Notice: This website may or may not use or set cookies used by Google Ad-sense or other third party companies. If you do not wish to have cookies downloaded to your computer, please disable cookie use in your browser. Thank You.

Friday, December 11, 2015

Prepare for Zombie Apocalypse? No. Prepare for National Crisis? Yes.

Preparedness is becoming more and more mainstream. However, some people will get spooked should you really lay on the Prepper routine.  Instead, print this article and hand it to them.    Tell them that Glenn Beck recently hosted Justin Wheeler on his nationally syndicated The Glenn Beck Program Tuesday December 1st to discuss a preparedness plan should a national crisis unfold.

Wheeler, the brother of Beck’s chief of content, recently asked his family members in an email to do these things: fill the car with gas and check the oil, withdraw $500 cash from an ATM and buy one case of bottled water and some canned food.

“Probably nothing, but run this as an exercise tonight if at all possible — tomorrow, early, if you can’t get that done — and, above all things, remember, remain calm, be at peace. We’re Americans. We’ll always win because we believe and defend liberty and freedom, so no worries,” Wheeler wrote at the end of the email.

Wheeler told Beck that preparedness is part of his “heritage” and that, as a child who grew up in the 1970's, he remembers going through nuclear preparedness drills in school and having food storage at his childhood home.

“As I increased my education level, an increased level of preparedness just became a rational response,” Wheeler said. “I think it is a very rational response. Very much the same way that if a weatherman said, ‘Hey, it’s going to rain,’ you would walk out of the house with an umbrella and no one would think twice about that.”

According to Wheeler, the reason people have difficulty preparing for economic crisis is because, as a whole, the U.S. has not experienced that level of instability since the Great Depression in the 1930's.

So Wheeler created a list of supplies necessary to cope for 30 days amid major national instability:
1. 30-day food supply

2. Five days water and water purification filters to last one year

3. Vehicle toolkit

4. Hatchet or machete

5. Shovel and sledgehammer

6. 50-foot extension cord

7. Arctic-rated sleeping bags

8. Eight-person tent

9. Flashlights and batteries for the vehicle

10. AM/FM weather radio

11. Three wool blankets

12. Winter coats

13. One tin cloth coat

14. 18 toilet paper rolls

15. Ranch clothes

16. Five gallons of gasoline

Wheeler said he devised this list when he decided he wanted his family to be prepared for “more than just an earthquake.”

“All the experts will say, ‘You probably don’t want to be in a major city in a disaster scenario,’” Wheeler told Beck. “So we want to be one of the first on the road, and that means being able to pack up, get ready to go, and go rapidly.”

Wheeler added that it is important to have a plan as an entire family so everyone can meet up in a pre-determined area. Additionally, he said it is crucial to have out-of-state contacts, should the phone lines go down.

Wow!  Someone finally talks about a P L A N.  A predetermined met up area is a contingency linkup in any other language.  Have a contingency plan.  Employ the two man rule for everything and if a group leaves the main group have a plan:  Where you are going.  What you are doing.  When you will be back.  What to do if you don't come back.  It's only common sense.  
[Source: Glenn Beck Show]

~Urban Man

Friday, December 4, 2015

Survival Food Procurement- US Army Style

Here is a US Army video that shows how to procure food in a survival situation. Learning wilderness survival skills is very important should you ever have to bug out of an urban area, or for some other unforeseen reasons.

~Urban Man

Friday, November 27, 2015

Survival Stress- How to Cope

When in an urban survival scenario, many overlook the many possibilities of having to deal with stress. Not knowing how to deal with stress can mean the difference between life or death.

Weather you are in an urban survival crisis or a wilderness survival scenario, here is video produced in 1961 by the US Air Force that deals with survival stress. The information is 33 years old, but the information is still true and valid to this day.

Watch, learn and enjoy a movie from the retro era.  

~Urban Man

Monday, November 23, 2015

Basic Military Map Reading- GRID, Distance and Elevation

Here is a very old video produced by the US Army on Basic Map Reading. It covers how to read GRID, DISTANCE and ELEVATION on a military style map. 

If you have access to military style maps, this video will assist the novice to the learn the areas listed above, or provide a refresher to those who have used this map system.

Either way, learning to navigate terrain is important in a survival situation, especially if you have to bug out into the wilderness.

Tuesday, November 17, 2015

Best Places To Bug Out In The US

"Here is a pretty informative article I read on It really gets you thinking about where to bugout to" ~ Urban Man

Deciding where you are going to go in the event of a doomsday situation is a big deal. Everyone has their own criteria for what is the perfect place to try to survive. Based on what I have researched, this is my opinion of the best areas in the United States to bug out to. My requirements for a good bug out location is that is needs access to water, food (hunting, fishing, good for gardening), not a common natural disaster area and not overly populated. I generally think of a permanent bug out location as being a homestead to rebuild from after a catastrophic event wipes out a large majority of the population.

Most requirements will change based on many variables. One of those will be the amount of time you have to prepare the area before you retreat to it. These locations I feel would be great if I could buy some land and get a sustainable camp started, but will also do just fine if I don't have much time to pre-plan and need to figure it out on the fly.

 Southern Colorado: 
Southern Colorado is on the top of my list of bug out locations. A place at the base of the Rocky Mountains being ideal. Mountain ranges have great wildlife and water sources, but the nice thing about the Rockies is that there are no volcanoes. Staying to the south end of the state will hopefully limit exposure if Yellowstone erupts. Colorado's population is fairly low and property prices are lower than average. The climate is fairly temperate with summers that don't get too hot and winters that don't get too cold. The cold will depend on how high up the mountain you go.

 Northern New Hampshire/Maine: 
The northern New England area is ripe with wilderness and natural resources. The population density of Maine is just lower than Colorado and New Hampshire is higher but the population thins out up north. The chances of natural disaster are relatively low. Most likely there will be winter storms. Hurricanes can reach that far north but are only a hazard if you live close enough to the coast. There is a wide variety of hunting and fishing locations and even in the cold you can do your gardening in a greenhouse.

 Eastern Kentucky: 
I was originally looking at eastern Tennessee but found there to be to many nuclear reactors in the area. Fortunately a short distance to the north takes you to eastern Kentucky where you can take advantage of the same environment without the messy nuclear fallout. The base of the Appalachian Mountains in this area would make a great bug out location to survive the end of days. The mountains have no active volcanoes, but the area is known for tornadoes. The deeper into the mountains you go, the less likely you are of experiencing a tornado as they tend to stay a bit west of the mountain range. Some might be concerned about the New Madrid Fault but since it is on the west end of the state, any eruption would be only barely felt in the Appalachians. You have plenty of food and water sources and people have been living off the land in Appalachia for centuries.

 Southeast Ohio: 
The area to the West of the Appalachian Mountains in Ohio is home to the largest community of Amish in the United States. This is a community of people who have been living off the land with no technology forever. If the area works well for them, who am I to argue? I wouldn't try to inject myself into their community, but having them close by to get tips from wouldn't be a bad thing as well as being able to barter with them. The population density of Ohio is fairly high, but most of that is in the cities. There is one nuclear power plant in western Pennsylvania that ranks low in safety that could affect the area. Ohio is on the top of the list of states that are least likely to be destroyed by a natural disaster. They have no flooding, no tornadoes, no earthquakes and no volcanoes. Good water and farming resources but winters are long and cold.

Alaska is always one of those locations that people either love or hate. It is a place that people have been living off the land in the wilderness for centuries despite the bitter cold. It has the lowest population density in the country at 1.2 people per square mile. Depending on your location you could experience earthquakes or feel the effects of a volcano, but the overall rate of natural disasters is relatively low and there are no nuclear power plants. Hunting and fishing are some of the best in the country and fresh water is plentiful. The warmer months will be spent preparing to survive the winter months but many people have had no problem surviving in Alaska long term.

Thursday, November 12, 2015

More Evidence That a Race War is Coming?

Just how far will Political Correctness go in this Country? We have politicians, including that idiot Obama, falling all over themselves to create and sustain a narrative that racism among law enforcement is rampant. It is Obama and his lackeys that are setting racial relations back several decades in this Country. It's almost like someone is pushing this country towards a race war doesn't it?

Missouri University President Resigns Amid Racism Protests

The faculty had said that in solidarity with the students' protests against racism they plan a walkout from class on Monday and Tuesday morning. The president of the University of Missouri, Tim Wolfe, resigned amid mounting pressure by students and faculty members over his handling of racial issues on campus.

The faculty of the University of Missouri will walk out of class on Monday and Tuesday in solidarity with hundreds of students who gathered Sunday to protest the use of racial slurs against a black student and football player at the school.

Various faculty members issued a statement Sunday night announcing their protest. "We, the concerned faculty of the University of Missouri, stand in solidarity with Mizzou student activists who are advocating for racial justice on our campus and urge all MU faculty to demonstrate their support by walking out on Monday, November 9, and Tuesday, November 10," the statement, sent out by Associate Professor Elisa Glick, said.

The decision by the faculty members comes as the university's football team is on strike until the resignation of its university President Tim Wolfe, who failed to respond to incidents of on-campus racism, severed relations with Planned Parenthood and stripped funding for graduate students.

The football players said in a statement: “We will no longer participate in any football-related activities until President Tim Wolfe resigns or is removed due to his negligence toward marginalized students’ experience. WE ARE UNITED!!!!!”

Black People Make Up 93% of Ferguson Arrests, DOJ Report Finds

The Department of Justice carried out the investigation after the fatal shooting of a black teenager by a white officer in Ferguson, Missouri. The Ferguson police department is consistently involved in racist activities, the U.S. Department of Justice found Tuesday.

According to a justice official who saw the report, which was commissioned in August last year after the fatal shooting of black teenager Mike Brown by a white police officer in Ferguson, officers in the Missouri town habitually target black people.

The findings are expected to be formally released as early as Wednesday, a DOJ spokeswoman said.
The DOJ will use the report to negotiate with Ferguson officials, or to sue them.

The investigation took into account some 35,000 pages of police reports, which revealed that 93 percent of arrests were made on African-Americans. Sixty-seven percent of the population of Ferguson are black.

Black people were also overwhelmingly the victims of bites from police dogs, and that the court system is less likely to dismiss their cases.

A further preliminary report exposed how Ferguson police disproportionately targeted African Americans in traffic stops, which brings in extra revenue for the city.

Ferguson became the fiery epicenter of anti-police brutality and anti-racism protests since Brown’s shooting death in the summer last year. Many hope that the Justice Department report could serve as a template for country-wide change.

Friday, November 6, 2015

38 Ways Hydrogen Peroxide May Be Useful When SHTF

Hydrogen peroxide or H2O2 is the only germicidal agent composed of water and oxygen only. This chemical compound kills disease organisms through oxidation. This chemical compound is also considered as the world’s safest, all natural sanitizer. Hydrogen peroxide will break down into oxygen and water when it reacts with organic matter.

1. Disinfect Small Wounds

Hydrogen peroxide is a natural anti-septic, therefore one of its most common uses is to clean wounds to prevent infection.

2. Bleach Your Hair

Because it is more gentle than household bleach, hydrogen peroxide is also great for lightening hair.

3. Just Add Highlights

To get a classic “sun-bleached” look, simply spray hydrogen peroxide over damp hair and let it soak in for 10 – 15 minutes before rinsing out.

4. Whitening Toothydrogen peroxideaste

Mix baking soda and hydrogen peroxide to make a homemade toothydrogen peroxideaste that will also remove stains from teeth when used daily.

5. Antiseptic Mouth Rinse

Use a cap full of hydrogen peroxide as a mouth rinse to help whiten teeth and kill germs that cause bad breath.

6. Disinfect Toothbrushes

Soak toothbrushes in hydrogen peroxide to kill staph bacteria and other germs common to the bathroom environment.

7. Whiten Your Nails

Soak fingertips and toes in hydrogen peroxide to naturally whiten your nails.

8. Clear Up Acne

Use hydrogen peroxide as a face rinse to kill the bacteria that cause acne and help clear your complexion. (Or check out these other 11 Natural Ways To Get Rid Of Pimples Fast!)

9. Help Heal Boils

Pour half of a bottle (about 8 ounces) of hydrogen peroxide into warm bath water and soak to treat boils.

10. Soften Corns & Calluses

Mix equal parts hydrogen peroxide and warm water to make a foot soak that will naturally soften corns and calluses.

11. Remove Ear Wax

Put a couple of drops of hydrogen peroxide into ears, wait a minute or two, then follow up with a couple of drops of olive oil. Wait another minute, then drain fluid from ears to remove ear wax.

12. Prevent “Swimmer’s Ear”

Mix equal parts hydrogen peroxide and vinegar in a small dropper bottle. Put several drops in each ear after swimming to prevent infection.

13. Relieve Ear Infections

Put 6 – 8 drop of hydrogen peroxide in each ear to alleviate symptoms and help clear up an ear infection.

14. Kill Sub-dermal Parasites

Apply hydrogen peroxide to skin affected with mites or other parasites to kill them naturally.

15. Treat Foot Fungus

Combine equal parts hydrogen peroxide and water in a dark colored spray bottle (light exposure weakens hydrogen peroxide) and apply to skin affected by foot fungus each night to stop fungal growth.

16. Sinus Infections

Add 1 tbsp of 3% hydrogen peroxide to 1 cup of non-chlorinated water and use it as a nasal spray. You can adjust the amount of hydrogen peroxide depending on the degree of the sinus infection.

17. Relieve Toothache

Hydrogen peroxide is not considered as a pain killer, but because of its anti-viral, anti-bacterial, and anti-fungal properties it is effective to use in treating pathogen that can cause infection. If your tooth is aching and you cannot go to your dentist, fill the cap of the hydrogen peroxide’s bottle and hold it in your mouth for 10 minutes. Repeat the same process several times a day.

Kitchen & Bath

18. Clean Tile Surfaces

Spray hydrogen peroxide directly onto tile to remove dirt and stains.

19. Whiten Grout

Mix hydrogen peroxide with white flour to create a thick paste. Apply to grout and cover with plastic wrap overnight. The next day, simply rinse with water for whiter grout.

20. Clean Toilet Bowls

Pour about half a cup of hydrogen peroxide into toilet bowls and let it soak for at least 30 minutes to clean and remove stains.

21. Remove Tub Scum

Spray hydrogen peroxide on soap scum, dirt, and stains in the bathtub. Let it sit for at least 30 minutes then rinse to loosen grime and make cleaning easier.

22. Control Mold & Mildew

Spray hydrogen peroxide on areas where mold and mildew are present to stop fungal growth and remove discoloration.

23. Clean Glass Surfaces

Spray hydrogen peroxide on dirty mirrors and other glass surfaces to loosen dirt and grime. Wipe away with a clean, lint-free cloth.

24. Disinfect Countertops

Spray hydrogen peroxide on kitchen and bathroom countertops to clean and disinfect.

25. Soak Dishrags & Sponges

Drop dirty rags and cleaning sponges into hydrogen peroxide and let them soak for 15 – 30 minutes to disinfect.

26. Disinfect Cutting Boards

Spray hydrogen peroxide on cutting boards to kill germs and bacteria from raw meat and other foods that may have soaked into the surface of the board.

27. Wash Fruits & Vegetables

Spray fruits and veggies with hydrogen peroxide and let soak for a minute or two before rinsing in clean water to remove dirt, wax, and other contaminants.

28. Clean Your Refrigerator

Spray hydrogen peroxide around the inside of your refrigerator and let is soak for a few minutes. Then wipe away with a clean cloth to remove food and disinfect.

Around the House

29. Whiten Laundry

About about a cup of hydrogen peroxide to your wash water and soak fabrics for 15 – 30 minutes to revitalize dingy or yellowed whites.

30. Remove Organic Stains

Mix two parts hydrogen peroxide with one part dish detergent and apply to organic stains (coffee, wine, blood, sweat, etc) to remove them.

Remember, hydrogen peroxide will bleach darker fabrics. Use this technique with caution!

31. De-Funk Musty Fabrics

Mix hydrogen peroxide with white vinegar and soak musty fabrics to remove unwanted odors.

32. Clean Rugs & Carpets

Spray hydrogen peroxide onto light-colored carpets and rugs to remove stains from mud, food, etc. Just remember that hydrogen peroxide will bleach some fabrics. You may want to test this technique in an inconspicuous area first.

33. Refresh Re-useable Bags

Spray hydrogen peroxide inside your re-useable cloth shopping bags to clean, disinfect, and remove food odors.

34. Disinfect Lunchboxes

Spray hydrogen peroxide into lunchboxes, coolers, and cooler bags. Let it sit for a few minutes then wipe away to clean and disinfect.

35. Cleanse Dehumidifiers

Add a pint of hydrogen peroxide to one gallon of water and run the solution through humidifiers to disinfect and remove any mold or mildew that may be growing inside.

36. Improve Seed Germination

Soak seeds in hydrogen peroxide to remove fungal spores and increase germination rate.

37. Bird Mites Infections

According to some reports hydrogen peroxide effectively kills the mites under the skin of people who are infected by tiny mites. If you are infected by bird mites, spray hydrogen peroxide to your skin for a few times (with several minutes in between each applications) and you will have an amazing result.

38. Explosives

Thursday, October 29, 2015

Rifle Marksmanship Training

In every survival scenario, a firearm plays a vital role in whether you live or die. Learning how to use a rifle or pistol safely and accurately, and owning one, will give you greater surviveabilty if the need should present itself. 

Below is a very good video produced with our tax dollars by the Marine Corps on rifle marksmanship.

Urban Man ~

Thursday, October 22, 2015

Quick Rifle Scope Zeroing

Watch the above video for a quick way to zero a rifle scope.

Urban Man!

Friday, October 9, 2015

Making Your Own MRE’s

Making Your Own MRE’s Can Be Satisfying and Cheaper
By Cari Schofield January 21, 2013

Have you ever considered making your own MRE’s (Meals Ready to Eat) as opposed to buying them? They can be used for more than a BOB. We use them as quick on the go meals and they come in especially handy for that forgotten field trip your child needs a packed lunch for.

In this article I am going to show you how simple it can be and provide a meal or two that we make ourselves. After gathering everything we want to put in the meal, we will put it in a freezer bag, squeeze the air out of it as much as we can and add a small Oxygen absorber to it.

The other method we use is vacuum sealing. However, if you do this, make sure that nothing you add in there that is in a package has air in it, otherwise you have a big bulge of air in the meal. If you’re adding an emergency water pack to the meal then tape it to the outside of the package. You can also put the vacuum sealed meal in a freezer Ziploc and add the emergency water package in there. After we have a bunch of them made we put them all in a bucket or in a storage tote. You can also buy attachments to seal dried foods in mason jars.

Note: One thing to remember when making a shopping list for this project is to buy things that can be eaten raw or only requires water to be prepared. Technically speaking, an MRE is a meal that is ready to eat cold because you may not always be able to prepare (heat) the meal and some of the things listed below do not fit in that category but will still work as a meal. Meals that need to be heated have a trioxane bar included to heat without the use of fire.

Breakfast #1 – I love breakfast, it is literally my favorite meal of the day so I am going to start with the morning meals I put together. A big hit in my house is oatmeal. We will take 1-2 of the instant flavored oatmeal packs, 1 sugar packet, 1 powdered butter packet, and one powdered milk packet. (We pre-measure the butter to our taste and the milk according to package directions) We then add one pouch of dehydrated water. (Kidding!) We add 1 emergency water packet to reconstitute the milk and butter. (You can also purchase a 5 gallon bucket with gamma lid of powdered milk here if you’re looking for long-term storage for milk. If you want to, you can also add dehydrated fruit to add to your oatmeal. Hot cocoa drink mix or a yoo-hoo single drink packet.. (These are used when the weather is cooler.)

Breakfast #2 – This one is simple. Dehydrated sausage and either powdered eggs or crystallized eggs. 1-2 salt/pepper packets. If you want cheese on it then you can also pre-measure powdered or freeze-dried cheese. Once it is re-hydrated, mix together for a sausage and egg breakfast scramble. Single kool-aid mix drink packet. You can also add a hot sauce packet to the meal to put on the eggs.

Now that you get the idea, you can make a grocery list of things to purchase to put your meals together. We try to stick with simple things that don’t require much to eat them or make them. The breakfast listed above require some cooking, but in my opinion it is still a ready to make/eat meal.

Below is a list of some of the things we use in our homemade MRE’s. Make sure to write the date it was made on the outside of the package for rotation purposes.

· Prepackaged meats such as on the to-go tuna, spam, and chicken. Pay attention to the dates though because these don’t last 20 years.

· Dehydrated meals that are already prepared and you simply add hot water.

· Prepackaged crackers like we buy for our kids or out of vending machines. You can purchase these at any store or in bulk at Sam’s or Costco.

· Instant drink mix packs. We purchase the on the go ones because they are pre-measured in single packets for a bottle of water. You can even buy instant coffee now by Folgers that looks like a tea bag. You simply add it to a cup of hot water for a few minutes. Add sugar and cream packets and have a great cup of coffee.

· Instant oatmeal packs

· Salt/pepper packs and sugar packets that we save from fast food restaurants. When you go through a drive through just ask for some along with extra napkins and utensils. You can use all of them in your home-made MRE’s.

· Bouillon cubes or home-made spice packets.

· Trail mixes, nuts, raisins.

· Energy bars

· Dried fruit like banana or apple slices. We love dried pomegranate.

· Canned Tuna, chicken, sardines etc. Although this is a little more added weight than the on the go packs.

· Dehydrated meats. Just like with noodles, powdered eggs etc, you must have water to reconstitute the meat.

· Candy; preferably some that won’t melt. We like weathers originals.

· Rice side dishes, like the Lipton rice or Rice-A-Roni.

· Individual camper meals.

· Instant rice with an added bouillon cube or sugar/butter makes a tasty meal.

· Plastic eating utensils and a napkin if needed. A lot of people carry these in their bags, but if your meals are going to be eaten as a quick-lunch you may need them.

· A single pack wet wipe to clean your face and hands to save on water. This is especially good if you have young children.

· You can add a piece of heavy-duty tin foil to fashion a bowl for oatmeal or other hot meals.

· A pack of matches to heat the food if you need to and have some sort of pocket stove in your pack. If you wanted to go a step further then you can purchase trioxane bars to add to your MRE. (That is the heating source used in the original MRE’s)

· To top it off, add a piece of gum to get the food out of your teeth and freshen your breath. (Who wants fish breath, yuck!)

· Daily vitamin wrapped in a piece of tin foil with a piece of dental floss included for when your meal is done. (Some people can’t chew gum.)

These are just a few things you can use to build your own MRE’s. Use your imagination and make something you will enjoy eating!!

Keepin It Spicy,

JalapeƱo Gal

Sunday, October 4, 2015

Power in the Collapse or Collapse Because of Lack of Power

Two recent pieces of information came out to prompt me to write about each Prepared Family to have a plan on how power sources for their survival during a collapse. And like the title above suggests, if the U.S. Grid is shut down, the collapse will follow.

First, we have the Federal Government warning about power outages. This in and of itself would not raise too many concerns, but in the words of the Government " Be prepared for power outages as we rely on electricity and other utilities for survival, so when we lose power it’s a major problem. A power outage compounds the impacts of a natural disaster and increases anxiety. Having a way to communicate with family, friends, and coworkers is imperative.

The Government goes on to suggest these tips:

Plan for batteries and other alternatives to meet your needs when the power goes out and ensure you have extra compatible batteries for any device that can run on battery power (i.e., cell phones, portable phones, medical or assistive devices, radios). Consider purchasing hand-crank and solar-powered chargers.

Keep your car gas tank at least half full. Gas stations rely on electricity to power their pumps. You’ll also have a good method for charging devices in an emergency or, if necessary, moving to a location with power.

Never use a generator, gasoline-powered equipment and tools, grill, camp stove, or charcoal burning device inside or in any partially enclosed area, including a basement or garage.

Install battery-operated carbon monoxide detectors or electric detectors with battery backup in central locations on every level of your home and outside of bedrooms to provide early warning of accumulating carbon monoxide, which is a colorless, odorless, tasteless, and potentially deadly gas. Plan to always keep a generator outdoors.

And finally, a friendly word from the Government about communications, which would be sorely affected by a collapse of the Grid,......Don't wait. Communicate. Make Your Emergency Plan Today.

During an emergency, communication is critical. We want to know that our family is safe and taken care of. We need to let our family, friends, and coworkers know we’re okay, and be ready to help our fellow citizens by fulfilling the DHS mission. Having a family emergency communication plan with key phone numbers and other information readily available is important.

And then from USA Today, a report that "Attackers successfully compromised U.S. Department of Energy computer systems more than 150 times between 2010 and 2014", from a review of federal records obtained by USA TODAY finds.

Cyber attackers successfully compromised the security of U.S. Department of Energy computer systems more than 150 times between 2010 and 2014, according to a review of federal records obtained by USA TODAY.

Incident reports submitted by federal officials and contractors since late 2010 to the Energy Department's Joint Cyber security Coordination Center shows a near-consistent barrage of attempts to breach the security of critical information systems that contain sensitive data about the nation's power grid, nuclear weapons stockpile and energy labs.

The records, obtained by USA TODAY through the Freedom of Information Act, show DOE components reported a total of 1,131 cyber attacks over a 48-month period ending in October 2014. Of those attempted cyber intrusions, 159 were successful.

"The potential for an adversary to disrupt, shut down (power systems), or worse … is real here," said Scott White, Professor of Homeland Security and Security Management and Director of the Computing Security and Technology program at Drexel University. "It's absolutely real."

Energy Department officials would not say whether any sensitive data related to the operation and security of the nation's power grid or nuclear weapons stockpile was accessed or stolen in any of the attacks, or whether foreign governments are believed to have been involved.

"DOE does not comment on ongoing investigations or possible attributions of malicious activity," Energy Department spokesman Andrew Gumbiner said in a statement.

In all cases of malicious cyber security activity, Gumbiner said the Energy Department "seeks to identify indicators of compromise and other cyber security relevant information, which it then shares broadly among all DOE labs, plants, and sites as well as within the entire federal government."

The National Nuclear Security Administration, a semi-autonomous agency within the Energy Department responsible for managing and securing the nation's nuclear weapons stockpile, experienced 19 successful attacks during the four-year period, records show.

While information on the specific nature of the attacks was redacted from the records prior to being released, numerous Energy Department cyber security vulnerabilities have been identified in recent years by the department's Office of Inspector General, an independent watchdog agency.

After a cyber attack in 2013 resulted in unauthorized access to personally identifying information for more than 104,000 Energy Department employees and contractors, auditors noted "unclear lines of responsibility" and "lack of awareness by responsible officials." In an audit report released in October of last year, the Inspector General found 41 Energy Department servers and 14 workstations "were configured with default or easily guessed passwords."

Urban Man's comments: What this all means is that the prepared survivor must plan for life without the electrical grid. Best case is a completely solar powered home backed up by a fuel generator and wind mills generating electrical power, but alas, only the richest can afford this. 

For the economy prepper this means have battery powered devices with common batteries and a goodly amount of rechargeable batteries - they make them in almost all sizes now. I have six sets of re-chargers that I can power from as 12 volt source (vehicle battery or cigarette plug adapter) and from folding solar panels. 

I have a several solar kits still in the box and keeping them that way in case I have to bug out. my next big purchase will be a power source 1800 Solar Generating unit, which like the name suggest, is capable of generating 1800 watts of power at peak and is re-charged through a 100 watt solar mobile panel. Just get prepared people!

Urban Man

Thursday, October 1, 2015

America Unprepared For Devastating 'Black Swan'

Urban Man- Here is another interesting story I just read in regards to EMP issues.

WASHINGTON – Supply-chain disruptions often are the result of adverse weather, unplanned telecom outages, data breaches or even cyber hacking.

However, the one “Black Swan” event that would make these instances pale by comparison and result in a cascading disruption is a natural or man-made electromagnetic pulse event.

A “Black Swan” is an event regarded at the time of its occurrence as unprecedented and unexpected but later, in hindsight, understood to have been inevitable.

An EMP is in that category, since scientific experts repeatedly warn that a major EMP event is not a question of if, but when.

Barrett Moore, a security specialist and founder of the security company Triple Canopy, told WND that federal officials have modeled the effects of a “Black Swan” event on the timely delivery of food, water, fuel, medical care and technology. But they have done it primarily for the government’s benefit.

Michael Maloof’s “A Nation Forsaken” exposes the catastrophic vulnerability scientists and other experts have been warning about for years

“Seeing potential for large-scale chaos,” Barrett said, “they have mitigated this risk for themselves by investing hundreds of billions of dollars in a continuity-of-government plan that has overseen the construction, equipping and provisioning of over 100 classified ‘haven’ facilities accessible only to families and staff of government officials,” he said.

“No parallel provisions have been made in our country for the general population,” he said.

Years ago, Barrett noted, there were civil-defense centers in which the local population could assemble in the event of an emergency, stocked with food, water and essential medicines. But they disappeared in the 1960s.

Consideration, he said, should be given to bringing them back as one type of “safe haven” for the general population.


A recent survey shows that an EMP event is not on the radar of professionals whose industry is part of the supply chain.

A 2014 Supply Chain Resilience Survey, conducted by the Business Continuity Institute on behalf of the Zurich Insurance Group, asked the professionals to look five years ahead regarding potential, evolving world threats

They ranked the biggest threat as cyber attacks, followed in order by IT/telecom outages, outsourcer service failure, data breaches and adverse weather conditions.

Yet, supply-chain disruption caused by an EMP – a super-burst of energetic radio waves that could knock out the already vulnerable national grid – can either destroy or damage unprotected electronic systems by instantly overloading their circuits.

The immediate result would be catastrophic damage to all the critical infrastructures that rely on the grid, including automated control systems for electric power, telecommunications, transportation, banking and finance, food and water distribution and emergency services.

A natural EMP event would be a direct hit on Earth from a massive solar storm, while a man-made EMP would be a high-altitude nuclear bomb burst instigated by any adversarial country with a nuclear weapon and a missile-delivery system.

Given the level of U.S. unpreparedness, it is estimated that within 12 months of an EMP event, two-thirds to 90 percent of the U.S. population would likely perish from starvation, disease and societal breakdown, according to the Secure the Grid Coalition.

The coalition is an ad hoc group of policy, energy and national security experts, legislators and industry insiders dedicated to strengthening the U.S. electrical grid by seeking the passage of legislation and raising public awareness of the national and international threat of an EMP.

‘Keystone’ infrastructure at risk

One of the coalition’s spokesmen is Peter Vincent Pry, who told WND that “political gridlock” in Washington has hindered the implementation of any of a number of cost-effective plans to protect the national electrical grid.

He said the electric grid is the “keystone” infrastructure necessary to recover all other critical infrastructures. Protection of the grid from an EMP – which Pry said is the “worst threat” – will also enhance overall grid security against all other threats including cyber attack, sabotage and severe weather.

Pry is a former analyst for the Central Intelligence Agency who serves as executive director of the congressional Task Force on National and Homeland Security and director of the U.S. Nuclear Strategy Forum.

Pry also was staff director of the congressionally mandated EMP Commission, which in 2008 looked at the impact of an EMP on the nation’s vital infrastructure.

Among other things, the commission recommended an “all hazards” strategy to protect the electric grid and other critical infrastructures against all threats.

Pry said the “all hazards” strategy is the most practical and cost-effective solution to protecting the grid and the other critical infrastructures.

He pointed out that electric grid operation and vulnerability are dependent on two key technologies – extra-high voltage, or EHV, transformers and Supervisory Control and Data Acquisition Systems, or SCADAS.

“EHV transformers are the technological foundation of our modern electronic civilization as they make it possible to transmit electric power over great distances,” Pry said.

They cost millions of dollars and are custom-made rather than mass-produced. Making one EHV takes about 18 months under normal conditions, and only 200 are made a year.

While EHV transformers were invented in the United States by Nikolai Tesla, Pry said, they no longer are manufactured in the U.S.

“Because of their great size and cost,” he said, “U.S. electric utilities have very few spare EHV transformers. The U.S. must import EHV transformers made in Germany or South Korea, the only two nations in the world that make them for export.

“An event that damages hundreds – or even as few as nine – of the 2,000 EHV transformers in the United States could plunge the nation into a protracted blackout lasting months or even years,” Pry said.

SCADAS are small computers that run the electric grid and all the critical infrastructures. For example, they regulate the flow of electric current through EHV transformers, the flow of natural gas or water through pipelines, the flow of data through communications and financial systems and operate everything “from traffic control lights to refrigerators in regional food warehouses.”

SCADAS number in the millions and are indispensable as EHV transformers in running a modern electronic civilization, Pry said.

“The EMP Commission found that if the electric grid can be protected and quickly recover from nuclear EMP, the other critical infrastructures can also be recovered, with good planning, quickly enough to prevent mass starvation and restore society to normalcy,” Pry recently told a congressional panel.

“If EHV transformers, SCADAS and other critical components are protected from the worst threat – nuclear EMP – then they will survive, or damage will be greatly mitigated, from all lesser threats, including natural EMP from geomagnetic storms, severe weather, sabotage, and cyber attack,” he said.

Pry said cyber warfare is another existential threat to the U.S., not because of computer viruses and hacking alone, but owing to military doctrines of potential adversaries that call for all-out cyber attack, including an EMP.

Pry told the congressional panel that a 2011 U.S. Army War College study, “In The Dark: Planning for a Catastrophic Critical Infrastructure Event,” warned U.S. Cyber Command that U.S. doctrine should not overly focus on computer viruses to the exclusion of an EMP attack and the full spectrum of other threats, as planned by potential adversaries.

Pry said anti-hacking and anti-virus solutions will just result in an “endless virus versus anti-virus software arms race” that will prove “unaffordable and futile.”

He said the worst-case cyber scenario can be overcome through an “all hazards” strategy recommended by the congressional EMP Commission. He said the worst-case scenario envisions a computer virus infecting the SCADAS that regulate the flow of electricity into EHV transformers, damaging the transformers with overvoltage and causing a protracted national blackout.

But if the transformers are protected with surge arrestors against a high-altitude nuclear EMP attack which Pry said would be the worst kind of attack, they “would be unharmed by the worst possible overvoltage that might be system-generated by any computer virus.”

“While gridlock in Washington has prevented the federal government from protecting the national electric power infrastructure, threats to the grid – and to the survival of the American people – from EMP and other hazards are looming ever larger,” Pry said. “Grid vulnerability to EMP and other threats is now a clear and present danger.”

Urban Man-

Saturday, September 26, 2015

What Is An Infidel?

Below is a very interesting email that I recently received. It is worth the time to read it. -Urban Man

In light of what happened 14 years ago on 09/11/2001, here’s a commentary worth reading. (the TRUTH)(check it out if you don’t believe it is what is taught and written in the Koran). Linda

The author, Rick Mathes, is a well-known leader in prison ministry,says, The man who walks with God always gets to his destination. If you have a pulse you have a purpose. The Muslim religion is the fastest growing religion per capita in the United States , especially in the minority races. 

Last month I attended my annual training session that's required for maintaining my state prison security clearance. During the training session there was a presentation by three speakers representing the Roman Catholic, Protestant and Muslim faiths, who each explained their beliefs.

I was particularly interested in what the Islamic Imam had to say. The Muslim gave a great presentation of the basics of Islam, complete with a video..

After the presentations, time was provided for questions and answers.. When it was my turn, I directed my question to the Muslim and asked:

'Please, correct me if I'm wrong, but I understand that most Imams and clerics of Islam have declared a holy jihad [Holy war] against the infidels of the world and, that by killing an infidel, (which is a command to all Muslims) they are assured of a place in heaven. If that's the case, can you give me the definition of an infidel?'

There was no disagreement with my statements and, without hesitation, he replied, " Nonbelievers"

I responded, 'So, let me make sure I have this straight. All followers of Allah have been commanded to kill everyone who is not of your faith so they can have a place in heaven. Is that correct?'

The expression on his face changed from one of authority and command to that of a little boy who had just been caught with his hand in the cookie jar.'

He sheepishly replied, 'Yes.'

I then stated, 'Well, sir, I have a real problem trying to imagine The Pope commanding all Catholics to kill those of your faith or Dr. Stanley ordering all Protestants to do the same in order to guarantee them a place in heaven!' 

The Muslim was speechless.

I continued, 'I also have a problem with being your friend when you and your brother clerics are telling your followers to kill me! Let me ask you a question: Would you rather have your Allah, who tells you to kill me in order for you to go to heaven, or my Jesus who tells me to love you because I am going to heaven and He wants you to be there with me?' 

You could have heard a pin drop. 

Needless to say, the organizers and/or promoters of the 'Diversification' training seminar were not happy with my way of dealing with the Islamic Imam, and exposing the truth about the Muslims' beliefs. In twenty years there will be enough Muslim voters in the U.S. to elect the President.  

I think everyone in the U.S. should be required to read this, but with the ACLU, there is no way this will be widely publicized, unless each of us sends it on! This is your chance to make a difference.

For the sake of CHRIST ...SEND THIS ON

Tuesday, September 22, 2015

Big Brother Surveillance Threat, Part 3: Anti-Surveillance Guide

Big Brother Surveillance Threat, Part 3: Anti-Surveillance Guide

This is Part Three, of a series that Urban Survival Skills is calling "Big Brother Surveillance Threat" and is publishing, that are excerpts from a huge article titled "You Are a Criminal In a Mass Surveillance World – Here’s How Not To Get Caught", but David Montgomery and posted on Prepared Gun


The following guide is 10 basic steps which involve using free software. It’s followed by a list of essential security practices. The guide is intended to be a “minimum effective dose” of security against hackers, fraudsters and mass surveillance. It may seem like a lot, but if anything I went light because I don’t want people to get overwhelmed and do nothing. This is an incremental process. If one of these steps is too difficult or intimidating, don’t bail on everything else. Every step substantially decreases your risk exposure.

Good security is a habit more than anything. What may initially seem like an inconvenience will eventually not even be noticed, just like locking the door to your home. Suggestions for improvements and updates are welcome and appreciated.


Why: There’s a good chance your computer is already infected with malicious software (malware). Unfortunately malware attacks are a never-ending plague. You can’t spend time online and not be at risk of infection. This includes viruses, key loggers (which secretly record everything you type, like GROK or Magic Lantern) and various other programs that track you and send your private information to bad guys.

There are thousands and thousands of malware programs out there with new ones being launched daily. It’s not just hackers, fraudsters, or governments who create and spread malware. Huge companies that you’d think would be fiercely protective of their reputation, like Sony, will infect you. Lenovo, the world’s largest personal computer vendor, is under fire for selling 43 models with pre-installed malware which dramatically undermines your computer’s security. This site shows if you’re infected. If you are, here’s how to fix it.

***For Apple desktops and laptops only***

Install and run the following programs:

CCleaner – Download the free version. After you’ve run a scan and fixed any problems it finds, close it and then move onto the next program. I suggest running CCleaner once per month.

Sophos Anti-Virus Home Edition – This program is free. Install and run a scan to make sure you’re clean. Macs are much less virus prone than Windows PCs, but infections are still possible. I recommend this program because phishing attacks keep getting more and more sophisticated, and it’s pretty easy these days to be tricked into clicking malicious web site links and opening malicious files. If you already have another anti-virus program installed, update and run it instead.

***For Windows PCs and laptops only***

First, let’s make sure your copy of Windows is up to date. Microsoft is constantly releasing security patches to fix security vulnerabilities, and your computer should be set to automatically install important updates. If you don’t know how to check if important updates have been installed, see this if you’re running Windows 7 and this if you’re running Windows 8. Windows 10 installs updates automatically.

Second, see if your anti-virus scanner is up to date and then run a scan. Both Windows 7 and Windows 8 come with free anti-virus software. If you already run a third party anti-virus program, update and run that instead. If you haven’t installed any third party anti-virus software, on Windows 7 load Microsoft Security Essentials and do a scan. If you don’t have it, install it free here (ignore this if you run Windows 8). For Windows 8, run a scan with Windows Defender (see here if you need help). Don’t continue until the scan is finished. Virus scans take a while (10-20 minutes), so it’s a good time to grab a drink or a snack. If you find any infections, quarantine or delete them.

Third, we’re going to install and run four free programs that protect against malware. They all work a bit differently and catch different infections. If you already have other anti-malware programs you use, you can decide whether to delete them and go with this suite or stick with what you have.

Reboot your machine if it’s been on a long time. (A fresh restart is generally a good idea when installing a bunch of new software.) Then install and run the following:

CCleaner – Get the free version. Make a backup of your registry when it asks. After you’ve run a scan and fixed any problems it finds, close it and then move to the next program.

Malwarebytes Anti-Malware – Get the free version. Check for updates before running the scan. Fix any problems it finds and continue to the next program.

Spybot Search & Destroy – Get the free version. Check for Updates and run a scan. After it’s done and you fix any problems, Immunize your system. Immunization blocks your computer from communicating with a long list of known malicious sites.

Malwarebytes Anti-Exploit – Get the free version. This program shields your browser from sudden attacks that malware companies don’t yet know about called zero-day exploits. You don’t need to do anything. Just install and it will work in the background.

I suggest running CCleaner, Malwarebytes, and Spybot scans once a month. You should also do it immediately if you suspect that you’ve made a mistake like following a link to a shady-looking site you didn’t mean to visit or opening a suspect file.


Why: (If you already use Firefox, skip to the add-on section.) People get attached to web browsers, so please consider my reasoning if you recoiled in horror at this suggestion. Google’s Chrome is the most popular web browser in the world. That image of Google’s boss and Obama gives an indication of how closely tied to the government Google is. Google is not only one of the government’s key business “partners.” It’s the juiciest target for the government to infiltrate. Snowden showed us that it has. You can virtually guarantee that NOCs work at Google.

Google’s business is literally mass surveillance. It collects more data about more people than any other company in the world. The business model is simple. Google tracks and records you and then turns you into a profile that it sells to advertisers. As Eric Schmidt said, “We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.”

The reason Google’s services are free is because you’re not the customer. You are the product. As Google itself says, “Our customers are over one million advertisers, from small businesses targeting local customers to many of the world’s largest global enterprises…” It’s biggest customer is of course the U.S. government (federal and state).

In contrast, Firefox doesn’t track you and sell you as a product. The developers of Firefox are highly vocal about being anti-surveillance. Firefox is open source, meaning any programmer can audit the code to see what it’s doing. And Firefox has add-ons that are necessary to thwart tracking and surveillance. (Chrome has add-ons too, though many of them contain malicious code.) Bottom line is the Firefox people aren’t in the surveillance business.

If you’ve been using Internet Explorer, know that it’s being phased out by Microsoft and has been plagued with security flaws. And it doesn’t support important add-ons needed to protect you.

If you’re on Mac, I recommend Firefox over Apple’s Safari browser as a matter of diversifying trust. At the end of the day we’re trusting all software we use not to exploit us. But Firefox doesn’t have the financial incentive like Apple does to track you. And while Firefox is open source, Safari is not. Also Firefox has a more robust collection of add-ons.

What to do: Install Firefox and set it as your default web browser. After you have Firefox running, click the Options button (the gear icon), click the Update tab, and select “automatically install updates.” Then install these security add-ons. (Each add-on puts an icon in the Firefox toolbar for quick access to its settings.)

HTTPS Everywhere – (click “Install in Firefox”). This increases the difficulty of bad guys intercepting what you see in your browser and makes it harder for them to set traps that can give them access to your computer.

Adblock Plus – This protects you from some sites that are set up to install malicious software on your computer. It also blocks ads from companies whose business is surveillance (like Google and Facebook which track you even when you’re not on their sites). If there’s a site whose ads you want to see you can easily tell Adblock to show ads for that site. When you install Adblock, a confirmation screen will appear. Scroll down and turn these switches ON.

Privacy Badger – (click the ‘download for Firefox’ link). This add-on pays attention to when you’re being tracked by a browser cookie and then deletes it. There is some overlap with AdBlock Plus, but Privacy Badger fills in some gaps because it doesn’t rely on block lists.

Random Agent Spoofer – When you visit web sites your browser sends information about its configuration that leaves a unique digital fingerprint. This fingerprint identifies you. If you’re curious you can see the print it leaves here. Install Random Agent Spoofer so you don’t leave prints wherever you go.

Ghostery (optional) – If for some reason you try AdBlock Plus and don’t like it, Ghostery is a solid alternative to try. I suggest using one or the other. If you use it I don’t recommend enabling GhostRank. (The program will ask when you install it, saying that its data collection is anonymized). Anonymized data collection isn’t necessarily anonymous.

NoScript (optional) – NoScript is optional because there’s a substantial learning curve. NoScript makes web browsing more secure, but the price is that many sites won’t display properly until you tell NoScript which parts of the site to allow. Once you set the permissions for a site, NoScript will remember them. But there’s that initial few seconds at a new site where you may need to allow the core parts of the site for it to display correctly. It took me a couple days to get used to it, but this article gives good guidance if you need help. If it’s not too intimidating, give it a try. You can always remove any Firefox add-on if you don’t like it.


Why: Google tracks and records your search terms along with when you entered them as part of its profiling analysis. Yahoo and Bing do the same thing. By analyzing every search you make, a shocking amount can be learned about you. You can get the same search results without being tracked and profiled.

What to do: The good news is you can get Google’s search results without being tracked and recorded. StartPage is an anonymized version of Google, meaning it asks for search results on your behalf so that Google doesn’t know who is doing the asking. Go to StartPage and click “Add to my browser” and make it your default search engine. If you want non-Google search results, use Ixquick for a composite of several other search engine results. Both are excellent. Just make sure you set one of them as your default search engine. One other option is DuckDuckGo, which also doesn’t surveil you, though I prefer the search results of the other two.


Why: Passwords are our bread and butter security measure. We use them every day to guard our accounts, assets, and personal information. The nightmare is that passwords as a security measure totally suck. The majority of passwords are so weak that they’re hacked within seconds. The security industry desperately needs to innovate beyond passwords, but we’re stuck with them for now.

The reason passwords suck is it’s really hard to remember a strong password, much less a strong password for every account you have. So people end up using weak passwords, and they use the same one or two passwords everywhere. This is a security disaster.

Massive advances in computing power and password cracking software have made once-strong passwords a joke. Ed Snowden put it simply. The government can make 1 trillion password guesses per second. Free agent bad guys can make trillions of guesses too; it just takes them a bit longer. And the guesses are educated, not random, starting with databases of millions of real passwords which have already been hacked.

The disturbing truth is that 99% of the passwords people use are easy to crack for a reason. The same strategies we use to make passwords memorable are the very same strategies hackers exploit to crack them.

Hackers study how we come up with passwords – the most common words, the way we combine them, and the modifications we make. Then they write software that tests variations of those strategies using alternate spellings (like “l34rn” instead of “learn”), famous dates, names, movies, sports teams, addresses, combinations of your personal and family info, phrase and quote dictionaries, song lyrics, et cetera.

Even when we think we’re being really clever, we’re not. One site recommended taking an easy-to-remember password and then shifting your hands over a key to the right to type it. So Happydays would becomeJs[[ufsud. Seems like a great idea since the password now looks totally random. Except it’s not random at all. Hackers know this strategy too and can easily write software to apply the key shift strategy against all the other educated guesses they’re making.

Even if you do have a strong password, if you’re using it (or a slight variation of it) multiple places, you’re opening yourself up to attack. Even if the password is rock solid, the web sites we entrust our passwords to get compromised. Google, AT&T, Apple, Home Depot, Ebay, Target…all have been hacked at various times.

You can have the strongest password in the world, but if the system storing it is defeated, the attacker will have access to wherever else you use that password. And they’ll try variations of it too.

Given the disastrous state of passwords, we have to know how to make strong, unique passwords which can withstand sustained automated attacks. But what if you have 20, 30, or even 100 web site accounts? Fortunately the market has provided us with password management software that can generate and remember strong passwords with minimal effort. But the master password to access the manager needs to come from you and obviously be very strong. Same thing with the password to access your computer and phone.

What to do: Before we get to the password manager, it’s imperative that you know how to create strong, memorable passwords. I’ve researched a bunch of approaches and incorporated them into a basic methodology.

I can’t get overly specific about how to use the method because a specific strategy that’s public is easy to reverse engineer and crack. For example, people think the strategy of taking a famous phrase like “to be or not to be” and using the first word of each letter – tbontb – is a good password strategy because it looks so random. It’s actually a lousy password because it’s too short and that first-letter strategy is well known. Any good password cracker will run that strategy against databases of famous phrases, quotes, lyrics, poems, et cetera. So I’m going to show you how to make your own strategy using a modified pass phrase.

Unlike a password, a pass-phrase is several words. Every pass-phrase you make should be at least six words long. Here’s the catch. The words can’t be something you’d find in a database, like tobeornottobe, or variations of it like t0b30rn0tt0b3 or ToBeOrNotToBe! These are all readily cracked.

You need six words that mean something to you personally, but not to a bunch of other people. That’s the key. When people hear they should use a pass-phrase, they often pick something others would too, like newenglandpatriots or dancetillyoudrop. Not strong. It’s got to be 1) personal to you and 2) quirky. For example, mysizzlingloveaffairwithbacon is good because it’s pleasant to type, easy to remember, and the wording is quirky, not just a simple statement like ieatbaconeveryday. Even if you knew me and my affinity for bacon, mysizzlingloveaffairwithbacon would still be extremely difficult crack. (Don’t use this passphrase even if you share my love of bacon.)

So to review, we want personal and quirky – not literal information, like iwenttowaldonhighschool or ihavetwoyoungersisters or mymomisnamedsallysmith.

By the way, some people use totally random words like cowhandlestringredplentywindow, but I find that much harder to remember. It’s very secure though because it guarantees the user won’t pick an obvious or famous phrase. But a quirky, personal pass-phrase will not only be easier to remember, it won’t be annoying to type.

Make sure you use 6+ words. The difference in typing time between six or seven words versus two or three is only a couple seconds, but the difference in password security is gargantuan. The word count is much more important than the word length. blueantsfreakmybedout is strong even though it’s made of short words. Don’t skimp on word count.

Also know that you can include spaces in your passphrases (blue ants freak my bed out). I didn’t just to make the examples I’ve provided easier to distinguish from the text.

Now that you know how to make a quirky personal pass-phrase, we’re going to add one more layer of security. We’re going to apply a modification to the pass-phrase. Why? Because if an adversary figures out you’re using a pass-phrase, lower-case English words with no modification will be the first line of attack. The relentlessly increasing speed of computers means you might be vulnerable even if you use six words. Also if you unknowingly pick a common phrase like a famous quote or line from a song, the modification can save you from being cracked.

One example of a modification is to capitalize the first word of the pass-phrase – Mysizzlingloveaffairwithbacon. This modification is the most obvious one though, and bad guys know that, so pick something else. Pick anything that does something with capitals, punctuation, numbers, or any combination of those. Do your own thing, even if it’s simple. That’s better than a common modification like using leetspeak (e.g. substituting 3 for e, 4 for “a,” and 0 for “o”). Hackers have common modifications like this nailed.

It doesn’t need to be finger-twisting to type. You could even integrate the modification into the context of the passphrase itself, like eat8baconstripsEverymorningyay! That’s a deliciously strong password that you shouldn’t use.

An extremely powerful modification technique you should consider is swapping one or more of your pass-phrase words with a foreign language equivalent. Don’t bother with foreign words that are so popular that they’re used in English too, like nada or mucho. It doesn’t matter what language you pick, even Pig Latin, as long as you can remember the word. mysizzlingloveaffairwithaconbay turns “bacon” into Pig Latin, pun intended.

You’ll only need to invent and remember a pass-phrase to unlock your password manager and to log into your (soon to be encrypted) devices. The rest will be handled by your password manager.

If you’re nervous about forgetting a new strong password, you can write it down until it’s grooved. Some security people will tell you to never write down a password, but writing down a strong one is far better than having a weak password. Just don’t put the password someplace obvious, like next to your computer. The odds of somebody breaking your weak passwords online is exponentially higher than somebody breaking into your home and finding your passwords.

If you write down a password, here’s a technique in case someone finds the paper and tries to use it. Insert some dummy characters into the password that you’ll recognize as not being legit but which will fool others. You could add something, like your year of birth, as a decoy. So it would be, for example, mysizzling1980loveaffairwithbacon. If somebody finds and uses it, when it fails they’ll think you’ve changed your password.

Picking a Password Manager

A password manager does two critical things. First, it remembers all your passwords in an encrypted vault (except of course the password to access the vault). And second, it can replace your crappy passwords with automatically generated very strong passwords.

After you’ve chosen a manager, you’ll want to make sure that you’ve told Firefox not to remember your passwords. Go to Options ? Security and uncheck “Remember passwords for sites.”

There are several password managers to choose from. They all have pluses and minuses. Here are a few I think are worth your consideration. Using any of them will massively improve your security, so go with whatever seems to suit you best. They are all free to try.

KeePass has been around a long time. It’s open source, free, and everything is stored on your machine. None of your passwords are uploaded to the cloud (a third party’s servers), so you don’t have to trust strangers to keep your passwords safe. But KeePass has a clunky interface that takes some getting used to. It’s also less convenient for the same reason that it’s more secure: Having your passwords in the cloud means you don’t have to worry about backing up the password vault or syncing your vault with other devices. With KeePass you have to back up your vault because if your computer dies or is stolen, you’ll lose all your passwords. And if you change a password, you need to manually sync the vault with any other computer or mobile device you use. KeePass was originally written for Windows, but because it’s open source there are multiple versions for all platforms to choose from.

Next we move to cloud-based managers. Dashlane has an elegant interface and is feature rich. Lastpass is the most popular manager and is also feature rich. They have a lot going for them, but both companies are based in the U.S. and subject to strong-arming. They promise that they store your passwords in an encrypted form that they can’t access, but there’s no way to know for certain because it’s not open source software.

If either company gets a government demand to divulge customer data or compromise their software with a backdoor, they will be legally gagged from telling people about it. I’m not making a value judgment against the companies – they seem very sincere and well-intentioned. But let’s not fool ourselves. Nobody at these companies is going to go to prison protecting your or my security. That said, Dashlane gives you the choice of storing your password vault locally (no copy in the cloud). If you’re willing to handle backing the vault up, that provides a substantial measure of assurance.

Another good choice for a cloud-based closed source manager is 1Password. One benefit it has over Dashlane and Lastpass is that it’s not in the U.S. The company is Canadian, and they point out that they have key people based in four different countries. If a demand was issued with a gag order, the principals in the other three jurisdictions could alert customers that their security was compromised without being tossed in prison.

Last but not least, my favorite choice is Encryptr, a free and open source cloud-based manager and e-wallet. Encryptr is zero-knowledge, meaning you don’t have to trust a third party to keep your passwords safe. You get the benefit of cloud storage without the risk of trusting closed source software. It’s not nearly as feature rich as 1Password, Dashlane, or Lastpass, but I personally like simplicity. And when it comes to all your passwords, open source transparency and zero-knowledge are arguably an overriding consideration.

I encourage you to try two or three out and see what feels right to you. Don’t stress about your choice. Whatever you pick, you’ll be massively more secure.

The final step with any password manager is to visit every site you have an account with and replace the old password with a newly generated strong password. Yes it’s an annoyance, but you only need to do it once. The payoff in security is enormous. (And don’t forget to turn off Firefox’s password storage: Options ? Security ? uncheck “Remember passwords for sites.”)


This means your computer’s hard drive(s) and any external hard drives.

Why: If you currently use a password to log onto your computer, that doesnot protect the information on your computer. The log-in can be circumvented with little effort by anybody with modest skills. Your drive needs to be encrypted, or your data is exposed to anybody with access to your computer.

If your computer is ever stolen, you’ll be out a computer but encryption means you won’t have to worry about being blackmailed, defrauded, stalked, or having your life otherwise hacked to bits.

If your internal or external hard drive dies and you chuck it or take it to get repaired, a stranger won’t be able to take it and recover all your data on it. They will only find an encrypted volume.

If your computer is ever confiscated at an airport, a border crossing, or in a government raid of your home, everything on it will be inaccessible rather than wide open.

***For Apple desktops and laptops only***

Apple ships its desktop and laptop computers with built-in encryption called FileVault. Follow these directions and turn it on. Don’t store your security key with Apple, and don’t store it on iCloud where Apple can be forced to disclose it or expose it in a security breach. Use the third recovery option: a strong passphrase. If you’re nervous you’ll forget it, print it out and store it someplace safe (not with the computer). And if you print it use the tip about printed passwords: Insert some dummy characters into the password that you’ll recognize as not being legit in case somebody finds it.

If you have external hard drives, you should encrypt those with FileVault too.Here’s how.

If you don’t want to trust Apple with your encryption (e.g. the possibility of a government back door), there is a free and open source solution. Veracrypt. It’s the successor to a highly respected encryption program called TrueCrypt. Unfortunately using Veracrypt is more complicated than File Vault, so expect about 30 minutes of learning curve. You can use VeraCrypt to encrypt your main computer drive and any external drives. It also can create an encrypted “file container,” which is like having a virtual hard drive of any size you choose where anything you put in it gets encrypted. For example you could make a 1 gigabyte file containers, put all your most important documents in it, and then put that file container anywhere – USB drives, the cloud, wherever – and your data is secure even if someone gets their hands on the container. (You can use Veracrypt to make file containers even if you use FileVault to encrypt your drive.)

Here’s the VeraCrypt documentation, most of which you don’t need to read to benefit from the core functionality of the program. (The default options are fine to use unless you need advanced features.) You can also search Youtube for several Veracrypt tutorials. The Beginner’s Tutorial is a good place to start. It will show how to make a file container. Once you feel comfortable making a file container (make and delete a couple just to get the hang of it), then try encrypting an external volume, like an external hard drive. The final step is to encrypt your main drive.

***For Windows PCs and laptops only***

Just to reiterate, having a Windows password will deter a nosey passer-by from going through your computer, but it is does not provide meaningful security.

You have a few decent options. The first is to use Microsoft’s disk encryption, which is called BitLocker. It’s free if you already are running Windows Vista Ultimate or Enterprise, Windows 7 Ultimate or Enterprise edition, or Windows 8 or 8.1 Pro or Enterprise edition. If you’re not you’ll need to upgrade to use BitLocker. Here’s a guide to get started if you want to got his route. My one criticism of BitLocker is it’s closed source, so nobody can tell if it has government backdoors. (Also new Windows 8.1 PCs ship with “Pervasive Device Encryption,” but Microsoft forces everyone to upload the encryption key Microsoft, so it’s not truly secure.)

The other option is to use the free and open source Veracrypt. It’s the successor to a highly respected encryption program called TrueCrypt. Unfortunately using VeraCrypt is a bit more complicated than BitLocker, so expect 20-30 minutes of ramp up. You can use VeraCrypt to encrypt your main computer drive (the one with your operating system on it), as well as any external drives. It also can create encrypted “file containers,” which is like having an encrypted virtual hard drive of any size you choose. Anything you put in a file container gets encrypted. For example you could make a 1 gigabyte file container, put all your most important documents in it, and then put that file container anywhere – usb thumb drive, cloud storage, wherever – and your data is secure even if someone gets their hands on the container file (assuming you used a strong passphrase).

Here’s the VeraCrypt documentation, most of which you don’t need to read to benefit from the core functionality of the program. (The default options are fine to use unless you need advanced features.) You can also search Youtube for several Veracrypt tutorials. The Beginner’s Tutorial is a good place to start. It will show how to make a file container. Once you feel comfortable making a file container (make and delete a couple just to get the hang of it), then try encrypting an external volume, like an external hard drive.

The last step is encrypting your system disk (your main drive, typically the C: drive). To do that you need a CD burner and a blank disk to make a Rescue Disk in case there’s a problem. If you’re not technical it’s a bit scary, and I appreciate how much it sucks to feel technically intimidated. So if you get freaked out, either use BitLocker if you have it, or make a big VeraCrypt container (they can be whatever size you want) and keep all your private data in there. A VeraCrypt container is pretty quick and easy to make, and you can copy it anywhere just like a regular file.

DiskCryptor is another free, open source alternative that is a bit easier to use (and has fewer features). Here’s a tutorial video that walks you through how to encrypt your main drive step by step.


Why: If your phone or tablet is ever stolen the last thing you want is to worry about is having all your contacts, email, photos and other personal info in the hands of bad guys.

I know people who have had phones taken into back rooms during random airport security questioning. You really want your data encrypted with a strong password in a situation like that because all of your phone’s data can be cloned very quickly.

Because you can be arrested for trivial infractions such as driving without a seatbelt or having unpaid parking tickets, even the smallest crimes can be combined with narratives cops are trained to concoct about reasonable suspicion to pry open the door for a full-blown search of your digital life using sophisticated analytical tools. The only protection you have – and it’s great protection, thankfully – is to encrypt and password protect your mobile devices.

Needless to say, if a police officer or other government agent tells you to unlock your phone, politely refuse. If you comply, anything they find can be used against you. And it doesn’t matter whether you’ve been Mirandized or not. No matter how certain you are that you haven’t committed a crime (re-read the Into the Abyss section again if you think you’re innocent), there are officers who will plant evidence and fabricate testimony, so don’t give them rope to hang you. This guide provides essential guidance on how to interact with police.

***for iPhone and iPad users only***

TouchID – If you have an Apple device that has TouchID, I recommend using it.

Passcode – Many people don’t even put a passcode on their iOS device. Hopefully it’s clear by now that doing that is pretty much like begging for misery.

If you don’t have a passcode, from the home menu tap the gray settings icon. Then tap the “General” settings button and choose “Passcode Lock.” Tap the “Turn Passcode On” option at the top of the menu. Turn “Simple Passcode” OFF and choose a real passcode – at least 10 characters. Will it be annoying at first to spend an extra 2-3 seconds unlocking your phone? Yes, but you’ll get used to it.

People who use the “simple passcode” option might as well not have a passcode. Anybody who is determined can guess a 4 digit password within a couple hours, often within minutes since people pick obvious ones like 1111, 1234, 4321, 4444, 1357, 3579, et cetera.

If the extra 2 or 3 seconds to enter a real passcode is unpalatable, at the very least turn the “Erase Data” option to ON in the Passcode Lock settings page – and don’t use an obvious 4 digit code.

Don’t Trust – Apple’s attempts to make things automatic can lead to critical security breaches. Here’s one many iPhone users don’t know about. Say a coworker is going to put a file on your iPhone, like a sales video you both made together. You plug your iPhone into his Mac. Up pops a question asking if you “Trust” his computer. If you say ‘yes’ and you have your iTunes set to backup iPhone data automatically, ALL your iPhone data will be copied to your coworker’s computer – contacts, messages, email, photos, everything. So don’t “Trust,” or make sure you have automatic backup turned OFF.

***for Android users only***

Cyanogenmod – Manufacturers of Android devices install various software that they ship with the device. You really don’t know what that software is doing. It may track you, and it’s often “bloatware” that slows your device down. A solution is to install Cyanogenmod. If you have a device on this list, then you can use the Installer which makes things easy. If you don’t have a device supported by the Installer, I would skip it unless you want to roll up your sleeves and get fairly technical.

There are many advantages to Cyanogenmod. Your device will run faster and have some extra privacy features. Here’s a good roundup to judge if you think it’s right for you. If you want to give it a go, this is where you start.

Encrypt your device – While iPhones are encrypted by default, Android devices generally are not. (Some new Android models like the Nexus 9 are shipped with encryption on by default, and fortunately most other new Android devices will follow suit shortly.)

Be aware that if your Android device is more than a couple years old, encrypting it will make it perform more slowly. I think it’s worth it, but it bears mentioning since this is the case for older models. You can try it, and if it’s not workable for you, you can unencrypt the phone, but know that unencrypting it will factory reset it. Newer Android devices don’t suffer any noticeable performance hit.

When you enable encryption, you’ll need your phone to be mostly charged as well as plugged in. It takes about 30-60 minutes. Go to Settings->More->Security->Encrypt device. Here you’ll of course want to pick a strong passphrase that’s ideally easy to type. Remember without a decent passphrase there’s not much point to the encryption. Will it be annoying initially to spend an extra 2-3 seconds unlocking your phone? Yes, but you’ll get used to it. It’s worth it.

Be sensible – I agree with this article’s advice that you generally don’t need anti-virus software for Android devices if you’re sensible about sticking to legit-looking apps from the Google Store or other trusted sources that seem legit. Also avoid apps that demand unreasonable permissions to access to your phone. If you’re downloading a game and it wants permission to access all your contacts or dial phone numbers, for example, I’d skip it. The freeDCentral1 app lets you monitor what permissions your apps have.


Why: If you’re going to upload files to cloud storage like Dropbox, Google Drive, iCloud, or OneDrive, use a service that encrypts your files before they are uploaded. No matter what Dropbox claims about security (and they’ve been caught contradicting themselves), you don’t want to trust any company with your personal files. The Dropbox site says, “Dropbox employees are prohibited from viewing the content of files you store.” Saying people are not allowed to look at your files is not security you can count on, nor is it protection from the government surveilling your Dropbox.

What to do: To quote Snowden, “Get rid of Dropbox.” Snowden’s suggestion is to use SpiderOak because it’s zero-knowledge, meaning they encrypt your files before they’re uploaded, making it impossible for the company to see the contents of what you store on their servers. The first 2GB on SpiderOakare free. An alternative to SpiderOak that takes a similar approach is Wuala, which gives the first 5GB free. Also worth considering is open source encrypted cloud storage such as Seafile (1GB free) or the mostly open sourceCyphertite (8GB free).

Any of these options are far better than Dropbox, Google Drive, et cetera. Since they all give free storage space, maybe try out two or three.


Why: Many people in this world are lonely. “Free” social networks like Facebook are designed to capitalize on this. In return for helping you feel connected to others, they study you like a lab rat and turn you into a product. I’m not exaggerating. As the founder of Facebook said, “They ‘trust me’ – dumb fucks.” Meanwhile he surrounds his home with empty lots and hundreds of acres of undeveloped land.

Facebook’s “like” system is designed to reinforce whatever your existing beliefs are. Facebook is engineered to be a giant echo chamber which figures out what you like to hear so it can feed it to you. That’s how it hooks people.

It’s also the ultimate propaganda system. Recall Facebook’s notorious social engineering experiment which proved it could manipulate the mood of over half a million people by altering their feeds. The experiment received funding from the US Army Research office. The military funds research on the mass manipulation of a population’s mood? You don’t say.

As with Google, Facebook’s core business is mass surveillance. You’re the product, not the customer. Facebook collects and stores an insane amount of intel about every facet of your life. It not only tracks everywhere you go, it lets others track you too.

Facebook has developed software as accurate as the human brain to reveal your identity in any photo you or someone else uploads. And yes, even 4 years ago Facebook was tracking you and assembling hundreds of pages of intel on you even when you weren’t logged in. Now it’s thousands of pages, and the surveillance and analysis are much more sophisticated.

Every time people post photos of themselves and others to Facebook, Instagram (owned by Facebook), Twitter, Google, or other surveillance-based services, they are unwittingly building mass surveillance databases containing the details of people’s appearances, who they associate with, what they do, and when and where they’ve been.

A single innocuous photo can reveal a lot of information. Trillions of photosis a frightfully vast surveillance database to be exploited by regimes, corporations, and free agent bad guys. Mass surveillance depends on social media as a primary data source.

Every American technology mega-corp has backdoors. Snowden made it clear: Tech giants are surveillance proxies for the government. The government’s own top secret slide is worth repeating here as it just says it all.

The Mass Surveillance ComplexThe Mass Surveillance Complex

To put it plainly, Facebook and other “free” social media services are mass surveillance roach motels. Free is the bait to get you in the door, and surveillance intel is used to hook you on the service so you can become a forever profitable product. Yes they are slickly marketed, convenient, and ultra-popular. They are also a trap and indispensable to the mass surveillance scaffolding. Check out of the roach motel.

What to do: It’s easy to share photos with friends and family without undermining our security by using encrypted cloud storage (step 7) or encrypted messaging and email (coming up). But to some the prospect ofopting out of Facebook or other social networks is unthinkable. But is Facebook actually improving the quality of your life? Are you now happy and fulfilled because of Facebook? If you’re willing to try, here are some suggestions for breaking the addiction.

If you’re unwilling to reject surveillance-based social media, at the very least adjust the “privacy” settings as tight as you can so that your life isn’t an open book to free agent bad guys. Facebook and Twitter are primary research tools for hackers and stalkers, and of course police and surveillance agencies. They use fake profiles to friend you and gather intelligence. Or impersonate you and use you as an unwitting honeypot. The NSA evenimpersonates Facebook.

You can replace surveillance-based social networks with non-surveillance alternatives. I’m a member of, a member-funded social and publishing network. Because its members are its customers, eschews a surveillance-based business model. Members can sign up with fiat money or bitcoin. Unlike Facebook which demands people use their real names, you can choose any name you’d like and reveal your identity only to those you personally trust.

I haven’t tried them, but Diaspora and Friendica are two other social networks which are not surveillance based, and there are others in development.


Why: Your email, chat, and texts desperately need to be secure. They are a jackpot of personal information about your life that can be used to harm you in any number of ways. It doesn’t matter if you think your life is not particularly exciting. People who stalk, extort, kidnap, and blackmail don’t limit their targets to hard-partying celebrities. Your email gives a treasure trove of leads to bad guys about how and where else they can invade your life. Surveillance-based email options like Gmail are not encrypted, and your email is automatically scanned and analyzed for packaging you to advertisers.

Companies that offer closed source software which claim to use robust end-to-end encryption are not worth considering unless there are no other options (and fortunately there are). A perfect example is WhatsApp, owned by Facebook. The company says it uses and likes open source, and yet WhatsApp’s code is not open source. Being closed source, people have no way to verify the quality of the encryption, whether there are bugs in the implementation, whether there are backdoors, and what is happening to your data behind the scenes. There have been several security breaches, but as with all closed source software, we don’t know how many security flaws are being quietly exploited right now.

The same issues make Skype untrustworthy despite its claims of secure encryption. Microsoft scans your Skype messages, and there have been back-doors in Skype and other Microsoft products for years.

The bottom line is no matter how exciting and promising the security claims, any closed source software, especially if offered by a U.S. based company with U.S. backers who fund military contractors, is fundamentally unable to provide reliable security assurances.

What to do: Replace your communications software with encrypted alternatives. Email, chat, texts, and phone calls. (Yes, even SIM card manufacturers have been hacked.)


Open Whisper Systems – Signal for iOS. TextSecure for Android.

Telegram – iOS, Android, Mac, Windows, Linux

Phone calls:

Signal for iPhone. Red Phone for Android.


CryptoCat – iOS, Mac OS X, Firefox add-on

ChatSecure – iOS and Android.

Telegram – iOS, Android, Mac, Windows, Linux

Adium – Mac OS X


If you like the convenience of using a webmail account, choose a provider who uses built-in encryption. I like Tutanota, Protonmail, Neomailbox, and Countermail. (I’d recommend Startmail too if they accepted bitcoin.) They all use an open source, gold standard encryption called PGP. Tutanota deserves particular recognition because it’s entirely open source. Some of them are subscription based, and some operate on donations. Unlike Gmail and its ilk, these all have robust privacy policies, are hosted outside the U.S. (making them harder to strong-arm), and make the encryption process seamless.

By contrast, if you want to use a local email client like Thunderbird, the only way to do so securely is to configure and use PGP yourself. Doing that onWindows and on Mac is frankly a huge pain in the rear for non-technical people. Even Glenn Greenwald, the reporter who broke the Snowden story, couldn’t follow the tutorial Snowden made for him. Upstart Whiteout looks like it’s trying to make the process far easier.

If you’re dead set on using an insecure mail provider like Gmail, Yahoomail, or Outlook, your best bet is to use Mailvelope to incorporate PGP encryption. It’s still a hassle to use, though, compared to Tutanota and the others who do the encryption for you automatically.

I realize that switching email providers is a big deal (as far as these things go). But notifying people that you’re switching to an encrypted email provider is a desperately needed message people need to hear. Overcoming mass surveillance is more of a motivational challenge than anything else. Mass surveillance is packaged as just another news item to shake your head over. But personal action is the only thing that will inspire others to take it seriously. Mass surveillance is not a news items. It’s a silent war being waged against us.

When you choose an email address, consider not basing it on your name. There are constant security breaches at companies resulting in email addresses getting lifted along with other potentially embarrassing info. If your email address also reveals your name, it gives bad guys another piece of data to work with in taking you apart.


Why: You have an ISP who provides you with internet access. The problem is that ISPs monitor and record your activity online. Net neutrality will onlyintensify the monitoring as ISPs are turned into government regulated utilities.

The same monitoring happens when you’re at a coffee shop, airport, hotel, or other public wifi. But at those places it’s even worse because anyone with technical skill can monitor what you’re doing in addition to the ISP.

That’s where a VPN comes in. It stands for Virtual Private Network. The main benefit it offers is to encrypt your Internet traffic. Neither your ISP or the creepy guy at Starbucks will be able to track what you do online.

What to do: Choosing a good VPN is key. This is the one step in this guide where I urge people to avoid the free route. There are free VPNs, but they are slower and typically have lousy privacy policies because they target you with ads to compensate for the VPN being free. VPN services require substantial capital investment, so you really want to be a customer rather than the product for advertisers. It’ll cost around 15-20 cents per day. Hugely worth it for the security benefit.

What you want is a reputable VPN that uses strong encryption and a “no log” policy. You also want the VPN to be based outside the U.S. Otherwise the company can be legally gagged and crushed like Lavabit. I suggest choosing one of the VPNs from the list provided here.


Congratulations on taking action! The process of hardening your security gives great perspective on just how insecure our digital lives are. No wonder we’re constantly hearing about security disasters.

The following practices are for the most part quick and simple to adopt. They can save you untold grief.

PDF and Word doc risks. Adobe pdf files can be rigged with malware. If you download or receive a pdf from an unknown or untrusted source, scan it with your virus scanner before opening it. Also disable Javascript in your pdf reader. If upon opening an untrusted document you are solicited to click on a hyperlink, it’s likely a trap. Same for Microsoft Word documents. Avoid opening them unless they’re from a trusted source.

By the way, if you’re tired of paying for Microsoft Office, switch to the free and open source Open Office. It reads and writes Microsoft Word, Excel, and Powerpoint files.

Recognize when “free” is a trap. Bad guys know that free things are enticing. There’s a lot of wonderful free and open source software (FOSS). But there’s even more free software out there that despite promising great benefits is malicious. Exercise caution and do some web searching first to see if a program is malware before you try it out. A little due diligence can quickly confirm what’s legit.

The same warning applies to free reports or books sent as pdf files or Word docs. Typically they promise to deliver health, sex, or money-making secrets. Documents can have malware embedded in them, as can the sites that promise to give you access to them.

Keep Adobe Flash up to date, or better, dump it. If you decide to use Flash (many sites and online games use it), make sure you keep it up to date because it’s been plagued with security flaws. Adobe Flash will also try to slip in McAfee Security Scan during the installation. The installer annoyingly opts you in by default because Adobe gets an affiliate kickback. I suggest notallowing McAfee to be installed (uncheck the box). It’s a crippled version of McAfee’s paid product that will say your computer is at risk until you purchase it, and it’s a pain to uninstall. If it slipped by you already and you want to uninstall it, here’s how. Or even better, uninstall Flash and see if you can get by without it.

Cover your webcam when you’re not using it. Even five years ago public school employees were remotely turning on web cams and secretly recording students at home. Plenty of malware and commercial stalkerwareout there does the same thing. Most desktop computers don’t have a camera or microphone, so you can disable them both just by unplugging your webcam when you’re not using it. And that little dot above your laptop screen where the camera lens is? Cover it up with a bit of post-it note or black electrical tape. It takes 3 seconds to cover and uncover the lens, so just groove the habit. Unfortunately there’s no easy fix I know of to physically enable and disable your computer’s mic.

If you have an Android device, here’s an inexpensive app that can disable your camera and microphone, which can be remotely activated and used as a surveillance device.

Use two-factor authentication (2FA). 2FA uses two security tests to permit access to information or physical resources. One example is an ATM card and a PIN code. Another is a password and a fingerprint. The more factors you add, the harder it is for bad guys to crack. Just going from one to two factors provides a huge increase in security. Many mobile devices can take advantage of 2FA. The downside is it’s usually more inconvenient to use. Bad guys are counting on you to be dissuaded by that, so use 2FA whenever you can. Here’s a directory of sites that support 2FA.

Have kids? Parental controls. Kids are a security nightmare. Gold stars to you if you teach them how to behave intelligently online. Just recognize that it’s highly unlikely they will always follow your instruction. Kids are particularly resourceful about things that are forbidden. If they ask you to buy a movie or video game for them and you say no – if they ask at all – they may decide to find it online. Whether or not you approve of that, “free” software is a honeypot for malware.

Bad guys are smart. They’ll offer a “cracked” copy of a video game, for example, but the act of installing it will also surreptitiously install malicious software that can do anything from stalking you to recording everything you type (including passwords) to sending files from your hard drive to bad guys. A lot of malware also turns your computer into a zombie that infects other computers on the web. If you care about not harming others online, use measures to avoid becoming a tool for bad guys to go after others.

Both Microsoft and Apple provide parental control settings for choosing what can be downloaded and visited on the web. There is also free third party software that gives you more options, as well as parental control apps for mobile devices. Consider these options carefully unless you have full confidence in your kids and their friends.

Encrypt individual files and folders. There are lots of reasons for encrypting individual files or folders. Maybe you need to email files to people who use insecure (unencrypted) email like Gmail or a corporate email address. Maybe you want to put files on a USB stick and take them someplace. Maybe you need to upload files to somebody’s Dropbox or Google Drive account who is unwilling to switch to SpiderOak. Maybe you want a person or organization to have files in their possession but not be able to access them until a certain event happens like an accident. Maybe you want to back up a big directory full of files and keep it at a location that’s handy but not secure like the desk of an apartment filled with roommates. Or maybe you just want an extra layer of protection for very important files in case somebody accesses your computer when you’re logged in and your hard drive is decrypted.

Whatever the reason may be, there are several free programs for encrypting individual files or folders. To encrypt a file or folder full of files, I suggest the free and open source 7-zip on Windows or Keka on Mac. Both programs compress your files but also give you the option of encrypting them. There are different compression formats those programs can use like 7-zip, zip, and rar. I suggest using 7-zip format because it’s Mac and Windows compatible and the compression is good. Here’s a quick how-to for both programs. Just remember compressing files won’t encrypt them by default; you also need to enter a (strong) passphrase. After you encrypt it the name of the file like “MyAccounts.7z” or “SurpriseVacation.7z” will still be visible.

Deleted files aren’t deleted until you shred them. Any file you delete isn’t actually deleted when you trash it. All trashing it means is that you’ve given permission for the file to be overwritten. To make sure that the empty space on any storage device is actually empty rather than filled with your deleted files, you need to use a program that writes dummy data over your real data a few times. A program we’ve already used, Ccleaner, does this (use at least 3 overwrites). On Windows another option is Eraser, which is open source. An even more comprehensive one is BleachBit. Mac users can shred deleted files by selecting Secure Empty Trash. More details on Mac file shreddinghere.

Securely deleting files on SSDs (used in mobile devices, lots of laptops, USB thumb drives, and many desktop computers) is a no-go for technical reasons. That’s why it’s all the more important to make sure the drives are encrypted. If you ever want to sell or give away your Android or iOS device, do a factory reset. The encrypted data will still be there but the encryption key will be erased, making the data unrecoverable.

Privatize your purchases. Your credit card transactions are recorded and distributed to multiple government agencies. As with tech companies, the government is a direct customer of the credit agencies who give them your financial information. Like surveillance-based social media, you are the product, not the customer.

A running record of every transaction you make along with when and where you make it is a mass surveillance wet dream. Like uploading your photos to Facebook, every credit card transaction helps weave the mass surveillance net. I don’t deny the convenience of credit cards or the benefit of “points.” But as with social media, the price is hidden but high.

Use cash when you can. It’s still relatively private, which is why the government hates it. But know that having a few thousand dollars in your possession makes you a criminal suspect. If found, your cash will likely beconfiscated. Its use is gradually being outlawed and several countries arerapidly going cashless.

Also know that if you try to withdraw a few thousand dollars out of your bank account you will likely be questioned and have a Suspicious Activity Report filed with the government. The same thing goes if you try to deposit a sizable amount in your account.

Precious metals are also difficult for the government to track. While they can be a great way to hold onto your savings in a zero-interest QE-driven world, the problem is it’s difficult to purchase things without resorting to barter.

So how to deal with the fact that withdrawing or holding cash in meaningful amounts has become a serious liability? More people every day are turning to non-government digital currencies. These non-government currencies are called cryptocurrencies because they are secured against counterfeiting through their use of cryptography. The most popular cryptocurrency is bitcoin.

There are many good reasons to use cryptocurrencies. The first is that you have monetary independence and privacy. You don’t have to fill out bank forms or get permission to access your money. You can send money anywhere in the world instantly without forms or questioning, and it costs only a few cents in fees. People who work abroad and send money home typically pay 10% in remittance fees. The compound savings by not getting clipped 10% every time is huge.

Hundreds of thousands of items can be purchased with bitcoin, including the recommended VPNs in Step 10.

The second is security. Accounts can be locked down and siphoned for bail-ins. Cash can be lost, stolen, and seized. You cannot walk around with a substantial amount of cash without making yourself a target. That is doubly true if you travel, where carrying $10,000 on a plane effectively makes you a criminal suspect.

You can carry any amount of cryptocurrency in a secure “wallet” on your phone, computer, USB thumbdrive, or even your camera’s flash card without anybody seeing what you have. Your wallet can be backed up the same way you would back up any computer file. If your phone or computer get stolen, the money can’t be spent without the key to your wallet. You can copy your wallet as many places as you want and even print it out as a paper wallet. You also can split your money into as many wallets as you want and store them different places if desired.

For the ultimate in portability and security, you can use a brain wallet. A brain wallet means that access to your money is literally only in your brain via your passphrase. There is no other way to access your wallet (so don’t forget the passphrase!) You can cross any border with just the clothes on your back while “carrying” any amount of money with you.

While bitcoin transactions are not systematically identity tracked and reported to corporations and government agencies, bitcoin purchases are not truly anonymous. While your name isn’t attached to purchases, the purchases themselves can be traced. There are techniques for anonymizing bitcoin, such as mixing. Another option if you want to make anonymous purchases is the DASH cryptocurrency, which is specifically designed for anonymity.

The third reason is cryptocurrencies allow you to hold your savings in a currency that is not being systematically counterfeited (the government term is inflated). Cryptocurrencies are new, so the primary risk in using them is volatility. Volatility can work for or against you. People love upsidevolatility; downside volatility is what makes people nervous.

The way to deal with volatility if it worries you is to dollar cost average (DCA) your cryptocurrency purchases. If you wanted to own, say, $5,000 worth of a cryptocurrency like bitcoin, you could DCA the purchases by buying $1000 in bitcoin per week for 5 weeks, for example. Or $500 per day for 10 days. The more you spread it out, the more volatility is reduced.

Lastly, use bitcoin out of principle. The government derives its power to do all the objectionable things it does from the monetary system. Fiat currencycan be created in any quantity by the government at any time and at zero cost.

Given the government’s ability to create money instantly at zero cost, tax collection today is mostly about social engineering. Paying taxes maintains the illusion that fiat money is scarce and therefore valuable. Yet with every additional trillion dollars that it snaps into existence, the government enriches itself while eroding the purchasing power of savers who treat the dollar as an article of faith. The fiat story never has a happy ending. Nobody is going to end (or audit) the Fed, but cryptocurrencies enable us to largely ignore it. That is truly liberating.

Torrent carefully. If you’ve never used Bittorrent, you’re missing out on a ton of quality content that is absolutely free. Bittorrent is a way for people to efficiently share files of their choosing with anyone else in the world. Many people think bittorrent is only for downloading copyrighted material like movies, TV shows, and music, but there are loads of copyright-free contenton bittorrent.

Whatever you download, be careful. It’s easy to download files that have been shared with the purpose of injecting your system with malware. If you’re going to use bittorrent, here are a few suggestions:

Use qBittorrent for your client. It’s open source, unlike the popular but closed source utorrent. For increased security use IP filtering andanonymous mode. For even more security use it with a VPN service that permits bittorrent use. (All the VPNs recommended in step 10 allow bittorrent use.)

Media files like mp3, mp4, avi, mov, and flac are safe to download. They don’t carry malware infections. I recommend playing media with VLC Player. It’s fast, free, open source and doesn’t spy on you.

Don’t download any software from bittorrent unless you trust the source or really know what you’re doing. Anything that requires installation (like an .exe file) is a big security risk. If you have kids, they may (will) download games from bittorrent which are likely malware carriers. (Just because a game runs properly doesn’t mean your computer hasn’t been loaded with malware.) To make matters worse, the directions for much of the software you see on bittorrent sites tell you to disable your anti-virus during installation. It’s true that anti-virus software can impede installation of some software, but disabling it for an untrusted source is a great way to get slammed with malware.

If you decide to download software from untrusted sources, at least sandboxthe program. Sandboxing is a powerful security measure, but it’s not a silver bullet.

Grow your knowledge – Once you feel comfortable using the security measures in this guide, I encourage you to investigate other ways to increase your protection.’s free privacy guide has some good advice that goes beyond online protection of your identity.

For more online security measures, this guide is a solid next step. Note that it’s still a beginner’s guide, which gives you an idea of how much can be done. It’s wise to remind ourselves as security beginners that we’ve only taken basic steps. This guide also offers some more in-depth advice when you’re ready. Both cover using your VPN in combination with TOR. There is a performance hit to your browsing speed, but you get substantially more privacy. Just don’t take the anonymity claim on the TOR web site as literal. There’s no such thing as bulletproof anonymity online, though when you use TOR properly, you can achieve an extremely high level of security that requires very sophisticated adversaries to defeat.

Donate – Many extraordinarily talented, principled, generous people who understand the horrific implications of mass surveillance work ceaselessly to provide free, open source solutions to protect us. I encourage you to send a market signal that their heroic work is sincerely in demand and appreciated. In other words, please donate here or to whatever open source projects you use. Also consider supporting critical resources that journalists, activists and whistleblowers depend on like SecureDrop, TOR, and Tails. They require continual development to keep pace with mass surveillance expansion. Without these resources we’d be in the dark about what’s being done to us.

Snowden is one of many who have risked their lives to expose mass surveillance and the other awful things regimes do in secret. As mass surveillance technology advances, if the tools to fight it don’t advance then resistance will become impossible. We depend on the ongoing diligence of skilled coders in a very real and urgent way.


Ok, I gotta ask. Did you skip some steps because you made a value judgment about your life? Maybe you decided to stick with Dropbox since you only put family reunion photos or cooking recipes there? Perhaps you didn’t switch to encrypted calls and texts since you think whatever you have to say will be met with indifference by those who record you.

Every bad guy and every regime banks on you thinking this way so that you don’t take action. Mass surveillance depends on mass indifference. It’s not about whether files are sensitive or whether you’d share them with someone who politely asked to see them. It’s about your power to give permission. It’s about control. Universal control. Snowden wasn’t mincing words when he risked his life to expose the greatest weapon of oppression in the history of man.

When it comes to mass surveillance, principle is inseparable from risk. If you choose not to act, everything can and will be taken without permission. Whenever down the line you decide things have gotten insufferably out of control, it will be too late to do anything. Ignoring ugly truths is how we end up looking back and wondering how things got so bad. Don’t fall for it. If you haven’t already, please act now.

Gratitude for Alan Turing

Encryption is what empowers us, the governed, the peaceful outlaws. Without it we would have no shelter from the shadow of criminality politicians have cast over us.

What breathtaking irony that the means to protect ourselves is owed to a heroic criminal named Alan Turing. The father of computer science and mastermind of cryptography, Turing broke the Nazi regime’s “unbreakable” encryption code, Enigma.

After providing the British government with its single most powerful weapon – the means to know everything the Nazis were going to do in advance – Turing was prosecuted by the regime in 1952 for being homosexual. The man who saved millions of lives by shortening war – that greatest of government abominations – was a criminal.

Alan Turing, heroic criminalAlan Turing, heroic criminal

Turing pled guilty to the crime. As punishment the government ordered him to be chemically castrated in a series of brutal medical treatments which led to his suicide two years later.

This man was a liberating force for humanity. We owe him our deepest gratitude.

Parting Thank You

The Internet is the most powerful tool we have to inform, protect, and help ourselves and others. By taking action, you are materially advancing the cause of human liberty. Our own psychology is the biggest risk in determining our fate. Will we succumb to learned helplessness? Or will we quietly and with determination cut the noose from our necks?

Together we can thwart those who seek to dominate and control. Let’s take care of ourselves, help others wherever we can, and turn away from fear, the eternal enemy of freedom.