Close All Tabs - Your Digital Footprint Reveals More Than You Think
Episode Date: January 21, 2026How easy is it to find someone from a single video posted online? To find out, Morgan put her own privacy to the test. She asked TikTok creator JoseMonkey, who’s famous for geolocating people who se...nd him videos asking to be found, to track her down. JoseMonkey started as a geolocation hobbyist who turned to creating videos to bring attention to common mistakes people make when posting online. In this episode, Morgan breaks down why personal operational security matters and what digital hygiene actually looks like in practice. JoseMonkey walks through how he finds people using the smallest scraps of information, and the steps you can take to make sure you aren’t exposing too much in your posts. And Eva Galperin, cybersecurity director of Electronic Frontier Foundation, explains how to use a process called “threat modeling” to protect your online privacy in a way that’s practical rather than paranoid. Guests: Jose Monkey, content creator and online privacy advocate Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation Further Reading/Listening: We partnered with KQED’s audience news team on a companion guide that breaks down online privacy in a clear, shareable format. You can find it, along with other explainers and guides, on KQED’s explainers page. Have LLMs Finally Mastered Geolocation? — Foeke Postma and Nathan Patin, BellingcatSurveillance Self-Defense — The Electronic Frontier Foundation How micro-online posting can be a macro privacy risk — JoseMonkey, TedX Talks Read the transcript here Want to give us feedback on the show? Shoot us an email at CloseAllTabs@KQED.org Follow us on Instagram and TikTok Credits: Close All Tabs is hosted by Morgan Sung. Our team includes producer Maya Cueva, editor Chris Hambrick and senior editor Chris Egusa who also composed our theme song and credits music. Additional music from APM. Audio engineering by Brendan Willard. Audience engagement support from Maha Sanad. Jen Chien is our Director of Podcasts. Katie Sprenger is our Podcast Operations Manager. Ethan Toven-Lindsey is our Editor in Chief. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Support for a Key QBD podcast comes from Xfinity.
Thanks to the Xfinity five-year price guarantee,
your guaranteed five years of reliable Wi-Fi with our best equipment,
no annual contracts, and no fees.
Plus, get online in minutes with same-day Wi-Fi.
Lock in your price and unlock the possibilities.
Xfinity, imagine that.
Restrictions apply, select plans only.
Ugh, you also having trouble with scammers trying to poke holes in your dam?
We need a phone plan that stops these pensions.
at the perimeter. That's why I switched to Google File Wireless, a wireless plan built with
industry-leading security. Google AI helps block pesky scampers so my info stays secure,
and best of all unlimited plans start at just $35 a month. Whatever you do, your sake with Google.
Explore Google File Wireless plans today. Plus taxes and government fees. Block spam known to Google
may not detect all spam calls. From KQED. A lot of us might feel pretty confident about our
online privacy. But how confident are you?
you really? Enough to challenge Jose Monkey? I'm Jose Monkey, and I find people who ask to be found.
Hey, Jose Monkey, where am I? Tell me where I am, Jose Monkey.
Jose Monkey, please come and find me. You may have seen Jose's videos on TikTok or YouTube.
He's a content creator, online privacy advocate, and amateur geolocation researcher.
People send me videos recorded from all over the world, and I try to figure out where those
videos were recorded and say, you know, here is where you were when you did that.
Oversharing is the social norm online.
Take one scroll through any social media app and count how many posts you see of someone else's
private life.
I, for one, tend to be overly cautious when it comes to posting and privacy.
As a journalist, and also someone who's been maybe too online since a young age, I don't
know how to not post.
but I also take my privacy very seriously and take precautions when I post.
I scrutinize every photo and video to make sure there's nothing identifiable like street names or even window views.
I share my location with trusted loved ones on Find My Friends,
but you'll never catch me publicly posting about where I am until after I've left.
I don't like the idea of total strangers knowing where I am at any given moment.
But for the sake of content, and this show, I faced my fear.
years, and asked Jose to find me.
Hi, Jose Monkey. I'll give you a hint. I am somewhere in Los Angeles.
So I recorded that video, wiped the location metadata, and then triple checked that it was
in fact wiped, and then sent it off to Jose. We got on a call a few days later.
Oh, I have to say that video, I don't know if it is possible for me to find it or not. I
will be, you know, totally transparent and say that.
Honestly, I went out of my way to give Jose a bit of a challenge.
I recorded this video across the street from a strip of bars and restaurants in East Los Angeles.
I took it at night with a flash on.
So the background was pretty dark.
In fact, Jose wasn't able to find me by the time I interviewed him a few days later.
There's not a lot of writing.
I think there was the word public.
It looked like behind you on a building.
But other than that, there really wasn't a lot to see there.
I was convinced that I had done it.
I was the one who stumped Jose Monkey.
My Stranger Danger philosophy finally paid off.
Until, Jose emailed me two weeks later with Google Maps coordinates.
There, on Eagle Rock Boulevard, was a little red pin where I had parked and recorded the video before heading to the wine bar.
So I called up Jose again.
When I found an area that looked like it might be right, so I was like checking and I panned over and I saw the words on there.
And I was like, wait a minute.
And it was like, if that says public.
and I audibly gasped.
I could not believe I found it.
It was a bit of needle in the hay sack.
I also can't believe you found it.
And it's funny because I went through the effort of like,
I even cropped in the video a bit so you couldn't even see.
I don't think you could see any street signs.
I was like, I'm going to make sure you can't even see the corner of the sidewalk in case that's like a hint.
I basically sent you a video that I would have recorded and put online myself,
knowing that I am a little bit paranoid about this kind of thing.
Right.
So I think that's a really good point.
And I think that's why it's a good example, because while I like to, you know, come up with clever ways to find people, the important takeaway here is that a sufficiently motivated individual who has an attention to detail and time to spend, you can find you from a video like that.
Now, again, I don't want to scare people by saying that, but people should know it is possible.
And it's not just what you post that makes your privacy vulnerable.
Your digital footprint includes all of your online.
activity. Passwords, location data, banking details, and tons of other sensitive information
can be obtained regardless of your social media use. That information, in the hands of bad actors,
can be used for scams, stalking, and a whole slate of nefarious activities. So what does
practicing digital hygiene entail? How do you make yourself less findable without giving up on
the internet entirely? And the burning
question. How did Jose Monkey find me? This is Close All Tats. I'm Morgan Sung, tech journalist,
and your chronically online friend here to open as many browser tabs as it takes to help you
understand how the digital world affects our real lives. Let's get into it. So this is a practice
known as personal OPSEC that's short for operations security. It involves assessing risk and
taking precautions to protect your personal information. Essentially, trying to
to minimize your digital footprint.
And this can be super overwhelming,
especially if you, like many other people,
have used the internet for the last 20 years.
Let's start by breaking down
how bad actors get a hold of this information.
And it usually starts with details
that are already posted on public social media accounts.
Time to open our first tab.
How do you find someone online?
Jose spent a lot of time trying to find me.
So for the video that you sent me from Los Angeles, there was not really a lot of information there.
Honestly, it was a grind.
I was looking at just many, many different locations.
Some of the things I observed, as I did that, is that your video had utility poles on the side of the road that you were on as well as on the other side.
And it seems like a small detail, but not every street in L.A. has those kinds of utility poles and doesn't necessarily have them on both sides.
The intersection that you were sort of close to wasn't like a 90-degree.
intersection. It was at sort of an angle, and I could tell that there was a road kind of coming
into another road where there was what appeared to be like a median in the middle, because we
have a bush that appears just like in the middle of the road. So I knew that that had to be a
divided road, which, again, you know, helps to limit the number of possible places, right? So
long story short, I probably spent hours. It was multiple hours, for sure. It's worth noting
that Jose doesn't have a background in privacy or security. He was a geolocation hobbyist for over a decade.
a hobby that revolves around online maps and location data.
This hobby made him more aware of how much people were sharing about themselves online,
and how that information could be used against them.
So a few years ago, he decided to raise awareness by using an approach that would actually get people to pay attention.
I had this idea that maybe I could demonstrate that through a video in which I would walk through the process of how I could look at a seemingly mundane video that doesn't show very much,
and show how I was able to figure out exactly where it was.
And I thought that might be something that people would think was both interesting,
but maybe slightly unsettling.
And then they would pay attention to this idea of internet safety.
When someone first tags you in a video and they're like,
Hi, Jose Monkey, please find me.
You pull up that video.
What's the first thing you do?
I first, I download the videos so that I can get them on a big screen.
I can, you know, freeze frame, slow it down, zoom way in.
All the things that are going to give me the best shot at seeing everything that's in the video.
Jose isn't using highly technical or exclusive tools in his process.
People often joke that, like, oh, you must be with one of the three-letter agencies.
I'm just a regular guy.
And I'm just using, you know, the same stuff that you have access to on your computer.
You might see this one tag in his videos.
Ocent. That's the practice of using open source intelligence,
or publicly available sources to collect and analyze information.
Those sources can include public government.
government databases, mapping tools like Google Maps, or crowdsource projects like OpenStreetMap,
a collaborative map of the world. And sometimes it gets a little more niche. You know those sites
where train hobbyists track railroad routes or preservationists archive old headstones and
cemeteries? Turns out, those niche sites are super helpful for geolocation. Just the other day,
I posted a video in which I found someone who was standing in a park near a bridge.
And I happened to know that there is a website that catalogs historic bridges,
and you can search for them by various different characteristics of those bridges,
like what kind of bridge it is, what the bridge carries, how many spans it has, things like that.
And I was able to find them actually fairly quickly just by using, you know, that database to look up the bridges that matched, the criteria I was looking for.
So that was a very specific case.
Like I knew I needed a bridge, so I used a bridge website, right?
But sometimes I will need to correlate bits of information I see in the video.
Like you're at a particular brand of gas station and it's close to a water tower and also very close to, I don't know, say like a golf course.
Like if I can see all those things in a video, there are tools that you can use to find those things in close proximity to each other.
when people record videos, usually if you record a video that you're posting on the internet or a photo, whatever it is, you're usually very focused on the things in the foreground.
Yourself, your cat, whatever you're, you know, you're recording a video of.
But it's all the things in the background that I'm looking at.
So I'm just trying to see, is there, you know, was there a sign you didn't realize was there?
Is there a car with a license plate that might tell me what state this is?
Things like that.
I'm looking at all the details in the background very specifically.
Anything with writing on it is always something that, to me, you know, is likely to be useful in my search.
Sometimes, a person might not even need those little details to find someone else's location,
because an app will do the work for them.
So before Jose was able to find my first location in Los Angeles, I had actually sent him a second video.
As a backup, in case he couldn't find me.
Here's a hint. I am not in L.A. anymore.
Good luck with the search.
He was able to locate that one pretty quickly and wanted to highlight a specific tool he used.
Some of the things we can see in that video are what appears to be an outdoor hockey rink.
It is near a fairly large body of water.
I didn't know if it was a lake or a river or a bay or what it was, but it looked pretty big.
Across the water, we can see some buildings.
And they look like older buildings, maybe brick buildings.
Jose started looking for outdoor hockey rinks near a body.
of water.
So I used a different tool, and this is the thing that I feel like people should know about.
I used a reverse image search tool.
The specific one I used is Google Lens, which many people are probably familiar with.
What it does is you can take a picture, whether it's just a photograph or a still frame
from a video, and plug that into this tool, and it will try to find images online that
match that thing.
And frequently, it can tell you where a place is.
So I guess you were in Queens like Bayside, right?
Yeah.
Yeah, actually exactly there.
I was able to plug that into Google Lens,
and it showed me somebody's Instagram post, which was taken very near there.
And it wasn't obvious at first exactly where it was,
but it was pretty straightforward from there.
Jose doesn't like to use Google Lens for his videos
because he said it takes the fun out of the game.
For him, finding people is like solving a puzzle.
But he pointed out that AI power tools like Google Lens
are becoming increasingly common.
You know, there are fancy tools and sophisticated queries that you can do to find all sorts
of places, and I love doing that.
But sometimes it's either somebody with access to something like Google Lens that we all
have access to, or somebody who's just willing to look at the streets of Los Angeles for hours on end.
So people need to know that.
Those are all possibilities.
Okay, so now that we understand how people can be found through their videos, let's talk about how to
avoid being found. And no, you don't necessarily have to move off the grid and stop using the
internet entirely to do that. We're talking about internet safety. That's after this break.
Support for KQED podcasts comes from Star One Credit Union. Give your savings account the love
it deserves. When you keep your money with Star One, you keep more of your money. Star One credit
union in your best interest.
So good, so good.
Everything you want for summer is at Nordstrom rack stores now and up to 60% off.
Stock up and save on the brands you love like Vince, Sam Edelman, Frame, and Free People.
Join the Nordi Club to unlock exclusive discounts, shop new arrivals first, and more.
Plus, buy online and pick up at your favorite rack store for free.
Great brands, great prices.
That's why you rack.
Let's open a new tab.
How do you post safely?
We're back with Jose Monkey.
He's the TikTok creator who finds people, but only if they want to be found.
If you don't want to be found, he's going to walk us through some of the most common mistakes that people make when posting photos or videos at themselves online.
One mistake that is really easy to rectify is really to just review what you're posting before you post it.
Many people really don't.
They record something and they just press send, whatever the button says in the app.
So, you know, if they're recording those things and not really reviewing them, they may not even realize that there would.
was like some big thing that they forgot that they didn't want to include.
And sometimes fixing that is so easy.
Most of the social media apps, even if you record a video in app, they give you editing
tools to trim and edit or put a sticker.
So like even if you recorded a video and you realize after the fact, once you review it,
that, oh, no, there was a street sign right behind me that tells everybody where I was.
You can either trim that piece out.
Sometimes you can put a sticker over it in the app.
and those can be good ways to obscure the information,
or if there's time, you might be able to just re-record it.
But if you never reviewed it, you wouldn't even have a chance to figure that out.
And it might be out there before you even realize what information you revealed.
So I'd say that's a really big one.
I feel like there are very obvious ways to find people.
Like, I see so many videos of people posting their new apartment tours
or posting their walk from their home, from the front door of their home,
all the way to walking their kids to school.
you know, and like kind of showing that whole walk. And that's pretty obvious. Like, that is a safety risk.
But what are the more, I guess, subtle tells that people should be more aware of?
The more you move the camera, the more information you're going to show. So I think people don't realize sometimes, it's definitely true that like if you're out for a walk somewhere, people can see everything around you.
Sometimes people record videos in their car, even in moving cars, which I don't really recommend because it's not particularly safe.
But I think people underestimate how much you can see through the windows of your car.
I think they think that they're in their car.
It's kind of like being in their house and nobody's going to see anything.
But that is not always the case.
Sometimes you can see quite a lot through the rear windshield, you know, through the windows, sometimes even in the mirrors.
Another thing I would say about cars is that sometimes people really don't think about the fact that most of us have a GPS in our car that tells you where you are at any given time.
And if you just happen to be recording in your car and you just, you know, are looking around and you show people your GPS, they just hold everybody where you are.
So I think that it is good to consider each individual video or photo or whatever you're creating.
But it's also important to consider the aggregate.
So it may be that you only reveal one little piece of information in, you know, in your video that tells people something.
But you may not remember that like three years ago, you,
you posted something that's still there on your account that revealed some other bit of information,
right?
Another thing that I would say is, you know, your digital footprint is really bigger than one
account or one platform.
Chances are you have lots of different accounts.
And now it's like, okay, well, now I have this whole, you know, just wealth of data about you.
So if two years ago you tweeted something and it kind of gave people a vague idea of what city
you lived in, and then, you know, over on Instagram, you posted something.
something else that shows your face, right? And so now people, you know, they know what city you live in,
they know what you look like. And then maybe on some other social media site, maybe you use your
real name, right? Like maybe you, maybe your LinkedIn is connected there. And now, you know,
that says your full name and where you work. So now people have like, you know, all these bits and
pieces of information about you, right? I think that it's, it's really worth everyone's time to
consider like how much of my information do I want out there. And if you feel like, you know, well,
I'm not really at risk there. Well, then you know, you can roll the dice and see what happens. But, you know, people's information ends up getting leaked even when they're being relatively good about it. So some people are just like, well, you know, why should I bother? But you don't necessarily need to make it easier for people, right? Just because it's already possible that they might get your information some other way. And so I would say there's never a better time to start, you know, policing your own internet hygiene than, you know, when you realize you made a mistake, right? Like, practice.
missing it is really the best thing you can do because it becomes easier when you, you're in the
habit of reviewing the video, you're in the habit of, you know, saying like, oh, wait, what was in
shot when I took, you know, that photo? It becomes a bit second nature, I think.
Digital hygiene involves more than just what you post. Your social media accounts might be
private, or you might not use social media at all. But you probably still use the internet,
for online shopping or job applications or just logging into your banking app.
All of that involves a feast of personal data, which might land in the wrong hands.
So how do you protect it?
Let's open a new tab.
What is a threat model?
Eva Galprin is the director of cybersecurity at the Electronic Frontier Foundation,
a nonprofit organization that advocates for digital privacy and free speech.
So trying to protect everything from everybody all the time is overwhelming and confusing.
And honestly, you don't need to do it.
The only way to protect everything from everybody all the time is to go live as a hermit on a mountain and fling all of your devices into the sea, which is presumably located near this mountain.
Don't panic, though.
Eva's going to explain why you don't need to do all that just to stay safe.
Threat modeling is a way of thinking about what?
what you want to protect, who you want to protect it from,
in such a way that leads you to the appropriate mitigation
so that you do the stuff that protects the things that are important
in cases that are likely to happen instead of spending all of your time,
just becoming a hermit and fleeing your devices into the ocean.
Threat modeling is important because everyone has different security needs.
It involves asking yourself a series of questions.
What do you want to protect? Who do you want to protect it from?
How do you want to protect it?
How bad will the consequences be if you fail?
And how far are you willing to go to protect it?
Like, I have a very precious American girl doll that I've had since I was a kid.
That's what I want to protect.
Who do I want to protect it from?
My rambunctious family members who are a bit too young to play with it.
How bad are the consequences if I fail?
Well, my doll's hair will probably never be the same.
How much trouble am I willing to go through to prevent that?
I'm not going as far as locking the doll away in some museum-grade case.
Keeping it on a shelf that the kids can't reach until they're older will probably be enough.
That's threat modeling, but the cherished childhood toy is your personal information.
Who you want to protect it from and how you need to protect it depends on your situation.
And threat modeling looks different for everyone.
For example, abortion is now illegal in 13 states.
Let's look at the needs of those involved in abortion access.
a group that will want to protect themselves and patients from government surveillance.
Someone who volunteers to drive patients to and from their abortions might use a VPN
and a secondary anonymous social account for their volunteer work.
They may use an encrypted messaging app like Signal to communicate with patients.
Presumably you are not interested in having some sort of third party get their hands on those messages.
A lot of the time people will tell you, you know, our messages are encrypted.
encryption is a term that could mean a lot of different things.
And sometimes what it means is that the message is encrypted in transit,
meaning that like a third party like the telco can't read it.
And sometimes it is end-to-end encrypted,
meaning that even the platform that you are on is unable to read your messages.
And this is really important because if governments and law enforcement want to get their hands on your messages,
what they do is they show up with like a warrant or a subpoena.
to the telco or to the company.
And so if the telco or the company doesn't have that information,
then they need to show up to you in order to get that information
or they need to show up to the person who is on the other end of that conversation.
And that gives you the ability to go lawyer up and potentially fight this subpoena
and to know when your information is being handed out,
which is a thing that you would not necessarily know otherwise.
So what you should be looking for in your messaging service is,
end-to-end encryption.
Anyone involved in abortion access may also disable location services or turn off their phone
when they're around reproductive health care clinics.
And why does that matter?
Well, so there is an entire industry of people who run around building up sort of, you know,
profiles of people based on, you know, who they are and where they're going and what websites
they look at and what apps they download.
and where they are located, what their preferences are, what they buy.
And what they do is they gather up all of this information.
Sometimes they gather it from many different sources, and then they aggregate it in order
to make an even more detailed and clear picture about who you are.
And then they turn around and they sell this information, usually to advertisers or to people
who are interested in sort of targeting certain kinds of groups with advertising.
but also to governments and law enforcement and even to individuals.
You can sign up for all kinds of data broker services.
They market themselves as PeopleFinder sites,
and you can find out a lot about people simply by subscribing to one of those
and entering the information that you want about somebody into one of those.
A journalist covering abortion, on the other hand,
will have a different threat model,
especially when it comes to protecting their sources and themselves.
Some of the other things that you might want to do as a journalist is you might want to think about the way in which you communicate with your sources,
especially if your sources prefer to remain anonymous.
You want to make sure that you can protect them.
So you might want to communicate with them through signal, for example, instead of over WhatsApp or over, you know, SMS or carrier pigeon.
You may also want to think about anti-harassment.
One of the big problems that journalists face, especially female journalists and journalists from marginalized groups and communities, is they disproportionately face harassment for their work.
And you might want to think about just doing a full review of what it is possible to find out about you online through like a simple search engine search.
And if you find stuff that you think may potentially be used.
against you by harassers, you can take that stuff down.
You can lock it up, you can make those posts private if it is on a platform that has the ability to make private posts.
Or if somebody else is hosting it, this is actually one of the most common sources of data leaks about our private lives.
It's not our posting stuff about where we are and what we're doing, but our friends posting stuff.
And often they will.
It would also behoove journalists to talk to their friends and family and their colleagues
about how they talk about each other in public spaces.
I don't mean like at the cafe, I mean like in digital public spaces where everything can
be seen, where you just make an agreement that you're not going to post stuff about each
other without permission.
So if you're going to post a photo that your friend is in, you just ask your friend in advance.
And sometimes the threat isn't anonymous trolls or the government or
friends from afar. It could be the people you live with. Threat modeling for domestic abuse situations
is actually incredibly hard. One of the reasons for that is because you are dealing with a person
who has physical access to your stuff, who may be able to compel you to hand over your passwords
to your various devices, who knows you and your friends and where you are likely to go. It's very difficult to
come up with a way to fool someone with whom you have a very close romantic connection because
they could call up your friends and family and tell them, I'm just really concerned about my
partner and their well-being. So if you could just tell me where they are. And that's one of the
things that I see the most often. And so when I talk to survivors of domestic abuse who are
looking for a way to leave their abuser, the very first thing that I do is I try to help them
just come up with like one account or one device or one platform where they know their
communications are safe. So threat modeling looks different for everyone. If you're not a journalist
or an activist or celebrity or influencer or anyone else in a public-facing, highly scrutinized
career, what's the threat? For most people, it's the scammers.
One of the big problems that we have right now is that we are in a golden age of grift.
This is, if you exist in the digital world at all, if you have a phone, if you have an email
address, if you have ways of getting messages said to you, then you're constantly getting
messages from scammers and from criminals. And often they're after different things. In the long
term, what they're after is usually money, sometimes in the short term, what they're after is
access to your accounts or access to other people who trust you.
One common method is known as ransomware, which is a type of malware, an umbrella term for
malicious software. Bad actors trick you into downloading software that locks up your device
and holds it hostage until you pay a ransom. Do they unlock your device once you pay? Not always.
Sometimes, adversaries use malware to spy on you, control your devices, and steal your information.
A more common threat is known as fishing. That's fishing with a pH.
Sometimes, it arrives in your inbox with the same logo and name as your bank, inviting you to log in.
But if you look closer, the email address is slightly off.
Or it could look like someone claiming to be your boss, instructing you to log into your work account as soon as possible.
they even impersonate family members and partners.
Basically, fishing scams pretend to be someone you trust,
and they lure you to click on a link or log into their fake site
in order to obtain your username and password.
Sometimes, clicking on a fishing attack link also installs malware,
so it's a real double whammy of security hell.
Some of the stuff to look for as a sort of indicator of a scam
is a sense of urgency, something is on fire,
emergency is happening or like you could get rich if you if you click here in the next like five minutes
and that sense of urgency is aimed at overriding your common sense and a lot of us feel very you know
smart because you know every day we get targeted with like six of these things and we don't fall for
it but what's really important to understand is that all the scammer needs is for you to have one
bad day. If they come at you half a dozen times a day, eventually you're going to be tired.
You're going to be cranky. Something is going to look plausible to you. And even the smartest person,
even the most technically adept and aware person can get scammed and can end up, you know,
sort of the victim of one of these grifters. We have to stay humble. We need to maintain eternal
vigilance. And also we need to not blame the people who fall for these things. I think,
that there's a lot of like, well, you're just too dumb. You didn't see it. I wouldn't have clicked
on that. And I think that kind of victim blaming really is counterproductive. Okay, so we've covered
threat modeling. Luckily, there are precautions you can take that might give you a few extra layers
of protection in case you do fall for one of these scams. They're also just good habits for
everyone. What do they look like in practice? Let's open one last tab. Digital
hygiene checklist. The good news is that there's some just basic, like, wash your hands,
data privacy hygiene that everyone can engage in that will sort of make things safer for them
from most of the kinds of threats that most people face every day. First on the checklist,
passwords. Secure your accounts. In order to secure your accounts, you want to make sure that all of your
passwords are different from one another and that they are long because a long password is what
makes a password harder to crack. But then you are left with the question of how are you going to
remember all of these very long, strong passwords that are different from one another? And for that,
you use a password manager. So I recommend that everybody install a password manager on their
devices. Your password manager will be unlocked with a single password. That single password, again,
should be long and strong and easy for you to memorize.
In order to make it easier for you to memorize,
I usually recommend a passphrase,
like five or six words chosen at random,
because that's easier to remember than just like, you know,
40 or 50 random numbers and letters.
There are a couple of things that you should think about.
The most important one is to go to your nearest friendly search engine
and do a search on the name of the passport manager and security incident.
So you want to go look to see whether,
or not, it has a history of being broken into, a history of being untrustworthy.
If it has a history of being untrustworthy, don't touch it.
If you don't find a bunch of security incidents, it's probably okay or good enough.
The best password manager is the one that you actually use.
Then there's a nifty little shield called two-factor authentication.
So two-factor authentication just means that in order to get into this account, you now need
two things instead of one thing. You need the password and you need an authentication code which is
sent to you in some fashion. The most common way in which we receive authentication codes is usually
over SMS. So you are sent a text message. That text message goes to your phone. This is the least
secure way of securing an account. And the reason for this is SMS messages are not encrypted,
which means that it is possible to intercept them, for example, at the telco.
So it is much easier for other people to get their hands on these messages and to use them to log into your account.
It is still better than nothing in most cases.
Having 2FA over SMS is in most cases probably better than having no 2FA at all.
But the better way in which to have your second factor of authentication work is through an
authenticator app. So you install an app on your device, and what it does is you sync it to your
account. And when you are logging in, you go to the app and it will give you the code that you
enter in addition to your password. This is safer because it is not sending that data over SMS.
For extra security, some people might opt for a physical key, which is almost like a little keychain
sized flash drive, you stick into your devices to log in. Now, this is both good and bad. If you lose
your physical key, you are permanently locked out of your device. So the bad news is it works.
This also means that if you break your physical key and you don't have like a backup key somewhere,
you can end up locked out of your account. And most importantly, if you are in a situation in which
you need to secure your account against somebody who has access to your stuff, who has,
physical access to you who might get their hands on your keychain where you have put all of your
physical keys, then this is especially unsafe. So this is not a solution that I recommend to
survivors of domestic abuse whose abusers still have physical access to them or the spaces
they are in or to their stuff. Then there's dodging the data brokers. The other thing that you
might want to do is with your web browser, you might want to install privacy badger, which is a
web extension which eats tracking cookies. One of the ways in which data brokers figure out where
you're going from one website to another and what you are doing is through the use of cookies.
And if you have a web extension that makes it impossible for those cookies to follow you across
the web, that makes things more difficult. So those are the basic things that are probably very good
for everyone to do and that will take care of most of your problems most of the time.
See, that's not so bad, is it?
You don't need the shiniest, most expensive, top-of-the-line cybersecurity tools just to stay safe online.
Most of the time, a little digital hand-washing goes a long way.
The truth here is that trying to protect everything from everybody all the time is a good way to drive yourself insane.
Some people are almost like either overwhelmed by the idea of having to lock it all down,
or some people are almost like resigned to a world without privacy because that's just,
the new normal. What would you say to them? Why does privacy still matter?
Well, to begin with you don't have to lock it all down. You really don't. You can still
exist in the world. The whole idea behind privacy is not that, again, you should be a hermit
who lives on a mountain with no devices. The idea behind, you know, sort of securing your
digital existence and understanding your footprint on the internet is to enable you to do the
things that you want to do and that are important to you in the safest possible way.
So, before you post yourself, and especially before posting other people, consider practicing
a little digital hygiene. At least a sprits of some digital hand sanitizer. As you can hear
for my voice today, it's flu season, after all. Oh, also, we teamed up with KQED's audience
news team on a digital guide that breaks down everything we talked about today in a convenient,
shareable format. You can find that guide and a bunch of other great explainers at kQED.org
slash explainers. And check the show notes for more privacy and security resources.
And one more quick thing before we go, we're working on a Valentine's Day episode and we want to
hear from you. When do you think is the right time, if ever, to share your location with a significant
other? Do you have a hot take on this?
or a juicy story?
Send us a voice note at close all tabs at kQED.org.
Okay, now let's close all these tabs.
Close all tabs is a production of KQED studios
and is reported and hosted by me, Morgan Sung.
This episode was produced by Maya Kueva
and edited by Chris Hambrick.
Chris Agusa is our senior editor
and also composed our theme song and credits music,
additional music by APM.
Brendan Willard is our audio engineer.
Audience engagement support from Maha Sinod.
Jen Geen is KQED's director of podcasts.
Katie Springer is our podcast operations manager,
and Ethan Tovin-Lin-Linsey is our editor-in-chief.
Some members of the KQED podcast team are represented by the Screen Actors Guild,
American Federation of Television and Radio Artists,
San Francisco, Northern California Local.
Keyboard sounds were recorded on my purple and pink,
dust-silver K-84 wired mechanical keyboard with Gatoron red switches.
Okay, and I know it's a podcast cliche, but if you have a little,
like these deep dives and want us to keep making more, it would really help us out if you could
rate and review us on Spotify, Apple Podcasts, or wherever you listen to the show. Don't forget to drop
a comment and tell your friends, too, or even your enemies, or frenemies. And if you really like
close all tabs and want to support public media, go to donate.kwed.org slash podcast. Also, we want to
hear from you. Email us at close all tabs at kQED.org. Follow us on Instagram at close all tabspod
or TikTok at Close All Tabs.
Thanks for listening.
Support for KQED podcasts comes from Star One Credit Union.
Give your savings account the love it deserves.
When you keep your money with Star One, you keep more of your money.
Star One Credit Union in your best interest.
Ambition comes in all shapes and sizes.
At First Citizens Bank, we roll with your goals because we're built for what you're building.
Fit for your ambition.
our citizens back.
Enjoy more ways to save at Ralph's, like low prices in every aisle.
And when you download the Ralph's app, you can clip and save more with digital coupons every
week.
Plus, you can earn fuel points to save up to $1 per gallon at the pump.
At Ralph's, you can enjoy more ways to save and more rewards every time you shop.
So it's always easy to save big every day with savings and rewards.
Ralph's, SoCal for over 150 years, savings may vary by state.
Fuel restrictions apply.
C-Sight for details.