• Rewind
  • Restart
  • Bookmark
  • This story was created with Twine and is powered by TiddlyWiki
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $d = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $am = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://www.amazon.com/gp/css/homepage.html" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html> Once you're on that page, go to "Settings", and choose the first option under "Account Settings" - "Change Account Settings".\n\n[[Done.|amNext]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $y = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>Ok. One last step for Facebook - you should review your current Privacy Settings. These settings will control who can see what you've got on your account. Limiting these settings can go a long way to prevent people with bad intentions from getting information on you and your social connections. \n\n<html><b>Make sure that if you change your privacy settings, you choose the "Limit Past Posts" option under the "Who can see my stuff?" subheading.</b></html> This will retroactively apply your new settings to everything you've posted on facebook. \n\n<html><a href="https://www.facebook.com/settings?tab=privacy" target="_blank">When you're ready to adjust privacy settings, click here.</a></html>\n\nTake a minute to check your profile and ensure that it's set up the way you want. Use facebook's "View As..." tool on your profile page to see how exposed your page is to other people. If you're unsure of how to do this, <html><a href="https://www.facebook.com/help/288066747875915" target="_blank">check here for a good explanation</a></html>.\n\n[[My privacy settings are what I want them to be.|fApps]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $tw = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>Ok. You can request that Spokeo remove your information from their database. It will require you to have the URL for the page they have on you. In order to find it, search for yourself on the service. A window will pop up asking you to log in, but under that form, there's a hard-to-see "Continue as an unsecure guest" link. Click that to go to the profile on you, and get the url.\n\n<html><center><img src="spokeo.png"></center></html>\n\nOnce you've got the URL, <html><a href="http://www.spokeo.com/opt_out/new" target="_blank">fill out the opt-out form on their website.</a></html> \n\nIt's important to note that Spokeo is a third party service, meaning they get their information from other places that have it rather than gathering it themselves personally. <html><a href="http://www.spokeo.com/privacy" target="_blank">Click here to learn more about where they get this data, if you're concerned.</a></html>\n\n[[Next.|otherBrokers]]
<<display 'progressHandler'>>At this time, please review which apps you've given permission to interact with your account. It's best practice to limit these accounts strictly to what you currently use, and purge old or unneeded ones. This is because if those third party sites or apps become compromised, they will be able to gain control of your Tumblr account as well. \n\n<html><a href="https://www.tumblr.com/settings/apps" target="_blank">Please review what has been connected to your account.</a></html>\n\n[[I've reviewed what is connected to my account and have revoked access to it where desired.|onlineList]]
<<display 'progressHandler'>>Do you also use YouTube with this Google account?\n\n[[Yes.|yBonus]]\n[[No.|onlineList]]
<<silently>><<set $fortifyWeb = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>These tips are by no means exhaustive, but are a step in the right direction for basic protections. \n\nSome other minor tips:\n\n1. Change & secure your passwords for the accounts that control the hosting or naming of your websites. \n2. Don't leave sensitive files on your server whenever possible, even if they're not linked to from any websites you run. If you have left anything up there that you wouldn't want to be public, delete it now.\n3. If anyone can enter information into your site via a form or any other input field, make sure you're stripping any code out of it to prevent attacks that rely on that.\n4. Be careful with what information you give away in error messages - this can expose database structures or be used as a trial-and-error guessing game for would-be hackers if your error messages are overly specific.\n\n\n[[Return to menu.|chooseConcern]]
<<display 'progressHandler'>>Ok. Now let's take it further and add login approvals to your account. Login approval is a lot like two-factor authentication. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://www.facebook.com/help/148233965247823" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account. Let's move on.|fAlerts]]
<<silently>>\n<<set $onlineAccounts = 0>>\n<<set $hardwareHacking = 0>>\n<<set $fortifyWeb = 0>>\n<<set $preventDoxing = 0>>\n<<set $oldAccounts = 0>>\n<<set $int = 0>>\n<<set $accountList = 0>>\n<<set $twoFactor = 0>>\n<<set $progress = 0>>\n<<endsilently>>\n<html><img src="images/coachbanner.jpg" width="800" height="150"><br><br><br><br><br><br><br><b>IF YOU FEEL AS IF YOU ARE IN IMMEDIATE DANGER, PLEASE DISCONTINUE THIS AND CALL YOUR LOCAL EMERGENCY LINE.</b></html>\n\nWelcome to C.O.A.C.H - Crash Override's Automated Cybersecurity Helper. COACH will help walk you through locking down your online identity step-by-step, and give you direct links to tools and websites that will help you secure yourself. <html><b>While this process is by no means comprehensive</b></html>, it can serve as a good starting point for a basic digital security and self-defense.\n\nIt's hard to digest entire security guides that go into a variety of details - this program is meant to portion out some basics into a bite-sized, interactive, easy-to-follow that will walk you through the process of tidying up your online security, step by step.\n\nThis procedure will take anywhere from a few minutes to a few hours, depending on the difference between your current level of security and where you'd like to be. If you're an average internet user that has not thought much about security in the past and uses the same password for all of your accounts, please budget at least an hour for the lockdown process.\n\nIf you have more specific or urgent concerns not covered by this tool, require further assistance, need to talk to someone, or want help with any of the other <html><a href="http://www.crashoverridenetwork.com/about.html" target="_blank">services Crash Override can provide</a></html>, please do not hesitate to <html><a href="mailto:help@crashoverridenetwork.com">contact us</a></html>.\n\nThis guide was developed by an organization based out of the US, with a majority of clients in North America. If you have suggestions on how we can better serve the international community, <html><a href="mailto:zoe@crashoverridenetwork.com">please reach out</a></html>.\n\nPlease note - all external links will launch in a new tab so you don't lose your place in the automated lockdown process.\n\n[[Let's get started.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $g = "yes">>Ok. Let's do all we can to secure your Google account then. \n\nChange your google account password now. Have your password manager generate a secure password and store it in its database. \n\n<html><a href="https://www.google.com/settings/passwordchange" target="_blank">When you're ready, click here to change your password</a></html>.\n\n[[Once you've done that, let's move on.|gNext]]
<<display 'progressHandler'>>At this time, please review which apps you've given permission to interact with your account. It's best practice to limit these accounts strictly to what you currently use, and purge old or unneeded ones. This is because if those third party sites or apps become compromised, they will be able to gain control of your Twitter account as well. \n\n<html><a href="https://twitter.com/settings/applications" target="_blank">Please review what has been connected to your account.</a></html>\n\n[[I've reviewed what is connected to my account and have revoked access to it where desired.|onlineList]]
<<display 'progressHandler'>>At this time, please review which apps you've given permission to interact with your account. It's best practice to limit these accounts strictly to what you currently use, and purge old or unneeded ones. This is because if those third party sites or apps become compromised, they will be able to gain control of your Facebook account as well. \n\n<html><a href="https://www.facebook.com/settings?tab=applications" target="_blank">Please review what has been connected to your account.</a></html>\n\n[[I've reviewed what is connected to my account and have revoked access to it where desired.|onlineList]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $f = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $d = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://www.dropbox.com/account#security" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|dNext]]
<<display 'progressHandler'>>Ok. Now let's take it further and add two-factor authentication to your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://www.amazon.com/gp/help/customer/display.html?nodeId=201962420" target="_blank">When you're ready to two-factor your account, click here.</a></html> \n\n[[I've two-factored my account. Let's move on.|onlineDone]]
<<silently>><<set $preventDoxing = 1>><<set $int = $int + 1>><<set $progress = $progress + 15>><<endsilently>><<display 'progressHandler'>>The last thing to suggest is to try to find information on yourself. You already know your vital data and what you'd like to keep private - so you can work backward from there. \n\nGo to a search engine like Google and type in different information you'd like to keep private, like your phone number, address, or old account names. Put that information in quotation marks to get more exact matches (example: searching 555-1212 is less effective than searching "555-1212"). \n\nIt's a bit brute force, but is a good tool to help you find old accounts, posts, or websites that you may have left exposed that you might not have meant to. If it's under your control, delete what you can. \n\nGoing forward, be careful what you put out there online. It's infinitely more difficult (or even impossible) to remove information once it's out there, so an ounce of prevention is worth a pound of cure.\n\nIf you're nervous about people finding your home address and can afford it, consider using a PO box type service <html><a href="https://travelingmailbox.com/" target="_blank">like Traveling Mailbox</a> for mail, or an app like <a href="http://www.burnerapp.com/" target="_blank">Burner</a> to create throwaway phone numbers.\n\n[[Onto other concerns.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $g = "no">>Ok, we'll skip that one. \n\n[[Next account.|onlineList]]
<<display 'progressHandler'>>It's worth looking into if the infrastructure you use has improved security widgets, features, or customizable tools that you can add on to secure your page. For example, Wordpress has <html><a href="https://wordpress.org/plugins/better-wp-security/" target="_blank">iThemes Security</a></html> that will provide another layer of protection above and beyond what WordPress comes bundled with. Take a few minutes and see if your CMS offers anything similar. \n\n[[Next.|basicTips]]
<<silently>><<set $onlineAccounts = 1>><<set $int = $int + 1>><<set $progress = $progress + 55>><<endsilently>><<display 'progressHandler'>><<display 'serviceChecklist'>>\n\nCongratulations, you've locked down the above commonly used services. This is by no means an exhaustive list, but they're the most common ones we've seen targeted or exploited. Through the lockdown process, you may have noticed some patterns that can be applied to any other accounts you may have:\n\n1. Change your password to something strong and unique.\n2. Two-factor authenticate that account where possible. (<html><a href="https://twofactorauth.org/" target="_blank">Here's a good list</a></html>.)\n3. Adjust privacy settings where possible.\n4. Avoid using "app specific passwords". These bypass two-factor authentication and are a huge security risk.\n\nA few other tips to consider:\n\n1. Restrict which apps have access to your accounts.\n2. Set your "secret questions" and "secret answers" to be questions and answers that can't be easily googled about you. Using complete nonsense pairs works as well.\n3. Delete old accounts that you don't see yourself using again.\n\n[[Onward.|chooseConcern]]\n\n
Unfortunately, the help you're looking for is outside of the basic 101 scope that COACH is currently aiming to cover. However, if you send us an email at <html><a href="mailto:help@crashoverridenetwork.com">Crash Override</a></html>, we can manually assist you there. We also have more in-depth guides and tools that you may want to look over located in our <html><a href="http://www.crashoverridenetwork.com/resources.html" target="_blank">resource center</a></html>.\n\nYou can also refresh the page to restart COACH.
<<display 'progressHandler'>>Ok. Now let's take it further and two-factor your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://support.apple.com/en-us/HT204915" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account. Let's move on.|onlineList]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $tw = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://twitter.com/settings/password" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|twNext]]
<<display 'progressHandler'>>Let's look at the privacy settings of your account. One thing you might want to do immediately is remove any location information from your tweets, so people don't know where you're posting from. To do this, visit <html><a href="https://twitter.com/settings/security" target="_blank">your privacy settings and look for the option that's labeled "Tweet Location"</a></html>. Hit the "delete all location information" button to clear your tweets of geotags. \n\nYou may want to consider changing the visibility of your account. Twitter allows you to "lock" your account, limiting who can see what you post to who already follows you. <html><a href="https://twitter.com/settings/security" target="_blank">There is another option on the Privacy menu labeled "Tweet privacy"</a></html>. Checking the "Protect my Tweets" box will enable this function. \n\nReview the additional settings on the page to make sure they're what you want them to be at this time.\n\n[[I've set my privacy settings to where I want them to be.|twApps]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $pp = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://www.paypal.com/cgi-bin/webscr?cmd=_profile-password-start" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|ppNext]]
/* Your story will use the CSS in this passage to style the page.\nGive this passage more tags, and it will only affect passages with those tags.\nExample selectors: */\n\nbody {\n\tmargin: 2.5% 0 5% 0;\n\tbackground:#fff; \n font-size: 12px; \n line-height: 20px; \n font-family: Helvetica, Arial, sans-serif; \n color:#888;\n}\n\n#passages{\n\tmargin: 0;\n\tpadding: 0;\n\tborder: 0;\n}\n\n.passage {\n font-family:'LeagueGothicRegular', Helvetica, \tArial; \n\twidth: 90%;\n\tmargin: auto;\n\n}\n.passage a {\n\tcolor:#fd5d39;\n\ttext-decoration: underline;\n}\n.passage h1 {\n\tfont-family:'LeagueGothicRegular', Helvetica, Arial; \n\ttext-transform:uppercase; \n\tcolor:#444; \n\tfont-size:10px;\n\ttext-align:center;\n\tdisplay:inline;\n\tfloat:center;\n\tpadding-left: 5px;\n}\n.passage img {\n\tdisplay:inline;\n\tfloat:left;\n\tpadding-right: 15px;\n}\n.passage a:hover {\n\t/* This affects links while the cursor is over them */\t\n}\n\n#passages {\n border-left: 0px;\n padding-left: 0;\n}\n\n#sidebar {\n display: none;\n}
Your Progress So Far:\n<<if $g eq "yes">><html>&#9989</html> Google<<endif>><<if $g eq "no">><html><strike>Google</strike></html><<endif>><<if $y eq "yes">><html><br>&#9989</html> Yahoo<<endif>><<if $y eq "no">><html><br><strike>Yahoo</strike></html><<endif>><<if $m eq "yes">><html><br>&#9989</html> Microsoft<<endif>><<if $m eq "no">><html><br><strike>Microsoft</strike></html><<endif>><<if $a eq "yes">><html><br>&#9989</html> Apple<<endif>><<if $a eq "no">><html><br><strike>Apple</strike></html><<endif>><<if $d eq "yes">><html><br>&#9989</html> Dropbox<<endif>><<if $d eq "no">><html><br><strike>Dropbox</strike></html><<endif>><<if $f eq "yes">><html><br>&#9989</html> Facebook<<endif>><<if $f eq "no">><html><br><strike>Facebook</strike></html><<endif>><<if $tw eq "yes">><html><br>&#9989</html> Twitter<<endif>><<if $tw eq "no">><html><br><strike>Twitter</strike></html><<endif>><<if $tu eq "yes">><html><br>&#9989</html> Tumblr<<endif>><<if $tu eq "no">><html><br><strike>Tumblr</strike></html><<endif>><<if $pp eq "yes">><html><br>&#9989</html> PayPal<<endif>><<if $pp eq "no">><html><br><strike>PayPal</strike></html><<endif>><<if $eb eq "yes">><html><br>&#9989</html> Ebay<<endif>><<if $eb eq "no">><html><br><strike>Ebay</strike></html><<endif>><<if $am eq "yes">><html><br>&#9989</html> Amazon<<endif>><<if $am eq "no">><html><br><strike>Amazon</strike></html><<endif>>\n
<<display 'progressHandler'>>The best thing you can do right now is a full reinstall, if possible. In the words of the Great Prophet Ellen Ripley, "Nuke it from orbit. It's the only way to be sure." It may be possible for someone trained to remove malware from a system, but if you are not experienced with doing this, it's safest to delete everything. Copy the files you want to keep to a USB drive if it's a computer, then wipe and reinstall the operating system or factory reset the device if it's a phone.\n\n[[Next.|hwNext]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $y = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://login.yahoo.com/config/login?.done=https%3A%2F%2Flogin.yahoo.com%2Faccount%2Fpersonalinfo" target="_blank">When you're ready, change your password on your account settings page.</a></html>\n\n[[Done.|yNext]]
<<display 'progressHandler'>>Ok. Now let's take it further and add two-factor authentication to your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://www.tumblr.com/settings/account" target="_blank">When you're ready to two-factor your account, click here. The option you're looking for is "two-factor authentication".</a></html>\n\n[[I've two-factored my account. Let's move on.|tuApps]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $a = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>\n<<if $progress eq 100>>Well done. It was a lot to get done, but you did absolutely all of it. \n\n<<endif>>COACH is not able to 100% safeguard you from 100% of all online threats, but is here to serve as a basic starting point to have better online hygiene. Technology is constantly evolving, and the good comes with the bad. \n\nIf you need further assistance or are currently under attack, send us an email at <html><a href="help@crashoverridenetwork.com">Crash Override</a></html>, where we can manually assist you and offer customized advice and solutions based on your situation and goals. \n\nFor more in-depth guides, tools, and resources, check out <html><a href="http://www.crashoverridenetwork.com/resources.html" target="_blank">Crash Override's Resource Center</a></html>.\n\nIf you'd like to help us make more cool tools like this, consider <html><a href="http://www.crashoverridenetwork.com" target="_blank">supporting us</a>!</html>\n\nYou can also refresh the page to restart COACH.
<<display 'progressHandler'>><<if $accountList eq 0>>Good. Now let's go through which accounts you use.<<else>>Thank you. Let's continue.\n<<endif>> <<if $accountList eq 0>>\n\nI'm going to go through a list of the 10 most commonly abused services that we regularly handle, and I want you to tell me if you use them or not. If you do, I will give you specific advice on how to secure them. We'll keep a running checklist as we go so you can keep track of what you did.\n\n<<endif>>\n<<if $accountList gte 1>><<display 'serviceChecklist'>><<endif>><<if $accountList eq 0>>Do you have a Google account (this includes Gmail, YouTube, and all related services)? \n\n[[Yes|gYes]]\n[[No|gNo]]<<endif>><<if $accountList eq 1>>Do you have a Yahoo account (this includes Yahoo Mail and all related services)? \n\n[[Yes|yYes]]\n[[No|yNo]]<<endif>><<if $accountList eq 2>>Do you have a Microsoft account (this includes Skype, Xbox, and all related services)? \n\n[[Yes|mYes]]\n[[No|mNo]]<<endif>><<if $accountList eq 3>>Do you have an Apple account (this includes iCloud, iTunes, and all related services)? \n\n[[Yes|aYes]]\n[[No|aNo]]<<endif>><<if $accountList eq 4>>Do you have an Dropbox account? \n\n[[Yes|dYes]]\n[[No|dNo]]<<endif>><<if $accountList eq 5>>Do you have a Facebook account? \n\n[[Yes|fYes]]\n[[No|fNo]]<<endif>><<if $accountList eq 6>>Do you have a Twitter account? \n\n[[Yes|twYes]]\n[[No|twNo]]<<endif>><<if $accountList eq 7>>Do you have a Tumblr account? \n\n[[Yes|tuYes]]\n[[No|tuNo]]<<endif>><<if $accountList eq 8>>Do you have a PayPal account? \n\n[[Yes|ppYes]]\n[[No|ppNo]]<<endif>><<if $accountList eq 9>>Do you have an Ebay account? \n\n[[Yes|ebYes]]\n[[No|ebNo]]<<endif>><<if $accountList eq 10>>Do you have an Amazon account? \n\n[[Yes|amYes]]\n[[No|amNo]]<<endif>>\n
<<if $onlineAccounts eq 1>><html>&#9989</html> Secure Online accounts<<else>><html>&#9633</html> Secure Online Accounts<<endif>>\n<<if $preventDoxing eq 1>><html>&#9989</html> Prevent Doxing<<else>><html>&#9633</html> Prevent Doxing<<endif>>\n<<if $fortifyWeb eq 1>><html>&#9989</html> Fortify Websites<<else>><html>&#9633</html> Fortify Websites<<endif>>\n<<if $hardwareHacking eq 1>><html>&#9989</html> Prevent Hardware Hacking<<else>><html>&#9633</html>Prevent Hardware Hacking<<endif>>\n<<if $oldAccounts eq 1>><html>&#9989</html> Clean Up Old Accounts<<else>><html>&#9633</html> Clean Up Old Accounts<<endif>>
dsfsdf
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $am = "no">>Ok. Onto the next account.\n\n[[Next.|onlineDone]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $m = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>While your passwords and account security for your YouTube channel is handled by the Google account you just locked down, you might want to check your YouTube privacy settings. \n\n\nYou may want to change who can access or comment on your videos at this time. <html><a href="https://support.google.com/youtube/answer/157177?hl=en" target="_blank">Please check this website for more information on how to do so.</a></html>\n\n[[I've adjusted my privacy settings to how I'd like them to be.|onlineList]]
<<display 'progressHandler'>>Ok. Now let's take it further and two-factor your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<else>><<endif>>\n\n<html><a href="https://www.google.com/landing/2step/" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account.|gThree]]
<<display 'progressHandler'>>Ok. Now let's take it further and two-factor your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://help.yahoo.com/kb/SLN5013.html" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account. Let's move on.|onlineList]]
<<silently>><<set $oldAccounts = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>One last thing to do is to check to see if any of your old accounts have been exposed in any hacks or database breaches of any of the sites they were on. This can lead to people obtaining those credentials and using them against you. \n\n<html><a href="https://haveibeenpwned.com/" target="_blank">Check haveibeenpwned to see if any of your accounts have been exposed in major breaches.</a></html>\n\n[[Done.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $pp = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>Ok. Now let's check to see if you're on the most common data broker websites. Data brokers are people who buy and sell people's personal information, and they often have "search" tools that allow people to look others up on their services. <html><b>You can end up on one of these sites without ever meaning to, or agreeing to.</b></html> It's important to know what's out there about you.\n\n\nOne of the most common tools used by doxers is Spokeo. <html><a href="http://www.spokeo.com/" target="_blank">Look yourself up on there and see if your information is visible now.</a></html>\n\n[[My information is on there (or there is outdated/incorrect information about me on there)|spokeo]]\n[[It isn't.|otherBrokers]]
<<silently>><<set $fortifyWeb = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>You'll need to talk with whoever runs your site about how to enable protections. Express your security concerns to them, and see what they're able to do. \n\n[[Onward.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $m = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://account.live.com/password/Change" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|mNext]]
<<display 'progressHandler'>>Ok. Now let's take it further and two-factor your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://account.live.com/proofs/EnableTfa" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account. Let's move on.|onlineList]]
<<silently>><<set $fortifyWeb = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>If you use a Tumblr or other social network as your primary website, see our tips for locking down that service in the "securing online accounts" portion of COALT. \n\n[[Onward.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $eb = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>Ok. Now let's take it further and add login verification to your account. Login verification is a lot like two-factor authentication. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://twitter.com/settings/security" target="_blank">When you're ready to two-factor your account, click here. The option you're looking for is "login verification".</a></html>\n\n[[I've two-factored my account. Let's move on.|twPrivacy]]
<<display 'progressHandler'>>Ok. Let's start to clean up your web presence.\n\nLet's get the hard part out of the way. Try to think of any potentially embarrassing accounts you may have had on websites. While there's nothing wrong with having them, you should be mentally running through which ones you've had and if you'd be ok with that account and it's contents being stripped of context and sent to your parents or employers. If you don't care, are willing to fight those battles, or don't have any accounts you're ashamed of in any contexts, ignore this step and skip to the end of this page.\n\nWhat counts as "embarrassing" will vary from person to person. Sometimes it's teenage poetry blogs. Sometimes it's a fetlife account. Google old usernames you've had just in case, and really take inventory of what's out there about you. \n\n[[I've thought back on my long and sordid internet history and made peace with what I've remembered or deleted the rest.|oldNext]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $a = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://appleid.apple.com/account/manage" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|aNext]]
<<display 'progressHandler'>>In order to remove your information from your website's whois, you'll need to obtain domain privacy services. \n\nIf you can, log in to whatever service you've bought the domain name through. There should be some options somewhere to add domain privacy services to your site. \n\nSadly, we can't promise that this will remove the information off the web for good. Once it's up there, it's very difficult to remove entirely. But this one step will make it more difficult for doxers to find your personal data.\n\n[[Next.|d1]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $f = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://www.facebook.com/settings?tab=account" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|fNext]]
<<display 'progressHandler'>>Ok, let's get started. \n\nWe'll go over the most common ways that we see people's private information get dug up and distributed, and help you remove that information whenever possible.\n\nFirst things first. Do you currently run a website or own a domain name (www.example.com)?\n\n[[Yes|whois]]\n[[No|d1]]
<<display 'progressHandler'>>Ok. You need to check the "whois" information of your domain name to see if details like your home address or phone number is exposed. Whois information is obtained when you sign up to purchase a website, unless you also purchased domain privacy alongside it.\n\n<html><a href="https://www.whois.net/" target="_blank">Go here and type your domain name(s) in to see what information can be found on it.</html>\n\n[[My information is exposed!|whoisBad]]\n[[My information isn't exposed.|d1]]
<<display 'progressHandler'>>While you're on the Facebook Security Page, there is another option you should enable called "login alerts". Login alerts will notify you when someone attempts to log in to your account, so you can reacted to unauthorized access faster than you might have otherwise. \n\n<html><a href="https://www.facebook.com/settings?tab=security" target="_blank">Turn on Login Alerts on your security page.</a></html>\n\n[[Login Alerts have been turned on.|fPrivacy]]
<<display 'progressHandler'>>Ok. Now let's take it further and two-factor your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://www.dropbox.com/en/help/363" target="_blank">When you're ready to two-factor your account, click here.</a></html>\n\n[[I've two-factored my account. Let's move on.|onlineList]]
<<silently>><<set $fortifyWeb = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>Your security and privacy settings will be unique to whatever platform you're using, and will similarly be limited to whatever that service can provide. \n\nHowever, that service will also have security departments that you can email or contact with any of your concerns, who can walk you through what you should do to lock down. \n\nContact them and tell them your situation (to your level of comfort), and see what they can do.\n\n[[Onward.|chooseConcern]]
<<display 'progressHandler'>>Spokeo is just one of many information brokers just like it. Depending on how much time and energy you have, it might be worth your while to investigate if your information is present on others. \n\n<html><a href="https://www.privacyrights.org/online-information-brokers-list" target="_blank">Here is a list of 272 of them, with links to their privacy policies and opt-out protocols with links</a></html>\n\nThe most commonly used ones we see doxers use are <html><a href="https://www.peoplesmart.com/optout-go" target="_blank">PeopleSmart</a>, <a href="http://www.peekyou.com/about/contact/optout/index.php" target="_blank">Peekyou</a>, <a href="https://pipl.com/directory/remove/" target="_blank">Pipl</a>, <a href="https://support.whitepages.com/hc/en-us/articles/203263794-Remove-my-listing-from-Whitepages-" target="_blank">WhitePages</a>, and <a href="http://www.ussearch.com/privacylock" target="_blank">US Search</a></html>. \n\nIt's important to note that this process can be incredibly time consuming, and that you can't opt out of all of the services. Information brokers are operating in areas of privacy and law that are still being established, and unfortunately this means there is a lack of accountability or consequences at this time for people who sell other people's information. The best thing you can do is to be aware of what is out there about you, so you can set expectations and plan around it.\n\n[[Next.|d2]]
<<display 'progressHandler'>>Ok. Let's get started.\n\nHow is your website set up?\n\n[[I run my own website, and can make changes to settings on my own.|ownSite]]\n[[My website was created and hosted on a service like Wordpress.com (yourblog.wordpress.com) or Squarespace.|thirdParty]]\n[[I use a social media service like Tumblr as my main website.|socMed]]\n[[I don't know/I don't have control or access to my website's setup|noControl]]
<<silently>><<set $hardwareHacking = 1>><<set $int = $int + 1>><<set $progress = $progress + 10>><<endsilently>><<display 'progressHandler'>>There are a few good behaviors to adopt to make it harder for people to hack into your devices. \n\n1. Avoid using public wifi whenever possible. This includes setting your devices to not automatically connect to public networks. Public networks are not remotely secure, and there are hacking tools that can exploit these settings and pretend to be a trusted network to gain access to your computer without you ever noticing. \n2. Don't trust attachments from unknown or unverified sources. Not opening attachments may reduce your exposure to attacks by 95% or more.\n3. Keep your system updated. Remote attacks against the operating system are rare and are generally patched quickly, so update your system when it tells you to. Other attacks include poisoned documents (such as a .doc, .xls, .pdf) that will compromise your system and install software when they are opened on a vulnerable version of the software. \n\nAside from hardware hacking, we strongly suggest running a program like <html><a href="https://preyproject.com/download" target="_blank">Prey</a></html> on your devices. Prey will allow you to remotely wipe a lost device, locking out anyone who tries to access your data.\n\nAnd when in doubt, nuke it from orbit.\n\n[[Next.|chooseConcern]]
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $eb = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://signin.ebay.com/ws/eBayISAPI.dll?ChangePasswordAndCreateHint&isForgotPwdFlow=&isMCAlertFlow=&ru=" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|onlineList]]
<<display 'progressHandler'>>Ok. Let's start.\n\nDo you believe your hardware (phones, computers, etc) may have already been compromised?\n\n[[Yes|hwReinstall]]\n[[I'm not sure/I'm anticipating people will try to compromise it in the future.|hwPrevent]]\n[[No, and I'm not worried about it.|hwNext]]
<<display 'progressHandler'>>Ok. Now let's take it further and add two-factor authentication to your account. <<if $twoFactor eq 0>>Two factor authentication (or MFA/Multi-Factor Authentication/2-Step Verification) is a method of requiring the person who wants access an account to verify their identity in more than one way. <<set $twoFactor = $twoFactor + 1>><<endif>>\n\n<html><a href="https://www.paypal.com/webapps/mpp/security/security-protections" target="_blank">When you're ready to two-factor your account, click here.</a></html> PayPal also has additional security features that this page will walk you through.\n\n[[I've two-factored my account. Let's move on.|onlineList]]
<<display 'progressHandler'>>Since you're in control, there's a lot of stuff you can do on your own to help protect your website.\n\nFirst and foremost, you might want to enable DDoS protection, or safeguard your site against automated attacks. We suggest signing up for <html><a href="https://support.cloudflare.com/hc/en-us" target="_blank">CloudFlare</a></html>. Cloudflare makes it easy to set up this level of protection.\n\nDo you use a CMS/Infrastructure like Wordpress? \n\n[[Yes.|yespress]]\n[[No.|basicTips]]
<<display 'progressHandler'>>Now that that's out of the way, the next step is to generally tidy up what accounts you're simply never going to use. It's a good practice of internet hygiene to not leave that stuff lying around - each one is an additional thing that can be exploited. Something as innocent as a dominos.com account might have your home address stored in it's delivery information, for example.\n\nThankfully, there's a great tool that will help make this process much easier. <html><a href="http://justdelete.me/" target="_blank">Justdelete.me</a></html> is a directory of direct links to delete your accounts from various services. Use this as a mental checklist and a removal tool.\n\n[[I've deleted my old accounts.|oldLast]]
<<if $progress eq 0>><html><center><img src="images/0.png" width="150" height="150" alt="Progress is at 0%"></center></html><<endif>><<if $progress eq 10>><html><center><img src="images/10.png" width="150" height="150" alt="Progress is at 10%"></center></html><<endif>><<if $progress eq 15>><html><center><img src="images/15.png" width="150" height="150" alt="Progress is at 15%"></center></html><<endif>><<if $progress eq 20>><html><center><img src="images/20.png" width="150" height="150" alt="Progress is at 20%"></center></html><<endif>><<if $progress eq 25>><html><center><img src="images/25.png" width="150" height="150" alt="Progress is at 25%"></center></html><<endif>><<if $progress eq 30>><html><center><img src="images/30.png" width="150" height="150" alt="Progress is at 30%"></center></html><<endif>><<if $progress eq 35>><html><center><img src="images/35.png" width="150" height="150" alt="Progress is at 35%"></center></html><<endif>><<if $progress eq 45>><html><center><img src="images/45.png" width="150" height="150" alt="Progress is at 45%"></center></html><<endif>><<if $progress eq 55>><html><center><img src="images/55.png" width="150" height="150" alt="Progress is at 55%"></center></html><<endif>><<if $progress eq 65>><html><center><img src="images/65.png" width="150" height="150" alt="Progress is at 65%"></center></html><<endif>><<if $progress eq 70>><html><center><img src="images/70.png" width="150" height="150" alt="Progress is at 70%"></center></html><<endif>><<if $progress eq 75>><html><center><img src="images/75.png" width="150" height="150" alt="Progress is at 75%"></center></html><<endif>><<if $progress eq 80>><html><center><img src="images/80.png" width="150" height="150" alt="Progress is at 80%"></center></html><<endif>><<if $progress eq 85>><html><center><img src="images/85.png" width="150" height="150" alt="Progress is at 85%"></center></html><<endif>><<if $progress eq 90>><html><center><img src="images/90.png" width="150" height="150" alt="Progress is at 90%"></center></html><<endif>><<if $progress eq 100>><html><center><img src="images/100.png" width="150" height="150" alt="Progress is at 100%"></center></html><<endif>><<if $onlineAccounts eq 1>><html><h1>&#9989 Secure Online accounts</h1></html><<else>> <html><h1>&#9633 Secure Online Accounts</h1></html><<endif>>\n<<if $preventDoxing eq 1>> <html><h1>&#9989 Prevent Doxing</h1></html><<else>> <html><h1>&#9633 Prevent Doxing</h1></html><<endif>>\n<<if $fortifyWeb eq 1>> <html><h1>&#9989 Fortify Websites</h1></html><<else>> <html><h1>&#9633 Fortify Websites</h1></html><<endif>>\n<<if $hardwareHacking eq 1>> <html><h1>&#9989 Prevent Hardware Hacking</h1></html><<else>> <html><h1>&#9633 Prevent Hardware Hacking</h1></html><<endif>>\n<<if $oldAccounts eq 1>> <html><h1>&#9989 Clean Up Old Accounts</h1></html><<else>> <html><h1>&#9633 Clean Up Old Accounts</h1></html><<endif>>\n<<if $progress eq 100>> <html><h1>&#9989 All Sections Completed</h1></html><<else>> <html><h1>&#9633 <i>All Sections Completed</i></h1></html><<endif>>\n\n\n\n
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $tu = "no">>Ok. Onto the next account.\n\n[[Next.|onlineList]]
<<display 'progressHandler'>>If you're worried that your devices might be compromised, keep a close eye on them. Look out for unexpected behavior - windows opening on their own, the hard drive grinding a lot, the network getting slow, files appearing or disappearing. Unfortunately, many of these things may just happen on their own (especially under Windows), so you shouldn't immediately assume your system is compromised if something weird happens. \n\nOne good program to use on Mac is <html><a href="https://www.obdev.at/products/littlesnitch/index.html" target="_blank">Little Snitch</a></html> - it will tell you when an outbound network connection is being made, i.e. that something is sending data elsewhere. You can tell it that programs you know you're using are ok, and if anything else trips it, it may be an indicator of compromise. Personal firewall programs also do this for Windows.\n\nUse Activity Monitor on Mac or <html><a href="https://technet.microsoft.com/en-ca/sysinternals/bb896653.aspx" target="_blank">Process Explorer</a></html> on Windows to see all programs running. This may take some practice to understand what everything is, but it will let you know if anything bad is running.\n\nUse <html><a href="https://www.wireshark.org/" target="_blank">Wireshark</a></html> to determine whether any personal data is being sent elsewhere. This also takes some practice and technical understanding, but can confirm that a computer is compromised.\n\nOn phones, your battery getting drained rapidly is a sign that something weird is up.\n\nIf any of these things indicates that your system might be compromised, or if you just want to be sure, the best thing you can do right now is a full reinstall, if possible. In the words of the Great Prophet Ellen Ripley, "Nuke it from orbit. It's the only way to be sure." It may be possible for someone trained to remove malware from a system, but if you are not experienced with doing this, it's safest to delete everything. Copy the files you want to keep to a USB drive if it's a computer, then wipe and reinstall the operating system or factory reset the device if it's a phone.\n\n[[Next.|hwNext]]
<<display 'progressHandler'>>One last thing to do for this account. Google has a built-in security checkup page that lets you check other access settings like what devices are connected to your account and what, if any, app passwords you've been using. <<if $appPasswords eq 0>>We strongly suggest not using app passwords, as they bypass two-factor authentication and can be a major security hole. <<set $appPasswords = 1>><<endif>>\n\n<html><a href="https://security.google.com/settings/security/secureaccount?pli=1" target="_blank">When you're ready, click here to do Google's security checkup.</a></html>\n\n[[Let's move on.|youTube]].
<<if $progress eq 100>><<display 'endCOLT'>><<else>><<display 'progressHandler'>><<if $int is 0>>What would you like to do first?<<else>>What next?\n\n<<endif>>\n\n<<if $onlineAccounts is 0>>[[Strengthen the security of my online accounts so people can't break into them as easily.|onlineAccounts]]<<else>><html>&#9989 <i>Strengthen the security of my online accounts so people can't break into them as easily.</i></html><<endif>>\n<<if $preventDoxing is 0>>[[Hide my personal information, like my home address or phone number.|preventDoxing]]<<else>><html>&#9989 <i>Hide my personal information, like my home address or phone number.</i></html><<endif>>\n<<if $fortifyWeb is 0>>[[Fortify my website(s) and make them harder to attack.|fortifyWeb]]<<else>><html>&#9989 <i>Fortify my website(s) and make them harder to attack.</i></html><<endif>>\n<<if $hardwareHacking is 0>>[[Make it harder for people to to take control of my computer or phone.|hardwareHacking]]<<else>><html>&#9989 <i>Make it harder for people to to take control of my computer or phone.</i></html><<endif>>\n<<if $oldAccounts is 0>>[[Clean up and remove old or embarrassing accounts|oldAccounts]]<<else>><html>&#9989 <i>Clean up and remove old or embarrassing accounts</i></html><<endif>>\n\n<<if $int is 0>>[[None of these cover what I need.|contactUs]]<<else>>[[I'm all good.|endCOLT]]<<endif>><<endif>>\n
sdfsdf\n
<<display 'progressHandler'>>\nFirst things first. Let's go through the common accounts you're most likely to have that may become targeted, and secure them. \n\nI'm going to ask you to change your passwords as we go through the list. You need to use strong and unique passwords for every account you have. Sounds like a total pain in the butt, right? \n\nIt doesn't have to be. Password managers have made this easier than ever. \n\nPlease download one of the following programs now:\n\n<html><a href="https://lastpass.com/" target="_blank">LastPass<i> (Web, browser extension, iOS, Android, Blackberry, Windows Phone)</i></a></html> If you’re looking for the swiss army knife of password managers, look no further. LastPass is a powerful and convenient password manager. It’s web-based (but does offer offline access), so all your passwords are securely synced to the service. LastPass also offers browser plugins (for Internet Explorer, Firefox, Chrome, Safari, and Opera), and offers mobile versions as well. Additionally, LastPass has functionality that will help you do your own security audits in the future and is very user friendly. The basic version is free, and Premium (which includes the smartphone client) is $12/year (and recommended).\n\n<html><a href="https://agilebits.com/onepassword" target="blank">1password <i>(Mac, Windows, iOS, Android)</i></a></html>: With an excellent UI, mobile access, device syncing, and browser plugins that make storing and generating new passwords a breeze, 1password is a great choice. It stores information locally (that is, on the computer you install it on), so remember to make sure you are backing it up - there’s also an option to sync your 1password to Dropbox if you’re comfortable doing so. Make sure you have 2-factor authentication turned on on Dropbox if you use this option! 1Password is $50 for a desktop license, but the mobile version is free.\n\n<html><a href="http://keepass.info/" target="_blank">KeePass<i> (Windows, Linux, browser extension, iOS, Windows phone, Blackberry, PalmOS)</i></a></html>: As one of the first password managers to hit the market (and also open source), Keepass is a bit less stylish and not as feature-rich as other options, but it makes up for that with the wide variety of platforms it can be run on. It is nonetheless a very powerful and practical password management software. With the project being completely free and open source, it allows people to build Keepass for many different environments. Storage is local, so we recommend you keep your password manager and its associated vaults backed up.\n\n[[I have downloaded a password manager and am ready to proceed|onlineList]]\n
<<display 'progressHandler'>><<set $accountList = $accountList + 1>><<set $tu = "yes">>Ok. Let's change that password. Have your password manager ready, have it generate a new password, and save it in your vault.\n\n<html><a href="https://www.tumblr.com/settings/account" target="_blank">When you're ready, change your password on your account settings page (you'll need to be logged in).</a></html>\n\n[[Done.|tuNext]]