I have been nerdsniped by the dratted Russian hackers. Those darned “hackers”, causing trouble and getting people all excited about security. So now I’ve got to deal with thoughts and suggestions in my peripheral awareness, and remind myself that I’ve already done the work of threat modeling and risk analysis for my data and for our household. This is a thing that happens to us kind of a lot: some event gets people talking about a thing (infosec, disaster preparedness, whatever) and we haven’t been thinking or talking about that thing and we experience a moment of panic — oh shit, are we ready for that — and then we breathe and calm down because, yes, we have thought about that and we have a plan and we made decisions, which is why we haven’t been thinking or talking about it.
There are only two reasons I can see to use a VPN service. First, to get around IP based geolocation tracking, so you can get access to content (usually video) that is only available within a particular geopolitical area. Second, to prevent your ISP and/or other users of your local wifi network from knowing that you, Joe Internet User, are requesting content from embarrassingwebsite.com and illegalstuffpurveyors.com.
Once your “free” email provider has received a message for you and put it in your inbox, they’ve already processed that message and indexed it for your user-as-product profile. You know the saying, “If you can’t tell what the product is, you are the product,” well, when the service is free, then your attention is the product. Deleting your emails doesn’t mean that the service will forget that you received an email from Aunt Mary, or that you received a purchase receipt from Amazon. So either you care about that and you shouldn’t use a free email service, or you don’t and you should.
Whatever other evil / dodgy things Facebook may be doing, the implementation of their feed and the network of people to whom I’m connected is such that it is really an instance of “Anxiety as a Service”. My life is better without it. Twitter is just barely better, but at least I have software that lets me get my friends’ updates without having to subject myself to the algorithmic scrambling and hiding of tweets and the interstitial insertions of ads and sponsored tweets. So I can manage how much rage and anxiety I expose myself to. Mastodon is awesome because there’s nobody there and I can totally handle one update every other day.
You know what’s amazing? Not downloading random crap, not clicking on links in email, and not having every dang device in our house connected to the big bad Internet. If you don’t stick a computer in it, it can’t get a computer virus. It’s awfully difficult to hold my refrigerator hostage when the only wires going in are the electric mains. I am a grumpy old man, and I lived my life this long without being able to turn on my stove from across town. There are real problems that we had and which we solved with some IoT things, but every single Internet connected thing has a big hurdle to jump before it gets into the house: how will our lives change when, inevitably, the server to which it talks disappears? Because even in the extremely unlikely event that the device and server are never compromised by malware, the fly-by-night company that makes the thing is going to go tits-up in a few years and either disappear or be acquired by an evil monopoly. If you are going to be upset by any of those events, then don’t allow the thing into your network. At the very least, have a plan in place for what to do when the bad thing happens.