Resources for everyday folks on internet privacy and security

I’ve had several friends from non-computing fields ask me for advice about tools for better privacy and security online. Some of this is in reaction to recently repealed FCC privacy rules that prevented Internet Service Providers (ISPs) from selling their customers’ private browsing information. Some of it is concern about an increasingly invasive surveillance state, and breaches by hacking groups with state funding.

I’ve been looking to improve my own digital security as well, and have found most of the resources out there to be hard to digest and turn into an action plan that doesn’t start with years of learning. So I’m putting my short notes on what I think matters most here, as well as some links for those who want to learn more. This is by no means a definitive or infallible guide, and if you have specific concerns, you should get individualized advice on this stuff.

Contents:

The 3 Major Web Security Technologies and What They Protect

  1. HTTPS is a secure way to connect to a remote website without anyone being able to read what gets sent or received. More and more websites are supporting or defaulting to HTTPS these days. (This is what we said “look for the lock icon in the address bar!” about in the ’90s.) Importantly, HTTPS does not prevent your ISP or Big Brother from knowing what site you’re visiting. And it doesn’t keep you anonymous from the servers running the site you’re visiting – anyone with their server or access logs knows about your visit, and if they get hacked or subpoenaed, you have exposure to threats here. But HTTPS is great! You should avoid ever using a login or password on sites that don’t use HTTPS (Ask sites without HTTPS why they aren’t protecting their users!) If you use the Chrome or Firefox browsers on your PC or Mac, I recommend installing the HTTPS Everywhere browser extension, which tries to use HTTPS connections to sites whenever possible. (Be advised that every once in a while, HTTPS Everywhere can cause issues if a site has not set up HTTPS properly. The extension can be disabled on a site-by-site basis in these instances.)
  2. A VPN (virtual private network) will encrypt your entire internet connection between your device and the VPN’s server. (Your apps are covered too! However, some services, especially from financial institutions and outgoing mail servers, are often blocked over VPN.) This makes for good protection against unsecured public Wi-Fi networks, snooping ISPs, network censorship, and can route around corporate or government surveillance before the VPN server (but only if you’re connecting to a server beyond those surveillance tools). But on the VPN server side, your traffic still comes out unprotected. Think of it like a secure pipeline or signal repeater to access the Internet from the VPN server’s location, instead of your own. Trust is important here – a VPN provider is just as capable of bad actions as your local ISP. (In fact, the majority of free VPNs are super malicious. I currently do not recommend any free-to-the-public VPN. Even that cool one you heard about from a trusted brand.) It’s also important to know what information the VPN provider is logging about you.
  3. Tor is a tool which tries to fully anonymize your identity and browsing information from everyone. (HTTPS and VPNs protect part of your browsing information during part of a browsing session.) It requires you to use their modified version of the Firefox browser, and disables functionality present in other browsers that can be used to reveal your identity or communications. They also have some important warnings which need to be heeded to keep you protected.

Choosing a VPN service

This is a complicated and personal decision. I suggest keeping the following in mind:

  • Who do you want to shield your internet data from? Your neighbors at the café? The tech staff at your work or school? Your ISP? Your government or one you’re visiting?
  • What devices do you want to protect? If you just connect your PC to a VPN, your phone is still exposed. Some VPNs have a limit on how many devices can connect at once.
  • What kind of logging do you care about the VPN doing? Some log everything. Some log as little as possible.
  • Do you need something that’s easy to use? Sometimes the best VPN on paper turns out to be difficult to set up or use.

I used two different guides to VPNs in my research:

  • PCMag.com reviewed several VPN services on their quality of service and ease of use, but paid almost no attention to the privacy or logging side of things.
  • That One Privacy Site has a detailed guide to many VPN services which focuses on their quantitative specs (with a strong emphasis on their security against government surveillance), and has very little about their usability or quality.

I decided that I want to use a VPN to protect my browsing information from corporations who would like to sell it for their own purposes, possibly to my detriment. I will use other technologies to add security for more sensitive situations.

I chose to use Private Internet Access on my iOS, macOS, and Windows devices. They claim to log very little about what their customers access, allow a good number of devices connected at once, have a lot of available servers, and are a great deal at $40/year. Installation was very easy, and it automatically connects to their VPN whenever I turn any device on. On my mobile devices, it seamlessly handles any transitions between cellular and wi-fi networks, and maintains a permanent connection. Everything works very well.

My biggest caveat for Private Internet Access: they’re under United States jurisdiction, and they aren’t very transparent about who runs or owns the business. (Their corporate address is a coworking space just next to Union Station in Denver, so points for a Colorado business, perhaps?) I would probably advise something else for activists or people more concerned about a snooping government than a snooping ISP.

Let’s talk about your e-mail and messaging apps.

All email is inherently insecure. Treat it like a postcard that could be read by anyone between the writer and intended recipient. Don’t use it for sensitive information about you or anyone else. Unless you want to learn how to do PGP-encrypted email. (You don’t want to learn how to do PGP-encrypted email.)

SMS messaging and most internet messaging apps are also particularly vulnerable. Don’t talk about anything that could be damaging to yourself or any vulnerable third parties over them. Even if you think you’re having a private conversation. But I do recommend using Signal for private, encrypted messaging and calls. (Install: iOSAndroidChrome) Others have said WhatsApp (owned by Facebook) is secure, but since the UK Snooper’s Charter became law, we can no longer be sure of this.

Other things you should be doing

  • It’s long past time to actually start using different, strong passwords for every account you have. No excuses! You will get burned if you don’t. And possibly embarrassed publicly. You can check to see where your login information has already been compromised at “Have I Been Pwned?”
  • Use a password manager to generate and store all those different passwords you have. The two I can vouch for are LastPass (which I use, and like for their features and pricing, though sometimes they have some usability and design issues) and 1Password (which also works well and has better design but costs more). Nowadays these managers can be unlocked on your phone with a fingerprint, which makes them faster than remembering any password. Seriously, come on in. The water’s fine. I don’t remember any of my passwords any more.
  • Enable two-factor authentication on any service that supports it. This protects you in case someone does get a hold of your password. Here’s more on how 2FA works, and here’s a list of who supports 2FA with links to each provider’s own 2FA instructions.
  • Worried about other Internet companies like Facebook, Google, and Amazon tracking you? I recommend the following:
    • Change your default search engine to DuckDuckGo, which works very well and doesn’t track you. This is an available search engine in iOS as well.
    • There is a browser extension for Firefox and Chrome called Privacy Badger that is meant to block tracking stuff outright. I don’t use it but it sounds great.
    • Only allow cookies from the actual site you’re visiting (block third party cookies that usually are for ads):
      • Safari 10.1 (macOS): Preferences > Privacy > Cookies and website data: “Allow from current website only”
      • Firefox 52: Preferences/Settings  > Privacy > History > Use custom settings for history > Accept cookies from sites > Accept third-party cookies: Never
      • Chrome 57 desktop: Preferences/Settings > Show advanced settings > Privacy > Content settings > Block third-party cookies and site data
      • iOS 10: Settings > Safari > Block Cookies > Allow from Current Website Only
      • Chrome 57 Android: Settings > Site Settings > Cookies > Block third-party cookies

Educational resources

The best place to learn more about this stuff for yourself is the Electronic Frontier Foundation’s Surveillance Self-Defense Guide. I particularly recommend “An Introduction to Threat Modeling,” which covers the kind of different security risks to keep in mind before you set about a plan to improve your operational security.

Saving Money: Top RV Gadget Purchases I DIDN’T Make

not-buying-it

In the 16 months or so I spent researching and preparing for life in an RV, I came across countless blog posts and videos about gadgets and upgrades that make RVing easier. Some people get into full time RV life as a way to save on their daily cost of living. While that isn’t my primary goal, I do see this as an opportunity to better balance my income and my various financial priorities (saving for retirement, investing in my business, minimizing or eliminating debt, healthcare, and an adequate emergency fund). That means it can’t all go to a backlog of thousands of dollars worth of “nice-to-have” RV technology!

Acquiring a truck and trailer I could both work and live in, plus the “must-have” equipment and other expenses related to moving, was expensive enough. And I didn’t want to spend forever waiting to have the perfect rig before I hit the road! So I borrowed a concept from the tech product management world called Minimum Viable Product, and focused on the absolute necessities to get me on the road. As time goes on, I’ll get an idea of which upgrades will be the most useful, instead of overdoing it from the beginning.

So here are some of the commonly discussed gadgets and upgrades, and the cheaper alternatives that are working for me and my budget:

Electric Power System Upgrades

What I’m not buying yet:

  • Expanded solar panel array (I currently have a dinky 60W panel, which is nowhere near enough for all my needs)
    Cost: I’m estimating $3,000
  • Fancy RV batteries with better capacity
    Cost: A few hundred for some new deep cycle RV/marine batteries; thousands for big lithium ion batteries
  • Inverter to give me AC power capabilities from my DC batteries (necessary to run TV, microwave, air conditioner/ducted fan, toaster, blender, computer power bricks until I have a laptop with USB-C power)
    Cost: Several hundred including qualified labor (I know just enough to be dangerous)
  • Gas and/or propane-powered generator with inverter
    Cost: $500-700 used, $1,000 new

What I’m doing instead:

In short, I’m camping at locations with at least a 30 or 50-amp power hookup for RVs. This has not been difficult at all so far – plenty of state and county parks have RV sites with power on hand, if not full hookups. If I’m traveling for more than one day at a time, I have enough capacity with my current batteries (which also charge off my truck’s alternator and the solar panels) to cover my needs in transit – I just don’t have enough to stay in place and do work on a laptop. I think a generator may be in my near future, as it can enable me to do free off-grid camping, which can quickly pay for itself.

One cool upside to living in an RV is that most of my tech gizmos that use a DC power source – normally requiring a cumbersome power brick to convert from an AC wall outlet – can charge off my batteries since I have DC outlets inside the rig. I’ve bought 2 Anker PowerDrive 2 USB chargers, which can supply a large amount of current to devices which support quick charging. I keep one in the trailer and one in the truck. I also have an Anker PowerCore 26800, which is a giant external USB battery charge- close to the largest battery size the FAA will allow on an airplane. Charging that thing once is enough to charge my phone and any other USB-charged gadgets for about half a week (and also protecting those other devices from possible issues by connecting to RV power without an inverter other surge/under-voltage protection. I’m excited that newer computers can do this via USB-C, because eventually I’ll have an extremely battery/solar-friendly tech setup.

Tow vehicle upgrades

What I’m not buying yet:

  • Beefed up rear end suspension: added leaf springs, helper air springs, and rear sway bar. Improves handling while towing and eliminates sagging so the trailer and truck can ride level.
    Cost: ~$1,300 including labor
  • 5 or 6 small, strong wheels. My used truck came with 20″ aftermarket wheels that look great, but I only had 2 or 3 rather expensive choices for tires with enough load rating for my trailer. The wallet hit for replacement tires is one thing, but it’s extra concerning that I could have trouble even finding ones that fit if I’m far from a large city. And I would like to start doing more off-grid camping, and at that point the “if you have one, you have none” rule applies with spares.
    Cost: $1,000-1,700 (including tires, not including any trade-in value)

What I’m doing instead:

Trusting what I’ve got. My trailer is well within my truck’s tow rating (and my tires’ load rating), and I’m still learning the best way to dial in my truck’s weight distribution hitch, which does a lot to level the rig out. It’s not perfect yet, but these upgrades are in the “nice-to-have” territory.

Cellular Connectivity Upgrades

What I’m not buying yet:

  • Another line on a second carrier to increase the areas I can get a strong signal.
    Cost: $70-115/month.
  • Dedicated wi-fi hotspot device(s). Serves an always-on data connection to several devices without messing with my phone’s tethering/hotspot mode, and can be connected to an external antenna for improved signal.
    Cost: 2 x $150-200 (I’d have one network’s SIM card in a hotspot while using the other network’s SIM card in my phone.)
  • Cell signal booster. This device uses the maximum power allowed by the FCC to a roof antenna and can turn weak, almost unusable signals into a usable one. Unlike a hotspot, this device provides improved cellular signals to all compatible cell devices inside a small range.
    Cost: $479 for a weBoost Drive 4G-X.
  • 2 roof-mounted omnidirectional cell antennae,
    1 roof mast-mounted directional cell antenna: tools for improved hotspot/booster signal in various situations.
    Cost: $20-50 per antenna.

What I’m doing instead:

I’m clinging to the old Verizon Unlimited LTE plan I’ve had since 2010, and using the hotspot/tethering modes on my phone. I’m also being more conservative about my campsite selections until I’ve built up my tools for signal strength and redundancy. Some tools that are helping me do this:

  • Campendium campsite reviews often include camper-reported data on cellular signal strength.
  • The Coverage? iOS app aggregates all 4 major US networks’ coverage maps for quick checks on areas they claim to cover.
  • The RV Mobile Internet Resource Center is run by full-time RVers and has free guides that should be enough for basic needs, as well as a paid membership option with detailed information and community forums for people like me who depend on mobile internet for their livelihood.

But I’ll never skimp on safety & maintenance.

When I’m towing, I’m carrying 6 to 8 tons of equipment at highway speeds on 8 wheels. An equipment failure or emergency could prove fatal to anyone on the road. I don’t use this approach for anything critical to the safety or integrity of my rig. This includes other basics like keeping my wheels and tires maintained and out of the sun, and various sealants to keep my trailer from getting leaks.

 

Video tour of my Arctic Fox 25Y

So I’m finally on the road! Have been living in Miles for 3 weeks, and on the road for one. I’m still working full time, so I haven’t figured out where blogging fits in my usual routine. I did find time over a couple of weekends to slap a video tour together, though!

https://www.youtube.com/watch?v=Zspdwk_FCZk&

This was my first time producing video in a long time, and I’m not sure whether I’ll prefer to do more video or text in the future. I don’t want to hear about my production quality or verbal fillers.

Since I started working towards full-time RVing in late 2015, I felt a little boxed in by my city life. Now I’m spending a few weeks with family in Fort Collins before I hit the road. This is my view every day. It doesn’t get old. 😊

AWNINGS! (Good gawd.) What are they good for?

First, the good news: I’m moving out of my apartment this week, and today I moved my first truckload of stuff into Miles! (I’m not moving into Miles full time yet, but am taking a pit stop with family for February because I didn’t want to start out during the coldest month of winter.)

But when I drove to the RV storage lot for the first time in about 40 days, I was greeted by an old nemesis at my door: the awning. Completely unfurled, and already torn and shredded in multiple places.

The awning over my trailer, fully unfurled and being ripped up by the elements.

I’ve had nothing but trouble with my awning from the start. The very first time I saw Miles at the dealership, a technician was tweaking the motor to make it work. He seemed worried that it wouldn’t work while demonstrating it to me. I was overwhelmed by a lot of details while inspecting the whole trailer, and this didn’t register with me as a big deal at the time.

The very first time I actually used the awning was in Albuquerque during my trip back home. Some mild wind kicked up and rocked the arms around, and suddenly the motor wouldn’t work at all. From what I’ve heard from other RV owners, this seems to happen all the time. (The worst irony? The manufacturer’s name is “Carefree!”) It was hard to get the awning retracted as just one person, and I have no idea how it’s supposed to lock into place without the motor working. I managed to duct tape a zillion different parts of the awning down – not knowing my way around my RV’s systems yet, I just tried to compensate with redundancy after redundancy. I knew the duct tape wouldn’t last forever, especially with exposure to UV rays and changing temperatures. But it got me home just fine.

It’s probably just an issue where something is out of alignment or needs to be tightened. I tried to take it in for repair, but then it became too cold to work on. I had been planning to just call a mobile repair technician once I was living in it.  But, indeed, some of the duct tape has lost its stick in the extreme cold, and wind unfurled the awning again. Add snow to the mix, and nothing about it is safe. The material is already showing heavy shredding.

I haven’t made up my mind yet, but even if I can get everything back to working state, I’m not sure I want to keep the awning at all. Not that it doesn’t offer some benefits, but it sounds like RV awnings have frequent problems. I don’t want to deal with something that’s both hard to repair solo, and represents a big safety hazard going down the road.

Hitting the road soon!

For a little over a year, I’ve been researching and preparing to move into an RV full-time. I’ve since bought a truck and a trailer, and with my apartment lease about to end, it’s finally about to happen!

I’ve set up Money for Gasoline as a separate blog just for RV stuff. I want to keep this blog for more general stuff. Go check it out! The introductory post has more information about the rig I’m starting with; it’s sure to evolve as I learn and get settled.

I’m still trying to figure out how much I want to do in written format, and how much to do on other networks. YouTube videos seem like a good idea, but YouTube comments do not.

Full-Time RVing and Carbon Footprints

Today I did some back-of-napkin math comparing carbon impact of RV life versus sticks-and-bricks life. I also found tons of really helpful details on Where-RV-Now?, which others will likely find more useful than what I’ve written here.

The Bad:

17231566026_d82eef7069_z.jpg
Perhaps a more efficient combination. (flickr: Andrew Bone)
  • I didn’t know trucks have worse CO₂ emissions per passenger-mile than jet airliners.*
  • Add the trailer and it’s about twice as bad.
  • Replacement tires add a lot more to the carbon footprint than they would for an urban commuter.
  • A Class C motorhome (the kind with a van cab and a bed over the cab) towing a small car might have been smarter in hindsight.
* This changes if you have a big family in a heavy-duty diesel truck. I’m not going to put Athena’s paws on the scale to make this look better.

The Good:

  • No commuting!
  • RVers tend to use less day-to-day energy than traditional households.

The Great:

  • Any energy I avoid getting from the grid, be it from propane, a cheap generator, or an expensive solar rig, emits far less CO₂ than Colorado’s majority-coal grid.
  • Most of my appliances can run off of propane. (The propane heater also needs some electricity for the blower fan.) The only obvious consumption monster is the air conditioner.
  • I currently can charge all my gadgets except my laptop off of solar, and the next laptop will be able to charge off solar via USB-C.
 
It looks like I’m on target for a significantly lower overall carbon footprint unless I’m moving locations all the time. Again, this is back-of-napkin, and my qualified engineer friends will know a zillion inefficiencies that complicate this.
Also, the napkin is made from hemp.

Let’s Go!

This is the first post!

I’ve got a lot to say, but right now I’m not ready to talk about everything from the start. Soon I’ll write more with background details about how I decided to get into full-time RVing, how I settled on the trailer and tow vehicle I ended up buying, and what my plans are from here. For now, a brief rundown:

MeEl9bEETd.jpg

I’m Zeke Weeks:

  • Single 28-year-old guy from Colorado.
  • Born in Boulder
  • Lived in Tempe, Arizona during High School
  • Went to college at Colorado State University
    • Business major, Computer Information Systems concentration, Spanish minor
  • When I was a kid, I made websites as a hobby.
  • As a teen, I got into blogging and have been writing about all kinds of things on ZekeWeeks.com ever since.
  • I now own a web consulting company. I do most of my work from home or wherever I’ve got an internet connection.
  • I’ve been living in Denver since 2012.

Athena IMG_7395.JPG

Athena’s a little rescue mutt who was born in February 2015.

She looks like a lab, but her DNA test says otherwise. Athena stopped growing at a medium-smallish size, is SUPER extroverted and friendly, and is a good wrestler.

The tow vehicle: “Barry”

img_2663

Barry is a 2012 Toyota Tundra CrewMax 4×4 Limited:

  • 5.7-liter V8 – 381HP, 401ft.-lb. torque (at sea level, at least…)
  • Rated to tow just shy of 10,000 lbs.
  • Gets about 15 miles per gallon in the city, 19 MPG on the highway, and 8.8MPG when towing my trailer.
  • BFGoodrich All-Terrain KO2 tires
  • Extendable towing mirrors
  • Aftermarket wheel flares & HID+Fluorescent Halo+LED running and tail lights
  • ARE camper shell
  • Ranch Hand Sport rear bumper
  • Tinted glass everywhere but the windshield
  • Everything but the tires was installed by the previous owner. This baby had everything I was planning to install after purchase ready to go! I bought Barry with 63,000 miles and in great shape.
  • Barry feels ridiculous driving through Denver’s cramped old neighborhood streets – the towing mirrors feel like huge ears sticking out the sides. This is how he got named after another Barry with big ears.

The Trailer: “Miles”

Miles is a 2013 Arctic Fox 25Y from Northwood RV Manufacturing.

  • 30 feet long from bumper to hitch
  • About 6,800 lbs. without anything inside or in the tanks
  • 10,000 lb. Gross Vehicle Weight Rating
  • Named after Miles, mascot for the Denver Broncos.
miles(photo credit: Jeffrey Beall on Flickr)

I’ll rave all about why I went to this trailer another time. I bought it used in California, camped there for my first week with it, and towed it back to Colorado.

Video: Colorado.gov Adopts Drupal, Learns Some Things

I recently did a joint presentation at DrupalCamp Colorado with Jeremiah Wathen, my project management counterpart at Colorado Interactive. We talked about Pacific, Colorado.gov’s Drupal-based hosting platform for hundreds of state and local entities, and what Colorado.gov has learned with each increasingly ambitious project since the initial decision to adopt Drupal.

https://www.youtube.com/watch?v=6kATx5zdUJo