Digital Literacy Training

Most people assume that once they’re online, their activity is completely private — but that’s far from the truth. Your Internet Service Provider (ISP) has visibility into much more than you might expect. Depending on whether you’re using HTTP, HTTPS, or a VPN, the amount of data they can see changes dramatically. 🔴 HTTP: Everything you do — including full URLs, text, images, messages, and form data — is visible to your ISP (and anyone intercepting your traffic). It’s like sending postcards: anyone along the way can read them. 🟠 HTTPS: Adds a layer of encryption. Your ISP can still see which website you’re visiting (the domain), but not the specific pages, actions, or content. 🟢 VPN: Encrypts all your internet traffic before it leaves your device. Your ISP can only see that you’re connected to a VPN server — not which websites you visit, what services you use, or any of your activity. In today’s digital landscape, where privacy is often traded for convenience, understanding this difference is essential. If you value privacy and data security, using HTTPS-secured websites is a must — and pairing that with a reliable VPN takes it one step further. 🔐 Stay smart, stay secure. At Cybernara, we believe digital awareness is the first step toward a safer internet. Follow us for more practical insights on cybersecurity, privacy, and data protection. #CyberSecurity #OnlinePrivacy #VPN #HTTPS #DataProtection #InfoSec #NetworkSecurity #Cybernara

𝗣𝗲𝗼𝗽𝗹𝗲 𝗼𝗳𝘁𝗲𝗻 𝘁𝗮𝗹𝗸 𝗮𝗯𝗼𝘂𝘁 𝗯𝗲𝗶𝗻𝗴 𝗰𝗮𝗿𝗲𝗳𝘂𝗹 𝗼𝗻𝗹𝗶𝗻𝗲. 𝗙𝗲𝘄𝗲𝗿 𝗽𝗲𝗼𝗽𝗹𝗲 𝘁𝗮𝗹𝗸 𝗮𝗯𝗼𝘂𝘁 𝗯𝗲𝗶𝗻𝗴 𝗶𝗻𝘁𝗲𝗻𝘁𝗶𝗼𝗻𝗮𝗹. Today, during a security interview, the topic of my online presence came up. Since I am a visible person, the assumption was that I must be sharing a lot of private things publicly (unknowingly). 𝗧𝗵𝗮𝘁 𝗮𝘀𝘀𝘂𝗺𝗽𝘁𝗶𝗼𝗻 𝗶𝘀 𝘄𝗿𝗼𝗻𝗴. There is a difference between being visible and being careless. Despite having been a very visible person for many years, I actually have a very small digital footprint. Much smaller than most people expect. 𝗜 𝗱𝗶𝘃𝗶𝗱𝗲 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻 𝗶𝗻𝘁𝗼 𝘁𝗵𝗿𝗲𝗲 𝘃𝗲𝗿𝘆 𝗱𝗲𝗹𝗶𝗯𝗲𝗿𝗮𝘁𝗲 𝗰𝗮𝘁𝗲𝗴𝗼𝗿𝗶𝗲𝘀: • 𝗧𝗵𝗶𝗻𝗴𝘀 𝘁𝗵𝗲 𝘄𝗼𝗿𝗹𝗱 𝗺𝗮𝘆 𝗸𝗻𝗼𝘄, where I understand and accept the risks. • 𝗧𝗵𝗶𝗻𝗴𝘀 𝗼𝗻𝗹𝘆 𝘁𝗿𝘂𝘀𝘁𝗲𝗱 𝗽𝗲𝗼𝗽𝗹𝗲 𝘀𝗵𝗼𝘂𝗹𝗱 𝗼𝗿 𝗺𝗮𝘆 𝗸𝗻𝗼𝘄, shared intentionally. • 𝗧𝗵𝗶𝗻𝗴𝘀 𝗻𝗼𝗯𝗼𝗱𝘆 𝘀𝗵𝗼𝘂𝗹𝗱 𝗲𝘃𝗲𝗿 𝗸𝗻𝗼𝘄, which are never online. Being security aware is not about disappearing from the internet. 𝗜𝘁 𝗶𝘀 𝗮𝗯𝗼𝘂𝘁 𝘂𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝘀𝗵𝗮𝗿𝗲, 𝘄𝗵𝘆 𝘆𝗼𝘂 𝘀𝗵𝗮𝗿𝗲 𝗶𝘁, 𝗮𝗻𝗱 𝘄𝗶𝘁𝗵 𝘄𝗵𝗼𝗺. Sensitive material in my life does not live in cloud services or social platforms. 𝗜𝘁 𝗹𝗶𝘃𝗲𝘀 𝗼𝗻 𝗱𝗲𝘃𝗶𝗰𝗲𝘀 𝗽𝗵𝘆𝘀𝗶𝗰𝗮𝗹𝗹𝘆 𝗶𝗻𝗰𝗮𝗽𝗮𝗯𝗹𝗲 𝗼𝗳 𝗴𝗼𝗶𝗻𝗴 𝗼𝗻𝗹𝗶𝗻𝗲. My cameras are digital, but offline. My audio and video equipment are offline. 𝗧𝗵𝗲 𝘀𝘆𝘀𝘁𝗲𝗺 𝗜 𝘂𝘀𝗲 𝗶𝘀 𝗮𝗶𝗿 𝗴𝗮𝗽𝗽𝗲𝗱 𝗮𝗻𝗱 𝗻𝗲𝘃𝗲𝗿 𝗰𝗮𝗽𝗮𝗯𝗹𝗲 𝗼𝗳 𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗶𝗻𝗴 𝘁𝗼 𝘁𝗵𝗲 𝗶𝗻𝘁𝗲𝗿𝗻𝗲𝘁. That is not paranoia. 𝗧𝗵𝗮𝘁 𝗶𝘀 𝘁𝗵𝗿𝗲𝗮𝘁 𝗺𝗼𝗱𝗲𝗹𝗶𝗻𝗴. 𝗔𝗿𝗲 𝘁𝗵𝗲𝗿𝗲 𝘀𝗲𝗻𝘀𝗶𝘁𝗶𝘃𝗲 𝗽𝗶𝗰𝘁𝘂𝗿𝗲𝘀 𝗼𝗳 𝗺𝗲? 𝗬𝗲𝘀. 𝗔𝗿𝗲 𝘁𝗵𝗲𝗿𝗲 𝘁𝗵𝗶𝗻𝗴𝘀 𝗜 𝘄𝗮𝗻𝘁 𝘁𝗼 𝗵𝗶𝗱𝗲? 𝗡𝗼𝘁 𝗿𝗲𝗮𝗹𝗹𝘆. That is not because nothing sensitive exists. It is because what exists is intentional. Sensitive does not automatically mean dangerous. Uncontrolled does. 𝗩𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗱𝗼𝗲𝘀 𝗻𝗼𝘁 𝗲𝗾𝘂𝗮𝗹 𝗿𝗲𝗰𝗸𝗹𝗲𝘀𝘀𝗻𝗲𝘀𝘀. 𝗣𝗿𝗶𝘃𝗮𝗰𝘆 𝗱𝗼𝗲𝘀 𝗻𝗼𝘁 𝗿𝗲𝗾𝘂𝗶𝗿𝗲 𝘀𝗶𝗹𝗲𝗻𝗰𝗲. Once something is on the internet, it is 𝗮𝗹𝘄𝗮𝘆𝘀 on the internet. 𝗧𝗵𝗮𝘁 𝗶𝘀 𝘄𝗵𝘆 𝗶𝗻𝘁𝗲𝗻𝘁𝗶𝗼𝗻 𝗺𝗮𝘁𝘁𝗲𝗿𝘀. 𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗶𝘀 𝗮𝗯𝗼𝘂𝘁 𝗸𝗻𝗼𝘄𝗶𝗻𝗴 𝗲𝘅𝗮𝗰𝘁𝗹𝘆 𝘄𝗵𝗮𝘁 𝘆𝗼𝘂 𝗮𝗿𝗲 𝗱𝗼𝗶𝗻𝗴. 𝗔𝗻𝗱 𝗱𝗼𝗶𝗻𝗴 𝗶𝘁 𝗼𝗻 𝗽𝘂𝗿𝗽𝗼𝘀𝗲. #cybersecurity #digitalhygiene #threatmodeling #privacybydesign #infosec #securityawareness #opsec #digitalidentity #trust #riskmanagement

The Office of the Australian Information Commissioner has published the "Privacy Foundations Self-Assessment Tool" to help businesses evaluate and strengthen their privacy practices. This tool is designed for organizations that may not have in-house privacy expertise but want to establish or improve how they handle personal information. The tool is structured as a questionnaire and an action planning section that can be used to create a Privacy Management Plan. It covers key #privacy principles and offers actionable recommendations across core areas of privacy management, including: - Accountability and assigning responsibility for privacy oversight. - Transparency through clear external-facing privacy notices and policies. - Privacy and #cybersecurity training for staff. - Processes for identifying and managing privacy risks in new projects. - Assessing third-party service providers handling personal data. - Data minimization practices and consent management for sensitive information. - Tracking and managing use and disclosure of personal data. - Ensuring opt-out options are provided and honored in direct marketing. - Maintaining an up-to-date inventory of personal data holdings. - Cybersecurity and data breach response. - Secure disposal or de-identification of data when no longer needed. - Responding to privacy complaints and individual rights requests. This self-assessment provides a maturity score based on the responses to the questionnaire and tailored recommendations to support next steps.

OSINTers often spend a lot of time investigating other people. However, we might forget to cover ourselves at the same time. Here’s a list of tools and resources to help you fix some of the OPSEC sins we can all be guilty of! • Operation Privacy, https://lnkd.in/gfjFZJY2 - An online dashboard providing free OPSEC advice and resources, helping users track their privacy to prevent stalkers, swatters, and doxxing. • Techlore Privacy and Security Resources, https://lnkd.in/ghtBW9HT - Provides a comprehensive series of guides to personal security and tools such as the VPN toolkit, for comparing the practices of different VPN providers. • Privacy Guides, https://lnkd.in/gy8D_Xba - Another comprehensive series of OPSEC resources, including the Knowledge Base, articles, recommendations, and a forum for tightening your personal security. • Privacy Virtual Cards, https://privacy.com/ - Leading provider of virtual payment cards in the US, limiting the amount of personal information is shared through purchases. • Digital Defence, https://lnkd.in/gS_4zJhh - Provides free personal security checklists for categories such as authentication, web browsing, email, etc. • DuckDuckGo, https://duckduckgo.com/ - A search engine protecting the privacy of its users by not storing personal user information, and or personalising results. • Mullvad, https://lnkd.in/gCxrS8Kh - A service offering a privacy-focused browser as well as a VPN in order to maximise the security of the user and minimise internet fingerprinting. • DNS Leak Test, https://lnkd.in/gicNFiNz - Identifies domain name system and web real-time communication leaks related to the user’s IP address. • VMware, https://www.vmware.com/ - A service allowing users to create virtual machines, allowing for compartmentalisation when working on sensitive projects. • Proxmox, https://lnkd.in/g3h6wecy - An open-source platform allowing users to create virtualised environments, secure email servers and add network-level VPN protections to enhance their online privacy. • JMPchat, https://jmp.chat/ - A service providing US and Canadian phone numbers for compartmentalization. • Firefox Relay, https://relay.firefox.com/ - Allows users to mask their email address and phone number, remove email trackers, block promotional emails, and add VPN protection from Mozilla. • addy.io, https://addy.io/ - Protects users’ email addresses by using email aliases, protects identities in data breaches, encrypts emails, and identifies where data may have been sold by using a different email address in every site. • SimpleLogin, https://lnkd.in/gEkaDecN - A browser extension and app providing anonymous email addresses and email aliases when signing up for an online service. These are just a few of the tools and resources you can use to stay safe on the internet and in your OSINT investigations. Stay alert and stay secure.

I saw a post on Twitter recently that really made me pause. A woman had shared a picture of her child but later deleted it after noticing that people were bookmarking the post, which made her wonder why anyone would want to save a picture of her child. Even if some of those bookmarks were harmless, her decision to take them down was a smart one and a reminder of something we all need to think about more often, which is that privacy online matters a lot. We live in a time where sharing is second nature. A new baby, a fun trip, a promotion at work, it’s all out there in a matter of seconds. We often share parts of our lives online without fully considering who might be watching or why. But here’s the thing: not everything needs to be shared, especially when it involves personal or sensitive details. One crucial concept to understand here is personal identifiable information (PII). PII is any detail that can be used to identify you as an individual. It can be categorized into two types:📍 Non-sensitive PII, which includes information that is publicly accessible and generally not harmful if exposed. For example, your name, birthday, and gender. But in the wrong hands, they can still be used to build a bigger picture about you. 📍Sensitive PII involves information that is private and should be carefully protected. For example, bank verification details (BVN), driver's license, credit card details, medical records, etc. This is where things get serious, and this kind of information shouldn’t be floating around the internet, as it can open the door to identity theft, fraud, or worse. Not Everything Belongs on the Internet. It’s okay to be private. In fact, it’s smart. You can still be active online, share valuable content, and connect with others without giving away your entire life story. Sometimes, sharing just a part of the picture is enough to get your message across. Here are a few simple things you can do to protect your privacy: 📍Pause before you post. Ask yourself if the information really needs to be online. 📍Be curious. If someone’s asking for personal info, think: do they really need this? 📍Clean up regularly. Delete old posts that no longer serve a purpose. 📍Monitor your digital presence. Search your name online regularly to see what information is publicly available about you. Your digital footprint tells a story, and that story is valuable. But if you’re not paying attention, it can also make you vulnerable. Just as we protect ourselves from thieves in the physical world, we must be cautious of digital criminals too. These individuals don't need to point at you to cause harm. They can be miles away and still steal from you just by exploiting the information you carelessly shared. So, before you make that next post, ask yourself:Is this information really necessary to share? And is it worth the potential cost to my privacy? If this post resonated with you, share it with someone who needs the reminder.

Just delivered a talk on Operational Security (OPSEC) and navigating the increasingly complex world of online privacy! It's a topic I wish wasn't necessary, but in today's reality, understanding how to protect yourself is crucial. We dove into the fundamentals of OPSEC, emphasizing that perfect security is a myth – it's all about balance and informed compromises. The core concept we explored was threat modeling: identifying who you're protecting yourself from and what their capabilities are. This is deeply personal, and your threat model will likely differ significantly from mine or anyone else's. We used a fictional example, "Sleve McDichael," to illustrate how a relatively low-risk individual might approach their online presence. We then covered practical, actionable steps anyone can take. These range from simple behaviors (avoiding sketchy online quizzes, using strong, unique passwords with a password manager, and running updates!) to more advanced strategies like using pseudonyms (nyms) effectively and understanding metadata risks. We also debunked the common misconception that VPN services are a privacy panacea – in many cases, HTTPS provides sufficient encryption, and Tor is a better option for truly private browsing. A significant portion of the talk focused on self-hosting as a powerful tool for regaining control over your data. I shared some of the applications I use in my own homelab (Plex/Jellyfin, Nextcloud, Gitea, Pocket ID) and explained how running your own infrastructure gives you unparalleled insight into data privacy. Even basic hardware can get you started! Ultimately, OPSEC is about making informed choices and minimizing the consequences of inevitable mistakes. Think before you post, be aware of your digital footprint, and understand the tools at your disposal. It's a journey, not a destination! Let me know what your biggest OPSEC concerns and questions. (Look in the first comment for a link to the full talk, including a video and detailed write-up!) #opsec #security #infosec