
<amp-img src="/blog-content/27/two-factors.jpg" layout="responsive" width="3000" height="2003" alt="twitter-privacy">
</amp-img>
<img src="/blog-content/27/two-factors.jpg" layout="responsive" width="3000" height="2003" alt="twitter-privacy">
</img>

It’s increasingly popular to see two-factor authentication be the norm for many users across all social media platforms. This is because it’s so incredibly effective at keeping your accounts secure in addition to being relatively easy to enable. That raises the question though, what is a “factor,” what does it mean to have two of them, and why is it so effective?

### Factors and Authentication

Whenever you want to access information on a computer, it’s become common practice to prove in some way that you have the proper credentials and clearance to get in. This applies equally to your personal, private messages and classified documents in a top-secret government database. The process of proving your identity is called “Authentication.”

Authentication requires any individual to provide one of the following pieces of proof, called “Factors.”

- Something the user has
- Something the user knows
- Something the user is
- Somewhere the user is

Most commonly, people use the factor “something the user knows” in the [form of a password](https://redact.dev/blog/why-is-having-a-strong-password-so-important) to authenticate their identity. It’s also common to see people use biometrics (something the user is) or even physical keys (something the user has.)

### Multi-Factor Authentication

Any individual factor by itself can be easily compromised. Keys can be stolen or faked, locations can be duped or trespassed on, information can be stolen or guessed, and even your identity can be stolen. With this in mind, it’s a good idea to employ more than one factor to ensure maximal security.

For example, let’s imagine that before you log into your Facebook account, you have to provide a password in addition to a confirmation code delivered to your phone number. This is an example of two-factor authentication, where one factor is “something that you know,” and the other is “something that you have.” Alternatively, you could require a password in addition to a fingerprint scan.

### Relevance to you

Whatever your preferred factor, you’re limited by convention. Most social media platforms will have an option to enable two-factor authentication, but it’s almost always limited to connecting your phone number to your account.

If you take 5 minutes out of your day to set this up, it increases the difficulty of breaking into your account dramatically. After all, how likely is it that a malicious actor will have access to both your physical phone and your password?

It may seem inconvenient, but the benefits are immeasurable. You should absolutely enable two-factor authentication on as many social media platforms as possible as soon as possible.


What is Two-Factor Authentication, and why is it important?


<amp-img src="/blog-content/26/google-maps.jpg" layout="responsive" width="2000" height="1333" alt="google-maps">
</amp-img>
<img src="/blog-content/26/google-maps.jpg" layout="responsive" width="2000" height="1333" alt="google-maps">
</img>

Since its founding in 1998, Google has come to dominate the tech industry. Over the past twenty years, it has extended its reach far from its humble beginning as a search engine, ranging from a YouTube, a video sharing service, all the way to Google Fiber, a broadband internet service. With this in mind, it should come as no surprise that Google has also dabbled in Global Positioning System technology - more commonly referred to as “GPS.”

Whether it be from a web browser on your desktop, or an app on your smartphone, anyone can view your home from wherever they are. Without even knowing your direct address, someone could potentially stumble across things as broad as your city, to specifics such as your neighborhood. If you feel uncomfortable knowing this, you are not alone and, thankfully, there is a way that you can make yourself more private.

### Blurring Your Home on Google Maps
If you do not want your house to be visible on Google Maps, fear no longer. By following these simple steps, you can make sure that your house gets blurred out on their applications:

1.	[Go to Google Maps](https://www.google.com/maps) and enter your home address
2.	Enter “Street View” mode by dragging the tiny yellow, person icon at the bottom-right corner of your screen onto the map and in front of your house
3.	Shift your camera to face your house, then click “Report a Problem,” located at the bottom-right corner of the screen
4.	Position the red square onto your house, then select “My home” underneath the “Request blurring” list.
5.	Enter your email address and fill out the CAPTCHA
6.	Press “Submit”!

<amp-img src="/blog-content/26/help-screenshot.jpg" layout="responsive" width="880" height="804" alt="help-screenshot">
</amp-img>
<img src="/blog-content/26/help-screenshot.jpg" layout="responsive" width="880" height="804" alt="help-screenshot">
</img>

How to hide your home from Google Maps in 2021


<amp-img src="/blog-content/25/safe-password.jpg" layout="responsive" width="2000" height="1125" alt="safe password">
</amp-img>
<img src="/blog-content/25/safe-password.jpg" layout="responsive" width="2000" height="1125" alt="safe password">
</img>

Keeping your account secure is vitally important to operate safely in online spaces. Your personal information, identity, finances, conversations, and more are all guarded behind (hopefully various) passwords across all your accounts and devices. While it’s easy to get complacent or employ bad practices, lapses in judgement can significantly increase the risk of at least one of your accounts getting compromised.

### Why make a strong password?

It's taken for granted that longer, more complex passwords are better than shorter, simpler ones. Intuitively, this is because we imagine that a longer password is harder to guess, but in reality, it’s slightly more complex.

“Guessing” a password in a cryptographic sense involves spam firing every possible combination of letters, numbers, and symbols. This is done with the fastest, most powerful computers available, and is by no means the most effective way to gain access to somebody’s account.

In fact, we recently wrote about a far more subtle way of obtaining account credentials in a previous article - Social Engineering: The Silent Killer.

However, if a malicious actor is dead set on breaking into your account in the most direct possible way, then they can simply start with the minimum number of characters the service allows, and systematically work through every single possible combination, adding a character only after all the other possibilities are exhausted.

In such cases, each single addition can add days, months, even centuries to the time it takes for even the fastest computers in existence to crack.

### What is a “strong password” anyway?

Today, websites are typically pretty transparent about displaying password strength, and many people even develop a natural sense for it. As a general rule of thumb, the more stuff you add to your password, the better.

Here are some things to keep in mind when trying to create a strong password, many of which will be a requirement on some sites.

-	Mixed Capitalization
-	Numbers
-	Symbols
-	Multiple Words
-	As many characters as possible

### Two-Factor Authentication

Ultimately, the most important thing you can do to keep any of your accounts safe is to enable two factor authentication. A hacker can’t access your account even if they have your password if they don’t also have your phone number, or email address. It can be tedious, but the reward from locking down all your accounts by tying them to your phone is enormous.

We’ll discuss Two Factor Authentication, what it means precisely, and the different forms it takes in a [future article](https://redact.dev/blog/what-is-two-factor-authentication), but for now, go check your account’s settings in whatever social media app you may be interested in, and enable it by following the instructions. 


Why is having a strong password so important?


<amp-img src="/blog-content/24/incognito-mode.jpg" layout="responsive" width="2500" height="1662" alt="incognito mode">
</amp-img>
<img src="/blog-content/24/incognito-mode.jpg" layout="responsive" width="2500" height="1662" alt="incognito mode">
</img>

Privacy has remained one of the most paramount topics across the globe, especially within the United States. In fact, emphasis on privacy can be traced as far back as 1890, in which two lawyers from Harvard Law School understood “the principle which protects personal writings and any other productions of the intellect or the emotions, is the right to privacy” in their article, “[The Right to Privacy](https://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html).” Even though those words were published well-over a century ago, many Americans still share the same sentiment. While politics has grown increasingly partisan, [a survey conducted by Morning Consult](https://morningconsult.com/2021/04/27/state-privacy-congress-priority-poll/) found that Democrats (86%) and Republicans (81%) overwhelmingly believed that Congress should make privacy a “top” or “important but lower” priority in 2021. In the same survey, nearly three-quarters (72%) of voters said Congress is responsible for regulating data collection. However, despite privacy remaining one of the most prevalent topics, certain privacy features, such as “incognito mode,” are often misunderstood.

## Incognito Mode in the Public Eye

Incognito mode is quite possibly one of the most well-known privacy functions available on the Internet. According to Elie Bursztein, a researcher from Google, [just over two-thirds of people (67%) knew what private browsing was](https://elie.net/blog/privacy/understanding-how-people-use-private-browsing/). Even though incognito mode certainly has name-recognition, it is not nearly used in the same capacity, and is often used under false preconceptions. In the same study, Bursztein discovered that only a mere 34.5% used incognito mode consistently, and among that same group of people:

- 54% use incognito mode to hide from the websites they visit
- 20% use incognito mode to hide from their Internet Service Provider (ISP)
- 16% use incognito mode to hide from people who manage their network

Unfortunately for those respondents, those are not what incognito mode is designed to do.

<amp-img src="/blog-content/24/incognito-window.jpg" layout="responsive" width="788" height="426" alt="incognito window">
</amp-img>
<img src="/blog-content/24/incognito-window.jpg" layout="responsive" width="788" height="426" alt="incognito window">
</img>

## The Misconceptions of Incognito Mode

To many, this screen should look familiar. It is the first window that opens when you launch incognito mode. While many forego this screen to search in what they believe to be “private,” they miss critical information that explicitly states that incognito “doesn’t hide your browsing from your employer, your internet service provider, or the websites you visit.”
When compared to the aforementioned statistics, it becomes evident that a majority of those that use incognito mode are completely unaware as to what it actually does.

## The Reality of Incognito Mode

Even though there are many misconceptions around incognito mode, it can still be a great tool for privacy purposes. More specifically, Norton, [an antivirus company](https://us.norton.com/internetsecurity-privacy-how-does-incognito-mode-work.html), emphasizes that incognito mode can:

- Delete cookies from the websites you access
- Keep your browsing history empty on your device
- Prevent third parties from collecting your data (e.g., your location)

Overall, to those who want to keep their digital footprint as small as possible, you cannot go wrong when using incognito mode, so long as you understand its true functionality.


The Truth about Incognito Mode


<amp-img src="/blog-content/23/twitter-privacy.jpg" layout="responsive" width="2000" height="1333" alt="twitter privacy">
</amp-img>
<img src="/blog-content/23/twitter-privacy.jpg" layout="responsive" width="2000" height="1333" alt="twitter privacy">
</img>

330 million people from around the world use Twitter every month. They post threads, send direct messages, and upload images tens of thousands of times a day. Before you do any of that, though, you have to agree to Twitter’s terms of service, and critically, [their privacy policy](https://twitter.com/en/privacy). Even though they may have agreed to it, many people haven’t read the terms or don’t know what’s actually contained in these agreements.

Twitter is very open about the fact that it gathers information on you from a variety of sources, and clarifying what this means is critically important for you to be safe and secure online.

### Freely Given Information

The first and most obvious thing Twitter takes is the information you give them yourself. This includes things like what you put in your bio, your twitter handle, your likes, tweets, retweets, photos, and more. Additionally, when you create an account, you let the platform have your phone number and/or email address.

Surprisingly (or maybe not) Twitter also admits to storing information sent through private DMs. This is limited to the conversation’s metadata, such as the participants, and what time messages were sent; however, no details about the contents themselves are gathered, other than a peripheral scan for abuse content.

### Received Information

Twitter receives more info on its users than you may realize. This is due in large part to how the internet is structured, but it’s still good to keep in mind. Here’s a short list of information Twitter collects about all its users that they don’t consciously consent to.

- Location
- Cookies
- IP Address
- Browser Type
- Operating System
- Referring webpage
- Pages visited
- Mobile carrier
- Device information
- Search terms

While this may seem scary at first, it’s good to keep in mind that a lot of this comes with the territory of being on the internet. If you’re worried about people knowing your location based on your IP address, [you can read about VPNs here.](https://redact.dev/blog/what-are-vpns-and-what-are-they-useful-for)

### What do they do with all this information?

Twitter reserves the right to disclose your information to a variety of people. They are quick to highlight in their Terms of Privacy that they work with Law Enforcement to prevent things like abuse material or malicious organization from festering on the platform, but the sharing goes a lot further than that.

When you use Twitter, much of your personal data is sold to advertisers. According to the platform, this is limited to things like engagement numbers, location, and “inferred interests” that they create based on all the other information they’ve gathered on you.

### How do you stop Twitter from farming your personal data?

We plan on detailing all the ways you can keep your digital footprint safe on Twitter in the near future, but deleting those old tweets lying around containing compromising information is a great place to start. Even tweets that seem innocuous will provide invaluable clues that reveal who you are, so you shouldn’t waste any time getting started.

To make your data more secure immediately, go to [redact.dev/download](redact.dev/download) today, and begin your journey to a clean online presence.


Twitter’s Privacy Policy in 2021


<amp-img src="/blog-content/22/doxxing.jpg" layout="responsive" width="2000" height="1335" alt="doxxing">
</amp-img>
<img src="/blog-content/22/doxxing.jpg" layout="responsive" width="2000" height="1335" alt="doxxing">
</img>

In warfare, nothing is more important than information. If one side uncovers their enemy’s information, they immediately gain an advantage that could be catastrophic to their adversary. This does not just apply to soldiers on the battlefield, however. A person’s information is just as important, even if they are an “Average Joe.” In fact, information plays such a critical role that, in the wrong hands, it could result in life or death.

Brian Krebs, a cybersecurity journalist, [had his information exposed and was a victim of a “Swatting” attack.](https://www.rcfp.org/journals/news-media-and-law-spring-2015/dangers-doxxing/) Swatting is when someone that has your information, particularly your address, and calls in a false emergency that requires the response of a SWAT team. While Krebs was safe in the end, some victims of swatting end up being killed. In one instance, a man named Andrew Finch was swatted for getting into an argument in a Call of Duty game and ended up being killed by one of the officers. But how did the people who initiated the swatting get their hands on Finch’s information?

### The Ins-and-Outs of Doxxing

Doxxing is a tactic that cybercriminals use in order to gather and store their target’s information. It can consist of information as general as a person’s name, address, and phone number, but it can also contain niche information, such as where that person attended elementary school. Any and all information that is accessible can be used against a victim of a cyberattack. This information is typically published somewhere that actively engages with exploitation and intimidation. For example, a cybercriminal that has your phone number from a published dox, which is the document containing someone’s personal information, could call you to harass, or even threaten you. As aforementioned, it could also result in much more severe outcomes.

### How to Prevent Being Doxxed

As stated before, information is critical to creating a dox. In order to prevent it from happening to you, there a few steps you can take to ensure that cybercriminals are unable to find a trace of you:

1.	Minimize data that is publicly available.
2.	Create strong passwords for your accounts.
3.	Enable Two-Factor Authentication on all your accounts.
4.	Browse the Internet safely; avoid clicking on anything suspicious.

While all of these are great and effective steps, the first one can be done quickly and easily using Redact. With Redact, you can delete thousands of messages on numerous platforms, a lot of which cybercriminals use to gather information for their dox, at the push of a button. Redact is available for download on Windows, MacOS, and Linux at [redact.dev/download](redact.dev/download).


Doxxing: Exposing Your Data to the World


<amp-img src="/blog-content/21/capitol-building.jpg" layout="responsive" width="2000" height="1334" alt="capitol-building">
</amp-img>
<img src="/blog-content/21/capitol-building.jpg" layout="responsive" width="2000" height="1334" alt="capitol-building">
</img>

As we recently outlined, Data Brokers in the United States have an unprecedented amount of information about every citizen in the country, their political beliefs, their location, their consumption habits, and more. Even though there are steps you can take to limit their grasp, one must wonder what legal protections you have as an American.

In short - there aren’t any. The United States does not have any single, comprehensive mandate protecting the privacy of its people. There are laws that dictate online interactions and even personal information; however, there is a lot of confusion and misinformation about what they mean and where they apply.

## Federal Privacy Laws

### The FTC Safe Web Amendment

In 2006, the [Federal Trade Commission Act](https://www.ftc.gov/enforcement/statutes/federal-trade-commission-act
) was updated to include internet based abuses with the [U.S. Safe Web Act Amendments](https://www.ftc.gov/enforcement/statutes/us-safe-web-act
). This amendment does not protect consumers from abuses of privacy - it only seeks to bring the already established market practices being enforced in traditional markets to online commercial spaces.

In some cases, this means that companies are required to disclose when data breaches happen, and that companies are required to make a good faith effort to keep any vulnerable information as safe as possible, but it does not make collecting, selling, or otherwise distributing otherwise publicly available information illegal in any way, shape, or form.

### Children’s Online Privacy Protection Act

COPPA, passed in 1998, imposes strict privacy regulations for children. Internet companies are not allowed to knowingly collect any personal information from any persons under the age of 13, which is why all Social Media platforms require their users to be older than that. This law is awesome for keeping kids safe, but unfortunately there’s nothing comparable for adults.

## State Privacy Laws

There are laws in a little less than half of the states in the Union that dictate practices related to data collection and distribution. Rather than summarizing each one individually, I’ll provide a list of every state that currently has consumer privacy protection, with a link to the relevant law for you to read.

The general summary is that most states that do have some protection just require there to be some sort of opt out feature. There are no laws outright banning data collection. For this reason, wherever you live in America, you have to always be diligent about keeping your information safe through constant action.

- [Arkansas](https://arkansasag.gov/consumer-protection/identity/security-or-data-breach/)
- [California](https://oag.ca.gov/privacy/ccpa)
- [Colorado](https://leg.colorado.gov/bills/sb21-190)
- [Connecticut](https://portal.ct.gov/Policies/Connecticut-Personal-Data-Act)
- [Delaware](https://delcode.delaware.gov/title6/c012c/index.html)
- [Hawaii](https://www.capitol.hawaii.gov/session2019/bills/HCR225_SD1_.htm)
- [Maine](https://www.mainelegislature.org/legis/bills/bills_129th/billtexts/SP027501.asp)
- [Maryland](http://mgaleg.maryland.gov/mgawebsite/Laws/StatuteText?article=gcl&section=14-3504&enactments=False&archived=False)
- [Mississippi](http://billstatus.ls.state.ms.us/documents/2020/html/SB/2500-2599/SB2548IN.htm)
- [Nebraska](https://nebraskalegislature.gov/laws/browse-chapters.php?chapter=20)
- [Nevada](https://www.leg.state.nv.us/App/NELIS/REL/80th2019/Bill/6365/Overview)
- [New Mexico](https://www.nmlegis.gov/Sessions/19%20Regular/bills/senate/SB0176.pdf)
- [New York](https://www.nysenate.gov/legislation/bills/2021/s6701)
- [Oklahoma](https://www.billtrack50.com/BillDetail/1274708)
- [Oregon](https://www.doj.state.or.us/oregon-department-of-justice/oregon-doj-privacy-policy/#:~:text=ORS%20192%20contains%20the%20Oregon,telephone%20number%20under%20certain%20circumstances)
- [Tennessee](https://www.billtrack50.com/BillDetail/1197630#:~:text=As%20introduced%2C%20enacts%20the%20%22Personal,and%20criminal%20offense%20for%20violations)
- [Texas](https://capitol.texas.gov/tlodocs/86R/billtext/pdf/HB04518I.pdf)
- [Utah](https://le.utah.gov/~2021/bills/static/SB0200.html)
- [Virginia](https://lis.virginia.gov/cgi-bin/legp604.exe?212+sum+HB2307)
- [Washington](https://aboutblaw.com/V1b)
- [Wisconsin](https://docs.legis.wisconsin.gov/2019/proposals/ab870)


Privacy in the United States in 2021 - What are your rights as a citizen?


<amp-img src="/blog-content/20/puppetmaster.jpg" layout="responsive" width="2996" height="2000" alt="puppetmaster">
</amp-img>
<img src="/blog-content/20/puppetmaster.jpg" layout="responsive" width="2996" height="2000" alt="puppetmaster">
</img>

When one thinks of a cyberattack, the typical assumption is one thing: a virus. Whether it be ransomware or a Trojan Horse, it is always inferred that some sort of malware has infected your computer, effectively “hacking” it. Social engineering, however, entirely subverts that expectation.

While the traditional “hacker” channels their technological prowess through elaborate scripts or programs, cybercriminals that utilize social engineering, or “social engineers,” take a much different approach. In fact, the methodology behind social engineering is ominously simplistic. Instead of manipulating technology, social engineers manipulate people themselves. Norton, a popular antivirus company, breaks down the process that a social engineer would take when attacking a victim in the following steps:

1.	**Preparation**: The social engineer gathers information about their victims, including where they can access them, such as on social media, email, test message, etc.
2.	**Infiltration**: The social engineer approaches their victims, usually impersonating a trustworthy source and using the information gathered about the victim to validate themselves.
3.	**Exploitation**: The social engineer uses persuasion to request information from their victim, such as account logins, payment methods, contact information, etc., that they can use to commit their cyberattack.
4.	**Disengagement**: The social engineer stops communication with their victim, commits their attack, and swiftly departs.

As you can see, a victim’s personal information is vital for a social engineer. It is the foundation that they need in order to advance their cyberattack. While the effects of social engineering can be devastating, as your accounts can be compromised and potentially never returned, there are ways that this can be prevented.

1.	Avoid clicking suspicious or unrequested links
2.	Enable two-factor authorization on all of your accounts
3.	Use passwords that are not easy to guess.
4.	Avoid oversharing information online.

Redact can make preventing a social engineering attack very easy by deleting what a social engineer is looking for: information. By using Redact, you can delete your posts and messages on various social media sites, ranging from popular platforms such as Twitter, Facebook, Discord, and more. To get ahead on your online security, download Redact at [redact.dev/download](redact.dev/download).


Our cat diaries

What is Two-Factor Authentication, and why is it important? • 2021-09-03

How to hide your home from Google Maps in 2021 • 2021-09-02

Why is having a strong password so important? • 2021-09-01

The Truth about Incognito Mode • 2021-08-31

Twitter’s Privacy Policy in 2021 • 2021-08-30

Doxxing: Exposing Your Data to the World • 2021-08-29

Privacy in the United States in 2021 - What are your rights as a citizen? • 2021-08-28

Social Engineering: The Silent Killer • 2021-08-27