Trigger warning racism, stupidity

If you wanted to end your career in a hurry, it would be hard to beat the example of Justine Sacco. As the communications director for a large company, you'd think she'd know better than to drop this tweet just before hopping on a plane for a business trip:

Justine Sacco tweet: Going to Africa. Hope I don't get AIDS. Just kidding. I'm white!

For the 11 hour duration of her flight, the tweet spiraled further and further into cyberspace while people expressed outrage or gleefully waited to see her panic when she stepped off the plane to thousands upon thousands of posts under the hashtag #HasJustineLandedYet.

Not everything you post will come across the way you hoped. Sometimes it's a good idea to pause, rethink, or get someone else's opinion before posting. Better a delay than regret.

No matter how tired or addled we are, most of us would never post something like this and, even if we did, the odds of going viral are still pretty low.

It might go unnoticed entirely or, once you came to your senses, you might be able to edit/delete it or even intentionally obscure it to make it harder to find. But those are under very specific conditions that mostly depend on you acting before it's noticed.

That's why your best defense is not repair, it's prevention. And that means, before you post, ask:

• What if the people I love see this?
• What if people who hate me see this?
• What if this goes viral? What if the news picks it up and every hater in the world see's this?
• When I'm dating or job-hunting in the future and they dig this up, am I ok with that?

Hoping that something won't spread further than you expected is a risk. Better to assume the worst before hitting the "post" button.

Is it possible what you post will never spread further than you intended? Sure. Is it possible to remove information before it's noticed or make it harder to find? Sure! But that's never guaranteed and isn't worth the risk. If you're not comfortable with something being visible to everyone, everywhere, forever, reconsider posting.

I live here.

Where are you from?

When you're traveling and someone asks, "where are you from?" What do you say? Do you give them an address? Street directions? Turn-by-turn steps to reach your front door? I'd bet not.

Not that you have to be silent or rude, but conversation doesn't demand highly specific details nor does your conversation partner usually care! For your benefit and theirs, always ask, what is the least amount of information I can give?"

Don't underestimate the double-win of becoming more safe AND becoming a better conversationalist by learning to omit needless details!

In my case, I live in the Seattle area. That means if I'm overseas, I say "American". If I'm someplace in the US, but exotic like Hawaii or Oregon, I say, "Washington". And if someone in Washington asks, I say "Seattle Area".

There will be times you make a judgement call that people are safe enough to share more details even down to the neighborhood – people at work, the other parents at the sports match, etc., but that's the exception. On average, be only as specific as necessary.

Pro tip! Your phone's map tool doesn't need to know where you live either. When setting your 'home' location, set it to somewhere in your neighborhood instead. Then, if your phone is hacked, lost, or your data is sold, you didn't paint a target directly on your house.

What about your family?

Commander biographies far too often publicly list family names, ages, sexes, schools and more

Every time you're tempted to write information about your family, pause. Is it really necessary to list their names ever? Not that I've ever seen.

Instead, why not just say "my wife", "my kids" (assuming there's a reason to bring them up at all). Instead of age, "baby", "young", "teens", and "adult" are specific enough. Why list genders? Why be specific about how many? "I'm a parent" is good enough and if you feel the need to number them, say "I have a few/bunch/plethora" etc.

Focus on what is being asked and why and then answer the minimum. Whatever is close enough. For example, when asked for your birthday, it's rare that they actually need your birthday. Usually it's for age verification (in which case, any date that's about your age will work) or for an annual free coffee or cookie at your favorite cafe (again, any date will work).

In the few cases where someone pries uncomfortably, try asking, 'why do you want to know?' Maybe there's a valid reason you don't know about, but otherwise, it's best not to give more information than is necessary.

Have you heard of doxing? Most people focus on the public release part, but the key is that they had a dossier of information to release in the first place. Where did they get it?

Generally, Doxers simply dig and combine from public data online – stuff that was carelessly left in the open or that people didn't think was a risk in isolation – but what happens when it doesn't stay isolated?

In the Department of Defense, we were trained to limit "data aggregation risk" – where the combination of details can paint a larger or more precise picture (sometimes even elevating Unclassified information to Classified by aggregation).

That's why should think carefully about playing along with one of those "your birth month is your Hogwart's character!" posts. Rarely (if ever) fill in details in online profiles and social sites. Think carefully about whether you're legally required to even use your real name or birthday.

When supermarkets ask you for a phone number, maybe you could use (your area code) 867-5309 (the 'Jenny' number) instead (555-1212 is a good second). If someone asks for your SSN and you're positive they don't actually have a right/need for it, zeroing out the two middle numbers should make it an invalid number (so you're not harming a stranger by providing it). That said, you're responsible for checking any applicable laws or consequences before taking this advice!

Little bits of information add up fast so make sure to limit the availability as much as possible. The less detail in the less locations information is, the harder it is to find and combine.

Whether you are acting on your own capacity or as an ally/activist, arguing with hateful people online is risky. Depending what you say, who you say it to, in what venue, under what circumstance, you could be volunteering to be a bigot's new pet project.

Or maybe you did nothing wrong at all and the bad guys just found a conversation they weren't part of and took exception to something you said in particular. Either way, you're now in the crosshairs.

Sometimes the only thing you need to be safe is to be a hard target.

The bottom line is to be hard to attack. Post generically. Fudge unimportant details. Use fake information (where legal and appropriate). Guard your photos. Deny websites/stores/etc. information they don't strictly need. And carry these principles of data protection with you in real life too.

A lot of ID theft prevention is making sure people don't have your information who don't need it (see my Data Defense articles for more).

When making conversation, when at the store, filling out a form at the dentist – like a martial art, use the minimum motion and force to get the job done. Use the least information possible at all times and in all ways.

Then, even if someone becomes interested in you for the wrong reasons, if the amount of effort it takes them to harm you exceeds their level of interest/time, you win.

Though in the above example, social engineering was used for good, that's not always the case. Smooth operators are always trying to push people into giving them your data –OR– the data of others. Consider if a stalker sees you talking to their target because you're friends/co-workers/etc. So they ooze up to you with some story about how they "found something" their victim dropped or that they're "good friends from high school" and they really want to catch up!

They'll try to convince you to share the target's phone number, address, or schedule, but there's essentially zero cases where that's an OK thing to do. Instead, you can tell them, "Wow Stalker, you found their thing! Thanks, I'll get it back to them." or "You're friends? That's great! I'm sure they'll be happy to hear from you so leave me your contact information and name and I'll give it to them when I see them next!".

Don't buy into someone's story and hand out someone else's information! Always be a buffer between them - no matter the story, no matter how believable it might be. They might be telling the truth, or they might be your friend's abusive spouse who's tracking them down.

Similarly:

• Never upload photos of friends, their kids, or anything else without asking first.
• Never "tag" someone by name. If they're good at LifeSec, you might be ruining it by naming them, their spouses, and their kids in your posts.
• Never tell someone else's stories or rants without asking fist. Just because they freely ranted about their boss to you doesn't mean you can share it online.
• Think twice about wishing them a happy birthday on an open feed.
• Definitely don't hint at or talk about non-public information on an open social page (ex. Have you come out to your folks yet?)
• Always think about how much you're actually giving away. Don't ask "I heard your team won last night! Go Eagles!" – A team name and game date might be enough to find your school.

Loose information makes you a target and it makes you an easy target. It's up to you what to share, but do so aware of the consequences and risks. Most importantly, adopt LifeSec principles all the time and it becomes easy to:

1. Remember that what goes online, goes everywhere; forever. Don't post anything that you're not willing to have dragged back up and used against you later.
2. Learn to be evasive and general. Not only does this make you a better conversationalist, it's safer too!
3. Think about how your data can be combined. Don't fall into the trap of thinking "this will be ok because it's just a little bit of information". People and AI can line all the different data up into one clear picture.
4. Be a hard target. Don't get discouraged and think there's no point; no matter what the risk might be, if you're more trouble than you're worth to the bad guy, that can be enough!
5. Protect others too!. Don't share other people's information either. You might be painting a target on them.

And that's the basics.

If I wasn't clear, this isn't 'do this sometimes', but a way of life. Adopt LifeSec as a way of life and you'll be safer not just online or offline, but all the time. For you, for your loved ones. You become, by nature, a hard target.

More than ever these days, it's become vitally important for our advocates and most vulnerable populations to learn how to speak without drawing undue attention from aggressors OR to be a 'hard target' if you do.

From the first days I taught Operations Security (OPSEC) for the Inter-Agency OPSEC Support Staff, I saw a problem. They actually expected every soldier and DoD civilian to understand the process, the math, and mechanics of OPSEC Risk Management (which no one but program managers care about).

Instead, I pushed to bring OPSEC principles into real life; LifeSec! My theory was that if we showed how information protection could actually help in real life, people would see why this matters.

Because seemingly unimportant information that is carelessly shared is dangerous.

Purple Dragon - the original OPSEC program for the USA.

For example, during the Vietnam war, the US military inadvertently leaked their plans to the Viet Cong spy network by having their planes visibly on the runway with the supplies staged nearby.

In a more modern example, reporters in the 90's discovered that they could predict major world-events based on the number of late-night pizza delivered to the Pentagon and other key agencies – a phenomenon now playfully referred to as "the pizza meter".

Basically, by operating in the open with no care for who was watching and what they might learn, US forces suffered data leaks of their own making. But who cares about the government, right? Why should regular people should care?

The crime of disbelief

Do you believe in Zeus and Poseidon? Do you legitimately believe they're real and must be respected and feared? If not, you are a non-believer… just like the rest of us. There are many major religions and branches and we are all non-believers to one or the other… and that shouldn't be anyone's business or concern.

But there are backwards parts of the world that find your lack of faith disturbing. In those places, mere disbelief can put you at risk of abuse, violence, and death. For example, the USA:

Trigger warning: violence

I was raised Christian, but learned early that there are "right kinds" and "wrong kinds". Catholics, Baptists, and others who claim to have the same beliefs, but will still argue and judge each other. It's one reason separation of church and state is so important – even if people could agree on the religion, there's just too much disagreement about details.

A 2017 Netflix Special about an activist murdered for her cause

Luckily, brave people like Madalyn Murray O'Hair advocated against forced prayer and Bible readings in public schools as early as the 60's. Through a lifetime of court cases and advocacy, she made schools a safe place for those of a different denomination, a different religion, or no religion at all.

A 2017 Netflix special details O’Hair’s life, her struggles, her victories, and (ultimately) her kidnapping and brutal murder in 1995. By making an effort to make the USA more respectful and inclusive for people of different beliefs, she, her son, and granddaughter paid the ultimate price.

The crime of being "girly"

The crime of freedom

In an ideal USA, bigots and abusers would face scorn, shame, and, most of all, repercussions for their hate. But at the whims of society and politics, they not only might escape any consequence; they may be cheered and applauded. It's twisted and it's wrong, but this is the reality we have to live in and that means that being judicious about the amount and kind of attention we draw to ourselves.

The sad truth is that some people hate and harm without an ounce of shame or consequence. It's wrong, but that truth doesn't keep you safe. Every person needs to guard against being overly visible or interesting – for themselves and the people they love.

Bottom line, whether it's serial killers, child molesters, haters, abusers, creeps, or con artists; strangers or people you know – it's in your best interests to learn about risks and countermeasures so you can make an informed choice about sharing information.

But first a disclaimer!

To learn more, use the lesson navigation below.

Agifta Family Gift Registry

Have you ever wanted to give a thoughtful gift, but couldn't think of a good one? Ever told someone in your family how much you love something only for them to surprise you with… the wrong one? What if you snagged the perfect gift ever for your spouse, but so did your Grandma? Ever had someone ask you what you wanted, but you couldn't think of anything? With a gift registry:

• It's easy to add things you like on a list through the year as you think about it. Then, when someone asks what you want, just show them the list. They can pick from there or use it for ideas.
• Friends and family can "claim" things on your list so others don't buy the same thing — all keeping it secret from you so the surprise isn't spoiled.

My family has used this site for 12 years in various forms and it's been a huge help. If you're not already using a gift registry in your family, now's a good time to try!

You're kidding, right?

So…

Wait.

What now?

A Yahoo article says that because women's cloths sizing is hard, they're going to nude scan them to figure out what they can wear. Seriously!?

Ms. Shaw, the entrepreneur, is chief executive of a company called MyBestFit that addresses the problem. It is setting up kiosks in malls to offer a free 20-second full-body scan — a lot like the airport, minus the pat-down alternative that T.S.A. agents offer.

Lauren VanBrackle, 20, a student in Philadelphia, tried MyBestFit when she was shopping last weekend.

“I can be anywhere from a 0 at Ann Taylor to a 6 at American Eagle,” she said. “It obviously makes it difficult to shop.” This time, the scanner suggested that at American Eagle, she should try a 4 in one style and a 6 in another. Ms. VanBrackle said she tried the jeans on and was impressed: “That machine, in a 30-second scan, it tells you what to do.”

That's cute. A strip search in the name of getting something to wear? So instead of wasting millions on this disrobing plan, why not standardize women's clothing and use inch measurements like men's clothes? How's that for an idea?

How long until someone hacks these poorly protected machines to record copies of all women scanned and the photos show up on the Internet? Will you put your teenage daughters in them?

This is so, so stupid, I can't believe it's actually true. I really hope this doesn't catch on because if it does, my faith in humanity will suffer yet again.

You wouldn't use one this large, but this is the idea

Here's a bunch of neat tricks I found today how to hack your laundry:

• Use a small ball of tin foil instead of dryer sheets to eliminate static
• Toss a ball or yarn or a tennis ball into the dryer for baster drying times
• Avoid dryer sheets entirely because they leave a film on your lint catcher that can blow out your dryer.

Be sure to read the comments and check out some of the links there to see other related tips and tricks. Tags: Families, Laundry, Parents, Tin Foil

(Image is in the Public Domain)

It seems that online predators are getting tired of savvy kids that know better than to be lured (or they're just getting lazy/impatient). Either way, one police group is warning that predators are shifting to a strategy of blackmail instead.

As always, be aware of what your kids are doing online and know who their friends are. Make sure they know what to do when threatened by someone online.

Beware the puddle militia! They're gonna git ya!

(Image is in the Public Domain)

Privacy nuts like me have been warning people for years that tracking and tagging of all people will start with the kids. It's easy to teach people to accept personal tracking devices by giving it to them when they're young. But how do you do that? Use parents' practically fanatical protective instinct to protect their kids against a largely imaginary threat.

Companies that use scare tactics, especially when inflaming peoples fears of extreme and rare issues, are complete and utter scum.

(Image used under: Creative Commons 2.0 [SRC])

Even if you did everything right to keep you private photos and information private, a Facebook security flaw allows people to access it anyway.

This isn't the first time something like this has happened and I'd bet that it's far from being the last.

Currently they're planning to add children to the DNA database:

Home Office officials said plans to include primary school children on the DNA record would be kept 'under review'. The DNA database includes 4.5 million samples of genetic material, many taken from people who have been arrested but never charged with a crime. By next year, it is expected that 1.5 million of the samples will be from youngsters aged between ten and 18.

Bloody hell.

(Image used under: Creative Commons 2.0 [SRC])

Congress sticks their noses into a lot of things they shouldn't and not where they should. They are corrupt, inept, and won't do much to protect Americans unless it will make a positive affect on their careers or bank accounts.

Now they're looking at cyberbullying and it's hard to say if that's a good thing or not. Given their history, chances are that it's not.