if we use 2FA Yubikey do you still need password managers if you only use places on the net the except Yubikeys ? i use Brave as my only browser , i still have gmail but want another one and im not worried about gov spying like some securty privacy utubers talk about im privancy and security from malicious actors hackers and beimg tracked by apps and google lol , i only phones no PC or laptop . So get Yubikeys and a seperate email account , proton mail with vpn looks good or mulvad as well seem to be the best overall but i dont want to use my debit or credit cards to purchase them. Now my bank wants me to use biometrics for sign in too i will see if they except Yubikey , id rather have that than password managers as im not tech savvy lol i feel like id mess it up and be locked out lol
- I don't use Chromium based browsers (specially one that is actively pushing web3 and AI). - I know "data removal services" are scams. - I don't use 1Password as my PW manager, I self-host Vaultwarden. Yeah, I think I'm good.
Just want to encourage you and say how glad I am this channel exists and what you're doing. I've been a cybersecurity advocate for a number of years and have had a number of vital security components in place in my digital life for a while now (password manager, hardware keys, credit freezes, etc). Several years ago, I thought about starting a channel like this but never had the time with a full time job. And this is exactly what I envisioned my channel being. No jealousy at all, I'm so glad you're here doing this. In fact, I often recommend this channel when I'm wanting to get certain points across. I just find, not many people want to listen which is frustrating. Keep up the great work!
After discovering how easily scammers and hackers can get into our lives - I am so grateful to have your advice! I am kinda overwhelmed though at how many programs and tools we need to get secured! It feels like a full time job just keeping my accounts safe!! Thank you for this great guidance.
Email aliases - you say good for newsletter and one-offs. I use aliases for everything now. Here, in Australia, we've recently had 2 major companies hacked, with millions of addresses exposed, my (then) main email being one of those. Using Proton Mail aliasing, every one of my old email accounts now has their own different email (alias) - meaning if that organization ever gets hacked, my main Proton Mail address is safe and all I have to do is remove the exposed email (alias) and create another different one for that organization.
This is the way. No account should share an email with any other account. Aliases should also not be easily guessable. They don't need to be as complex as a password, but they should also not be easy enough that someone calling into a call center could guess the address and provide it to the call center agent. This has happened to me, which is why I now use aliases. Recently I had to make a financial transaction that required me calling in. The rep asked for my email address and I had to look it up because even I couldn't remember it. The beauty of aliases are multi-fold. 1) A little more security, 2) They can help identify which account resulted in you receiving spam. 3) They can be easily disabled or deleted for accounts that you no longer want to use and particularly for services that won't let you delete your account. 4) If an account is breached, you can easily delete the old alias and create a new one along with a new strong password. 5) No commingling of any accounts. Disabling/deleting an alias will have no impact on any other account and there's also no need to keep track of which accounts use which email because they are all unique.
Great video as always 👍🏼 One thing I've heard is that if you freeze your credit (here in the UK) then it _might_ affect your credit rating and some lenders may reject an application until 6 months after you've unfrozen your credit. I've not managed to confirm this myself but something worth being aware of if you're planning on any borrowing in the near future.
An actual user in a non-sponsored video?? UA-cam algorithm just killed over and died! All seriousness, thanks for sharing what you put your money on. Signed up for PostScanMail using your the link in description. Thanks for good content
@@AllThingsSecured I had just watched your interview with Ellie Weiner on Bible Memory Goal (!!!) and YT served up this privacy/security video from your “other” channel. It’s a 2fer 😉
Great options/tools! Even tho I really think you should have added a privacy focused DNS service in there too! Personally I use NextDNS, which is installed both directly on my router and separate on my phone, which means it pretty much covers every network device that I use.
Thank you for the videos you produce. They are all very informative and I've learned a lot from you. I use most of the same services that you do and recommend everything in this video!
Damn, every time im just DAMN! because there are so many things that no one every tells us either in life or in school and that's mess up cause the same way we say to teens to come back home before midnight or be careful what you wearing or with who you are its the same thing on the internet, the most crazy thing i find was a youtuber who open FB and just see who post a photo or a location on FB of the same beach and just randomly start saying hi and saying there names and that's scary as shit, personally im used to it CAUSE im the young brother so people know my big bro THANK GOD! thankfully there's still hope and i start be a bit more careful or at least i try, i try to seperate my work stuff email phone etc and my personal and gaming, it takes time but its for a good reason and i also start doing the same for family and friends slowly, well that's all i want to say thanks as always for helping us since no one else will do or no one will do it for free or for good reasons.
Hushed is not privacy-oriented at all. Read their privacy statement, you can confirm they will use all your info to uniquiely identify you-even give it to 3rd parties. Useless if you care about your privacy.
If you don't need it for work, then the 5 series is more than enough for the average person. In fact, even the Security Key series (most budget-friendly) might work as well.
So i cannot imagine how much all these services cost you over time i love the idea but i know i do a few of these and its exspensive for just the few that i use
Nice tech stack, thanks for sharing! It‘s a little bit off topic, but I was curious: What do you think about the services, that TailScale offers, especially the tailnet? :D
@@whatthefu3786 Sure. If you visit the Hushed website you’ll notice that there isn’t any mention of end-to-end encryption for texting and phone calls using a Hushed number. And if you visit the MySudo website you’ll notice they mention that everything is end-to-end encrypted. They also provide you with a private email address and browser whereas Hushed doesn’t have any of that.
If you want your calendar and contacts to be private and secure, use a paper calendar and physical address book. If you want convenience and don't care about your privacy and security of your most sensitive information, then use software or an online tool.
My recovery codes get securely stored in a couple different places that I'd rather not disclose. I've never had to use them, though, because I have a backup 2FA key.
What is the name of third browser her mentions Firefox, duck duck go and other one @2:17? When i turned on the captions it is Mova Browser. Is that correct or is it something else? Can someone please clarify?
Hi... Can you please tell me way in a past video you recommended Traveling Mailbox and now you state you use Postscan Mail? I need to pick one because of relocating to the Philippines. Thanks
This is true, Brave is Chromium-based, but it is a fork of the Chromium open source project, not a reskin, so it's not susceptible to Google schenanigans.
Hi Josh, love your content. Is there a company or a service that would help change all your passwords to make sites more secure? I think I use the same password for the majority of websites 🙈
Great question, Laura! Unfortunately it would be almost impossible to do a mass, automated change of all passwords. My recommendation would just be to start small - choose the 5-10 most important accounts and change the passwords for those. Then build from there. It's better to just get started small than never at all!
Always a concern however Bitwarden and other ones recommended here store both the vault login and then all information contained within the vault under encryption, whilst lastpass only stored the vault password under encryption. If items inside the vault are encrypted it is okay as if they are all unique they would have do individually crack each one which would take millennia
Hi - random-ish question: I'm a freelance designer, was about to accept a gig, then company asked me to install Endpoint Verification extension and turn sync on on my personal computer [after creating new Chrome email with the company address]. Would they have access to my personal info? It's the first time I've experienced this. I'm thinking about buying a 2nd personal WORK computer, creating a completely new/diff personal Chrome account, then doing this...but still hesitant. Any thoughts or insights would be super helpful!!! TY!
late reply. I would suggest that for such cases you set up a virtual machine. That way you don't need to buy a second computer and still ensure that nothing nefarious is going on.
@@AllThingsSecuredThanks. I just signed up. I am linking accounts and it is using Plaid and says the company is Aura...did Aura change their name to Identity Guard?
VOIP numbers are useless as they can't take sms messages. Many institutions can't send mail to postscan for various reasons. Vanguard doesn't see my postscan address. Others think it's a PO Box which they won't send to.
Hi! I wanted to send you an email but for a faster reply hope you’ll see this 😊 I wanted to buy the efani sim service but i live in europe netherlands, they told me they don’t offer this here or anytime soon. Do you know something similar for europe? To protect sim(mobile monitoring)? Thank you so much I really like your videos! 🙏🏻
Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.
I know you get these comments often, but I'm new to your channel and wanted to share my recent experiences after switching to email aliases. I applied for an online banking account and was denied an account because the bots concluded that my information could not be verified. Also, I tried ordering concert tickets recently after switching to email aliases with the same result. Is this something you've experienced?
I find it really hard to get a new charge card with a VoIP number. And knowing that they're going to send security codes to that number really drives me insane.
Do you use a VPN? Thank-you! Could you go over a little more, how to use a made up email address. Like do you use your correct password with it,or is that a made up one also,would that even work if so. I'm a little confused how to go about this,as I'd like to use this method Thank-you!?
Just a remark for an otherwise great video. Unfortunately signal is not as popular as suggested. But the biggest issue in my opinion is the calling aspect. Maybe in USA is not that aparent but in EU for example or anywhere with lots of xpats, people use a phone number that is not free to call. So these chatting apps become often call other xpats and call home to family and friends apps. There, Signal is not good. Call quality is not good.
Not what the dark web is. Delete me doesn't magically delete your info from data breaches, it deletes your info from legally collected and sold sources and brokers. Almost all websites collect and sell your information when you visit them.
They find your data with various data brokers and then make legal requests to have the personal data removed. You can see more about my experience here: ua-cam.com/video/PpcZ6VIEVVs/v-deo.html
I was and still am. In my mind the services are built for two different use cases. When I need a second number for 2FA codes, for example, I want a static number that I own. When I want to just give out a phone number that I can trash later, Cloaked is the way to go. In any case, I'm really just waiting for Cloaked to move their virtual card feature from beta to public before I really start pushing the service.
Because it's one of the most secure messaging services available (if you have Advanced Data Protection turned on), it offers end-to-end encryption with client key verification. Although Apple stores your messages, if you have Advanced Data Protection enabled, you are in possession of your private key, which means you are the master of the stored data. There isn't anything that would make it not safe to use. Just because it's run by a big tech company doesn't mean you shouldn't use it and that it's unsafe and not privacy respecting. Do your research.
@@RemasterScope Well, aren't you a nice person... You assumed that I had not done my research, which was your first mistake. If you would have actually read their latest privacy policy, it is clear you are mistaken and don't understand. The privacy statements are written in legal language and nearly takes a lawyer to interrupt them, so don't feel bad about not understanding the nitty-gritty details. Security and privacy are two topics you should research and try to understand the differences. It is common knowledge that Apple can read every message and media sent over iMessage and clearly stated in their privacy and end-user license agreement policies. If the message is sent to a non-Apple user, then the exposure is even worse because of the plain-text nature of the PSTN. Based on your reply, I am sure you will come back with some piffy response, but there is no need. Just go read the policies referenced and that is all that needs to be said. If you cant help yourself and choose to reply anyway, please reference the Apple policy so we can all be on the same page.
@@TimLaytonDarkroomDiaryI did not mean to sound rude. I genuinely wanna talk about this stuff. Reading through their privacy policy and guidelines I did not find something that would indicate that they can read all the messages. It’s stated that the iMessages are E2EE and also they are stored securely in iCloud (ADP). And of course the SMS is not secure by definition. Sadly right now even the RCS is not E2EE so there’s that. Now that I think about it, Apple did not implement any EU Chat Control into iMessage so I don’t know what would make you think that they are scanning the messages sent.
@@RemasterScope Thanks for that, and I appreciate you following up to clarify. Most people would not do that, so thank you. One thing I would mention that is also related to the use of iMessage and in general, iCloud, which should be very concerning to people, is the issue of deletion. Recently, with the iOS 17.0 update, you may recall that thousands of people reported photos and videos from many years ago suddenly reappeared on their phones again even though they had deleted the content locally. This created some serious embarrassment for people because they had given their phones to other family members, etc. It underscores the reality that Apple is clearly never deleting your photos or videos even though you think you have deleted them locally. This is all part of a larger legal issue involving client side scanning related to the Child Protect Act where all content on phones are scanned for illegal content and your content is stored in Apple's database forever and it is shared with law enforcement agencies to query at will. This is a serious privacy issue that everyone needs to fully understand. Back to the original iMessage E2EE topic, we know that Apple can and has handed over supposedly secure iMessages to the FBI when required to do so. IMO Apple talks a great game about security and privacy, but they are one of the worst offenders of privacy in particular for the above mentioned reasons and many more that could be discussed.
Can you make a video about action steps to take once you have been sim swapped ? I can’t seem to find a single one on UA-cam. It’s frustrating there’s all these videos on how to prevent but not what to do. Obviously you have to contact your carrier. But from a victim perspective. I’ve lost complete trust in my carrier. I have two phones and don’t know do I need new phone ? New carrier ? New SIM card ? There are some videos that deal with crypto breach but many of these scammers aren’t making crypto scams even detection easy. Ughh 😫someone help. I feel paralyzed what to do next and don’t feel safe at all.
Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.
Virtual credit cards from privacy are awesome. Allow me to write assertions for cards that have locked merchant affinity with the ability to easily spot when a specific merchant f*cked up and you've got a customer for life.
Chromium is open source… so is Brave. If you have any concerns, view the code yourself. It’s obviously not as private as TOR, but it’s a great, user friendly, privacy focused browser
Yes and? Just because its foundation is built on top of chromium doesn't mean it's bad...Chromium is open source and company that developed Brave Browser used this open source foundation to build on top of. They removed some of the elements that made it "spyware" and made a good quality private and secure browser.
You have no secure email unless they are emailing it to you from the same system. If you have protonmail, and it's not mailed from a proton mail address originally, you have no security.
@@YTDeletes90PercentOfMyComments when the internet was originally written all email was text based So therefore if you sent an email from one domain to another domain it could be read by anybody. My understanding is they were working on a way to fix that obviously flaw.
hi, delete me and the 'identify guard' composed of links that track you. It's extremely strange to see it in a video where a person talks about security and privacy. need explanation here, please. or at lease remove those tracking links
If you landed on these domains, they are likely part of a tracking URL used to credit the affiliate for any sales or conversions that occur after someone clicks the link. The actual destination of these URLs can vary widely depending on the specific affiliate link being used. If I were a subscriber to this channel, I would unsubscribe immediately. I am not negative, just factual
“Private” is subjective but I’m curious what your specific objections are. Sure you could use TOR and turn off JavaScript but this is not practical for daily use. Privacy tools only work when you use them. Which browser do you prefer?
@@RemasterScope that Brave is not the private browser that they advertise. Very very briefly , First the affiliate links and then the vpn installation without consent on which either case they did not took responsibility. They also use your data to serve ads, similar to others, egg MS does also does this with the same “the data are not linked to your account “. They retarget ads to their wallet crypto thing. Their search engine , at least a couple of months ago, it did not have any documentation on how it does the crawling, which means that you do not know how the results retrieved and from where. The where plays important role since it might be websites that are not allowing crawling.
How does my privacy and security tech stack match up against yours? Leave a comment to let me know what you do differently. I'm curious to know!
if we use 2FA Yubikey do you still need password managers if you only use places on the net the except Yubikeys ? i use Brave as my only browser , i still have gmail but want another one and im not worried about gov spying like some securty privacy utubers talk about im privancy and security from malicious actors hackers and beimg tracked by apps and google lol , i only phones no PC or laptop . So get Yubikeys and a seperate email account , proton mail with vpn looks good or mulvad as well seem to be the best overall but i dont want to use my debit or credit cards to purchase them. Now my bank wants me to use biometrics for sign in too i will see if they except Yubikey , id rather have that than password managers as im not tech savvy lol i feel like id mess it up and be locked out lol
- I don't use Chromium based browsers (specially one that is actively pushing web3 and AI).
- I know "data removal services" are scams.
- I don't use 1Password as my PW manager, I self-host Vaultwarden.
Yeah, I think I'm good.
Why delete my comment? lol
You asked what we do different.
@@AllThingsSecured you don't use secure apps...
Yea, right, for all this apps you will pay al most 40 or 100 USD / year.
Just want to encourage you and say how glad I am this channel exists and what you're doing. I've been a cybersecurity advocate for a number of years and have had a number of vital security components in place in my digital life for a while now (password manager, hardware keys, credit freezes, etc). Several years ago, I thought about starting a channel like this but never had the time with a full time job. And this is exactly what I envisioned my channel being. No jealousy at all, I'm so glad you're here doing this. In fact, I often recommend this channel when I'm wanting to get certain points across. I just find, not many people want to listen which is frustrating. Keep up the great work!
My security/privacy posture has been upgraded by learning and implementing your strategies Josh...keep up the good work bloke!
Thank you so much, Rob
After discovering how easily scammers and hackers can get into our lives - I am so grateful to have your advice! I am kinda overwhelmed though at how many programs and tools we need to get secured! It feels like a full time job just keeping my accounts safe!! Thank you for this great guidance.
Email aliases - you say good for newsletter and one-offs. I use aliases for everything now. Here, in Australia, we've recently had 2 major companies hacked, with millions of addresses exposed, my (then) main email being one of those. Using Proton Mail aliasing, every one of my old email accounts now has their own different email (alias) - meaning if that organization ever gets hacked, my main Proton Mail address is safe and all I have to do is remove the exposed email (alias) and create another different one for that organization.
This is the way. No account should share an email with any other account. Aliases should also not be easily guessable. They don't need to be as complex as a password, but they should also not be easy enough that someone calling into a call center could guess the address and provide it to the call center agent. This has happened to me, which is why I now use aliases. Recently I had to make a financial transaction that required me calling in. The rep asked for my email address and I had to look it up because even I couldn't remember it.
The beauty of aliases are multi-fold. 1) A little more security, 2) They can help identify which account resulted in you receiving spam. 3) They can be easily disabled or deleted for accounts that you no longer want to use and particularly for services that won't let you delete your account. 4) If an account is breached, you can easily delete the old alias and create a new one along with a new strong password. 5) No commingling of any accounts. Disabling/deleting an alias will have no impact on any other account and there's also no need to keep track of which accounts use which email because they are all unique.
I used aliases for everything as well. Can't recall the last time I gave my actual one for anything.
Great video as always 👍🏼 One thing I've heard is that if you freeze your credit (here in the UK) then it _might_ affect your credit rating and some lenders may reject an application until 6 months after you've unfrozen your credit. I've not managed to confirm this myself but something worth being aware of if you're planning on any borrowing in the near future.
Hmm, I haven't heard that. If that's true, it's very unfortunate. Protecting your credit shouldn't have any affect on your rating. That's a shame.
Fantastic summary! Thanks for sharing your practices. Such a valuable resource.
I'm excited that it was useful!
Capital One has an extension with virtual numbers built in. I use it all the time. No need to give your actual bank details.
Yes! I know there are quite a few banks that offer virtual cards now.
the reviews says the extension is broken
Thank you. These infos are exactly what I was looking for since 8 months.
Thank you!
Great job
I cannot stress enough how good this video is. Big shoutout. Straight to the point and very insightful.
INCOGNITO MODE HAS NEVER BEEN ABOUT ONLINE PRIVACY! It was always about not storing your history locally.
Great video Josh! Very useful indeed
Glad you enjoyed it, Steve!
An actual user in a non-sponsored video?? UA-cam algorithm just killed over and died! All seriousness, thanks for sharing what you put your money on. Signed up for PostScanMail using your the link in description. Thanks for good content
Brilliant resources! Thank you 😎
Thanks, Karen!
@@AllThingsSecured I had just watched your interview with Ellie Weiner on Bible Memory Goal (!!!) and YT served up this privacy/security video from your “other” channel. It’s a 2fer 😉
For physical address you might consider going into the post office and getting an actual P.O. Box.
Great options/tools! Even tho I really think you should have added a privacy focused DNS service in there too! Personally I use NextDNS, which is installed both directly on my router and separate on my phone, which means it pretty much covers every network device that I use.
Excellent Video..Lots of good ideas and tips in a single video. Thank You! Time to do some research….
Glad it was helpful, Larry!
Great summary video. Thank you. The Google comment is so true.
Thanks! 🙏
Dude, that thumbnail... looking swole. Also, excellent video, as usual. Thanks Josh!
Ha! I'll take the compliment...thanks :)
Thank you for the videos you produce. They are all very informative and I've learned a lot from you. I use most of the same services that you do and recommend everything in this video!
Great choices. I literally use all the same apps already cool
Awesome!
I agree with all your choices.
Awesome. Glad to hear it.
Damn, every time im just DAMN! because there are so many things that no one every tells us either in life or in school and that's mess up cause the same way we say to teens to come back home before midnight or be careful what you wearing or with who you are its the same thing on the internet,
the most crazy thing i find was a youtuber who open FB and just see who post a photo or a location on FB of the same beach and just randomly start saying hi and saying there names and that's scary as shit, personally im used to it CAUSE im the young brother so people know my big bro THANK GOD!
thankfully there's still hope and i start be a bit more careful or at least i try, i try to seperate my work stuff email phone etc and my personal and gaming,
it takes time but its for a good reason and i also start doing the same for family and friends slowly,
well that's all i want to say thanks as always for helping us since no one else will do or no one will do it for free or for good reasons.
Glad it's been helpful to you in some way.
Even in my current cybersecurity course they dont even tell you to use ad blocking
Hushed is not privacy-oriented at all. Read their privacy statement, you can confirm they will use all your info to uniquiely identify you-even give it to 3rd parties. Useless if you care about your privacy.
I signed up, looked into them some more, and quickly unsigned up.
Can you tell me which one do you use instead of hushed ?
Any app/service we can use instead of hushed for virtual mobile number?
Cloaked
Privacy and anonymity are 2 different things.
Very good, this video really helped me!
Josh, thanks for sharing.
My pleasure.
I'm unsure whether I should buy the FIPS 140-2 Yubikey variant or the normal Yubikey 5 series. I don't need it for work. Thanks in advance!
If you don't need it for work, then the 5 series is more than enough for the average person. In fact, even the Security Key series (most budget-friendly) might work as well.
@@AllThingsSecured Thanks, appreciate it!
SIGNAL IS GREAT!!!
Yes it is.
Thanks for the tips! These are great!
Thank you for the information. This is helpful.
Very valuable, thank you very much!
So i cannot imagine how much all these services cost you over time i love the idea but i know i do a few of these and its exspensive for just the few that i use
As a password manager I use KeepassXC, completely free, not cloud storaged, all on yourself to set up
I’m surprised you didn’t mention anything about using an encrypted dns server like Adguard, Pihole or NextDNS.
Nice tech stack, thanks for sharing!
It‘s a little bit off topic, but I was curious:
What do you think about the services, that TailScale offers, especially the tailnet? :D
I've honestly never heard the name before, so I have no opinion.
Thank you for the great video. I appreciate the time you took to create it. Could you recommend a reliable search engine?
Duck Duck Go or Startpage.
Great info, I just subscribed, thanks 👍
Do u use an alias email for youtube channels too?
Would MySudo not be a more secure and privacy oriented option than Hushed?
Would you like to explain, why that could be?
@@whatthefu3786 Sure. If you visit the Hushed website you’ll notice that there isn’t any mention of end-to-end encryption for texting and phone calls using a Hushed number. And if you visit the MySudo website you’ll notice they mention that everything is end-to-end encrypted. They also provide you with a private email address and browser whereas Hushed doesn’t have any of that.
Hi man! Thanks for your video! What tools do you use for your calendar and contacts? Thanks!
If you want your calendar and contacts to be private and secure, use a paper calendar and physical address book. If you want convenience and don't care about your privacy and security of your most sensitive information, then use software or an online tool.
Where do you store your 2FA recovery codes? I thought you used a secure usb drive for that.
My recovery codes get securely stored in a couple different places that I'd rather not disclose. I've never had to use them, though, because I have a backup 2FA key.
I wish the credit card, cell phone masking was available in Canada. We have no security/ privacy here or if we do they cost a fortune.
Have you looked at Revolut? I think it works in Canada, but I'm not sure.
Great list of tools.
What is the name of third browser her mentions Firefox, duck duck go and other one @2:17? When i turned on the captions it is Mova Browser. Is that correct or is it something else? Can someone please clarify?
Hi... Can you please tell me way in a past video you recommended Traveling Mailbox and now you state you use Postscan Mail? I need to pick one because of relocating to the Philippines. Thanks
Either is fine. I have an address with both.
Excellent content
Solid advice. Only one point I'd make, Brave whilst solid is still chromium under the hood, so better but still susceptible to Google shenanigans.
This is true, Brave is Chromium-based, but it is a fork of the Chromium open source project, not a reskin, so it's not susceptible to Google schenanigans.
Why not papersheet for passwords instead of managers?
Hi Josh, any advice on a service for virtual phone number for EU countries? Couldn’t find any… Thamks
Not sure where you looked but did an search an search and on the first page 4-5 kinks down found an list with 20+ companies. (duckduckgo)
I promise I'm trying to find one, but so far I don't know of any (yet).
Do you still recommend Identity Guard??
Hi Josh, love your content. Is there a company or a service that would help change all your passwords to make sites more secure? I think I use the same password for the majority of websites 🙈
Great question, Laura! Unfortunately it would be almost impossible to do a mass, automated change of all passwords. My recommendation would just be to start small - choose the 5-10 most important accounts and change the passwords for those. Then build from there. It's better to just get started small than never at all!
Great video! Question: How big of a concern is a password manager getting breached, like the LastPass incident from a few years ago?
Always a concern however Bitwarden and other ones recommended here store both the vault login and then all information contained within the vault under encryption, whilst lastpass only stored the vault password under encryption. If items inside the vault are encrypted it is okay as if they are all unique they would have do individually crack each one which would take millennia
Hi - random-ish question: I'm a freelance designer, was about to accept a gig, then company asked me to install Endpoint Verification extension and turn sync on on my personal computer [after creating new Chrome email with the company address]. Would they have access to my personal info? It's the first time I've experienced this.
I'm thinking about buying a 2nd personal WORK computer, creating a completely new/diff personal Chrome account, then doing this...but still hesitant. Any thoughts or insights would be super helpful!!! TY!
late reply. I would suggest that for such cases you set up a virtual machine. That way you don't need to buy a second computer and still ensure that nothing nefarious is going on.
You didn't mention the credit monitoring company, but the video shows Identity Guard. Is that the one you recommend?
Yes, that’s the one I’ve been using for the past couple years.
@@AllThingsSecuredThanks. I just signed up. I am linking accounts and it is using Plaid and says the company is Aura...did Aura change their name to Identity Guard?
@@TonyPadgett Aura acquired Identity Guard but have kept them separate.
Exactly. Aura is the parent company of Identity Guard, but I haven't really liked the Aura product as much as Identity Guard.
@@AllThingsSecured Good to hear. I tried Aura and wasn’t that happy with it.
VOIP numbers are useless as they can't take sms messages. Many institutions can't send mail to postscan for various reasons. Vanguard doesn't see my postscan address. Others think it's a PO Box which they won't send to.
Any suggestion of ID masking tools working in EU countries? Most address, phone and Cc are only work in US. Same for Delete Me :) Thanks
Is it safe to trust proprietary tool like 1password over bitwarden?
We need a phone Alias service for Europe! Its all which is missing for me :-(
Wow, i use almost every tool that you use too
Hi Josh,
Do you take Video ideas from viewers?
Kind regards
I want to use proton mail but I don’t need the full suite and I would get the paid version of they had unlimited alias but it’s limited to 25 :/
You could easily get a SimpleLogin subscription separately that does that.
Hi! I wanted to send you an email but for a faster reply hope you’ll see this 😊 I wanted to buy the efani sim service but i live in europe netherlands, they told me they don’t offer this here or anytime soon. Do you know something similar for europe? To protect sim(mobile monitoring)?
Thank you so much I really like your videos! 🙏🏻
Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.
Hi. Could I receive codes as 2fa in a virtual phone number as Hushed? Thanks
Yes, you can. I do it all the time.
I practice browser isolation so I use them all
how much are you spending monthly taken all these services into consideration?
Not as much as you’d think. Some are business expenses (virtual address) and some are free (virtual credit cards). Most others are less than $5/mo.
Way cheaper than the cost of dealing with identity fraud for years after a bank breach.
For the free virtual credit cards, do they apply for the demographics of Europe and India?
Unfortunately the virtual credit cards that I mentioned are US-only. Europe can use another one called Revolut, I think. I'm not sure about India.
How can I protect my privacy with these state age verification laws like Florida and New York just passed
Great list, what about Dashlane?
Dashlane is good, but I prefer 1Password or Proton Pass.
I know you get these comments often, but I'm new to your channel and wanted to share my recent experiences after switching to email aliases. I applied for an online banking account and was denied an account because the bots concluded that my information could not be verified. Also, I tried ordering concert tickets recently after switching to email aliases with the same result. Is this something you've experienced?
I find it really hard to get a new charge card with a VoIP number. And knowing that they're going to send security codes to that number really drives me insane.
Is hushed a prefference or cloaked is not ok ?
They both work just great.
Which mobile keyboard you prefer?
The native one.
@@AllThingsSecured Google?
Thank you
Do you use a VPN? Thank-you! Could you go over a little more, how to use a made up email address. Like do you use your correct password with it,or is that a made up one also,would that even work if so. I'm a little confused how to go about this,as I'd like to use this method Thank-you!?
why didnt you recommend telegram when talking about messaging apps? anything we should be worried about?
Wondering why you chose delete me? Is there a reason you like it better than incognito or BEE
Does DeleteMe deletes your data from dark web?
Just a remark for an otherwise great video.
Unfortunately signal is not as popular as suggested. But the biggest issue in my opinion is the calling aspect. Maybe in USA is not that aparent but in EU for example or anywhere with lots of xpats, people use a phone number that is not free to call. So these chatting apps become often call other xpats and call home to family and friends apps. There, Signal is not good. Call quality is not good.
Simple Login is online for US people or not?
For anybody, not just US.
❤ DDG, Bitwarden
Explain how Delete Me works with the Dark Web with removing your information? Please.
Not what the dark web is. Delete me doesn't magically delete your info from data breaches, it deletes your info from legally collected and sold sources and brokers. Almost all websites collect and sell your information when you visit them.
They find your data with various data brokers and then make legal requests to have the personal data removed. You can see more about my experience here: ua-cam.com/video/PpcZ6VIEVVs/v-deo.html
Why not mysudo vs hushed?
I've used MySudo before and it wasn't bad, but I wasn't crazy about it personally.
❤❤❤❤
So did you land on Hushed over Cloaked? I know you were pretty jazzed about Cloaked for a while…
I was and still am. In my mind the services are built for two different use cases. When I need a second number for 2FA codes, for example, I want a static number that I own. When I want to just give out a phone number that I can trash later, Cloaked is the way to go.
In any case, I'm really just waiting for Cloaked to move their virtual card feature from beta to public before I really start pushing the service.
How can you run a privacy and security channel and recommend iMessage? I am being sincere when I ask this question.
Because it's one of the most secure messaging services available (if you have Advanced Data Protection turned on), it offers end-to-end encryption with client key verification. Although Apple stores your messages, if you have Advanced Data Protection enabled, you are in possession of your private key, which means you are the master of the stored data. There isn't anything that would make it not safe to use. Just because it's run by a big tech company doesn't mean you shouldn't use it and that it's unsafe and not privacy respecting. Do your research.
@@RemasterScope Well, aren't you a nice person... You assumed that I had not done my research, which was your first mistake. If you would have actually read their latest privacy policy, it is clear you are mistaken and don't understand. The privacy statements are written in legal language and nearly takes a lawyer to interrupt them, so don't feel bad about not understanding the nitty-gritty details. Security and privacy are two topics you should research and try to understand the differences. It is common knowledge that Apple can read every message and media sent over iMessage and clearly stated in their privacy and end-user license agreement policies. If the message is sent to a non-Apple user, then the exposure is even worse because of the plain-text nature of the PSTN. Based on your reply, I am sure you will come back with some piffy response, but there is no need. Just go read the policies referenced and that is all that needs to be said. If you cant help yourself and choose to reply anyway, please reference the Apple policy so we can all be on the same page.
@@TimLaytonDarkroomDiaryI did not mean to sound rude. I genuinely wanna talk about this stuff. Reading through their privacy policy and guidelines I did not find something that would indicate that they can read all the messages. It’s stated that the iMessages are E2EE and also they are stored securely in iCloud (ADP). And of course the SMS is not secure by definition. Sadly right now even the RCS is not E2EE so there’s that. Now that I think about it, Apple did not implement any EU Chat Control into iMessage so I don’t know what would make you think that they are scanning the messages sent.
@@RemasterScope Thanks for that, and I appreciate you following up to clarify. Most people would not do that, so thank you. One thing I would mention that is also related to the use of iMessage and in general, iCloud, which should be very concerning to people, is the issue of deletion. Recently, with the iOS 17.0 update, you may recall that thousands of people reported photos and videos from many years ago suddenly reappeared on their phones again even though they had deleted the content locally. This created some serious embarrassment for people because they had given their phones to other family members, etc. It underscores the reality that Apple is clearly never deleting your photos or videos even though you think you have deleted them locally. This is all part of a larger legal issue involving client side scanning related to the Child Protect Act where all content on phones are scanned for illegal content and your content is stored in Apple's database forever and it is shared with law enforcement agencies to query at will. This is a serious privacy issue that everyone needs to fully understand. Back to the original iMessage E2EE topic, we know that Apple can and has handed over supposedly secure iMessages to the FBI when required to do so. IMO Apple talks a great game about security and privacy, but they are one of the worst offenders of privacy in particular for the above mentioned reasons and many more that could be discussed.
Can you make a video about action steps to take once you have been sim swapped ? I can’t seem to find a single one on UA-cam. It’s frustrating there’s all these videos on how to prevent but not what to do. Obviously you have to contact your carrier. But from a victim perspective. I’ve lost complete trust in my carrier. I have two phones and don’t know do I need new phone ? New carrier ? New SIM card ? There are some videos that deal with crypto breach but many of these scammers aren’t making crypto scams even detection easy. Ughh 😫someone help. I feel paralyzed what to do next and don’t feel safe at all.
Only a suggestion, as I've recently found this channel which seems very informative, and also covers the various aspects of SIM cards. It's called "Naomi Brockwell TV", and she's very good at explaining things. Good luck and stay safe.
3:32 font anyone?
❤️
Virtual credit cards from privacy are awesome. Allow me to write assertions for cards that have locked merchant affinity with the ability to easily spot when a specific merchant f*cked up and you've got a customer for life.
With Privacy, even if the merchants mess up, the card will immediately be declined.
👍🏻
Thanks!
Are these apps free
yes
Don't use a password manager. I learned the hard way and they got into EVERYTHING. Write it on paper WAY safer!!!
That is sadly not true. Do you mind explaining who "they" is and how they were able to access everything?
@@AllThingsSecured 6 trips to FBI. Nuff said
@@amygradybsw🤡
Brave is built with Chromium...
Chromium is open source… so is Brave. If you have any concerns, view the code yourself. It’s obviously not as private as TOR, but it’s a great, user friendly, privacy focused browser
Yes and? Just because its foundation is built on top of chromium doesn't mean it's bad...Chromium is open source and company that developed Brave Browser used this open source foundation to build on top of. They removed some of the elements that made it "spyware" and made a good quality private and secure browser.
You have no secure email unless they are emailing it to you from the same system. If you have protonmail, and it's not mailed from a proton mail address originally, you have no security.
I appreciate the concern, but there are ways to maintain the encryption outside the same system.
@@AllThingsSecured did the internet fix the hole in the security protocols?
google pgp before you speak, that tech was developed 30 years ago for this exact purpose.
@@notusedexerdo you know how little that narrows things down?
@@YTDeletes90PercentOfMyComments when the internet was originally written all email was text based So therefore if you sent an email from one domain to another domain it could be read by anybody. My understanding is they were working on a way to fix that obviously flaw.
vera crypt
hi, delete me and the 'identify guard' composed of links that track you. It's extremely strange to see it in a video where a person talks about security and privacy. need explanation here, please. or at lease remove those tracking links
If you landed on these domains, they are likely part of a tracking URL used to credit the affiliate for any sales or conversions that occur after someone clicks the link. The actual destination of these URLs can vary widely depending on the specific affiliate link being used.
If I were a subscriber to this channel, I would unsubscribe immediately.
I am not negative, just factual
iMessage is not private
Brave is not even close to what I would consider a private browser.
Mullvad browser or Tor browser would be better, imo.
“Private” is subjective but I’m curious what your specific objections are. Sure you could use TOR and turn off JavaScript but this is not practical for daily use. Privacy tools only work when you use them. Which browser do you prefer?
What do you mean by this comment?
@@RemasterScope that Brave is not the private browser that they advertise. Very very briefly , First the affiliate links and then the vpn installation without consent on which either case they did not took responsibility.
They also use your data to serve ads, similar to others, egg MS does also does this with the same “the data are not linked to your account “. They retarget ads to their wallet crypto thing. Their search engine , at least a couple of months ago, it did not have any documentation on how it does the crawling, which means that you do not know how the results retrieved and from where. The where plays important role since it might be websites that are not allowing crawling.
iMessage lol
Brave have sold out
no they did not
To whom? How? Any proof?
Dont‘t use cloud tools for privacy…
most expensive tools in history all of them charge heavily bye bye bye.