharing their most intimate information with an entire world.

This is an established tactic of an established dark business, whose legality, unfortunately, is not regulated by laws or government rules, especially outside of the EU. Probably because government agencies use similar tactics and they buy the same information from private companies.

Government agencies, Google, Facebook and other companies specializing in compiling and analyzing data about users, know more about you than you know yourself. They know, with great accuracy, what is your age, skin color, sex, sex preferences, how often do you brush your teeth, whether you are pregnant, whether you are considering the possibility of divorce, what are your political views (often they know it sooner than you do) and other details of this type, which you've never even consciously revealed to anyone. This is no exaggeration. This is documented in many studies and statistics related to the flow of information on the Internet.

All this information is harvested mostly without your knowledge and without your consent. You are not paid for any of it, while big Internet companies are making billions of dollars. For some of them, harvesting and analyzing user data is their biggest or only source of income.

The well-known novel by George Orwell titled "1984" presents the world of the future in which "The Big Brother" (dictator) controls the thoughts and deeds of all citizens. Orwell's prediction is now a reality, and in some aspects, has already been far surpassed by the reality.

Browser recommendations

I strongly recommend installing the latest version of whatever browser you use. Old versions of browsers may pose a risk in terms of security against hacker attacks and leaking private information.

If, for any reason, you can not or do not want to use the Safari browser (the best all-around browser that does not spy on its users), at least try DuckDuckGo, Brave, or Firefox, which are next well-known browsers commended for their privacy and security. The DuckDuckGo browser is especially highly recommended for Windows/Google Chrome users, because it removes most trackers (something that Google hates because it cannot spy on you).

Brave browser, although respecting users' privacy, is built upon the 'Chromium' base, therefore, it shares same general vulnerabilities as Google Chrome and Microsoft Edge browsers. Taking this into account, I would rather use the brand new DuckDuckGo browser which is built from scratch on its own base. It is designed in the way that makes users' privacy the ultimate goal. It also gives you convenient email address aliases to shield your actual addresses. For general use, the DuckDuckGo search engine is the ultimate one—for few years now—which is why I can recommend it wholeheartedly. It is much preferred to Google search engine, who shamelessly spies your pants off.

One of the main culprits for losing privacy in those browsers is a feature called auto-complete. If there's a possibility of other people having access to your computer, this feature should be disabled.

Websites

The latest versions of web browsers give you new methods of protection against Internet traps. They warn you against entering websites that are known to spread viruses and malware. But, as I mentioned earlier, the hackers do not fall asleep for a second. Each detected malicious page is getting replaced by two or three new pages that are not yet detected.

Since mid-2017, browsers have also begun to warn viewers before entering websites that are not protected against hacker attacks. Such websites allow hackers to "inject" viruses or spying instruments in such a way that they are invisible and difficult to detect. If the website address begins with https, it means that it is at least in a basic way protected against hackers. If, on the other hand, it starts with http (one letter of difference), it is open to hacker attacks.

E-mail

Most people use email on a regular basis. A large part of them do not realize that billions of e-mails are sent daily by advertising agencies, hackers and spies – mainly for three reasons: either someone wants to sell you something, or extort your private information, or remotely install malware on your computer, to take control over it.

You must realize that hackers are constantly working on inventing new ways to mislead unprepared and unsuspecting recipients of e-mails. They do everything they can think of to fool the recipients with the content and appearance of their e-mails, to create the illusion that you receive those e-mails from legitimate sources like banks, credit companies, Internet providers, telephone companies, insurance and government agencies and myriads of other legitimate sources. Anti-virus and anti-spam programs protect us against these threats to some extent, but hackers are always one or two steps ahead. It is impossible to predict what their next trick will be.

The general rule is: never click on any buttons or links in your e-mail without first checking where these links lead. Another rule: do not give away your e-mail address, unless you really have to, or completely trust somebody.

First example of "fishing":

My cousin Janek told me how his intuition allowed him to avoid installing a Trojan horse on his computer.

When he turned on his computer and browser, a warning appeared on his screen that his computer had a virus and that he must phone a company that would give him instructions on how to get rid of the virus. Still not suspecting anything, Janek called them. He was told that he must change some settings on his computer. Then it became clear to him that someone wants to "put him on a horse" (of the Trojan variety).

It’s unbelievable that such primitive attempts still find naive people who are willing to accept them as truth and follow the instructions of criminals. These types of monkey business are in use for years. Unfortunately, the new methods are much more sophisticated, perfidious and more difficult to detect.

Second example of "fishing":

– this time from my own experience.

I received an e-mail from what looked like the Apple "Technical Support" located in Poland. Besides being written in Polish, not in English, it looked almost exactly like the ones that come from real American branch of Apple "Technical Support". The difference could be seen only in the case of a direct comparison of the legitimate e-mail with the one I am writing about.

This Polish-language e-mail alerted me that my password and e-mail address on my Apple account have been changed. In addition, I was warned that if it was not me who changed my data, I should click on the provided link (which looked like the real address belonging to Apple) and change my data as soon as possible. Of course, the link was crafted in such a way that it led to a fake website pretending to be belonging to Apple. If I changed my password and email address on that site, hackers could use it to break into my real account on the Apple website. I suspect that this was a trap created by Polish cyber-criminals – perhaps even ones that were unknowingly employed by Apple. Instead of using a link that was "conveniently" provided in an e-mail, I went directly to the Apple website, I entered my account and changed my password in there (just in case).

This example illustrates the principle of not using direct links in unverified e-mails. Instead of clicking on a link, always go directly to the legitimate site and only then change your account details or your personal data.

Conclusion

Try never to fall into the trap of "free" products or services. Realize that nothing is for free. If someone offers something "for free", it means that he has hidden intentions towards the gullible users of his offer.There are exceptions to this rule, but it is not easy for an average Internet user to find out which free offers are safe. The situation is further complicated by the fact that giants such as Google and social media have created free programs and services which are difficult to dispense with (eg Gmail). Therefore, even people who are fully aware of the risk of losing their privacy decide to voluntarily waive their rights, if it is a condition for using free services.

If you want to find out what information is available about you on the Internet, open a browser and enter your name into the search field. The result can surprise you and even frighten you – depending on how much you value your privacy.

OK, you've been warned in general terms.

Now, there are some more specific recommendations worth following. Complying with one of them will make you safer. Complying with all of them will make you almost invincible – at least for a while.

1. Get a new wireless router from a major manufacturer. New routers have much improved security features in comparison to those from 3-4 years back. Make sure that the new router complies with WPA3 protocol. Change router's default password as soon as you can. Also, set the automatic firmware update, if possible.

2. Use a privacy respecting browser, such as DuckDuckGo, Brave, Safari or Firefox. Never use Google Chrome! Set your browser to automatically delete your cookies and browsing history after each session.

3. Enable 2-factor-authentication on all your accounts.

4. Use respected e-mail service like Proton or Tutanota. Never use Google G-Mail! Proton gives you new email addresses and aliases that you can discard if/when they become compromised.

5. If you use less secure e-mail provider, turn off image-loading as a default. You can turn it on manually for messages that you trust.

6. Do not give away your real e-mail address, phone number or personal information, if possible. When asked for such information, use fake data, unless it is unlawful or may negatively affect your medical, financial and/or credit identity. Go to the trouble of reaching out to your old accounts and retroactively change your real data to the fake one. Remember – your dentist does not need to know your Social Security Number. Just refuse to give it to them, unless it is mandatory.

7. When registering/signing up on fora and/or so-called social media, never give up your real name. Choose pseudonyms instead and e-mail address aliases instead of your real e-mail address. When asked to choose "security questions and answers", do not use real answers. Have a record of such question/answer pair in your passwords manager, in case you need to verify your answers at a later date.

8. When registering/signing up for new accounts, never use a password that already exists and is used elsewhere (at least 16 characters, but more is better: letters in lower and upper case, numbers and special characters).

9. Do not click on any links in emails. Instead, go the long way and use the official website address and login feature. Also, never open attachments to an email unless you are absolutely sure that the message was sent by a real person or institution you trust.

10. Do not sign up for any newsletters, unless you trust the source. Better way is to subscribe to RSS feeds from same sources.

11. Do not respond to requests for feedback surveys.

12. Be wary of any "privacy-protecting" websites that you are not familiar with. There are known instances of criminals pretending to be one of those privacy saviors. For example, there is a guy who launched multiple websites mimicking the 'Privnote' service that sends private messages and then destroys them, so that they can not be used by forensic services. Instead, he used them to steal cryptocurrency from trusting users.

13. Use trusted services like 'Have I Been Pwned?', where you can check whether your e-mail addresses and passwords have been compromised in a known breach and 'Blacklight' where you can check websites for presence or lack of privacy-defeating dark patterns.

Those are valuable resources for anyone wanting to know whether their e-mail address (or password) has been compromised (and they appear in a publicly available data dump). Enter your e-mail address and press the "pwned?" button. You will get an instant answer. In case your address has been indeed compromised, you will also get informed about specific breach that compromised your e-mail address. Also, you can find information on various security breaches that may affect your personal data.

After you've learned that your e-mail address and/or password had been compromised, immediately change all passwords that are associated with that e-mail address. You might also consider abandoning this e-mail address and getting a new one instead. Some e-mail services like Proton or Tutanota provide e-mail aliases, which are very convenient, because you can easily dump an alias and generate a new one in case it's been compromised.

Here is what I learned about privacy issues facing myself when I visit my bank's website (and this bank is one of the most trust-worthy in America).

Other companies either block all information about them when they sense that they are being scanned, or make the scanner crash. Facebook, Instagram, Threads, Bank Of America, etc, all do that.

By contrast, here's what 'Blacklight' tells about our Family Portal:

Facebook

is the largest and most nefarious social media company. Why? Because the company's business model takes advantage of the ignorance of the huge majority of Internet users and is structured in such a way that users voluntarily and eagerly supply Facebook with their personal data and pictures of themselves, their newborn children, family and friends. The entire Facebook system is designed exclusively to extort the most personal and intimate information about its users and then use that information to make gigantic profits. All their "free" services and features are only there to lure the maximum quantity of naive users.

It is almost impossible to adequately describe the perfidy and deception of this model with sufficient depth, and—at the same time—in an easily understandable way for naive consumers who have an itch to share with the world everything that is personal and what should be their exclusive secret.

Only fools and adolescents who can't wait to spread their trollings and selfies around the world can be forgiven for using Facebook. But even they will be sorry one day, when they realize what they've done.

A similar situation exists for other "social media" such as Tweeter, Instagram and for Google eco-system (Google G-Mail, Chrome browser, YouTube videos and Maps are examples).

Below are download buttons to two PDF documents on "digital gangsters": Facebook and Google. Clicking a link will download a document to the default folder on your computer.

• 02 - why is anyone still on Facebook – This document contains, among other things, instructions on how to cancel your Facebook account and how to check that your personal data has been sold to British digital gangsters from Cambridge Analytica.

• 03 - RD compilation – digital gangsters – This is a very extensive collection of articles, mainly from privacy and security companies on the Internet.

Since about mid-April 2017

—when using a modern browser you visit websites that are not secured—you can see a warning saying that these websites are not "safe". This is not necessarily completely true. Most of these "dangerous" websites are still relatively secure. And some websites that are not flagged as dangerous, in fact are. Paradox?

So what's this warning about? The reason for the warning is the change in rules that govern web browsers. For starters, only Firefox and Chrome warn you, but soon the rest of browsers should follow suit. All unsecured websites are considered dangerous by the browsers. And the only difference between safe and dangerous pages is a single letter in their addresses. All pages whose address begins with http are considered dangerous, while those whose address begins with https are considered safe. The condition for using the address starting with "https" is to obtain a special certificate from an Internet organization that is entitled to grant them.

I have obtained such a certificate in March 2017. Our addresses start with "https" and show a small padlock in the browser's address bar. "Https" in the address means that the page is secured. Usually this part of the address is not visible to the human eye, but it is visible to the web browser.

And here comes the next part of this paradox in new rules that govern Internet browsers.

The mere fact that the site is secured by a padlock is not a guarantee that it is completely "safe" for people who visit it. Hackers have ways to add or change scripts (code) on a padlocked page. As a result, people who view such a "secured" page can be sent without their knowledge to another site, where hackers steal your personal data, passwords, credit card numbers, etc, etc. They can also intercept your cookies and use them for various types of evil deeds (some cookies are required for the proper and efficient operation of our PORTAL). These types of hacker attacks can be prevented or significantly reduce their risk. For this purpose, the person who administers the Internet domain (i.e. myself, in case of the dlutek.com domain) must put in place special directives, which are included in a document located on the server and to which hackers have no access.

I am proud to announce that by June 10, 2017, I have already implemented most of the aforementioned directives. As an outcome, I achieved a significant improvement in the results of PORTAL testing for resistance against hacker attacks. Immediately after obtaining the certificate, my test result was rated "F" (only 15% of tests were passed). My latest rating is "B +" (80% passed tests). I will continue to work on improving this assessment, although a full 100% is almost unachievable utopia, because these new directives in some circumstances limit or prevent the functionality of some features of websites.

In addition to all things mentioned above, since May 2018, I have implemented further security and privacy measures, according to new rules imposed by European Union, known as GDPR.

How does this affect the use of our portal?

The remaining 20% of failed security tests are caused by our PORTAL using resources from other web sites (for example YouTube videos). That's why viewers of our PORTAL like you must decide themselves whether or not to trust those external sources and express their decision by using enabling/disabling buttons that can be found in the COOKIE MANAGEMENT subsection.

Unwanted guests and persistent hackers

In my opinion, the only way to completely secure any website, after implementing all measures described above is to password-protect it. You can read more on this subject in the next chapter entitled, as you may have guessed, MEMBERSHIP SYSTEM ON OUR PORTAL.   

The level of security of our PORTAL

—both against hackers and unwanted guests—was raised through implementation of the membership system, which I introduced in January 2018.

Since then, only the home page, PRIVACY, HOW TO USE THE PORTAL, INTERNET SECURITY news, WHAT'S NEW? blog and LOGIN page, are available to all viewers without any restrictions. The main part of the PORTAL (the FAMILY section and all its subsections) is available only to invited and logged-in people. There are two categories of these viewers: family members and family friends.

If you want to invite family members or trusted friends to participate in our family portal, you can do so. Invited people will be qualified into one of the above two groups.

The only difference between these groups is the privilege of viewing the entire content of the portal. Family friends do not have access to family albums, documents and family tree, which are visible only to logged in family members.

People who would like to open an account on the portal should send me an e-mail with their full name and surname. After this action, they will receive an invitation from me that will initiate their membership in the FAMILY section of this portal.