Account and INFO Security

There Is No Hiding Your Thoughts

I have people who comment that they don’t allow devices in their home to track them because their devices aren’t connected to the Internet. Obviously, if you are reading this, you are connected to the Internet in some way. That means you are being tracked. There is no avoiding it.

The internet many people imagine is a collection of websites. The internet that actually exists is a collection of websites layered on top of a hidden surveillance infrastructure.

When you visit a page, you are not just interacting with the site you intended to visit. You are also interacting with dozens of advertising, analytics, marketing, and data collection companies operating behind the scenes. Most users never see them, never consent to them in any meaningful way, yet those companies know far more about us than we realize.

Most people understand that websites collect data. If you shop on an online store, it’s reasonable to assume that store knows what products you viewed, what you purchased, and perhaps even what ads convinced you to buy.

What you may not realize is that some of the largest advertising companies on the internet may be tracking you even when you never visit those companies’ websites. The modern advertising industry is built on a vast network of invisible tracking technologies that follow users from site to site, quietly collecting information about their interests, habits, and behavior.

Imagine you’re reading a blog about home improvement. You never visit Amazon. You don’t click any ads. You simply read an article. What you don’t see is that the blog may contain a tiny piece of code provided by Amazon’s advertising network. (This blog does not permit advertising of any kind, so that isn’t an issue here, unless it’s being somehow done without my knowledge or consent.) As soon as the page loads, your browser contacts Amazon’s servers and sends information about your visit. This technology is commonly called a tracking pixel, web beacon, or advertising tag.

The pixel is often invisible. It may be a 1×1 transparent image or a script that runs silently in the background. Yet it can tell advertising companies:

Which website you visited
Which page you viewed
When you visited
Your IP address
Your device type
Your browser version
Whether you’ve been seen before

The result is that companies can learn about your online behavior without you ever intentionally interacting with them.

The Myth of “I Never Gave Them My Information”

Many people assume that if they never create an account with a company, that company cannot build a profile about them. Unfortunately, that’s not how modern tracking works, advertisers don’t necessarily need your name to identify you. Instead, they assign identifiers to your browser or device. These identifiers may include:

Cookie IDs
Mobile advertising IDs
Browser fingerprints
Device fingerprints
IP-based identifiers

Over time, these identifiers become associated with patterns of behavior. A profile begins to emerge:

You read articles about hiking.
You browse reviews of pickup trucks.
You compare mortgage rates.
You visit travel websites.

Even if your name isn’t attached immediately, the behavioral profile becomes increasingly detailed. Over time, the advertiser gets a pretty accurate picture of who you are and what you are interested in. Cookies get most of the attention because they’re visible and users occasionally receive cookie consent popups.

But some tracking techniques don’t rely on cookies at all. For example, browser fingerprinting collects characteristics about your device and browser, including:

Screen resolution
Installed fonts
Operating system
Browser version
Language settings
Time zone
Graphics hardware

Individually, these details seem harmless, but combined, they create a surprisingly unique identifier. Think of it like recognizing a person from dozens of small clues rather than a single name tag. Even if you delete or refuse cookies, fingerprinting can sometimes recognize the same user each time they return. It’s becoming more and more sophisticated, and there is nothing that you can do about it except stay off the internet completely, and that may not even be a solution.

The real power comes from scale. You see, a single website knows what you do on that site but an advertising network embedded on thousands or millions of websites can observe behavior across the internet. If the same advertising company appears on multiple websites, it can potentially see that:

You visited a health website on Monday.
A car review website on Tuesday.
A financial planning website on Wednesday.
A travel booking site on Thursday.

Viewed separately, these visits seem insignificant. Viewed together, they reveal a great deal about your life, which is why people often feel like advertisements “know” what they’re thinking about. In reality, the advertising ecosystem may have observed enough behavior to make highly accurate predictions. That leads us to the reality of data brokers.

Tracking doesn’t stop with advertising platforms, because there are entire industries that exist to collect, aggregate, analyze, and sell consumer data. These companies, called data brokers, gather information from:

Websites
Mobile apps
Loyalty programs
Public records
Commercial databases
Marketing partnerships

The information can then be used to predict your buying habits, health concerns, and tons of other information. Most consumers have never heard of the companies creating these profiles, yet those profiles influence which ads they see, what offers they receive, and how businesses evaluate them as potential customers. It’s a huge business, and it’s what the new AI systems are being optimized for.

Constant surveillance has become the default business model of the internet. The problem isn’t merely that companies know what products you like, the problem is that detailed behavioral data can reveal:

Political interests
Religious beliefs
Health concerns
Financial circumstances
Personal relationships
Life events

Information that feels private can often be inferred from seemingly ordinary browsing activity, and that’s the uncomfortable reality of the modern advertising economy: some of the companies collecting information about you are companies you’ve never even met.

Your stuff doesn’t even have to be connected to the internet. Television broadcasts, radio shows, advertisements, and streaming content can contain embedded audio watermarks that are difficult for humans to notice. A smartphone app with microphone permission can detect these watermarks and determine:

Which show you’re watching
Which advertisement played
When it played

Then report back to the “mother ship” and this exact method has been used for advertising attribution and audience measurement. You have just added to the file on yourself without even knowing it. The phone and TV aren’t directly communicating in a conventional sense; rather, the TV emits an encoded signal and the phone recognizes it.

The most famous air-gap compromise is probably the Stuxnet operation. That particular piece of malware reportedly spread through infected USB drives to reach systems that were intentionally disconnected from the internet. Once inside, the malware manipulated industrial equipment while concealing its actions. That attack demonstrated a crucial lesson: an air gap dramatically improves security, but it is not an absolute barrier.

Communication across air gaps including ultrasonic and near-subaudible signaling has been demonstrated by researchers, and some commercial tracking systems have used similar concepts for cross-device identification. Now that you know what advertisers are doing, what do you think the NSA is capable of?

My feeling on this? You can’t think about taking a crap without someone expecting you to reach for toilet paper.

By Divemedic, 4 daysJune 20, 2026 ago

Account and INFO Security

Earth shaking Network upgrades

Earthquake

Who had a Florida earthquake on their 2026 BINGO card? I know I didn’t, but we had a bit of earth shaking yesterday just after 1400, as a 6.1 Richter earthquake struck off the coast of Cuba. I was working at the time and the doctor, who was sitting next to me, said “Was that an earthquake? Did you feel that? I even saw the water in your cup shaking.” I didn’t notice, but I was preoccupied at the time. Sure enough, it was.

Damage

I don’t know if it was related or not, but I returned home to find my closet system had fallen off the wall. It looks like one of the screws pulled out of the wall, and this caused a cascading failure of the other screws, which caused an entire wall of the system to fall to the ground. There was some damage to it, forcing me to order $500 worth of parts. I am going to reinstall a 3/4″ plywood backer board this time. That way, I can use more screws when I secure it to the wall. The parts won’t be here until next Monday, so I will spend the day today taking the old one apart and reclaiming any undamaged parts I can find.

Network Upgrades

The network hardware is installed. I setup a few VLANs, which allows me to split the home network into segments:

Infrastructure
IOT devices
Servers
Guests
Surveillance

Once that was done, I created rules that allow me to control traffic. As an example, the guest network can’t do anything but access the Internet and a printer. The cameras are in the surveillance network, and they can only contact the server that’s running the surveillance software. IOT devices can’t do anything but contact the Internet.

As time goes on, I will tighten up the rules to make things as secure as possible. For now, the system works and I have tested it to make sure the rules are operating as intended. Starting later this week, I will begin installing security cameras. There will be a post on that.

By Divemedic, 2 weeksJune 9, 2026 ago

Account and INFO Security

Net Security

One of the big problems with IoT stuff is net security. The things we are buying are gathering information and sending it out to who knows where. In 2015, Samsung issued a warning to consumers not to discuss personal information within earshot of its televisions because the TV was listening, recording, and passing along what it hears. Google has had similar problems with its own stuff.

For those of you who are IT nerds, some of this stuff will seem basic- my apologies, I am still learning, and I assume that a good number of the people who read this blog are as well.

IoT devices are notoriously insecure because manufacturers frequently prioritize low costs and rapid production over robust security. These devices often suffer from weak default credentials, a lack of encryption, and limited hardware capacity for security software, making them easy targets for hackers to hijack and form botnets or even to spy on you and sell your information to others.

Using VLANs can help with that. A virtual network, or VLAN, allows you to maintain separate, distinct networks within your physical network. These virtual networks are like tiny virtual containers that cannot talk to or even see each other, but can be configured to communicate as much or as little information between each other as you desire. That’s where the security comes in.

By creating different ‘trust’ levels within your home network, you can create a system whereby those who are inside of your guest VLAN can only communicate with the Internet or your printer, but nothing else. This prevents a guest from snooping through your files, accessing your router controls, or other mistakes. Placing all of your IoT devices in another VLAN will keep them isolated from other parts of your network and allow you to control where and how much information they can send or receive. Trusted devices such as your cell phone or laptop can be configured to have no restrictions.

In short, it increases security by giving devices “need to know” access without giving them access to things they shouldn’t be accessing. That’s what this new system I am installing does. I setup a few different VLANs:

Trusted. Devices within this VLAN will have IP addresses ending in 20.xx
IoT devices. Devices within this VLAN will have IP addresses ending in 30.xx
Storage. Devices within this VLAN will have IP addresses ending in 40.xx
Guest. Devices within this VLAN will have IP addresses ending in 50.xx
Cameras. Devices within this VLAN will have IP addresses ending in 60.xx

Each IP range can then be assigned any number of permissions. For example, IP addresses ending in 50.xx are setup to only be able to access the Internet and a printer. Guests will therefore be allowed to print or surf the Internet, but that is all.

So that is the plan for our network security here at the Ocho. Will it stand up to determined hacking or the NSA peeping at my stuff? Of course not. Is it better and more robust than what I have had in the past? Certainly. Perhaps it will cause those devices and people with nefarious intent to look elsewhere for lower hanging fruit.

Now if you will excuse me, today is going to be a pleasant, breezy 84 degrees, so I am going to go mow the lawn.

By Divemedic, 3 weeksJune 4, 2026 ago

Account and INFO Security

Learning as I Go

I am not an IT expert by any stretch of the imagination. Still, I am doing OK with this server upgrade. Some of these concepts are new, some not so new. Still, I am doing alright with the upgrades. I spent the day installing some upgrades.

Mounting

I first tried to mount the cabinet, but it was designed for studs that are 16 inches on center, and my walls have 24 inch stud spacing. I cut me two 1×6″ Spruce boards 26 inches long. I drilled them for screws to attach to the studs, and also drilled 5/16 holes 16 inches apart, then I drilled a countersink centered on those holes. Those holes fit a 5/16 bolt and washer. I painted the boards to match the wall, then attached them to the studs with 4 #8x 3″ wood screws at each end of the board.

Now I had two boards spanning the studs with 5/16″ bolts sticking out that matched the mounting holes on the cabinet that allowed me to bolt the cabinet to them.

If you look below the cabinet, you can see the old onQ panel this cabinet is replacing. Once all is done, I will remove it and drywall over the hole. Yeah, the reflections in the glass show the toilet paper and paper town reserves I keep on top of the laundry room cabinets.

Installing Equipment

I put a thermostat in the cabinet that will control the exhaust fan. Then I attached my devices to the racks:

12U Omada SG3218XP-M2 POE managed switch. This is the main switch for my network.
11U Omada ER707-M2 gateway & OC220 Omada controller
10U Keystone 24 pin patch panel. Ports1-5 are reserved for Infrastructure connections like modem, UPS, Moca, 6-15 are for POE devices like AP’s, 16-18 are for non powered devices, and 19 thru 24 are for cameras
9U is a SG2210XMP, currently an unused switch but I plan on having it be the switch for my future IP security cameras
8U, 7U, 6U are open.
5U is a shelf with a Moca unit, the modem, and a switch that cycles power to the gateway and modem in the event it cannot access the Internet
4U is a power distribution unit
3U and 2U are currently vacant, but will have a Synology RS1221+ as a storage drive and for future cameras
1U is a 500 watt UPS. I know it’s small for what I am powering, but I am only using it to bridge the second or two that it takes my Powerwalls to take over when grid power fails.

I got everything wired and labeled. The network is fully functional and stable, and the entire thing went as smoothly as I could have hoped. It took me longer to mount the cabinet on the wall than it did to get the network up and running. I now no longer have a home level network. This is bordering on prosumer level stuff.

You will note the empty slots for the second switch and the double drive server. Im waiting on parts for those. I will also neaten up the wires a bit.

Setting Up Virtual Networks

The last thing I did today was set up several VLANs:

Management, VLAN 10
VLAN 30 for IOT devices.
Servers, VLAN 40
Guest Network VLAN 50
Security Cameras, VLAN 60

To verify that it works, I logged in to the guest network SSID and was assigned an IP of 192.xx.50.x. I haven’t created rules yet, just wanted to make sure I did it correctly.

Moving Forward

Tomorrow, I will install the disk server, a Synology RS1221+. I don’t have disk drives for it yet, but that’s coming. Once that is installed, I will begin to place devices and clients into the various VLANs. Once that is sorted, I will begin assigning rules. One step at a time.

I am not planning on working on or installing cameras until the weather cools enough for me to get in the attic and run more Ethernet cables, so not until at least October or November.

By Divemedic, 3 weeksJune 4, 2026 ago

Account and INFO Security

Data Infrastructure and Prepping

Records, communication, and security are all important parts of prepping. A robust computer network can work of all of those things. We’ve talked about the other sections of the prepping pyramid, but haven’t spent a lot of time on how we can use information technology to strengthen the other sections of the pyramid.

You may or may not remember that I changed my home network to an Omada system back in February. The Wifi coverage is excellent, but now there are other issues that I would like to take care of.

I wasn’t happy with how crowded and sloppy the onQ panel that contains everything is. It looks like a bowl of spaghetti and even though I have the largest panel made, it’s still crowded.
I am using Ring Cameras for surveillance, but I am not happy with them, for reasons that will be covered in a future post.
I have a Terramaster NAS with four 4TB NvMe SSDs in it, but I can’t get those SSDs any more because they now cost 5 times more than they once did.
There is a second setup in the bedroom I use as an office. It has an Omada switch, and it runs my office equipment. The issue is the UPS there just died, and I want everything consolidated, so I am moving that into the main server.

So I have decided to make a few changes. We are keeping the Omada system, but I am making a few upgrades.

I am mounting a 12U server cabinet on the wall of the utility closet in the house. This will make things cleaner and easier to manage.
I will be putting an 8 bay HDD rack in the cabinet. It will be used as both a NDVR and as a NAS device.
Three rooms in the house are device dense: the living room, the master bedroom, and the office. I am going to clean up the architecture a bit to make things faster and more resilient.

So how are we doing this? Well, in the racks, there will be:

A rackmount UPS. I just need enough storage to ridge the second or two it takes my powerwalls to take over when the power fails.
Power distribution
An Omada controller
An Omada gateway
A 24 port keystone patch panel
An Omada 16 port managed POE switch
an 8 bay rackmount HDD rack.
A shelf where the modem will be, along with my current NAS (until the HDD rack is installed)
There will be 4 remaining U for future additions

Records

Records are important. Having copies of things like financial records, professional licenses, certifications, and other important documents will allow you to rebuild your life in the aftermath of a large disaster. Ask the residents whose lives were destroyed in Hurricane Katrina how important those records were in doing that. Having a robust set of electronic records with copies of every important document, all in a RAID, is a great step towards that goal. I am thinking of at least 12TB of RAID storage space for important files. I need it, because I scan every document, bill, and receipt that comes into this house.

Security

One or two of the HDD bays will be reserved for surveillance hard drives. I am looking at 20TB or more of storage space for the camera system. Once the weather gets cooler, I am planning on running Ethernet cables in the attic for a PTZ camera, two outdoor wide view cameras, a doorbell camera, and one or two covering other areas of the property, all in 4k. So, a total of 5-6 cameras that will record 24/7. That takes up more storage space than my documents and files.

That’s the hardware. I will also have it organized into several VLANs for network security. There will be a VLAN for:

One for infrastructure. This will allow APs to be on their own VLAN, as well as controllers and those sorts of things.
IOT devices, so I can limit how much they will spy on the rest of the house. They will only access each other and the Internet.
Entertainment devices like televisions and SONOS speakers. Internet only
A Guest VLAN that will only have access to a printer and the Internet
Then phones belonging to my wife and I that will have full access.

I will decide more on rules later, but that is the idea in my head for now.

Implementation

First step is to get all of the hardware installed and move the network that already exists into the server cabinet. Then I will setup VLANs. After that, we will install the HDD rack and move the NAS files there. I have another HDD based NAS that I can use as a backup file server.

By Divemedic, 3 weeksJune 1, 2026 ago

Account and INFO Security

More On Safes

Here is a continuation of my research on gun safes. I finally heard back from another company, Steelwater Gun Safes. This is what they had to say in response to my question about backdoor passwords:

Steelwater Gun Safes digital locks do not have a bypass code due to the bypass key lock. There is no need for a bypass code as the bypass key will allow access if the keypad fails or if the codes have been lost or forgotten. If a key is needed, the original purchaser on file must send us proper identification before a key can be purchased from us.

Their safes are much cheaper than the Champion that I was looking at in my earlier post, but since they are claiming that there is no back door, I will recommend them as a cheaper alternative for those who are looking for a new safe. From their literature, it looks to be a better product than the other safes in the midlevel price range ($2k-5k). The 42 inch safe costs around $3700. I will stress that I don’t have one, but it does look promising and the company says the right things.

I talked to a safe guy today. He suggested an even cheaper alternative: you can change the lock. Your choices are to buy a new lock, or you can simply swap locks with another person who has a safe with a compatible lock. As long as the backdoor that your safe company may have installed is particular to YOUR safe, and not every similar lock, it’s a cheap alternative. Or you can purchase a mechanical lock and do it that way. A new mechanical lock costs in the neighborhood of $140.

Disclaimer: I don’t advertise, and receive nothing for my reviews or articles. I have no relationship with any products, companies, or vendors that I review here, other than being a customer. If I ever *DO* have a financial interest, I will disclose it. Otherwise, I pay what you would pay. No discounts or other incentives here. I only post these things because I think that my readers would be interested.

By Divemedic, 3 yearsSeptember 7, 2023 ago

Account and INFO Security

Securing Your Money

Francis Porretto over there at Liberty’s Torch (I read them every day, don’t you?) asks a great question about the security of checks versus the security of credit cards. Since I do stories on information security, I thought it would make a good topic for a post here. Let me start by saying that I ran this by my wife, who actually teaches banking and finance, which was the topic of her Masters degree. She’s way smarter than I am on this topic. Here is our take:

Check Security

Those numbers that are on the bottom of your check are the routing and account numbers that tell the check processing companies (called the automated clearing house, or ACH) where to go in order to get paid. When a scammer has your bank account and routing numbers, they could set up bill payments for services you’re not using or transfer money out of your bank account. Getting those numbers is easy, because they are printed right there on your check, and most companies store that information on their computers, you know- the same computers that keep having data breaches. Scammers can create fake checks using your numbers and then use those fake checks to pay for purchases — or simply cash them. Know, too, that with technology scammers could digitally scan the check (called a “demand draft”) and deposit the amount into their bank account. Many banks now allow you to deposit a picture of a check. How and why does this happen?

It used to be that physical, paper checks had to be exchanged in order for banks to get paid. Shipping paper checks all over the country was costing them quite a bit of money, so they lobbied the government for a solution. Enter the Check Clearing for the 21st Century Act (Check 21 Act), which became effective on October 28, 2004. The Check 21 Act authorizes a new negotiable instrument called a “substitute check,” which is a reproduction of an original check, is the legal equivalent of an original check. In other words, all someone must do is have those numbers on the bottom of your check, and they now have access to your money. There is no way to password protect your account from this sort of scam, because Check 21 doesn’t mandate that the banks secure you from this sort of scam. Some banks will for PR reasons, but they mostly do not. It’s expensive to monitor fraud, and there is no real financial incentive for banks to do so with this sort of scam.

So a thief gets ahold of your checking and routing numbers, what next? The only defense is closing your bank account and getting another one. That’s a inconvenience, for sure. The bank may or may not be able to reverse the fraudulent transactions, but don’t count on it. Check 21 doesn’t say that they have to. While it doesn’t happen often, when scammers get those numbers, you frequently lose everything, and there is nothing that the bank can do. One charity I found fell victim to this and lost over $10,000.

Credit Card Security

Credit cards have a bit more legal protection. The law here is called the Fair Credit Billing Act, which requires creditors to give consumers 60 days to challenge certain disputed charges over $50 such as wrong amounts, inaccurate statements, undelivered or unacceptable goods, and transactions by unauthorized users. Also, the Act limits liability of consumers for transactions by unauthorized users to $50. Since this law forces banks to absorb losses for fraudulent charges over $50, banks have a financial incentive to monitor for fraud, and they do. In fact, if you report fraud, most banks don’t even worry about the $50.

Note that this law only applies to credit cards, not debit cards. Debit cards are treated the same as checks from the perspective of the law. I don’t EVER use my debit cards to pay for anything. I use them at bank owned ATMs only, and I keep my debit cards locked in the safe most of the time.

I myself have had my credit card numbers compromised on a few occasions. The last time was over two years ago, when someone was using my Barclay’s card to make unauthorized charges. The bank was telling me that the charges were legit because IMO, they didn’t want to eat the cost. The $845 that was stolen from me wasn’t worth the cost to hire a lawyer, but luckily the bank finally saw it my way and reversed the charges. I no longer use that card because Barclays was too difficult to deal with in the matter. I shouldn’t have to fight that hard to get a bank to follow the law.

Still, it was easier to switch credit cards than it would be to get a new checking account.

Conclusion

All forms of payment are vulnerable to electronic fraud, even though it’s relatively rare. You have more legal protections, and banks have a more robust fraud detection plan, when you use credit cards than when you use checks. Whenever possible, use credit cards to do business online. In fact, I have a couple of cashback cards that give me great benefits. One that I have gives me 5% cashback on all Amazon purchases, and another gives me 2% cashback on all purchases. I pay for everything with them, and pay them off at the end of each month. Stay disciplined and don’t spend more in a month than you can pay, and it’s a great way to give yourself a 2% raise and keep your money secure.

By Divemedic, 3 yearsSeptember 5, 2023 ago

Account and INFO Security

Security Flaw

Intel chips are a security flaw that exposes passwords and chances are you have exposed your passwords through a server, bank, or other computer.

Update: Intel’s security issue was also found on AMD’s Inception, where a newfound security hole affects all Ryzen and Epyc processors. See the linked article for the most up to date details. This looks huge. It’s a guarantee that every person reading this is somehow affected. It’s a hardware level problem, so there is no real fix.

By Divemedic, 3 yearsAugust 11, 2023 ago