Corporate Surveillance - Data Sharing - Data Breaches - Account Linking

12 Considerations for Opening Your Next Account – Part 2

Intro

Have you ever opened an account and regretted it? Has your private data been used, abused, and breached? We have years of experience fighting with hundreds, if not thousands of different apps and services to harden, sanitize, delete sensitive information, and recover from data breaches.

In this episode, we share our insights from these experiences so you can hopefully avoid the pitfalls we and our clients have encountered over the years. More specifically, here in Part 2 of 2, we discuss:

  1. App and service providers may make it difficult or impossible to close your account or delete your data
  2. Many or most entities will be breached
  3. App and service providers may not actually be deleting your data when they’re supposed to
  4. Phone numbers for SMS two-factor authentication (2FA) being abused
  5. Usernames and email addresses revealing information and linking accounts
  6. Password recovery and other features revealing information about you

Take these considerations seriously when you consider opening your next account. We also discuss detailed action items for addressing these concerns, but caution listeners that some of the techniques detailed in this episode (fake information, email aliases, VOIP phone numbers, etc.) may not be appropriate or lawful in some jurisdictions or some circumstances. Some of the images presented in the video and blog content for this episode are AI-generated and provided for entertainment purposes only. 

See 12 Considerations for Opening Your Next Account – Part 1 if you haven’t already.

Podcast

1
00:00:00,000 –> 00:00:14,240
Hey everybody, welcome to the Bigger Insights Privacy & Security podcast.

2
00:00:14,240 –> 00:00:20,120
This episode is the second and final part of 12 Considerations for Opening Your Next

3
00:00:20,120 –> 00:00:21,320
Account.

4
00:00:21,320 –> 00:00:26,320
If you haven’t yet listened to Part 1, if you could go ahead and just do that, that

5
00:00:26,320 –> 00:00:28,460
would be great.

6
00:00:28,460 –> 00:00:34,760
We decided to record this episode today, so naturally all of my neighbors decided now

7
00:00:34,760 –> 00:00:42,080
would be the best time to fire up the old lawnmowers, leaf blowers, chainsaws, and woodchippers,

8
00:00:42,080 –> 00:00:44,400
so hopefully the noise doesn’t bother you guys.

9
00:00:44,400 –> 00:00:50,240
Alright, let’s do a quick recap to make sure we’re all on the same page.

10
00:00:50,240 –> 00:00:56,240
Making an account, which we’re really just referring to handing over any kind of personally-

11
00:00:56,240 –> 00:01:03,400
identifiable information to a third-party via an app or service, usually comes with risks

12
00:01:03,400 –> 00:01:10,960
and irreversible side effects that you should be mindful of before you open any new accounts.

13
00:01:10,960 –> 00:01:16,040
That could be revealing sensitive information that you can’t take back, getting your data

14
00:01:16,040 –> 00:01:22,480
leaked in a data breach, your irreplaceable data being deleted or taken away from you,

15
00:01:22,480 –> 00:01:23,480
etc.

16
00:01:23,480 –> 00:01:27,120
Alright, let’s get into it.

17
00:01:27,120 –> 00:01:33,640
Consideration #7: It can be very difficult or impossible to close an account.

18
00:01:33,640 –> 00:01:40,080
One of the consistent themes that people are having a hard time picking up on is how permanent

19
00:01:40,080 –> 00:01:43,600
handing over your information can be.

20
00:01:43,600 –> 00:01:48,800
If you’ve ever done what I’ve done, which is close hundreds of accounts, you’ll discover

21
00:01:48,800 –> 00:01:54,960
the hard way that some entities either won’t let you delete your account or data at all,

22
00:01:54,960 –> 00:02:01,440
or they just put up so many barriers that you give up and just not close your account.

23
00:02:01,440 –> 00:02:07,520
Another thing that we see that really grinds our gears is a lot of apps and services will

24
00:02:07,520 –> 00:02:12,760
only allow you to close your account if you’re a California resident and you can fill out

25
00:02:12,760 –> 00:02:18,880
a CCPA request. But as far as they’re concerned, everyone else can go pound sand.

26
00:02:18,880 –> 00:02:25,600
Which by the way, pro tip: Avoid companies that make it difficult or impossible to cancel

27
00:02:25,600 –> 00:02:30,680
your subscription or delete your account like the plague.

28
00:02:30,680 –> 00:02:37,520
This is a red flag that’s practically 100% consistent with garbage companies.

29
00:02:37,520 –> 00:02:39,880
Let’s go over some examples.

30
00:02:39,880 –> 00:02:44,840
Let’s compare NordVPN to Proton VPN, for example.

31
00:02:44,840 –> 00:02:51,480
Now we like Proton VPN, but if you want to delete your Proton account, you log in, you

32
00:02:51,480 –> 00:02:56,400
go to account settings or whatever they call it, there’s a little red button that says

33
00:02:56,400 –> 00:03:00,720
something like Delete My Account or Close My Account or something like that.

34
00:03:00,720 –> 00:03:05,320
You press that, it’s just a few clicks from there and then you’re done.

35
00:03:05,320 –> 00:03:11,760
Now if you contrast that with NordVPN, at least last time we checked in 2022, they make you

36
00:03:11,760 –> 00:03:18,560
fill out a customer service request form with something like six to eight pieces of information

37
00:03:18,560 –> 00:03:25,160
on it, including payment details, just to ask them to close your account.

38
00:03:25,160 –> 00:03:29,880
They could obviously just put a button in your account like Proton does, but they don’t

39
00:03:29,880 –> 00:03:34,840
want to do that because they know their service is inferior and they want to do what they

40
00:03:34,840 –> 00:03:38,320
can to discourage you from leaving.

41
00:03:38,320 –> 00:03:43,760
And along those lines, NordVPN does a lot of other things that we don’t like or agree

42
00:03:43,760 –> 00:03:48,880
with, so we’ll probably talk about that in a future episode.

43
00:03:48,880 –> 00:03:53,600
Webroot, which is an antivirus company, does the same thing.

44
00:03:53,600 –> 00:03:58,120
If you want to close your account, what you do is you go on their website, you log into

45
00:03:58,120 –> 00:04:03,560
your account, and then there’s a link to a customer service request form.

46
00:04:03,560 –> 00:04:09,560
And they also ask you about six pieces of information, including your credit card information,

47
00:04:09,560 –> 00:04:11,520
just to close your account.

48
00:04:11,520 –> 00:04:18,000
We read somewhere on Intuit’s website that they claim that they do not allow customers

49
00:04:18,000 –> 00:04:24,160
to close their accounts. Which I don’t know if that’s just old or what, but about 95%

50
00:04:24,160 –> 00:04:28,840
certain that I have deleted an Intuit account in the past, so I’m not quite sure what they’re

51
00:04:28,840 –> 00:04:31,080
talking about there.

52
00:04:31,080 –> 00:04:36,960
We’ve also deleted Instasham accounts before, but that was a pretty frustrating process

53
00:04:36,960 –> 00:04:42,760
because we actually had to do, you know, a fair bit of web searching to figure out just

54
00:04:42,760 –> 00:04:45,440
where the link is to do that.

55
00:04:45,440 –> 00:04:51,200
I think it’s like buried in their help documentation or something really strange like that.

56
00:04:51,200 –> 00:04:59,640
I remember specifically that I did a web search like “how to delete an Instagram account” and

57
00:04:59,640 –> 00:05:06,400
pretty much all of the search results that came up on DuckDuckGo were “how to delete an

58
00:05:06,400 –> 00:05:08,320
Instagram post”.

59
00:05:08,320 –> 00:05:14,640
So it took me a while, but eventually I found an article that showed where they hid this

60
00:05:14,640 –> 00:05:19,280
featured where you can request that they delete your account.

61
00:05:19,280 –> 00:05:23,840
And again, this is another company that we have a lot of problems with and we really

62
00:05:23,840 –> 00:05:29,960
don’t like and, you know, like I said, this is a major red flag that’s very consistent

63
00:05:29,960 –> 00:05:31,400
with these companies.

64
00:05:31,400 –> 00:05:35,400
They want to do what they can to prevent you from leaving.

65
00:05:35,400 –> 00:05:42,560
That’s a very bad sign. Because if they provided you with a great product or service that really

66
00:05:42,560 –> 00:05:45,080
served you, they wouldn’t care.

67
00:05:45,080 –> 00:05:48,800
They would let you do whatever you want because at the end of the day, why would you want

68
00:05:48,800 –> 00:05:52,440
to leave anyway if it was good?

69
00:05:52,440 –> 00:05:57,440
Consideration #8: Many services will be breached.

70
00:05:57,440 –> 00:06:02,040
Now to be conservative, we like to assume that everyone’s going to get breached at some

71
00:06:02,040 –> 00:06:03,040
point.

72
00:06:03,040 –> 00:06:07,680
So we think of this more as a question of “when” not “if”.

73
00:06:07,680 –> 00:06:12,860
So when you’re making an account, you should think critically about what information you’re

74
00:06:12,860 –> 00:06:19,440
providing and what information they’re collecting about you, like your IP address, for example,

75
00:06:19,440 –> 00:06:25,120
and think about what that would mean for you if they got breached and that information

76
00:06:25,120 –> 00:06:27,620
became open to the public.

77
00:06:27,620 –> 00:06:33,360
The conclusion we draw from that is you should give non-personally-identifiable information

78
00:06:33,360 –> 00:06:35,240
when you can.

79
00:06:35,240 –> 00:06:40,720
You obviously need to be careful about doing that because certain entities like banks,

80
00:06:40,720 –> 00:06:47,240
insurance companies, utilities, and government accounts will require your real information.

81
00:06:47,240 –> 00:06:53,520
But even in that case, you can still do things like not provide optional information, use

82
00:06:53,520 –> 00:06:59,960
a second phone number that isn’t publicly known to be yours, or give them an email alias.

83
00:06:59,960 –> 00:07:05,200
In that case, if they do get breached, some of your real information will probably be

84
00:07:05,200 –> 00:07:09,840
exposed, but you can at least reduce the damage with some of these techniques.

85
00:07:09,840 –> 00:07:16,080
But most other things like games and forums and whatnot, they really don’t need to know

86
00:07:16,080 –> 00:07:17,680
your real information.

87
00:07:17,680 –> 00:07:19,280
So don’t give it to them.

88
00:07:19,280 –> 00:07:25,000
And like I said, you should probably assume that any service that you use will get breached

89
00:07:25,000 –> 00:07:26,000
at some point.

90
00:07:26,000 –> 00:07:30,720
So you need to be very careful about what information you expose to them.

91
00:07:30,720 –> 00:07:36,200
It’s very clear to us that a lot of people aren’t getting it because every time we see

92
00:07:36,200 –> 00:07:42,120
some adult site or something sensitive like that, that gets breached, there’s a lot of

93
00:07:42,120 –> 00:07:48,040
panic from users who seem to be under the impression that their data would always be

94
00:07:48,040 –> 00:07:50,120
kept private.

95
00:07:50,120 –> 00:07:51,680
Let’s go over some examples.

96
00:07:51,680 –> 00:07:58,560
I was reviewing a long list of data breaches a little while ago, when I came across a site

97
00:07:58,560 –> 00:08:04,400
with a name that caught my eye. I’m not going to say what it was because we’re trying to

98
00:08:04,400 –> 00:08:07,360
keep this friendly to younger audience members.

99
00:08:07,360 –> 00:08:13,200
But when I saw the name, I thought to myself, “I can only think of one thing that this name

100
00:08:13,200 –> 00:08:17,840
can mean. Please tell me that this isn’t what I think it is.”

101
00:08:17,840 –> 00:08:24,400
So I looked it up on Wikipedia, and it was indeed what I thought it was. It was some

102
00:08:24,400 –> 00:08:27,560
kind of adult fetish site.

103
00:08:27,560 –> 00:08:32,880
But the point is that they got breached and leaked their users information.

104
00:08:32,880 –> 00:08:39,480
This is not the kind of extracurricular activity that you want associated with your identity.

105
00:08:39,480 –> 00:08:44,600
But I’d bet that if you were to contact these users, they’d probably be pretty upset and

106
00:08:44,600 –> 00:08:46,880
surprised that this happened.

107
00:08:46,880 –> 00:08:50,380
I’ll give you another example: Ashley Madison.

108
00:08:50,380 –> 00:08:56,320
This is marketed as a dating service for married people to have affairs.

109
00:08:56,320 –> 00:09:02,840
So obviously, something that you would want to keep private. It is still around

110
00:09:02,840 –> 00:09:03,840
surprisingly.

111
00:09:03,840 –> 00:09:09,760
But they got hacked several years ago, I think in 2015. The hackers held their company and

112
00:09:09,760 –> 00:09:11,880
user data hostage.

113
00:09:11,880 –> 00:09:16,160
I’m pretty sure that they wanted them to shut down for ethical reasons or something like

114
00:09:16,160 –> 00:09:17,160
that.

115
00:09:17,160 –> 00:09:23,200
Naturally, Ashley Madison refused to do that, so the hackers publicly dumped all of that

116
00:09:23,200 –> 00:09:24,200
data.

117
00:09:24,200 –> 00:09:29,080
And as you might imagine, this was a real disaster for a lot of their users.

118
00:09:29,080 –> 00:09:34,360
I mean, first of all, who wants to be known as someone who’s interested in having an

119
00:09:34,360 –> 00:09:35,360
affair?

120
00:09:35,360 –> 00:09:41,840
Their spouse obviously won’t appreciate that, but that’s just not a good look in general.

121
00:09:41,840 –> 00:09:47,200
Researchers have poured through this data and discovered things like business emails,

122
00:09:47,200 –> 00:09:54,600
military emails, users including TV stars, politicians, church members, and so on.

123
00:09:54,600 –> 00:09:57,360
And this is a big deal for a lot of these people.

124
00:09:57,360 –> 00:10:05,040
I mean, first of all, at least from what I’ve read, infidelity is a big issue in the military.

125
00:10:05,040 –> 00:10:07,760
I think you can actually be punished for that.

126
00:10:07,760 –> 00:10:13,960
So yeah, don’t use your military business or government email address for personal things

127
00:10:13,960 –> 00:10:20,120
in general, let alone for something like a dating site for cheating on your spouse.

128
00:10:20,120 –> 00:10:23,160
This is just OPSEC 101.

129
00:10:23,160 –> 00:10:28,880
And if you think that I’m just blowing this out of proportion, just be aware, some users

130
00:10:28,880 –> 00:10:34,480
have literally taken their own lives as a result of this data breach.

131
00:10:34,480 –> 00:10:40,520
And from what I’ve read recently, Ashley Madison users caught up in this data breach are still

132
00:10:40,520 –> 00:10:46,840
being blackmailed by bad actors who have access to this data all these years later.

133
00:10:46,840 –> 00:10:49,680
So just let that sink in for a minute.

134
00:10:49,680 –> 00:10:55,920
Data breaches have literally resulted in people getting divorced, getting fired, and

135
00:10:55,920 –> 00:10:57,640
in their deaths.

136
00:10:57,640 –> 00:11:03,720
So when we say take this stuff seriously, we’re not just being hyperbolic.

137
00:11:03,720 –> 00:11:09,160
If you haven’t been paying attention, you might not realize how pervasive this problem

138
00:11:09,160 –> 00:11:10,160
actually is.

139
00:11:10,160 –> 00:11:16,680
I’m going to list off just a few data breaches, and we would bet that this exposes potentially

140
00:11:16,680 –> 00:11:25,440
sensitive information about everybody listening to this episode: Fecesbook, LinkedIn, MySpace,

141
00:11:25,440 –> 00:11:32,600
Equifax, Experian, Anthem, and even the IRS have all had data breaches.

142
00:11:32,600 –> 00:11:36,880
Those are just a few out of the thousands of data breaches that have occurred over the

143
00:11:36,880 –> 00:11:42,160
past few years, and that includes literally billions of people.

144
00:11:42,160 –> 00:11:48,440
And I hate to say it, but we’re of the opinion that this problem is just getting started.

145
00:11:48,440 –> 00:11:53,720
You might be aware that ransomware is becoming very popular, but you might not realize how

146
00:11:53,720 –> 00:12:00,280
it has evolved. Ransomware used to just be an annoyance. It would lock your files indefinitely

147
00:12:00,280 –> 00:12:01,800
until you paid.

148
00:12:01,800 –> 00:12:08,160
However, ransomware purveyors have learned that a lot of people just don’t pay and either

149
00:12:08,160 –> 00:12:12,400
do without their data or restore from backups.

150
00:12:12,400 –> 00:12:19,160
So what a lot of ransomware does now these days is it steals the data first and then

151
00:12:19,160 –> 00:12:20,680
encrypts it.

152
00:12:20,680 –> 00:12:27,040
So if you refuse to pay, the additional threat now is that your data will be exposed online.

153
00:12:27,040 –> 00:12:32,440
Now that might just be internal company data, but there’s a good chance that some of that

154
00:12:32,440 –> 00:12:35,480
data will be your information.

155
00:12:35,480 –> 00:12:43,080
Many entities have such poor security practices that all it takes is one employee opening

156
00:12:43,080 –> 00:12:48,840
an infected email attachment to get the company infected with ransomware.

157
00:12:48,840 –> 00:12:51,400
So we’re very concerned about this.

158
00:12:51,400 –> 00:12:57,760
And we believe that almost every account that you have will be involved in a data breach

159
00:12:57,760 –> 00:12:59,800
at some point in the future.

160
00:12:59,800 –> 00:13:07,600
All right, Consideration #9: Deleting your data might not actually delete your data.

161
00:13:07,600 –> 00:13:14,720
When you’re using an app or a service that has your data, like photos, videos, or emails,

162
00:13:14,720 –> 00:13:19,720
and you delete them, do you ever wonder to yourself whether they’re actually being deleted

163
00:13:19,720 –> 00:13:21,880
or if they’re just being hidden from you?

164
00:13:21,880 –> 00:13:28,320
Well, we wonder that as well, and we tell our clients to be skeptical about this.

165
00:13:28,320 –> 00:13:35,240
So if you’re using a service that has direct access to your photos, emails, or other data,

166
00:13:35,240 –> 00:13:40,680
just be mindful of the risk that they might not actually be deleting your data from their

167
00:13:40,680 –> 00:13:44,800
servers when you delete them from the user interface.

168
00:13:44,800 –> 00:13:47,320
Let me share some examples with you.

169
00:13:47,320 –> 00:13:53,600
So a number of years ago, Dropbox users started reporting an issue where they were seeing

170
00:13:53,600 –> 00:14:00,920
files reappear in their Dropbox account that they had deleted literally years ago.

171
00:14:00,920 –> 00:14:07,120
Now Dropbox claims that this was just a bug or something like that, which it might be.

172
00:14:07,120 –> 00:14:12,640
But at the end of the day, it proves that people thought that when they were deleting

173
00:14:12,640 –> 00:14:16,680
their files from Dropbox, that they weren’t actually being deleted,

174
00:14:16,680 –> 00:14:19,720
and this is a risk that you need to be aware of.

175
00:14:19,720 –> 00:14:25,840
I was talking to a client last year, and he told me that out of the blue one day, he went

176
00:14:25,840 –> 00:14:31,120
into one of his email accounts and literally thousands of emails that he’s been deleting

177
00:14:31,120 –> 00:14:36,840
over the past year or so mysteriously reappeared back in his inbox.

178
00:14:36,840 –> 00:14:43,120
And these were not emails that just moved from the trash folder to the inbox folder.

179
00:14:43,120 –> 00:14:47,600
These are emails that were supposed to be gone and deleted.

180
00:14:47,600 –> 00:14:49,520
I’ll give you another example.

181
00:14:49,520 –> 00:14:53,600
I deleted a Photobucket account a while ago.

182
00:14:53,600 –> 00:14:56,600
I opened it like 20 years ago or something.

183
00:14:56,600 –> 00:15:02,280
And, and yes, it does still exist in case you’re wondering. But I deleted my account

184
00:15:02,280 –> 00:15:06,320
and they told me that my account and my information was deleted.

185
00:15:06,320 –> 00:15:13,400
So just for kicks, I decided to go back into the site and do a password reset to see if

186
00:15:13,400 –> 00:15:15,600
that was in fact true.

187
00:15:15,600 –> 00:15:21,440
So they sent me an email that said something like, “Hello, Bob”. You know, my name’s not

188
00:15:21,440 –> 00:15:25,640
really Bob, but they said my real name in this email.

189
00:15:25,640 –> 00:15:30,520
And I’m thinking to myself, “Well, how do you know my name if you deleted my account and

190
00:15:30,520 –> 00:15:31,520
data?”

191
00:15:31,520 –> 00:15:35,920
And, you know, if you look this up online, you’ll find tons of examples like this.

192
00:15:35,920 –> 00:15:42,000
So the point of this Consideration is just assume that whatever information you hand

193
00:15:42,000 –> 00:15:46,160
out to companies like this, they’re not going to delete it.

194
00:15:46,160 –> 00:15:49,760
Even if they say that it’s deleted, it’s probably not, it might still be sitting on

195
00:15:49,760 –> 00:15:51,880
their server somewhere.

196
00:15:51,880 –> 00:15:56,000
This is a very frustrating issue that can cause a lot of problems.

197
00:15:56,000 –> 00:16:01,920
For example, I used to have a LastPass account, which I deleted years ago because we really

198
00:16:01,920 –> 00:16:08,220
don’t like that service and we think that people should ditch it for KeePass or Bitwarden.

199
00:16:08,220 –> 00:16:13,600
We have a separate podcast episode and blog post for that, which we published a while

200
00:16:13,600 –> 00:16:16,720
back so you can check that out if you’re interested.

201
00:16:16,720 –> 00:16:23,280
But the email address that I was using with my LastPass account was unique to that service.

202
00:16:23,280 –> 00:16:28,680
So after I deleted my last pass account, I deleted that email address as well.

203
00:16:28,680 –> 00:16:36,520
So after that happened, LastPass got hacked and they leaked some user data and their vaults.

204
00:16:36,520 –> 00:16:41,640
So what I’m worried about now is that, let’s just say for example, and I don’t know if

205
00:16:41,640 –> 00:16:42,640
this happened.

206
00:16:42,640 –> 00:16:48,040
I’m not saying that this happened, but if it was the case that LastPass didn’t actually

207
00:16:48,040 –> 00:16:53,280
delete my information like they said that they would, and my information was caught

208
00:16:53,280 –> 00:16:57,440
up in this data breach, they wouldn’t have any way to contact me.

209
00:16:57,440 –> 00:17:01,880
So I wouldn’t even know that my information is in this data breach.

210
00:17:01,880 –> 00:17:07,840
I’ve also had my information exposed in a data breach that one of my former employers

211
00:17:07,840 –> 00:17:09,080
experienced.

212
00:17:09,080 –> 00:17:14,280
They sent me a letter in the mail explaining what happened, but the most disturbing part

213
00:17:14,280 –> 00:17:21,040
about this is I hadn’t worked for this company in over 10 years, but they were still passing

214
00:17:21,040 –> 00:17:26,440
my information around insecurely more than a decade later.

215
00:17:26,440 –> 00:17:32,960
That just goes to show you how permanent sharing your information can be.

216
00:17:32,960 –> 00:17:39,680
Consideration #10: Two-factor authentication (2FA) contact information abuse.

217
00:17:39,680 –> 00:17:45,320
Have you ever opened an account and went through the security settings and came across the

218
00:17:45,320 –> 00:17:50,360
two-factor authentication section and noticed something kind of interesting?

219
00:17:50,360 –> 00:17:54,360
There’s only one option and that’s SMS.

220
00:17:54,360 –> 00:18:00,160
This is a very common problem, but have you ever stopped and wondered why so many apps

221
00:18:00,160 –> 00:18:02,560
and services do this?

222
00:18:02,560 –> 00:18:09,080
We are of the opinion that they do this so they can collect your phone number and use

223
00:18:09,080 –> 00:18:16,000
it to identify who exactly you are and start linking your other accounts and other systems

224
00:18:16,000 –> 00:18:20,520
together and sharing your information with those systems.

225
00:18:20,520 –> 00:18:25,960
Now that might sound kind of tinfoil hat for some of you, but just keep a few things in

226
00:18:25,960 –> 00:18:26,960
mind.

227
00:18:26,960 –> 00:18:31,600
One of them is those little shortcode phone numbers that these companies are using to

228
00:18:31,600 –> 00:18:36,240
send out those notifications are very, very expensive.

229
00:18:36,240 –> 00:18:43,040
I couldn’t believe it when I saw it and I apologize if I’m not remembering this correctly,

230
00:18:43,040 –> 00:18:50,240
but a little while ago I was in the AWS website, because you can pay for an SMS service in

231
00:18:50,240 –> 00:18:57,080
AWS where they’ll give you a shortcode phone number like this, and it was thousands of dollars

232
00:18:57,080 –> 00:18:59,040
per month.

233
00:18:59,040 –> 00:19:04,400
So if you don’t believe me when I say that they’re giving you SMS as the only option

234
00:19:04,400 –> 00:19:11,040
so that they can identify and creep on you, let me ask you this: Why would they do this?

235
00:19:11,040 –> 00:19:15,800
Why would they pay thousands of dollars a month for a shortcode phone number to send

236
00:19:15,800 –> 00:19:23,680
you your 2FA codes, which by the way, SMS is extremely insecure and it’s expensive.

237
00:19:23,680 –> 00:19:29,720
Why would they do this when they could do something like TOTP practically for free?

238
00:19:29,720 –> 00:19:33,920
You know, also consider that Twitter was sued.

239
00:19:33,920 –> 00:19:38,320
I’m pretty sure that they were sued in a class-action lawsuit for doing this.

240
00:19:38,320 –> 00:19:43,280
So when users were setting up 2FA on Twitter, they were, you know, obviously giving Twitter

241
00:19:43,280 –> 00:19:49,160
their phone number and Twitter was using this for their targeted advertising.

242
00:19:49,160 –> 00:19:52,280
We’ve caught Trello doing this as well.

243
00:19:52,280 –> 00:19:57,120
If you’re not familiar with Trello, it’s like a productivity app that’s, it’s actually

244
00:19:57,120 –> 00:19:58,680
pretty popular.

245
00:19:58,680 –> 00:20:04,040
It’s owned by Atlassian now. But, you might have heard of this in one of our other episodes,

246
00:20:04,040 –> 00:20:11,960
but I remember one day they sent on the email and said that they added 2FA and the only

247
00:20:11,960 –> 00:20:15,560
option that they provided was SMS.

248
00:20:15,560 –> 00:20:21,240
And then sometime after that, I found out that Trello was sending, you know, what appeared

249
00:20:21,240 –> 00:20:26,320
to be a tremendous amount of information over to Fecesbook.

250
00:20:26,320 –> 00:20:33,000
And I know for a fact that a lot of companies do this with certain identifiers. You know,

251
00:20:33,000 –> 00:20:37,720
they can’t just send bulk, raw data to Fecesbook.

252
00:20:37,720 –> 00:20:43,040
They want to send it data that’s tied to a specific identity.

253
00:20:43,040 –> 00:20:44,200
And how did they do that,

254
00:20:44,200 –> 00:20:47,880
you might be wondering? Because, you know, at the end of the day, there are a lot of

255
00:20:47,880 –> 00:20:51,800
people who have the same name, so that’s not very reliable.

256
00:20:51,800 –> 00:20:57,560
They use things like phone numbers, email addresses, and other identifiers that are unique to a

257
00:20:57,560 –> 00:21:01,800
person to link their accounts and activities together.

258
00:21:01,800 –> 00:21:08,200
So for this Consideration, just be aware that if you’re using an app or service and they

259
00:21:08,200 –> 00:21:15,040
provide SMS as one of, if not the only two-factor authentication option, you should really

260
00:21:15,040 –> 00:21:20,000
think twice about giving them your phone number, especially if it’s a service that doesn’t need

261
00:21:20,000 –> 00:21:22,320
to know who you are.

262
00:21:22,320 –> 00:21:26,760
If it’s an account that, you know, doesn’t really have your personal information anyway

263
00:21:26,760 –> 00:21:32,560
and isn’t that important to you, like it’s a game forum or something, you know, we

264
00:21:32,560 –> 00:21:38,080
would strongly suggest considering just not turning on two-factor authentication if they’re

265
00:21:38,080 –> 00:21:41,480
only going to give you SMS as an option.

266
00:21:41,480 –> 00:21:46,200
You know, if you use something like an email alias that no one’s ever seen before, and

267
00:21:46,200 –> 00:21:50,800
a very strong password, that’s going to be quite secure.

268
00:21:50,800 –> 00:21:55,040
And if that’s going to be a problem for you for one reason or another, we would strongly

269
00:21:55,040 –> 00:22:02,240
suggest that you just consider, you know, choosing an alternative that doesn’t have this problem.

270
00:22:02,240 –> 00:22:08,160
Because this might not sound like a big deal to you, but we see this as a red flag.

271
00:22:08,160 –> 00:22:14,240
If a company is only going to give you SMS as your two-factor authentication option,

272
00:22:14,240 –> 00:22:18,800
we’re of the opinion that they’re probably doing other things behind the scenes with

273
00:22:18,800 –> 00:22:22,240
your data that you wouldn’t agree with.

274
00:22:22,240 –> 00:22:26,880
And Trello is a perfect example of that, you know, you’re giving them your phone number

275
00:22:26,880 –> 00:22:30,840
and you think that all you’re doing is making yourself more secure.

276
00:22:30,840 –> 00:22:37,480
But basically what you’re doing is opening the door for them to send your private information,

277
00:22:37,480 –> 00:22:43,520
like what you’re writing into Trello, over to a creepy company like Fecesbook.

278
00:22:43,520 –> 00:22:50,560
Consideration #11: Be mindful of the potential of your user names revealing more

279
00:22:50,560 –> 00:22:56,240
information about you than you realize and being used to link your accounts together.

280
00:22:56,240 –> 00:23:03,120
You know, in addition to just Google or DuckDuckGo or StartPage search results or something,

281
00:23:03,120 –> 00:23:08,440
there are websites out there where you can type in people’s user names and see, you know,

282
00:23:08,440 –> 00:23:14,920
in some cases, dozens or hundreds of websites and apps and services that they use because

283
00:23:14,920 –> 00:23:20,360
they can see that those accounts are registered to your username.

284
00:23:20,360 –> 00:23:25,440
Now if somebody is trying to DOX you or harass you or breach your accounts or something like

285
00:23:25,440 –> 00:23:28,520
that, this can be a very useful tool.

286
00:23:28,520 –> 00:23:34,960
So we recommend to our clients that they use unique usernames where they can. Just sit

287
00:23:34,960 –> 00:23:41,200
down sometime and take a look at your usernames and try to see how others will interpret

288
00:23:41,200 –> 00:23:42,520
them.

289
00:23:42,520 –> 00:23:46,240
What information are you revealing about yourself?

290
00:23:46,240 –> 00:23:50,280
What might others assume about you from your username?

291
00:23:50,280 –> 00:23:55,040
Let me give you some examples. And I’m completely making this username up,

292
00:23:55,040 –> 00:24:02,480
so I apologize if this is a real person. But let’s suppose to your username is soccergirl93.

293
00:24:02,480 –> 00:24:06,400
What might we assume about the person behind this username?

294
00:24:06,400 –> 00:24:12,320
They are a girl who likes or plays soccer and was born in 1993, right?

295
00:24:12,320 –> 00:24:19,960
So that might not sound like a big deal to you. But if someone has soccergirl93’s information,

296
00:24:19,960 –> 00:24:25,120
they might want to do something like harass her or raid her bank accounts.

297
00:24:25,120 –> 00:24:30,640
This information could be used to identify her and gather more information about her

298
00:24:30,640 –> 00:24:33,320
to make those attacks possible.

299
00:24:33,320 –> 00:24:39,080
So for example, if an attacker needs to know her birthday to breach one of her accounts,

300
00:24:39,080 –> 00:24:45,240
they would assume that the year is 1993 and might be able to use that information to get

301
00:24:45,240 –> 00:24:50,160
the day and month from another source like Fecesbook, for example.

302
00:24:50,160 –> 00:24:55,240
But security risks aside, what about simple misinterpretation?

303
00:24:55,240 –> 00:25:01,240
There is a funny scene on the office where Michael Scott was choosing a username for

304
00:25:01,240 –> 00:25:03,960
a dating site or something like that.

305
00:25:03,960 –> 00:25:09,880
And if I recall correctly, I believe he was in a phase in his life where he really wanted

306
00:25:09,880 –> 00:25:11,480
to have kids.

307
00:25:11,480 –> 00:25:17,320
So he ended up settling on the username, LittleKidLover. Which is pretty hilarious

308
00:25:17,320 –> 00:25:22,800
because if you’re on a dating site and you see some guy and his username is LittleKidLover,

309
00:25:22,800 –> 00:25:30,240
there’s obviously different ways of interpreting just exactly what that means.

310
00:25:30,240 –> 00:25:37,760
And just as another example, which I acknowledge is not exactly a username, but is still relevant.

311
00:25:37,760 –> 00:25:44,080
I saw this report on the news many years ago about some lady’s license plate.

312
00:25:44,080 –> 00:25:53,160
I don’t remember the exact spelling, but it was something like ILUVTOFU.

313
00:25:53,160 –> 00:25:58,600
It must have been a slow news day or something because I don’t understand how people can

314
00:25:58,600 –> 00:26:04,360
be this sensitive over something so trivial, but it was made into a new story because people

315
00:26:04,360 –> 00:26:11,080
were interpreting that and getting upset as saying “I love to F-U”.

316
00:26:11,080 –> 00:26:16,920
But the lady who owned the car said that it meant “I love tofu”.

317
00:26:16,920 –> 00:26:17,920
You see what I mean?

318
00:26:17,920 –> 00:26:24,160
So when you choose a username or an email address, just make sure it isn’t either revealing

319
00:26:24,160 –> 00:26:30,640
sensitive information or is at risk of being misinterpreted as something as you wouldn’t

320
00:26:30,640 –> 00:26:34,760
want. To address both of these concerns,

321
00:26:34,760 –> 00:26:40,560
we recommend just using random letters and numbers for your usernames and email addresses,

322
00:26:40,560 –> 00:26:46,320
but we would caution that you should only do this if you’re using a good password manager

323
00:26:46,320 –> 00:26:49,320
so that you don’t have to remember them all.

324
00:26:49,320 –> 00:26:53,560
And the final thing that we’ll say on this Consideration is that if you’re still not

325
00:26:53,560 –> 00:27:00,200
taking this one seriously, just be aware that many apps and services make profile information

326
00:27:00,200 –> 00:27:02,880
public by default.

327
00:27:02,880 –> 00:27:09,360
I’m not going to say what it was, but I did a web search some time ago for some of the

328
00:27:09,360 –> 00:27:16,880
old usernames that I used to use and was pretty shocked to see that some stupid app that one

329
00:27:16,880 –> 00:27:24,200
of my exes had me join many, many years ago, had made my account public for years without

330
00:27:24,200 –> 00:27:25,920
my knowledge.

331
00:27:25,920 –> 00:27:32,080
I obviously deleted that. But just be aware that this is quite common these days because

332
00:27:32,080 –> 00:27:39,840
app developers use this for SEO and to make their app appear like it’s the hip and happening

333
00:27:39,840 –> 00:27:45,320
place where all the cool kids are, despite the fact that this can be very damaging and

334
00:27:45,320 –> 00:27:48,040
dangerous for their users.

335
00:27:48,040 –> 00:27:54,320
Also keep in mind that some of these systems where you have things like friends lists or

336
00:27:54,320 –> 00:28:01,880
people you follow or whatever, if they have a tool where you can export your data, sometimes

337
00:28:01,880 –> 00:28:09,560
that data can include email address or other contact information for you or the people in

338
00:28:09,560 –> 00:28:15,240
your contact list, even if they’re not exposing that on their profile.

339
00:28:15,240 –> 00:28:20,680
If you have a LinkedIn account, there is actually an explicit setting where you can

340
00:28:20,680 –> 00:28:28,200
either enable or disable letting your email address be included in other people’s data

341
00:28:28,200 –> 00:28:30,000
downloads.

342
00:28:30,000 –> 00:28:32,680
I don’t remember what the default option is.

343
00:28:32,680 –> 00:28:38,800
I think it might be allowed by default, but you know, you might not want anybody to know

344
00:28:38,800 –> 00:28:43,960
what email address you’re using for your LinkedIn account. But be aware that if this is turned

345
00:28:43,960 –> 00:28:50,000
on for you, when somebody in their contacts list dumps their data from LinkedIn, that could

346
00:28:50,000 –> 00:28:54,600
include your email address, even though you’re not exposing it to them directly through your

347
00:28:54,600 –> 00:28:55,600
profile.

348
00:28:55,600 –> 00:29:01,680
I could be wrong about this, but I’m pretty sure that Fecesbook does the same thing.

349
00:29:01,680 –> 00:29:08,080
The 12th and final Consideration, which I’ll admit is a bit more of an edge case than the

350
00:29:08,080 –> 00:29:15,720
others, is that #12: Password recovery and other features of certain websites and services

351
00:29:15,720 –> 00:29:20,040
can be used to reveal information about you.

352
00:29:20,040 –> 00:29:26,400
I’ve seen numerous websites that will, for example, show an error message like, “This

353
00:29:26,400 –> 00:29:32,360
user does not exist” when you type in an email address or username that’s not registered,

354
00:29:32,360 –> 00:29:38,000
but they won’t say anything if the user is registered, which implies that the user is

355
00:29:38,000 –> 00:29:40,280
in fact registered there.

356
00:29:40,280 –> 00:29:46,480
This is pretty niche, but this is a technique that bad actors can use to try to identify

357
00:29:46,480 –> 00:29:50,200
if you have an account somewhere for one reason or another.

358
00:29:50,200 –> 00:29:54,560
That could be blackmail or that could be trying to breach your accounts or something like

359
00:29:54,560 –> 00:29:55,560
that.

360
00:29:55,560 –> 00:30:01,800
Let’s just say, for example, that your neighbor had a problem with you and he knows what email

361
00:30:01,800 –> 00:30:03,880
address that you use for everything.

362
00:30:03,880 –> 00:30:10,240
Well, if he types that into Ashley Madison and it reveals that you have an account there,

363
00:30:10,240 –> 00:30:15,880
he could then use that to rat you out to your spouse or try to get you fired or something

364
00:30:15,880 –> 00:30:16,880
like that.

365
00:30:16,880 –> 00:30:23,200
So, you know, like I said, this is pretty niche, but the lesson here is again, use unique

366
00:30:23,200 –> 00:30:29,200
email addresses and usernames to make it more difficult for people to exploit you.

367
00:30:29,200 –> 00:30:34,360
All right, so to start wrapping this up, let’s go over some action items.

368
00:30:34,360 –> 00:30:39,360
The first being, be very stingy about opening new accounts.

369
00:30:39,360 –> 00:30:43,200
If you don’t need it, consider just not opening it.

370
00:30:43,200 –> 00:30:47,800
Every account that you open introduces some level of risk.

371
00:30:47,800 –> 00:30:52,040
Even if you’re not giving them sensitive information, you still need to account for

372
00:30:52,040 –> 00:30:57,440
the fact that they might be collecting information from you, whether you like it or not.

373
00:30:57,440 –> 00:31:01,960
That could be your browsing habits, you know, what you look at, what you click on, what

374
00:31:01,960 –> 00:31:08,080
your IP address is, what kind of devices and browsers you’re using, what their fingerprints

375
00:31:08,080 –> 00:31:09,080
are.

376
00:31:09,080 –> 00:31:13,760
There’s all kinds of information that an app or service might be able to collect that you

377
00:31:13,760 –> 00:31:16,320
might not even be aware of.

378
00:31:16,320 –> 00:31:22,320
We’re probably going to be doing an episode on this in the future, but digital minimalism

379
00:31:22,320 –> 00:31:23,960
is your friend.

380
00:31:23,960 –> 00:31:28,800
Fecesbook, Instasham and TikTok are not your friends.

381
00:31:28,800 –> 00:31:35,240
There’s a growing body of evidence that people are being overwhelmed by technology, which

382
00:31:35,240 –> 00:31:42,720
can have a detrimental impact on their mental health, productivity, career, and relationships.

383
00:31:42,720 –> 00:31:48,640
So even if you don’t care about the privacy and security implications that we’ve discussed

384
00:31:48,640 –> 00:31:54,600
in this episode, abstaining from opening new accounts that you don’t really need can do

385
00:31:54,600 –> 00:31:58,280
you a lot of good on this front as well.

386
00:31:58,280 –> 00:32:04,040
And in addition to that, account maintenance is a real thing and it can be extremely time

387
00:32:04,040 –> 00:32:05,400
consuming.

388
00:32:05,400 –> 00:32:09,480
You know, if you’ve ever been involved in a data breach or you just want to change your

389
00:32:09,480 –> 00:32:14,600
phone number or email address for one reason or another, think about how time-consuming

390
00:32:14,600 –> 00:32:21,640
that can be to go through, you know, dozens or hundreds of accounts to update your information.

391
00:32:21,640 –> 00:32:25,680
It’s kind of like you don’t realize how much crap you have until you need to move.

392
00:32:25,680 –> 00:32:30,440
And then all of a sudden you’ve got like closets just absolutely full of junk that

393
00:32:30,440 –> 00:32:33,200
take you a day to sort through.

394
00:32:33,200 –> 00:32:35,560
You know, it’s the same thing with your accounts.

395
00:32:35,560 –> 00:32:42,480
If you pile up, you know, hundreds of accounts over the years, just keep in mind that maintenance

396
00:32:42,480 –> 00:32:48,120
is a real thing which will consume a lot of your time if you’re keeping up with things.

397
00:32:48,120 –> 00:32:54,120
Just take LastPass users, for example, you know, LastPass got breached and the vaults

398
00:32:54,120 –> 00:32:57,360
of their users got stolen by hackers.

399
00:32:57,360 –> 00:33:03,040
So what all of those users should be doing is going through every account that’s in their

400
00:33:03,040 –> 00:33:07,800
LastPass vault and changing their password at a minimum.

401
00:33:07,800 –> 00:33:11,920
For me personally, I’ve got over 400 passwords that I manage.

402
00:33:11,920 –> 00:33:16,240
Could you imagine how much time it would take to update all of them because of something

403
00:33:16,240 –> 00:33:17,600
like a data breach?

404
00:33:17,600 –> 00:33:23,640
Now, that’s a problem that I signed up for to some degree, but what I’m doing is I’m

405
00:33:23,640 –> 00:33:28,160
practicing what I preach and I’m being very stingy about opening new accounts.

406
00:33:28,160 –> 00:33:33,560
I just simply will not do it anymore unless there’s a very good reason.

407
00:33:33,560 –> 00:33:39,300
We also recommend that you be very selective about what information you share.

408
00:33:39,300 –> 00:33:43,560
If someone doesn’t need a piece of information, don’t give it to them.

409
00:33:43,560 –> 00:33:45,060
It’s that simple.

410
00:33:45,060 –> 00:33:47,680
I was at the doctor’s with someone once.

411
00:33:47,680 –> 00:33:52,120
They told me that they were going to take a picture of the patient, which I wasn’t very

412
00:33:52,120 –> 00:33:53,360
comfortable with.

413
00:33:53,360 –> 00:33:55,800
So I asked, “What for?”

414
00:33:55,800 –> 00:33:59,360
And the nurse could tell that I wasn’t very happy about it.

415
00:33:59,360 –> 00:34:04,480
So she said something like, “Oh, it’s just for a profile picture, but you don’t need to do

416
00:34:04,480 –> 00:34:06,280
it if you don’t want to.”

417
00:34:06,280 –> 00:34:10,800
So I said something like, “Yeah, let’s go ahead and NOT do that.”

418
00:34:10,800 –> 00:34:16,760
And I hate saying this because I don’t want to live in a world where you need to be protective

419
00:34:16,760 –> 00:34:20,920
of your information, but it is what it is.

420
00:34:20,920 –> 00:34:27,080
You need to be proactive about protecting your information because no one else will and it

421
00:34:27,080 –> 00:34:33,640
will be used and abused at some point in the future if you don’t protect it.

422
00:34:33,640 –> 00:34:40,920
And just because an app or service asks for things like your name, date of birth, gender,

423
00:34:40,920 –> 00:34:47,000
and so on, that doesn’t necessarily mean that you need to give them accurate information.

424
00:34:47,000 –> 00:34:52,320
Does My Little Pony or whatever account you have really need to know your real date of

425
00:34:52,320 –> 00:34:53,320
birth?

426
00:34:53,320 –> 00:34:54,960
I don’t think so.

427
00:34:54,960 –> 00:34:55,960
Does your bank?

428
00:34:55,960 –> 00:34:56,960
Yes.

429
00:34:56,960 –> 00:35:00,240
And this is something that we help our clients with.

430
00:35:00,240 –> 00:35:05,280
We help them navigate these issues so that they know what’s okay to do and what’s not

431
00:35:05,280 –> 00:35:06,280
okay.

432
00:35:06,280 –> 00:35:12,960
So they can protect themselves from being a victim of creepy surveillance or a data breach

433
00:35:12,960 –> 00:35:14,720
or something like that.

434
00:35:14,720 –> 00:35:20,320
We’ll go over this in more detail in a future episode, but consider using things like voice over

435
00:35:20,320 –> 00:35:27,160
IP (VOIP) numbers and email aliases to make it harder for people to identify you and correlate your

436
00:35:27,160 –> 00:35:28,160
accounts and activities.

437
00:35:28,160 –> 00:35:35,080
And if a phone number is optional, consider not providing one in the first place.

438
00:35:35,080 –> 00:35:41,760
Also consider choosing random usernames and email addresses to avoid revealing any information

439
00:35:41,760 –> 00:35:45,680
about you and reduce the fallout from a data breach.

440
00:35:45,680 –> 00:35:48,840
All right, that wraps it up for this episode.

441
00:35:48,840 –> 00:35:54,200
Make sure you subscribe and stay tuned because we’re working on a follow-up episode called

442
00:35:54,200 –> 00:36:00,600
Finding Sanitizing and Closing Accounts because you might want to do some cleaning up of your

443
00:36:00,600 –> 00:36:05,920
digital footprint after hearing some of the things that we discussed in this episode.

444
00:36:05,920 –> 00:36:11,200
Be sure to share this podcast with others so that they can get this message and protect

445
00:36:11,200 –> 00:36:13,280
themselves as well.

446
00:36:13,280 –> 00:36:16,800
And finally, consider becoming a Bigger Insights client.

447
00:36:16,800 –> 00:36:22,920
We help clients like you live more private and secure lives by helping them navigate

448
00:36:22,920 –> 00:36:28,000
and mitigate these kinds of issues in one-on-one sessions.

449
00:36:28,000 –> 00:36:33,680
If that sounds interesting to you, go to our website, BiggerInsights.com, and fill out

450
00:36:33,680 –> 00:36:38,160
the short form at the bottom of the page so we can schedule your initial consultation.

451
00:36:38,160 –> 00:36:39,920
All right, everybody.

452
00:36:39,920 –> 00:36:41,800
Thank you for staying until the end.

453
00:36:41,800 –> 00:37:10,680
Be mindful of what accounts you open and what data you share, and stay safe out there.

Disclaimer

We are not attorneys or other legal professionals and nothing in this episode should be construed as legal or other advice. See our full Disclaimer for details.

Support Us

We’re an ethical company that puts our community first. You won’t find us injecting targeted ads or trackers into our website, peddling sketchy products/services, or selling our visitors’ data to 3rd-parties. As a result, our visibility and resources are rather limited.

Please consider supporting us to help keep our mission going. There are several ways to make a difference – from cryptocurrency contributions to simply sharing our content. Every bit of support is greatly appreciated and helps us make the world a more private, secure, and prosperous place.

More Great Content

  • All
  • Finance
  • Privacy & Security
  • Technology
Finance - Budgeting - Financial Planning - Accounting - Asset Allocation - Taxable and Tax-favored Accounts - Cash Finance

Asset Location: Taxable vs. Tax-favored Accounts (401k, IRA, HSA)

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in an optimal way that helps you meet your financial goals. In the previous episode, we focused on asset location strategies for reducing taxes and simplifying your tax return. In this episode, we focus on asset location considerations ...
Continue →
Security - Software - Email - Computer Screen Privacy & Security

Email is Insecure – Here’s How to Improve Email Security

Email was never designed to be private or secure, so not surprisingly, it is neither private, nor secure. In the previous episode, we explained the reasons why as well as the risks inherent to email. However, email is so prevalent that it is unfortunately a necessary evil. In this episode, ...
Continue →
Planning - Concepting - Whiteboard - Tax Planning Tips - Asset Location - Asset Placement Finance

Asset Location: Reducing Taxes & Simplifying Your Tax Return

Asset Location (AKA Asset Placement) is a strategy for organizing your assets in such a way as to reduce tax burden, simplify your tax return, and manage risk. We discuss our Asset Location strategies, which includes specifics about tax treatment for growth stocks, dividend stocks, taxable bonds, real estate investment ...
Continue →
Drake - Bad Choice-Good Choice - Linux vs Windows macOS ChromeOS Technology

Linux Doesn’t Suck – Here’s Why Even Normies Should Use It

Linux has long been viewed as a science fair project for nerds. We explain why Linux doesn’t suck and why it's now usable even for normies. Some of the items discussed: Issues with Windows, ease of use, performance (efficient use of resources), hardware support, application support, OS licensing, concerns about ...
Continue →
Email - Mobile Phone - Privacy and Security - Technology - Hands Privacy & Security

Email is Insecure – Stop Using it for Sensitive Communications

Email is the primary means of sending messages and documents for many people. Unfortunately, email was never designed to be private or secure. Over time, we’ve developed several tools and techniques to help make it more secure. But at the end of the day, no matter how uncomfortable it makes ...
Continue →
Woman Shopping - Holding Shopping Bags - Retail - Spending Money Finance

What Does it Mean to be Able to Afford Something?

Most everyone will agree that you shouldn’t buy things that you can’t afford, yet so many do. Why is that? It seems to us that one of the reasons for this is because many don’t know what it means to be able to afford something. Spoiler alert – it doesn’t ...
Continue →
Scroll to Top