Both are instant, and senders generally expect instant responses
Both are intrusive (messages pop up over other content) and used for informal communications
To Text...
Text messages are ubiquitous - nearly everyone can send and receive 1-to-1 text messages, and most can receive MMS (multimedia messenging service) message with multimedia content and multiple recipients. But SMS messages aren't secure. The How-To Geek identifies several reasons why SMS text messages aren't private or secure, including:
Your Cellular Carrier Can See Your SMS Messages
SMS Messages Can Be Intercepted by Criminals
SMS Messages Can Be Monitored by Authorities
Your Phone Number Is Surprisingly Easy to Hijack
Or Not to Text
A recent survey found over 90s of Americans actively used instant messengers (aka Chat Apps) in the 3rd quarter of 2020, beating social network apps like Facebook, MeWe and Minds. Twitter CEO Jack Dorsey recommended George Floyd protesters, who caused $1-2 billion in private property damages, move communications from Twitter to Signal, possibly to avoid a similar shutdown suffered by microblogging competitor Parler.
Secure Instant Messages offer advantages over SMS Text messages, including:
Many (but not all) IM options provide end-to-end encryption
Some also provide video chat, groups, and offer the ability to manage SMS text messages, too
SwampGeek Recommends...
SwampGeek recommends (without affiliate or any other compensation):
Cybersecurity Awareness Tip 21: Treat Password Reset Security Questions Like Passwords
Many banks, credit card providers and other financial institutions use modern methods like multi-factor authentication for resetting passwords. But some accounts still require users to provide answers to security questions to reset passwords, and others, like Apple ID, are transitioning from security questions to multi-factor authentication.
Assume Your Personal Information Has Been Compromised
Choose open-ended questions / avoid questions with limited choices (i.e. avoid "favorite" or similar questions, surveys, etc. that are easy to find online or to guess)
Cybersecurity Awareness Tip 20: Avoid social media quizzes, surveys and public groups
TMI
Hackers and other surveillance organizations (governments, companies) use social media, too. Surveys, quizzes, games, pages and groups can all be used to collect personal information that can be used in indirect phishing or direct cybersecurity attacks.
"Be Less Social.
What to do: Minimize the amount of personal data you have on social media platforms.
Why: Information like your pet’s name or mother’s maiden name is sometimes used to recover account logins. Don’t give hackers an easy way into your online accounts!"
Cybersecurity Awareness Tip 19: Check your privacy settings on social media
Who Are You and How Can I Use Your Profile Against You?
Check the authentication options and enable 2-factor authentication or multi-factor authentication if possible. Also check what personal information is collected (SwampGeek recommends to provide as little as possible), what is visible, and who can see your posts.
For Example
The privacy and security options supported by social media companies vary from basic (Minds) to complex (Facebook).
Facebook's security and privacy settings seem almost intentionally complex, but also highlight the vast amount of data the company surveils.
Facebook
Privacy Checkup (yes)
Settingss require a Master's degree
Posts require a Bachelor's degree
Supports two-factor authentication via OTP (One-Time Passwords), Facial and Biometric authentication on mobile devices
Can limit logins to certain devices and can use application-specific passwords
Instagram
Privacy:
Private account (yes)
Hide commends (not sure who identifies offensive comments or how, but hiding them in generate is good)
Posts: hide like and view counts (yes)
Allow tags and @mentions from people you follow
Show Activity Status: No
Who can add you to groups? Only people you follow
Security
Save Login Info: No
Two-factor Authentication: OTP (e.g. Authy, LastPass Authenticator) and SMS / Text message
Apps and Website: review and remove as appropropriate
Issue: you can view - but not remove - access data (i.e. advertising tracking data)
LinkedIn
Partners & Services: check who has access to your valuable LinkedIn information / contacts
Visibility: Who can see / download your email address?
Third-party Data:
Two-step verification via SMS or OTP (e.g. andOTP, Microsoft Authenticator)
MeWe
Allow Chat Requests (from other members of a group): may no since it's difficult to verify the person is real
Limited to single-factor (password) authentication
Minds
Two-factor authentication via OTP (e.g. Duo Mobile and Google Authenticator) or email code
Twitter
Data Sharing and Off-Twitter Activity
Two-factor authentication via SMS, OTP (e.g. FreeOTP and Aegis Authenticator), U2F (e.g. Yubikey and others)
Venmo
Privacy: Yes, Venmo shares your payment description with the world by default. What could possibly go wrong? (Change the default privacy option to Private)
You can also change Privacy For Past Transactions to Private
Friends & social: will you REALLY benefit from giving Venmo access to your Facebook friends list? 'Cause Venmo sure will!
Supports single factor authentication via PIN or biometric (thumb print)
Cybersecurity Awareness Tip 18: Don't open suspicious attachments
Dangerous Attachments (It's Not a Lifetime Movie)
No matter what the King of a tiny foreign country promises in the attached instructions, what "Amazon" says you ordered in the attached shipping document, or FedEx charged you for shipping in the attached invoice, just don't open that attachment.
Any Way You Want It, Just the Way You Don't Need It
Attachments may look like they were sent by some from Amaz0n.com or another legitimate looking website. They might be described as containing some salacious or otherwise must-know-right-now information. Definitely don't open something compressed (.zip, .7z, .arc, .rar, etc.) or with an executable (.exe, .com, .iso, .dmg).
If it looks legitimate (i.e. it comes from a possibly valid source and has a common extension (.pdf, .docx, .pptx, .xlsx - but not .docm, .pptm, .xlsm), download the file on a home computer (not a mobile device) instead of opening from the email. Your system's antivirus or other anti-malware tool may identify issues, but to be safe, upload it to an online virus scanner like VirusTotal, which scans the file with almost every available anti-malware scanner for quick and fairly complete detection.
Petya is a family of encrypting malware first discovered in 2016 which propagated via infected email attachments.
Cybersecurity Awareness Tip 17: Don't Take the Click Bait
All the Time, On Every Channel
Spammers, phishers, hackers and surveillance organizations (governments and companies) don't care how they reach you - only that you take the clickbait. They'll put clickbait in email, text, social media, comments on online posts or news stories, instant messengers, chat rooms, TV or on paper in snail mail, newspaper or magazine ads. Some even look like stories from the site you're visiting, often mixed with real stories from the site you're visiting.
Stop It Before It Starts
You can stop many malicious communication attempts before they start by using:
Even the best malicious communication blockers won't catch everything, and they can't stop you from visiting sites that might have malicious links in comments or articles. And there aren't any good tools for blocking malicious text or instant messenger communications. So think before you click. Think, and check:
Check the URL, especially if the URL doesn't match the website you think you're going to visit - use a link checker to see the final destination and a website reputation checker to determine if it's safe
Use a URL expander to see the end final destination of shortened URLs (e.g. goo.gl, bit.ly, etc.)
Remove tracking parameters from links. The ability to remove tracker parameters from links is built into Brave, you can also add browser plugins to do this. Some email clients (e.g. FairEmail) can also prompt you to remove tracking parameters.
"Security without privacy is like having a house made of bullet-proof glass. Sure, no one is getting inside, but your personal life is still on display."
New threats target all platforms. All. Platforms. HowToGeek suggests you don't need antivirus protection on your iPhone because malware on iOS is rare by design. Antivirus BitDefender reminds us that iOS isn't safe either.
South Florida Seasons: Summer and Hurricane
In South Florida, many use a checklist to prepare for hurricane season each year (our other season is summer). Even though the threat of cybersecurity attacks are constant, schedule a reminder to check your cybersecurity preparedness at least annually. Schedule it a calendar that you're sure to see and remember to take action.
SwampGeek Recommends...
SwampGeek recommends (without affiliate or any other compensation):
Cybersecurity Awareness Tip 14: Use private email to limit snooping to governments
Nothing to Hide
40% of emails are spam, and 70% contain email trackers, and hackers, spammers and surveillance organizations (companies, governments) use this to target individuals. What about the email providers who may have direct access to your email communications?
"Here's my email address. ...Email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you're doing online, read what I want to read and publish whatever I find interesting. After all, if you're not a bad person, if you're doing nothing wrong, you should have nothing to hide."
Greenwald doesn't mention being able to reset the passwords for all your financial accounts, find your phone and much more, just by being able to access your email.
Google insists it no longer reads your email and neither do 3rd-party app makers. Preveil and Guardian disagree. And even if Google, Yahoo, Microsoft and other providers of "free" email services don't scan your messages, they can (and do!) still use the meta data - who sent and received the email, when, what was the subject - for marketing or other purposes.
Snooping Governments Will Still Snoop
Even privacy-focused email providers must respond to the force of courts and other government agencies, including top providers ProtonMail and Tutanota. After a recent event, ProtonMail explained why it scrubbed its website of "no IP logging" content, how it transparently reports incidents of government force, and how you can use its free ProtonVPN service to mitigate the impact of government force.
Keeping Your Email Yours
There are better options for private email without the surveillance incentives of the major free email providers. Some of them have free versions with limitations. These offer end-to-end encryption, but beware:
You can also send unencrypted email, and the contents are visible on the recipient's potentially-surveilled inbox.
You must use secure email clients on all devices. Most secure email providers offer clients on major platforms, but beware of using other clients, especially without encryption, via POP or IMAP.
SwampGeek Recommends...
SwampGeek recommends (without affiliate or any other compensation):
ProtonMail - Switzerland-based with good free service with most features and low cost, fully-featured commercial service
Tutanota - Germany-based with good free service with most features and low cost, fully-featured commercial service
You can also use email forwarding to further protect your inbox.
Resources
Privacy Tools - provides services, tools and knowledge to protect your privacy
Using a password manager with unique passwords is one of the most common cybersecurity recommendations (and SwampGeek agrees). But, when creating new accounts, why not use a unique email address, too?
Use a Unique Email Address
There are many reasons for using unique email addresses when creating accounts:
Limit the reach of image trackers used in 70% of emails
Limit the impact of hacked accounts that contain your email address (billions have been included in data dumps - check yours at Have I Been Pwned? )
Limit the impact of surveillance companies, governments and organizations that collect and sell your email address and associated personal data
To Be, or Not to Be? Which Alias is the Question
There are multiple ways to use unique email addresses, including:
Free email accounts with or without email aliases
Email forwarding using disposable email addresses (random or user named)
Temporary disposable email, which generates a random address, but email is available temporarily to anyone who knows the address
Hackers, spammers, scammers can use this information to target you for phishing or other harmful activities.
Choosing Options
Generating multiple free email accounts (e.g. Gmail, Outlook, Yahoo Mail, etc.) can get tedious and requires connecting multiple accounts to an email client or checking multiple websites for mail. Using aliases in these accounts can also be tedious and is often limited to a small number. However, Google allows tags (e.g. user#tag@gmail.com) or variations of the user account (e.g. u.s.e.r@gmail.com, us.er@gmail.com are all delivered to the same inbox as user@gmail.com). Free email providers with good privacy protection and reasonable commercial options include:
Forwarding disposable email addresses are best for creating online accounts, especially with the possibility that your email addressed can be sold, shared or stolen. They can be deactivated at any time, blocking the inevitable spam that comes with linking your email address to any other marketable personal information. Better free options include:
DuckDuckGo Email Protection (removes tracking info before forwarding and lets you generate random address via a browser extension)
ManyMe (lets you generate email addresses offline and blocks spam)
Temporary disposable email is only useful when combined with VPN and other privacy protection for when you don't want to be tracked. And since email is publicly available, it shouldn't be used for anything you wish to keep private. Options include:
ManyMe - with ability to manage (change, block, etc.) unique emails offline using a qualifier that doesn't need to be created in advance, e.g. sabrina.walmart@manyme.com or sabrina.mewe@manyme.com
DuckDuckGo Email Protection (@duck.com) - strips tracking information before fowarding and generates random addresses that forward to your primary address via a browser extension
Specifically:
Register for accounts using ManyMe (yourmanyme.account@manyme.com),
Forward your ManyMe email to DuckDuckGo (yourduckuser@duck.com)
Forward your DuckDuckGo email to your regular email account (youruser@tuta.io)
