Ask HN: How do I make sure my non-technical parents are safe online? I don't want them to become victims of phishing, hacking, ... any ideas? Any ideas how I could prevent these? |
Ask HN: How do I make sure my non-technical parents are safe online? I don't want them to become victims of phishing, hacking, ... any ideas? Any ideas how I could prevent these? |
They LOVE the Internet. This morning I helped my dad install an antenna for a HAM radio, and he needed to terminate some coax cables, so found a YouTube video on how to do it. We watched it together and then did the cable.
My mom's an avid old time fiddling (violin but not classical) musician, and likes to find videos, recordings, and music online. Also a lot of things about knitting, plus finding podcasts to listen to.
That said, I worry about them. My father specifically. He's starting to have cognitive problems, and his long standing (and good in the past) habit of installing and trying things is starting to hurt his experience and his computer.
First, I keep finding extensions in Safari that are injecting ads into his web browsing - not sure where they come from.
Then the other day we found out Chrome and Firefox was completely uninstalled, and Chromium was installed. My guess is he downloaded some "bundle" that had it.
Then when his computer started getting slow, he found some "speed up your computer" thing for just $70 - that ended up being Linux on a thumb drive, and the idea was you boot from it, and your computer is now "faster". I tossed it before he ever tried it.
So right now, I'm thinking of installing a limited (can't install things) account for him on his Mac. Or turn on child protection settings.
So basically, his curiosity that's had him using a Mac since 1990 is his very downfall with the computer now that he's having cognitive decline. Ironic in a way.
Honestly it would be nice if someone like MS or Apple would make an "Elderly Parent" mode to go along with Child Mode. Similar idea, but different needs.
(I know it's not the same as a Mac, even if you try hard, which nobody should. However, the very things that make iOS more secure for some users are what sets it apart from macOS, making it less flexible but more resilient.)
The idea of "iPad mode" for a Mac is not bad. Basically it's very locked down, but has the full advantage of mouse and keyboard along with large screen.
For non tech users, iOS is pretty safe.
Ipad + iPhone and you're good to go. Leave the notebooks and PCs in the 80s where they belong.
All she needs is email and web browsing. I'm pretty sure as far as security threats are concerned she is vastly better of with Linux. The usual exploits targeted at end users simply won't work.
What makes you say "Avoid Linux"?
No security is perfect, a small handful of bugs over the last so-many years is about as good as any platform can hope for.
If you're a CIA agent or run a bitcoin exchange it might not be good enough for you, but for most people it's a pretty good set of options.
The worst right now are the ones offering some kind of rebate or refund, and then a really tricky one where they overpay and have you send money to another "vendor" in the amount of the over-payment.
Elderly people where my wife works are constantly scammed by people telling them they are due for their free cancer screening, or their "grandchild" is asking them for bail money.
uBlock Origin Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
They won't need to use the keys if they stay on the same device all the time, but it will have a big impact on anyone trying to steal their passwords. Instructions here: https://techsolidarity.org/resources/security_key_gmail.htm.
There was a good Penn & Teller: Bullshit! episode on this, called 'Easy Money'.
My parents machines, even the ones they buy without telling me, still connect to the internet through their router. OpenDNS blocks requests for blacklisted sites. It doesn't help their cellphones, but they are also under instructions not to do any banking on their phones.
Adblock+Noscript
It helps. They sometimes have to call me when websites don't work but it blocks the annoying popups that can sometimes confuse older people into scams.
Then drill it into them that they should “never click any link in an email for any reason whatsoever. If the bank, for example, sends you a message with a link then ignore the link, leave the email app and log in to the bank the normal way to check the account.”
Regarding phishing, I set them up with a GMail account and their filter is quite good against this.
So far, not anything bad happened, some minor malware were installed through malicious web browser extensions, but no financial damage or identity theft.
On a more OOtB note, have all their web traffic route via a web proxy that will prevent phishing, MITMs, scan against viruses etc.
As I’m writing thing, I wonder if there is a “senior mode” distro/plugin for OpenWRT.
Also, on the Windows vs. Linux debate, a significant number of programs break if you're not running Windows as admin. I just installed Bitdefender and you can't do things like shut down protection to see if it broke something that was working fine if your account isn't admin. Nobody calls this out one Windows. Any programmed who did this on Linux would be hailed as the heir to the throne of idiots.
It’s not perfect, but better than anything else I’ve ever used. Also comes with subscriptions to 1Password, Malwarebytes and Encrypt.me.
The point being...
There are training videos and certification tests for this sort of thing that are required in government related PII jobs as social engineering is too easy to fool people but its naive to think these tools will be used unless it was tied to getting a retirement check etc. I guess just hand hold them on those issue until they get it or give up?
This sad state of affairs because swindlers can get at them in many different ways. I have a sign near the phone that says "If they are asking you to buy gift cards hang up, what they have told you is a lie."
Of course online access is essential today, so it isn't easy to tell them they don't get to use the computer. Or Facebook. Or NextDoor. Or any other social media site. Or Chat service. Or other Forum.
There isn't any just "read only news" (no commenting) from sites with journalists, maps, phone numbers. Kind of appliance that you can get them.
Also, of course, there are the usual things you can do to make their computing/networking environment more secure, which I'm sure other commenters have mentioned.
I think it would have been better if this quiz made up a name and e-mail for the user instead of asking for one though.
Perhaps it's a pride thing, but despite my warnings/offers to help avoid such situations, he didn't pick up the phone and double-check with me.
Needless to say he's under strict instructions from my mother to run things by me first now ha ha
2. U-block origin
3. Let them know they shouldn't ever download files from an email (even from relatives, because realistically non-technical people aren't sending each other files over email and it's likely one of them has malware that is trying to spread)
4. Disable their mic / webcam (they are not going to use it anyways)
The 4th point isn't so much to prevent malware, but it's to protect their privacy in case they somehow get compromised.
Since I've done all of the above, I haven't had to format a parent's machine due to a virus or malware. They run Windows too.
The somewhat oversimplified approach is to use iOS/Android devices with you in charge of installing any new apps and also inbuilt adblockers. However this still doesn't prevent email phishing.
The more restrictive option would be to use a router level / AdBlocker whitelist for websites they can access.
Ex: Facebook, Google, YouTube, Utilities, Banks etc. This way any phishing domain will get blocked. Obviously highly restrictive but probably the safest bet. You can always add new sites as they need them.
Tell them no porn, no clicking on pop up ads, no cheezy viral articles with click bait titles, etc.
If you can visit them in person, check their computer for malware.
Find out what they want to use the internet for and help them create a white list. If they have enough safe ways to satisfy their needs, there is less temptation to randomly venture forth into things they don't really understand.
For the rest of us though...
If they call frequently because their computer is a giant mess of malware, eventually tell them they need to educate themselves because your efforts to keep them safe are proving insufficient.
If you honest to God can find no means to tell your parents that porn is a really big problem with regards to technical safety online, then I suggest you wash your hands of this issue and tell them you are wholly unqualified to help them and maybe point them to some resources to help them sort it out themselves. Hopefully, buried somewhere in those resources is the fact that porn is a problem.
Otherwise you are doing more harm than good by giving them the illusion of assistance when the real message is "Sorry, I can't actually protect you because it might involve admitting my parents, who probably did the wild thing to get me, might still have a sexuality." If that's the answer, don't pretend to help. Just refer them elsewhere to someone willing to have that conversation.
I will add that you need to know porn is an issue even if you don't consume it. Advising them that porn is a problem doesn't actually presume they consume it. I had to do a hard shut down of a laptop because I was moderating a forum and someone posted a porn link. I wanted to do my due diligence and not just assume. It opened a zillion popups and locked my computer up.
[1] https://news.ycombinator.com/item?id=16997272
[2] Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
He caught it when he saw searches of porn in his history
Both him and his employees did not even open private browsing!
Two of the barriers are:
1. Most people of all ages don't actually understand the technology, and instead mimic their peers (and do things like people they know tell them to do, like install a particular thing to see photos). Both young and old people make much the same mistakes here.
2. Older people might come from times&places with different ideas of respectability and sense of duty. They probably can't even imagine the accepted sociopathy within the tech industry. Daughter/son went to work for that nice company that does the right thing, and surely they're keeping an eye on things (not systematically reading people's private messages, monitoring every page everyone reads and thing they do, and encouraging bad security practices that set up openings for other kinds of exploiters).
Some specific advice I'd give with relevant episodes:
- Use a password manager https://looseleafsecurity.com/episodes/securing-your-online-... so you can use strong, unique passwords, and and set up two-factor auth wherever possible (preferably with a security key) https://looseleafsecurity.com/episodes/two-factor-authentica... so that you're protected from the many possible attacks on passwords.
- Get an unwanted content blocker (aka ad blocker) like uBlock Origin to protect you against malicious ads, popups, etc., and/or a cross-site content blocker like Privacy Badger to protect you from being tracked across websites and also protect you against malicious embedded content. https://looseleafsecurity.com/episodes/web-security-continue...
- Set up backups, because it's the only reliable defense against ransomware, and it's the best defense against your computer getting malware - it's easier to wipe and start over than to try to pick out the malware (especially if their child isn't around!). https://looseleafsecurity.com/episodes/backups.html
- Learn about how to protect yourself from malware. It's not clear today that antivirus or similar software has enough benefit, and they often introduce their own security issues (or just slow down the computer enough that you'll want to turn it off). But your OS has various built-in knobs about running unknown software, and you're probably better served by turning those up to the safest settings and knowing what its security prompts mean. https://looseleafsecurity.com/episodes/malware-antivirus-and... (In particular, if you're not in tech, it's not obvious that every program you download has access to all your cookies and private files ... unless you get it from your OS's app store ... unless ... we talk about this complexity in this and previous episodes.)
We post both the entire transcript and additional notes / links to further reading, so if listening to people talk isn't your preferred way of consuming content (and honestly it's not mine either!) our website should still be pretty useful.
im trying to get them to use a password manager and at least using chrome with ublock origin, teaching them how to interact with elements etc.
its really tough out here
Seriously.
Get them the simplest device possible. A cheap iPad is great. Preconfigure it to be even simpler (maybe using parental controls), and tell them not to mess with anything. Keep notes for yourself, and be prepared to restore from factory defaults every once in a while when things go weird.
Install as many layers of ad-blocking as possible, whether DNS blacklists, browser filters, etc. Some sites/apps won't function correctly, but rather than try to open holes, just say, 'Sorry, that doesn't work.' Trust me, your folks will just move on to something that does (maybe with your suggestions), and is likely safer.
Buy them a few subscriptions to reputable news sources (a good discussion itself) so they don't have an excuse that they can't pay for decent journalism and so have to pick it up from a Facebook/Youtube algorithm.
If you're up for it, be explicit and direct about them asking you for advice. For example, teach them how to forward an email to you -- or a screenshot or image from another camera -- so you can give them an idea of whether its safe or not.
If they're willing, teach them to use a password manager that creates/saves random passwords. If you can't, at least make sure their important accounts (email, bank, etc.) are adequately secured. I've (mostly) convinced my mom to write down all her passwords on pieces of paper, which are stored in an envelope in a known place in her apartment. It's not perfect, but way better than discovering every password is 'hello123'.
Try to teach them a little about the technology. I don't mean system architecture or code, but the basics of how online economics work (e.g., advertising vs personal data) and what algorithms are (use the analogy of meal recipes). If you discover accessible journalism that is critical of problematic technology (like privacy issues with Facebook), share it with them. I've done this a lot with older/non-tech folks and I've ever met someone who couldn't understand at least the basics.
Don't be afraid to tell them that you feel some technology is bad for them. You'll discover it's actually a relief for them to hear, as mostly what they're going to hear is that all technology is great, and much less about being critical about tech.
Finally, don't push them into any more tech than they truly need. Most non-tech people aren't that interested in exploring tech; they probably aren't going to be the folks downloading apps or plugins and trying random websites just for fun. If they're comfortable walking into their bank and dealing with their accounts in person, let them continue to do that. Even if it costs a little, they're actually better off than you (or someone else) convincing them online banking is 'better.' Don't digitize their lives without a really good reason.
(I'm saying all of the above with the experience of being online for 40+ years, and helping other folks over that whole time. Sadly, it's gotten more difficult.)
Are customers able to opt out of additional support and if so do any choose to?
In any case, I think it's good that there are phone companies that compete on quality service rather than price, and specialised service for a specific demographic makes a lot of sense.
In the same way that a speech recognizer with 99% accuracy sounds amazing, and is a great technical achievement, is all the while still really hard to use if it misses 1 out of 100 phonemes...
Since they're not technical, their natural self-defense against this kind of this has trouble functioning online. Talk to them about real world analogs to pop-up ads that look like virus scanner alerts, talk to them about people pretending to be someone they know. Hell, show them the movie "Catch me if you can" and explain the same psychological tactics get used online.
Get them to consider "what do I really know, and is this too good to be true" before they talk to anyone, click a link, or buy anything online -- and they will be fine, if their judgement is otherwise unimpaired.
If they're very late in life, or otherwise have trouble with this kind of thing in the real world, there is unfortunately not much you can do to help them, other than force them to only use pre-installed apps on a tablet that you've selected, like you might with a small child. If they're not willing to do that, then it's unfortunately on them. I've had this experience both with my grandfather and a friend who lives with a brain injury, who are responsible for themselves but don't have the judgement necessary to realize how impaired they are.
And of course, make sure the computer is auto-rebooting to get updates, and they know to call you if they get a virus / malware popup they think could be real.
Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
As a result, paper is sort of natural for them, and the only way I found to impeach them from writing down their passwords is to make them use passphrases instead of passwords.
They do remember the passphrases they typed in, however the issue is that some websites still refuse passphrases because they are too long :(.
Offering to do her taxes prevented some other scam. Although that did require flying out annually due to being so disorganized.
However, do understand, that this can lead to the opposite effect of constantly calling on every little thing leading to them becoming even more dependent on you.
So far, there's been no major incidents, as the ad-blocker filters out most of the crap on-line, and the lack of administrative privileges prevent the less knowable users from doing something dangerous.
And then just train them to forward any email that they can't identify as scam themselves right away to you.
it was kind of hilarious to "hum-hum" my way through his instructions on how to install TeamViewer on Windows. obviously it failed at some point as I wasn't able to keep the pretense...
there are entire call centers dedicated to those scams, it's kind of scary.
My parents still conduct the majority of their personal business offline, and though I have scoffed at this in the past, it makes more sense for them and also keeps them safe. Their bills come in the mail, and its not uncommon for them to go to a department store and pay the bill for that chain's credit card in person. They meet with their financial advisor in person at their house, and it's someone they've worked with for decades. They keep all of their important documents (social security cards, birth certificates, passports) in a safety deposit box at a local bank. All of their insurance agents are local, and they meet with them at their cluttered, homey offices. They call the hotlines for their primary credit cards fairly often, and listen for fraudulent charges.
Their online experiences are mediated through things like Facebook. They get e-mail, but I have them set up to use smart clients that filter out the most pernicious stuff. If they think something sounds fishy, they will ask me to look at it for them. Any digital documents (airline tickets, hotel reservations) they want to save go to both the Apple Cloud (which they can occasionally do, though I have to help) and to the printer so they can keep records.
The only downside of this is the sheer amount of mail they receive, and the difficulty of finding hard copies of documents despite their best efforts to file things. Even their mail is somewhat protected, though, as they live in a gated retirement community.
As much as I dislike Apple and their ecosystem, iOS is the way to go. But I went with tablets over phones, just for practicality with browsing and such.
With an iPad (as opposed to an Android tablet) I don't have to worry about them installing some fake app. It also helps a that anyone can figure out iOS (although it has gotten more complex over the years).
I've also installed Pi-hole at my parent's house. Not just to protect them from misleading stuff, but also because overly aggressive ads can be very confusing. I've once had my mom tell me her tablet was broken, because she couldn't visit the news, it turned out to be a giant overlay ad that she couldn't figure out how to close.
Lastly, I have migrated their ISP based email account (dating back to the early 90's) to a gmail inbox so they can benefit from the (mostly excellent) spam and fraud detection features of gmail. Their ISP offered no spam detection at all. It still uses the same email address though, I just routed it through gmail.
The government here in the Netherlands ran some great TV commercials instructing you to hang up the phone and call back if you got a call that you didn't trust. And another TV commercial on how to check the URL and certificate if you are on your banking website. I'm very grateful for that, it already saved my dad once from a phishing attack.
Ohhh you would be surprised of the amount of fake apps on iPad!!
I know an old couple who burned a good amount of money on their new iPad trying to install some app they knew from Android (something not available ipad, I think it was WhatsApp).
Try opening an incognito tab and search for flat earth on youtube, and then see what videos that window gets recommended, if they don't believe you.
Fortunately, my parents have never had much interest in Facebook, preferring to socialize with real friends in real life. They have their own bubble to some extent, but it's way less toxic than any online version.
I think their generation has been influenced by our generations that really started using the internet and got it into every part of our lives. Sometimes I start falling for the conspiracy theories and have to check myself, and they don't have experience with the insane social media machine that exists now but didn't exist during their time.
And tell them explicitly that if their computer tells them they have a virus, they must not try to do anything about it and call you immediately. 99% of the time it's a fake pop-up and they don't want to look stupid so they follow its "friendly instructions" to "get rid of it" and end up making a mess.
Other than that, take away their admin privileges, set up 2AM auto-updates (or manual, if you're there often) and tell them to only store personal files in one specific directory, which is synced to something with CoW or daily backups (and then also sync the desktop just in case).
As for e-mail, I set up my grandparents with one e-mail for people they know and a gmail for everything else (like website registrations). That way, the personal address never* gets any spam.
My mom called me because her tablet was broken, it turned out the news website had a giant overlay with some heartbreaking story that they relied on ad sales and due to her evil actions, they now had to lay of people. I whitelisted the site and it worked for a day or two, then my mom called me again that her tablet was still broken. This time that same news website had an overly aggressive full-page overlay ad that she couldn't figure out how to close. A third time she called me her browser kept crashing because the news site was attempting to load multiple MB of JS and video ads.
For my parents it's ads, not scams that cause the most problems.
Edit: HTTPS everywhere[2] could also help prevent attackers from redirecting you to their fake "You have a virus!" website.
[1]Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
https://en.wikipedia.org/wiki/Copy-on-write
>Copy-on-write (CoW or COW), sometimes referred to as implicit sharing[1] or shadowing,[2] is a resource-management technique used in computer programming to efficiently implement a "duplicate" or "copy" operation on modifiable resources.[3] If a resource is duplicated but not modified, it is not necessary to create a new resource; the resource can be shared between the copy and the original. Modifications must still create a copy, hence the technique: the copy operation is deferred to the first write. By sharing resources in this way, it is possible to significantly reduce the resource consumption of unmodified copies, while adding a small overhead to resource-modifying operations.
A lot of scams can be stopped if you consult with someone before sending actual money. I think it's important to tell your parents that before they give anybody any money or account numbers or buy gift cards (a lot of scammers make people buy gift cards and then give them the number) they should talk to you first. And tell them that there is nothing legitimate that ever requires you to pay NOW. Scammers are really good at pressuring people to act immediately instead of asking somebody.
The key thing people (not just the elderly) need to understand is that NOBODY LEGITIMATE will make initial contact with you over the phone or over SMS. The IRS will mail you. The police will knock on your door. If someone you don't know contacts you over the phone, 99.999% of the time it is a scam or they're selling something. Once you internalize that, you're well on your way towards avoiding being a victim.
My experience has been very different from yours. I've absolutely had financial institutions make unexpected phone calls to me and asking me security questions. In just the last year:
- Someone claiming to be Mastercard phoned me and asked to first verify my name and address. I was 99% sure it was a scam, but I had just enough doubt and curiosity that I called Mastercard back at a known number and it turns out that they were indeed trying to decide whether or not to block a large purchase I had made.
- Someone from the bowels of the check-clearing department of my business bank account called to verify whether or not to pay a large check I'd written to an individual.
- My regular bank called me out of the blue to check on an incoming wire transfer that had my middle initial although my bank account was set up without a middle initial, and they wanted to verify this before accepting the transfer.
In each case above, the call was from a phone number that I didn't recognize (and were un-googleable because they were internal numbers), from a person I didn't know, and the conversation started by them asking me personal or security-related questions! But they were all legitimate calls, and in fact would have caused me grief had I ignored or refused the call.
Financial institutions contribute to the mess by having poor telephone security practices themselves. They also send emails with links they want you to click on to sign in and they invent all sorts of domain names for various services/surveys/emails that bear no relation to their main domain name.
Better to just call their main support line. Most likely they’ll never have heard of ‘some guy’ and they’ll tell you your iCloud is just fine.
If they fell for that then they're not very smart.
Would a smart person fall for it if a random hobo turned up at their door and claimed to be Jesus, but BTW he really needs you card and pin for 20 minutes, oh and $500 in cash as well!
.....
I tell him that no matter who contacts him and how (could be the government, IRS, bank, and could be phone, or email or a door knock) he should politely end the contact immediately.
Don't listen to what they have to say, don't give them a single shred of information - not even his name or address or anything.
If he is really convinced it's something legit, HE should initiate contact with whoever they said they were - find THEIR phone number or website and contact them and ask.
That way at least he can be sure he knows who is on the other end.
A phone book?
She's "not technical", which means she's a librarian instead of a software engineer, but she still knows much more than me about online security, and I'd bet most of our parents are kinda the same. She "runs" an iPhone and a Chromebook, which I think is the best setup for most people.
Funnily enough, librarians are some of the most computer-savvy people I know. I wouldn't be surprised if your mother's "librarian training" of recognizing bad information and tracking down good sources is a big part of what makes her that good at navigating the net.
Haha, I am 100% sure that this is not the case.
Parents might be old, but they're not dumb. People underestimate older people.
Obviously there are some vulnerable adults that need a helping hand, I get that, but try just talking and teaching, it works wonders.
The key is patience really.
They aren't dumb, but many in that generation are willfully ignorant.
There was a great article in the NYT recently titled "Why high class people get away with incompetence":
https://www.nytimes.com/2019/05/20/science/social-class-conf...
If you've gone your entire life being able to bluster away criticism or force someone to do things for you ("delegate"), it can lead to a type of person who is not teachable, and when they inevitably suffer a breach will blame everyone but themselves.
NPR ran a series last week on the topic that was fascinating and deeply concerning [0]. It's not something you should just dismiss out of hand when we're just now starting to learn why your intuition might be wrong.
[0] https://www.marketplace.org/collection/brains-losses-aging-f...
For three years now she has been taking notes in her small notepad of the four same shortcuts: ctrl-A, alt-tab, etc. She still doesn't get attachments and doesn't understand the differences between a zip file and a folder (I blame windows but still...).
I think she's good at her job (research and producing articles) but she isn't catching up with the tech.
The struggle is real.
(Eg: maybe if someone learns about the context of a "task switcher" and "shortcut" they could be taught how to search for 'task switcher shortcut windows'.
Instead we train users to treat keyboard shortcuts like magical incantations. I don't think that does a service to users of any age.
My grandfather had an interest in technology, experience in how to use UI's, and used a computer on a almost-daily basis since the late 70's up until his death a few years ago. He never had any issues telling ads/fake popups from actual system messages and so forth, and he was quite comfortable using a computer on a rather advanced level.
Some younger relatives, on the other hand, have barely touched anything without a touch interface, can't really use a web browser properly, and is pretty much limited to whatever apps they can install. They solely rely on iTunes Store/Google Play to screen stuff for them and blindly trusts anything they install from a trusted source.
If I had to choose a scamming victim from those two categories I'd go with the younger, less experienced ones.
Of course, it varies depending on the person. Most often, the most reliable way of determining if an older person is comfortable with computers is to ask them. Those that find it difficult to make good decisions about passwords/phishing emails/security updates/etc., are more than willing to admit that they aren't great with computers.
Auto-updates painlessly. Probably worth getting one with touchscreen and ability to run Android Apps. I've just updated my mum's one to Acer Chromebook R11 CB5-132T (old one was no longer getting updates after c. 5 years)
Also: install ad-blocker of course!
From my side I made sure all their browsers had ad-blockers. Also tried Ubuntu with them, but they preferred windows.
Few years later, my mom can now boot into Ubuntu if a family computer has a blue screen many times and run a hardware check and tells everyone, "google it!" when they ask her for questions. They also are way more confident now and don't fall for as many shit as before. I mean, they used to copy shortcuts to floppies, thinking they copied the whole program, and got scared of ads that the FBI was watching them, and that they had to pay.
Parents are 60 something, so I guess its never too late to teach them. In contrast however, my younger aunts are unteachable, like bricks, so it really depends on the character as well.
So, after years of my sister and me trying to get her to have proper passwords it took her getting hacked and seeing a bunch of failed spam emails to finally change her passwords. Maybe people reading this could “hack” their parents themselves so they could take security seriously. Yeah it’s lying but it’s safer than letting it happen organically.
FWIW, if you're running Google Apps for your family email, you can require a certain level of password quality, and force-reset the offending passwords.
So basically it comes down to making sure that the UI/UX they (and I tbh) like sticks over updates. As such, we've moved completely away from Firefox to Palemoon (with a "classical" theme), from Office & OpenOffice to LibreOffice, and to minimalist Windows theming to keep it looking like, well, Windows.
I use either uBlock or Adblock Latitude & Greasemonkey with the Aaklist setup, and Disconnect / Ghostery. They also have Avast! & MalwareBytes on their machines and I have a ClamAV client set up on a scheduled task.
As far as them getting phishing emails... they're not stupid. They've been seeing spam email since Prodigy and haven't fallen for more than one scam in that time (long story but it didn't hurt us monetarily). Oh, and if they're not sure, they ask me - or they search (using DuckDuckGo or Exalead, not Google) to figure out if it's real.
In uBlock Origin's settings, I recommend enabling all filter lists under "Malware Domains" to block malware & scam websites.
[1]Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...
I believe uBlock Origin can be installed for Palemoon as well.
edit: if there are grandchildren around, get them involved in the project
Today most thing happen via a browser instead of programs and it's basically impossible to secure.
Consider using a tablet/smartphone instead of a computer. Apps are a little better than website in term of being "safe". By using something like privacy guard (feature of lineageos) and disabling the browser and email you can keep reasonably safe.
That's what i did. Bought them a tablet, install what they needed (netflix, amazon etc...) and a app for remote control, like teamviewer, disabled browser and playstore, and basicaly everything else. For anything else they call me.
It's not amazing but it work.
Desktop computer are, for me, a lost cause.
I would equally suggest two email addresses - one for banking, one for everything else.
But do look at further education courses as many a local authority in some capacity offers training in some form (speaking about the UK here). Some banks also offer assistance in online safety courses.
But online safety today, is alas very much akin to the level of safe sex education in the 60's.
I would suggest showing them some youtube videos of people handling phone scammers - entertaining and educational.
But above all - tell them if they are in any doubt, to shout and call you. Remember your peace of mind is worth a few phone calls.
The best one hands down was installing an ad blocker. Before that I had a few questions about "Is this thing saying I won an iPhone real? It seems to good to be true", now they don't even see it anymore.
The second is separate hardware for authentication. The bank login and wire transfer to an unknown account requires them to punch an 8 digit number on a card reader, and type back the result in the browser. This way, there can't be any full compromise.
Last one was education: snail mail scams were a thing in the past (I had no idea when they told me about it, which is quite humbling really). Draw the parallels: unless it's someone you know, they could be trying to take advantage of you.
So far it worked, no issues to report.
Anyways, FWIW I've told my mom to always ask to call back if the bank or other financial groups call. And then to either 1) call the number on her physical card or google it and call that number.
My wife, despite being a designer working in tech, would be as easily tricked as an older person new to the internet. So keep that in mind and think about safety for everyone, not only elder people.
My Dad travelling to a different country for a month and the mobile network there was VOLTE, while at home its 3G. The phone (iphone 7) was having some issue and I was unable to help him. He took the phone to mobile shop and that guy installed a 3rd party app & made him put a passcode.
Actually the last time we travelled together & we both used that mobile network and there was no issue. So, there was no reason to put a passcode.
The issue is that when my dad has an issue, he tries to describe it to me and does not read to me exactly what he sees on the screen. It would be great if there was a remote desktop like I could see his device via my device and help him also. Also, have an admin account on the phone so that admin privileges are needed to install apps or even open the settings app.
In the past even my younger cousins or kids install apps (games or some hype app that they feel everyone must have) on his phone.
And for not-everyday tasks, you can just ssh in and fix it for them.
Her education, the job she's supposed to do... it's like a carpenter who don't want to learn about electric screwdrivers.
As soon as you try to get a bit more general: “Ctrl-A works in any applications or folders or anything with multiple items... it allows you to select everything at once.” She shuts down and gets back to her task of writing stuff.
The thing is: computers aren't magical enough yet for that kind of user.
Isn't it the other way around? Ctrl+A does nothing on my machine, because I haven't set it up to do anything.
I think the problem is that most OS's were designed with programmers in mind, then have had a kind of 'user-friendly' face lift pasted over fundamentals that have remained more or less the same. I can see why non-computer people don't want to deal with that - you engage most of the time with the user-friendly mask, but it's fundamentally incoherent and inconsistent, since it's just a mask, implemented half-heartedly, by programmers who don't use it.
Ctrl+A is basically just an incantation. When people are presented by a bunch of incantations with no logical consistency, by a machine they aren't interested in, it's unsurprising they learn the bare minimum.
Is that trolling ?
Dude... she's not banging some Perl in emacs... She's writing words in Microsoft Word running on a Windows like a gazillion of people do in the 9-5 workforce, with the occasional excel spreadsheets and file manipulations in explorer.
Ctrl-a, ctrl-c, ctrl-v everywhere, all the time.
It has been for 30 years. The fact it has no logical consistency (although I am pretty sure ctrl-all is a good candidate) it's not an excuse to forget about it everyday. Does she forget where the brake pedal is in her car ?
I am dev. I know computers are voodoo and run on magic.
But it's not a reason to forget how to turn it on every morning.
Assuming people aren't smart because they fall for a scam doesn't do them justice and it shows a lack of empathy on your part.
It depends on the subject. If you believe that climate change doesn't exist, that we never went to the moon or that the earth is flat, you are just plain wrong and I am right.
I've found using Syncthing for Client-->NAS-->Off-site with BtrFS snapshots on both servers to be just perfect (of course, YMMV).
I've been using rsnapshot for at least a decade, and it's available wherever perl and hard links are available (which isn't windows, at least pre-WSL).
Of course it could have drive-by malware on it... but so could any link