privacy
- Enable a six-digit passcode on your device.
- Set your device to erase itself after 10 failed passcode attempts. You should do these two steps anyway!
- Before you get to airport security, turn your device off. iOS devices require a passcode to unlock themselves the first time after they’re turned on. For dumb legal reasons, passcodes are generally thought to be protected by the 5th amendment, but fingerprints are not.
- Turn on iCloud backup.
- When it’s finished backing up, reset your device to its factory settings.
- When you get where you’re going, restore your device from backup.
- Turn on iCloud backup.
- When it’s finished backing up, reset your device.
- Start using it. Add a few contacts. Set up a (disposable) email account. Add some songs.
- Turn on iCloud backup. Let it finish.
- Leave this device at home.
- When you get where you’re going, buy a replacement device. Restore it from the backup you made earlier. Now you have an exact clone of the original.
-
This isn’t meant as advice for criminals. Lots of people travel with information they’re legally obligated to safeguard, like company plans, legal documents, and other confidential information. ↩︎
-
Similar ideas apply for Android and other devices, but I don’t have one of those to experiment with. ↩︎
- You register for Facebook with your me@yahoo.com email address.
- You forget about that, read about the newest Yahoo user database hack, and delete your Yahoo account.
- A month later, someone else signs up to get your me@yahoo.com email address. They use Facebook’s password reset mechanism to take control of your account, download your private photos, and say nasty things to your friends.
- Oh, and anyone you forgot to share your new address with is still sending personal communications to your old Yahoo address, and its new owner is reading them.
- Read messages from your spouse or partner.
- See your calendar events to know when you’ll be away from the house.
- Take over your account and start resetting every password associated with it, like Facebook, Amazon, and your bank.
- Log into your Yahoo mail.
- Click the little checkbox above your emails to select all of them.
- Click the Delete button to delete all email on that page. If you have lots of messages, you may have to repeat this several times.
- Hover over the Trash mailbox to make the trashcan icon appear. Click the trashcan.
- Confirm that you want to empty your trash.
- Click the settings gear in the top right corner.
- Choose Settings, then Vacation Response.
- Check the box to “Enable automatic response”, and set the Until: year to as far in the future as it will let you.
- Enter a message like:
- Click Save.
- Local Wi-Fi peer-to-peer connections so that your data’s never stored on any server,
- Dropbox, which is handy if you already use it, or
- Your own WebDAV server, with end-to-end encryption so you don’t have to trust your storage provider. I use my Synology NAS for this method.
-
DEVONthink To Go was completely rewritten and released in the summer of 2016. The old version was not well regarded. The new version is amazing and updated frequently. If you had stayed away from it based on reputation, give it another look. ↩︎
Search-proof your devices when traveling
Over-eager airport security has recently taken to making travelers unlock their phones and tablets for examination. This is both unforgivably invasive and trivially easy to defeat. Here’s how to protect your data1 on your iPhone or iPad2 when traveling.
Simplest: disable Touch ID
Now you have at least the physical ability to refuse to unlock your device. Be prepared for mental or legal pressure to supply your password, though. File this under “better than nothing”.
If you want to keep your current device
You’re traveling with a device, but one as bare as the day you originally bought it. Be prepared to explain why you’re carrying an empty device.
Keep your device, but less suspicious
Now you have a plausibly used device. When you get to your destination, reset your device again. Restore it from backup. This is more work than the previous instructions, but also less suspicious.
If you’d rather travel bare-handed
This is the most expensive option, but you can’t unlock what you don’t have.
Conclusion
Searching travelers’ devices at airports is security theater. It’s a massive and inconvenient violation of privacy, and only the world’s least prepared criminals would ever get caught this way. I guarantee I’m not the first person to think of backing up a phone and restoring it at my destination. Since it’s ineffective and almost certainly unconstitutional, cooler heads would recommend ending these pointless searches. Don’t wait for that to happen. Protect your data.
Purge your Yahoo account (but don't delete it!)
There are about 1.5 billion reasons to want to cancel your Yahoo account. Don’t do that!
According to Yahoo’s account deletion page, they “may allow other users to sign up for and use your current Yahoo! ID and profile names after your account has been deleted”:
This is a terrible policy not shared by other service providers, and there are many scenarios where it’s a huge security problem for Yahoo’s users. For example:
Here’s what you should do instead:
Purge your Yahoo account
It’s time to move on. Yahoo has a terrible security track record and shows no signs of improving.
First, understand what you’ll be doing here. You’ll be removing everything from your Yahoo account: your email, contacts, events, and so on. Permanently. There’s no changing your mind. It’s extreme, sure, but until you do it’s likely that hackers can:
Don’t delete your account. Clean it out!
Secure it
Before doing anything else, change your Yahoo password! Hackers probably have your current one. I’m not exaggerating.
Once that’s done, turn on two-factor authentication (2FA). This can prevent hackers from accessing your account even if they get your password.
Once that’s done, make a note to yourself to turn on 2FA for every other account you have that supports it.
Make your new home
Before you start, you’ll want to create an email account with a new provider. Lots of people like Gmail but pick one that looks good to you. This will be your new home account on the Internet: the email address that you give out to friends and coworkers and that you use to log into websites.
Clear your email
Clear everything else
If you’re like most people, that’s probably 99% of your Yahoo data. You’re not quite done yet, though! Now click through each of the services in the little icons in the top left corner:
They all may have more information stored in them. Each works a little differently but you should be able to figure out how to clean out each one.
Set a vacation reminder
Other email providers make it easy to forward all of your incoming mail to a new account. Yahoo removed that feature recently so you can’t use that convenient approach. Instead, you’ll make a Vacation Response to tell people about your new address.
I may now be reached at me@example.com. Please update your address book. Thanks!
Now anyone writing to you will get a message with your new address, but their email will still land in your Yahoo inbox.
Change your logins
Now go through your web accounts and change all of them where you log in with me@yahoo.com to use your new email address instead. If you use a password manager to keep track of your accounts, this will be easy. Time consuming — thanks, Yahoo! — but easy.
Check back
You’re going to miss a few accounts, and some friends or family will stubbornly insist on sending email to your old address. Set a reminder or mark your calendar to check your Yahoo mail a month from now to see who’s written to you. Update each of those people or accounts, then delete all of your new messages. Check again in another month and then another after that. Eventually this will slow to a trickle and you can forget about your old Yahoo account for many months at a time (or until the next news article about a giant Yahoo hack comes along, and then you can smile to yourself because it doesn’t affect you anymore).
Conclusion
Migrating off Yahoo is a pain in the neck. Google, in contrast, makes it easy to extract all your information and then securely close your account. Yahoo does not. It won’t be quick or painless, but I recommend that you start now.
Migrating off Evernote
In late 2016, Evernote updated their privacy policy to explicitly grant their employees the right to view your personal information. In their own words:
And please note that you cannot opt out of employees looking at your content for other reasons stated in our Privacy Policy (under the section, “Does Evernote Share My Personal Information or Content?”).
This is unacceptable for most of the things you’d want to use a note taking application for, and I believe that makes it wholly unfit for any kind of business or private use. The good news is that there are viable alternatives now. These are the options I particularly like:
Synology Note Station
If you have a Synology NAS, you can install Note Station which is basically Evernote but hosted on your own server. It has nice (and free) iOS apps, and an Android app that I haven’t used. There’s no desktop app yet but it does have a nice web interface. This is probably the easiest drop-in replacement for Evernote — if you have a Synology.
Note Station and its mobile apps are free but might not (yet) be quite as polished as you’re used to.
DEVONthink
If you’re in the Apple ecosystem, I highly recommend DEVONthink Pro Office (DTPO). It’s not so much a note app as a personal knowledge repository. My home ScanSnap scanner deposits docs directly into my DTPO inbox and OCRs them so they’re fulltext searchable. It also has a nice UI for creating your own notes, spreadsheets, etc. directly in the app, and great system integrations to make it easy to save data from almost any app into it. It has an amazing AI classification engine, so it can perform actions like automatically filing documents that look like invoices into my “Invoices” folder.
DTPO also has a new iOS app1 that syncs to it via options such as:
Finally, DTPO has a web interface so that you can browse your document databases from another system which doesn’t (or can’t) have DEVONthink installed on it.
DTPO isn’t cheap, but I think it’s absolutely worth the cost.
Recommendation
Of these, I prefer DEVONthink Pro Office as it’s more mature and already has almost every feature imaginable. Note Station is pretty good today, too, and has a lot of promise. Either one will move your data to being completely under your own control and I like that a lot.
I Guess I Do Really Hate Shopping At Wal Mart
Jen and I were in Kansas City for a convention when Jen decided to exchange some newborn-size diapers for a larger size. Unfortunately, we’d left the receipt at home (because we don’t make a habit of carrying around receipts for every bit of baby gear we take with us) and that completely flummoxed the Wal-Mart staff.
When all was said and done, I had to give them my driver’s license so that we could make the 26-cent swap between two unopened, undamaged packages of baby diapers. I gritted my teeth and managed not to say anything that would get me banned from the store, although I was so tense that I signed the exchange form hard enough to shred it.
And this is why I think that I probably now officially hate shopping at Wal-Mart. We weren’t trying to exchange a plasma TV or a box of donuts. We just wanted to trade up to a larger size of diapers, and this ended up requiring my driver’s license and a signature.
What I should have done — and what I’d love to see everyone doing — is to ask politely for a printed copy of their corporate privacy policy. After all, some stranger is entering my personal identification information into a computer for some unknown purpose, and I think I have the right to know why they’re doing it, how long they plan to keep it, and what their policy and mechanisms are for protecting it in the meantime.
Besides, even if I never read the thing, I’ll know that it cost Wal-Mart far more than $0.26 to print and hand-deliver the document to me. Sometimes just the satisfaction of knowing that their stupid, anti-customer policy costs them more than they made off the transaction makes it a little more tolerable.