Basic Defense Tactics: 3 Steps to Begin Reclaiming Your Autonomy

The "Good Enough" Standard

We've looked at the broken foundation. We've audited the platforms. We've seen the data being harvested.

Now, the temptation is to panic. To think, "I need to learn Linux, buy a Faraday cage, and never use the internet again."

Stop.

That is not the goal. The goal is Data Sovereignty, not isolation. You don't need to be a cybersecurity expert. You just need to be better than the average user.

In security, we call this the 80/20 Rule: 20% of the actions you take will block 80% of the threats.

I spent years building systems that were "perfect" on paper but failed in the real world because they were too complex for humans to use. The best security is the security that actually gets used.

Today, we are going to execute that 20%. This is your Family Defense Plan. It takes about 30 minutes. It requires no coding skills. And it will make your family significantly harder to track, hack, and manipulate.

Step 1: The "Keys to the Kingdom" (Passwords + MFA)

The single biggest vulnerability for 90% of families is weak, reused passwords. But it's not just about a hacker guessing your password.

The Reality of Modern Cracking: Hackers don't just guess one password at a time. They use Credential Stuffing. When massive companies get breached (and they do, constantly), hackers steal millions of accounts. They then run automated scripts to try those same email/password combinations on your bank, email, and social media.

Rainbow Tables: Even if your password is hashed, attackers use pre-computed tables to crack weak passwords in seconds.
The Risk: If you use "FluffyDog2024" for your email and your bank, and the email gets breached, your bank is compromised in minutes.

The Fix:

Get a Password Manager: Stop using "Password123" or your dog's name. Use a dedicated manager like Proton Pass or Bitwarden.
- Why: It generates random, complex passwords for every site. If one site gets breached, the attacker gets a useless string of characters, not your real password. This is much more difficult to crack.
Enable Multi-Factor Authentication (MFA): Turn this on for everything.
- The Hierarchy of Security:
  - Something you know (Password): Weak. Can be stolen or guessed.
  - Something you have (Authenticator App or Hardware Key): Strong. Requires physical possession of your device.
  - Something you are (FaceID/Fingerprint): Convenient, but often used instead of a password, not as a second factor.
- Crucial Detail: Use an Authenticator App (like Proton Authenticator, Authy, Raivo, or Bitwarden) or a Hardware Key (YubiKey). Avoid SMS text messages for MFA if possible, as SIM swapping is a growing threat.

The Win: Even if a site gets breached, your accounts remain much safer because your password is unique and your second factor is in your hand, not on a text message.

Step 2: The "Browser Hardening" (Stop the Tracking)

Your web browser is the primary window through which companies watch you. By default, Chrome and Safari are configured to let trackers in.

Switch to a Privacy-First Browser:
- Firefox: Highly customizable. Install the uBlock Origin extension (the gold standard for blocking ads and trackers).
- Brave: Built-in tracker blocking, zero setup required.
- DuckDuckGo: Good for mobile, simple and effective.
Disable Third-Party Cookies: Go into your browser settings and block "Third-Party Cookies." This stops advertisers from following you from site to site.
Clear Your Cache: Do a one-time "nuclear option" clear of your browsing data (cookies, cache, history) to wipe the slate clean before you start fresh.

The Win: You instantly reduce the amount of data being collected about your browsing habits by 80%+.

Step 3: The "App Audit" (Permission Hygiene)

Your smartphone is a surveillance device. Every app you install asks for access to your camera, microphone, location, and contacts. Most of them don't need it.

The "Value Add" Question: Before granting permission, ask: "Why does this app need this?"

Does a Calculator need your Location? No. Deny it.
Does a Game need your Contacts? No. Deny it.
Does a Weather App need your Microphone? No. Deny it.

The "Just-In-Time" Strategy: Some permissions are required for the app to function (e.g., a Maps app needs location while you are using it). But do they need it all the time?

iOS/Android Setting: Go to Settings > Privacy > Location. Change "Allow" to "While Using the App" or "Ask Next Time."
The Labor Trade-off: Yes, you might have to tap "Allow" one more time when you open the app. But this prevents the app from tracking your movements in the background when you aren't using it. This is the difference between a tool and a spy.

The Win: You starve the data brokers of the raw material they need to build your profile.

The "Family Talk": How to Explain This to Kids

You've done the technical work. Now, you need to talk to your kids. But don't scare them. Frame it as empowerment.

The Script:

"You know how we lock our front door at night? We don't do it because we're scared of monsters. We do it because it's smart.

The internet is like a giant city. Most people leave their doors open. We're going to lock ours. It's not about hiding; it's about owning our stuff.

From now on, we don't just download apps. We check what they want. We don't just click 'Accept.' We ask 'Why?'

You are the boss of your data. Not the app. Not the company. You."

The Lesson: Teach them that privacy is a boundary, not a secret.

The "Good Enough" Mindset for Neurodivergent Kids

For neurodivergent kids, the "Audit" step can feel overwhelming. Don't make it a complex checklist. Make it a rule.

The Rule: "If the app doesn't need it to work, we say no."
The Visual: Show them the permission list. "See this? The game wants your microphone. Does a game need to hear you? No. So we turn it off."
The Reward: "Every time you catch an app asking for something weird, you win a point. You're the security guard."

Why Rules Work: ND kids often thrive on clear, binary rules. "Deny if not needed" is easier to apply than "Evaluate the risk."