Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How do I make sure my non-technical parents are safe online?
324 points by nellypat 20 days ago | hide | past | web | favorite | 207 comments
I don't want them to become victims of phishing, hacking, ... any ideas? Any ideas how I could prevent these?



I work for a phone company, Community Phone, whose majority customers are seniors. We periodically check in with our customers over text message (helping make sure they achieve their goals, like using Uber, or whatever... which is our business: to enable an improvement in overall quality of life via phones, rather than phones in themselves). As a result, many of our customers FB message/call/email/text us as a sanity check any time they receive solicitation online. It's a service we happily provide, but it does require them to reach out to us, as opposed to us knowing when to intervene. Other than that, I will be monitoring this thread very closely for more general and automated solutions. Thanks very much for asking this question.


I've never imagined a phone company that aims to improve overall quality of life using phones, rather than just providing mobile service, fascinating to think about.

Are customers able to opt out of additional support and if so do any choose to?


I imagine it's not the cheapest phone company due to the additional service, so if you're not using it, you might be wasting money.

In any case, I think it's good that there are phone companies that compete on quality service rather than price, and specialised service for a specific demographic makes a lot of sense.


You don't have to imagine! We're $15 a month for unlimited talking and texting, and each gigabyte is $5. Or in other words, we beat Google Fi by $5. Support is our marketing budget, and it works rather well :)


This sounds like a very useful and safe service; thanks for providing it!


I am not sure how this will work between "a company & a customer". But I would like filter my parents SMS, so that they can see messages from known & trusted contacts, while I can ensure that the messages from unknown sender is not spam. 95% of unknown senders are spam.


That pesky 5% can be really pesky though. Though if they naturally resort to POTS, like I would suspect, I have seen that compensate for potential shortcomings.

In the same way that a speech recognizer with 99% accuracy sounds amazing, and is a great technical achievement, is all the while still really hard to use if it misses 1 out of 100 phonemes...


This is amazing... Great work.


The number one thing you can do to help them is talk to them about being conned / scammed. That's by far the most likely way for them to get victimized online, and the only way that's seriously affected anyone I know.

Since they're not technical, their natural self-defense against this kind of this has trouble functioning online. Talk to them about real world analogs to pop-up ads that look like virus scanner alerts, talk to them about people pretending to be someone they know. Hell, show them the movie "Catch me if you can" and explain the same psychological tactics get used online.

Get them to consider "what do I really know, and is this too good to be true" before they talk to anyone, click a link, or buy anything online -- and they will be fine, if their judgement is otherwise unimpaired.

If they're very late in life, or otherwise have trouble with this kind of thing in the real world, there is unfortunately not much you can do to help them, other than force them to only use pre-installed apps on a tablet that you've selected, like you might with a small child. If they're not willing to do that, then it's unfortunately on them. I've had this experience both with my grandfather and a friend who lives with a brain injury, who are responsible for themselves but don't have the judgement necessary to realize how impaired they are.

And of course, make sure the computer is auto-rebooting to get updates, and they know to call you if they get a virus / malware popup they think could be real.


Based on my father and grandmother's interactions, suggesting they call if ever in doubt can be a big help. What saved her from the fake Microsoft support scam was her calling him to ask if she should go to someone cheaper to help with the non-existant issue.

Offering to do her taxes prevented some other scam. Although that did require flying out annually due to being so disorganized.


> Based on my father and grandmother's interactions, suggesting they call if ever in doubt can be a big help.

However, do understand, that this can lead to the opposite effect of constantly calling on every little thing leading to them becoming even more dependent on you.


Better dependent on you than losing their life savings to a scammer.


After hearing about them getting scammed several times I finally had my parents agree to contact me before they are paying for anything online unless it's on Amazon.


Yes


Also, tell them to be suspicious of email links that require them to log in. If "PayPal" sends an email saying you need to change your password or log in for some other reason, teach them to go to type paypal.com in the browser themselves instead of clicking the link.


Absolutely, repeat this a bunch of times even at the risk of being a bit annoying. It's worth it. Make that point. Anyone asking for your password or other sensitive info is very likely a fisher (aka a thief).


Well, they may or may not be a fisher, but they are almost certainly a phisher.


Show them some Kitboga videos. He actually will imitate an elderly woman to mess with the scammers. It shows how the scammers work and could be educational... and entertaining.

https://www.youtube.com/watch?v=f-j12NvUwhw


I guess the scammers have a larger market due to the internet, but someone who has lived must have been exposed to scams many times in their long life!?


The problem is twofold, they don't have a good mental model of online interactions, and older people become more susceptible to deception as cognitive function declines.


This just almost happened to me and my family. My parents are pushing 70 but still try to keep up with things. My father decides he wants to call PayPal regarding a return request from eBay. I'm in the room and "PayPal" tells him they need to go to a secure line and he needs to download an app. That's really strange I think, but generally scams are from phone calls to you, not you making the call. So I remain skeptical but don't immediately act. They want him to install TeamViewer which is for remote access. I search online to see if PayPal legit does this, nothing comes up. As the obvious over seas person with a thick accent says "oh is this your bank account?" I rip the phone out of my father's hands. End call, turn off data to end TeamViewer session. Need to turn on data to uninstall it (seriously Android?). Then proceed to have him show me where he got the number. He had searched Google for "phone number for PayPal". Somehow, someone got an ad at the top of that list. So he clicked the ad, not realizing that he's not on PayPal's site. Thank God I just happened to be in the room while on vacation (I live in another state now) when this happened, but what to do moving forward? He actually uses a completely separate bank account for PayPal but he still had a lot of money in there.


I think installing an AdBlocker is one of the first things I do when asked to help someone. While I understand and regret the impact on people's business models, it seems to really mitigate issues for those less tech-savy (anecdotally that is). Something like uBlock Origin or the like might be a good idea to avoid this issue.


I install Privacy Badger and uBlock Origin for my Mom's computer. I also showed her how to disable them temporarily if a site isn't working as she expects.


I find, after some testing, that Privacy Badger has quite some impact on the speed with which pages load, think around 1 second in some cases, which I find a lot. I therefore recommend against this setup, which I have run for months now, after finding out about the performance impact. Instead I'd recommend using Firefox with its built-in blocking and adding ublock origin to that.


We've installed an ad-blocker and PrivacyBadger, and have remove administrative privileges for most older members of the family. All have been instructed in how to disable those two add-ons when there's a need for it.

So far, there's been no major incidents, as the ad-blocker filters out most of the crap on-line, and the lack of administrative privileges prevent the less knowable users from doing something dangerous.


Babysit them more. Locked down account so they can't install stuff, better yet Linux so random stuff from the internet or malicious email attachment have a very high chance of not being for their platform.

And then just train them to forward any email that they can't identify as scam themselves right away to you.


that actually happened to me trying to find a human to talk with at Yahoo.

it was kind of hilarious to "hum-hum" my way through his instructions on how to install TeamViewer on Windows. obviously it failed at some point as I wasn't able to keep the pretense...

there are entire call centers dedicated to those scams, it's kind of scary.


Keep them offline. Get them smartphones, preferably iOS. Educate them about scams.

My parents still conduct the majority of their personal business offline, and though I have scoffed at this in the past, it makes more sense for them and also keeps them safe. Their bills come in the mail, and its not uncommon for them to go to a department store and pay the bill for that chain's credit card in person. They meet with their financial advisor in person at their house, and it's someone they've worked with for decades. They keep all of their important documents (social security cards, birth certificates, passports) in a safety deposit box at a local bank. All of their insurance agents are local, and they meet with them at their cluttered, homey offices. They call the hotlines for their primary credit cards fairly often, and listen for fraudulent charges.

Their online experiences are mediated through things like Facebook. They get e-mail, but I have them set up to use smart clients that filter out the most pernicious stuff. If they think something sounds fishy, they will ask me to look at it for them. Any digital documents (airline tickets, hotel reservations) they want to save go to both the Apple Cloud (which they can occasionally do, though I have to help) and to the printer so they can keep records.

The only downside of this is the sheer amount of mail they receive, and the difficulty of finding hard copies of documents despite their best efforts to file things. Even their mail is somewhat protected, though, as they live in a gated retirement community.


> Get them smartphones, preferably iOS

As much as I dislike Apple and their ecosystem, iOS is the way to go. But I went with tablets over phones, just for practicality with browsing and such.

With an iPad (as opposed to an Android tablet) I don't have to worry about them installing some fake app. It also helps a that anyone can figure out iOS (although it has gotten more complex over the years).

I've also installed Pi-hole at my parent's house. Not just to protect them from misleading stuff, but also because overly aggressive ads can be very confusing. I've once had my mom tell me her tablet was broken, because she couldn't visit the news, it turned out to be a giant overlay ad that she couldn't figure out how to close.

Lastly, I have migrated their ISP based email account (dating back to the early 90's) to a gmail inbox so they can benefit from the (mostly excellent) spam and fraud detection features of gmail. Their ISP offered no spam detection at all. It still uses the same email address though, I just routed it through gmail.

The government here in the Netherlands ran some great TV commercials instructing you to hang up the phone and call back if you got a call that you didn't trust. And another TV commercial on how to check the URL and certificate if you are on your banking website. I'm very grateful for that, it already saved my dad once from a phishing attack.


> With an iPad (as opposed to an Android tablet) I don't have to worry about them installing some fake app.

Ohhh you would be surprised of the amount of fake apps on iPad!!

I know an old couple who burned a good amount of money on their new iPad trying to install some app they knew from Android (something not available ipad, I think it was WhatsApp).


After countless majestic infections in his laptop, restricting my dad to only using a large iPad pro (with a keyboard) has saved me countless hours of maintenance.


This was my attempted solution. It works ok, but my father falls for just about every phone scam.


The first two sentences don't make sense. By nature, a cellphone lets you ALWAYS be online. Unless you're talking about totally stripping every online app, including web browsers.


Keep people offline by getting them smartphones? What?


Keep them offline... (for the most part).


Honestly, while getting phished and hacked are big issues, I would also worry about them being sucked into social media bubbles where they could start latching onto conspiracy theories, fake news, and the like. It was not too long ago where their generation believed it was a bad idea to believe anything on the Internet. I'm not sure what changed. I have seen my own parents fall suspect to that stuff now and then, so it does scare me.


Advice I could have used five years ago. I don’t even know how to talk to my parents about current events/politics now because we don’t share a common base of facts.


The hardest part of broaching this problem is learning to accept that, as a percentage, you're probably just as wrong about the facts as your parents are. Everyone likes to think that it's only "those people" who are foolish, subject to conspiracy, or other negative descriptors. Statistically, that's just not realistic. And even if you're 100% right, approaching people with the humbleness of assuming you're 80% wrong will allow you to have better conversations.


> you're probably just as wrong about the facts as your parents are.

It depends on the subject. If you believe that climate change doesn't exist, that we never went to the moon or that the earth is flat, you are just plain wrong and I am right.


Perhaps broach the fact that social networks are really just advertisement delivery networks, and that they found that partitioning audiences by interests let them sell you for more money.

Try opening an incognito tab and search for flat earth on youtube, and then see what videos that window gets recommended, if they don't believe you.


One usually _wants_ to stay where one feels comfortable. Human nature. Whether one realises one's in a bubble will only rarely change that.


Why not sit and carefully investigate the differences together? You are a family after all.


The difference that social media has made is that now their good friend/favorite cousin is saying the thing, not some random person on the Internet, even if it is something some random person on the Internet originally said for whatever nefarious purpose.


It was an earlier generation, but my grandfather, who was a respected scientist in his field, fell victim to "Fox geezer syndrome" in his final years. I have no idea how much money various Fox-adjacent advertisers scammed out of him.

Fortunately, my parents have never had much interest in Facebook, preferring to socialize with real friends in real life. They have their own bubble to some extent, but it's way less toxic than any online version.


> I have seen my own parents fall suspect to that stuff now and then, so it does scare me.

I think their generation has been influenced by our generations that really started using the internet and got it into every part of our lives. Sometimes I start falling for the conspiracy theories and have to check myself, and they don't have experience with the insane social media machine that exists now but didn't exist during their time.


Very true. I forget that parents were the original harbingers of the danger of the web and now, IMHO are the prime target for fake news and click bait.


Damn, I see my mum sharing all sorts of right-wing stuff on social media that is obviously fake news designed to spread virally. People are allowed to hold whatever political views they want, but the stuff she's sharing is obviously designed to enrage and cause itself to be spread.


Maybe she knows that?


My no. 1 thing is to always install and ad blocker in their browser. uBlock does a pretty good job of getting rid of all the fake download buttons and pop-ups.

And tell them explicitly that if their computer tells them they have a virus, they must not try to do anything about it and call you immediately. 99% of the time it's a fake pop-up and they don't want to look stupid so they follow its "friendly instructions" to "get rid of it" and end up making a mess.

Other than that, take away their admin privileges, set up 2AM auto-updates (or manual, if you're there often) and tell them to only store personal files in one specific directory, which is synced to something with CoW or daily backups (and then also sync the desktop just in case).

As for e-mail, I set up my grandparents with one e-mail for people they know and a gmail for everything else (like website registrations). That way, the personal address never* gets any spam.


That is until websites started detecting adblockers and refusing access to their site.

My mom called me because her tablet was broken, it turned out the news website had a giant overlay with some heartbreaking story that they relied on ad sales and due to her evil actions, they now had to lay of people. I whitelisted the site and it worked for a day or two, then my mom called me again that her tablet was still broken. This time that same news website had an overly aggressive full-page overlay ad that she couldn't figure out how to close. A third time she called me her browser kept crashing because the news site was attempting to load multiple MB of JS and video ads.

For my parents it's ads, not scams that cause the most problems.


uBlock Origin[1] is a good idea. Not only does it get rid of potentially harmful ads, it also blocks malware/badware websites. I'd recommend enabling all filter lists under "Malware Domains."

Edit: HTTPS everywhere[2] could also help prevent attackers from redirecting you to their fake "You have a virus!" website.

[1]Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...

[2]https://www.eff.org/https-everywhere


what is CoW?


Copy on Write, presumably to save them from crypto-locking ransomware. https://en.wikipedia.org/wiki/CryptoLocker


Its the backups that save you from crypto malware.


True, but I have yet to find a reason to prefer full (or even incremental) backups over CoW. Full backups are just too big and slow, and good reliable open-source and cross-platform incremental backup software is hard to find.

I've found using Syncthing for Client-->NAS-->Off-site with BtrFS snapshots on both servers to be just perfect (of course, YMMV).


> good reliable open-source and cross-platform incremental backup software is hard to find

I've been using rsnapshot for at least a decade, and it's available wherever perl and hard links are available (which isn't windows, at least pre-WSL).


Here, I found this by searching for "cow file sync":

https://en.wikipedia.org/wiki/Copy-on-write

>Copy-on-write (CoW or COW), sometimes referred to as implicit sharing[1] or shadowing,[2] is a resource-management technique used in computer programming to efficiently implement a "duplicate" or "copy" operation on modifiable resources.[3] If a resource is duplicated but not modified, it is not necessary to create a new resource; the resource can be shared between the copy and the original. Modifications must still create a copy, hence the technique: the copy operation is deferred to the first write. By sharing resources in this way, it is possible to significantly reduce the resource consumption of unmodified copies, while adding a small overhead to resource-modifying operations.


Copy in write i guess


Also tell them about phone scams. Over the last year I have received several very convincing phone calls and voice messages from people pretending to be the IRS or cops. It takes a lot of willpower to convince yourself that they are scams.

A lot of scams can be stopped if you consult with someone before sending actual money. I think it's important to tell your parents that before they give anybody any money or account numbers or buy gift cards (a lot of scammers make people buy gift cards and then give them the number) they should talk to you first. And tell them that there is nothing legitimate that ever requires you to pay NOW. Scammers are really good at pressuring people to act immediately instead of asking somebody.


Last time I was home visiting my parents I was astounded by the number of scam calls they'd get per day. Their landline was basically unusable for incoming calls because 90% of them were scammers. And they're obviously targeting older people who by nature respect/trust authority figures: "This is the IRS!" "This is the police, you're in trouble!" "I'm with Microsoft!" "This is the State Department, we need to talk about your passport" (that one was new to me). Scam texts too on their mobile phones.

The key thing people (not just the elderly) need to understand is that NOBODY LEGITIMATE will make initial contact with you over the phone or over SMS. The IRS will mail you. The police will knock on your door. If someone you don't know contacts you over the phone, 99.999% of the time it is a scam or they're selling something. Once you internalize that, you're well on your way towards avoiding being a victim.


> The key thing people (not just the elderly) need to understand is that NOBODY LEGITIMATE will make initial contact with you over the phone

My experience has been very different from yours. I've absolutely had financial institutions make unexpected phone calls to me and asking me security questions. In just the last year:

- Someone claiming to be Mastercard phoned me and asked to first verify my name and address. I was 99% sure it was a scam, but I had just enough doubt and curiosity that I called Mastercard back at a known number and it turns out that they were indeed trying to decide whether or not to block a large purchase I had made.

- Someone from the bowels of the check-clearing department of my business bank account called to verify whether or not to pay a large check I'd written to an individual.

- My regular bank called me out of the blue to check on an incoming wire transfer that had my middle initial although my bank account was set up without a middle initial, and they wanted to verify this before accepting the transfer.

In each case above, the call was from a phone number that I didn't recognize (and were un-googleable because they were internal numbers), from a person I didn't know, and the conversation started by them asking me personal or security-related questions! But they were all legitimate calls, and in fact would have caused me grief had I ignored or refused the call.

Financial institutions contribute to the mess by having poor telephone security practices themselves. They also send emails with links they want you to click on to sign in and they invent all sorts of domain names for various services/surveys/emails that bear no relation to their main domain name.


My in-laws got hit by an absolutely ridiculous phone scam. Basically some guy called and said "Hey this is Apple, this is an emergency, your iCloud got hacked, you need to install this remote desktop software and give me your credit card info so I can fix it for you". They are smart people but they still fell for it. So, the advice we gave them was that no organization is going to use a phone call to deliver important or urgent information. So if a call like that comes in, just ignore it or ask for a call-back number and then try to verify it by asking us. If a company or government agency truly wants to convey important info to you, they'll send mail.


> ask for a call-back number

Better to just call their main support line. Most likely they’ll never have heard of ‘some guy’ and they’ll tell you your iCloud is just fine.


They often have call back numbers from what I have heard.


Yeah, you have to verify the number through an independent system.


> They are smart people but they still fell for it.

If they fell for that then they're not very smart.

Would a smart person fall for it if a random hobo turned up at their door and claimed to be Jesus, but BTW he really needs you card and pin for 20 minutes, oh and $500 in cash as well!

.....


Everybody has blind spots or moments of weakness. Scammers get a lot of practice and everyone could fall for a specific scam.

Assuming people aren't smart because they fall for a scam doesn't do them justice and it shows a lack of empathy on your part.


This is so true. My father is getting closed to getting conned now.

I tell him that no matter who contacts him and how (could be the government, IRS, bank, and could be phone, or email or a door knock) he should politely end the contact immediately.

Don't listen to what they have to say, don't give them a single shred of information - not even his name or address or anything.

If he is really convinced it's something legit, HE should initiate contact with whoever they said they were - find THEIR phone number or website and contact them and ask.

That way at least he can be sure he knows who is on the other end.


The IRS scam has been particularly interesting. A wave of them came through our area code, so I convinced a friend to let me talk to the scammers when it came to his phone. They had ${friend}'s name and address associated with the number, and got mad when I said (truthfully) "that's not me". I'm still curious what datasource they're using to match those three bits of information together...


> I'm still curious what datasource they're using to match those three bits of information together...

A phone book?


Some of the scams have the caller actually pretending to be YOU. So if they have the agreement to consult with you before sending any money, what are they going to do?


I would hope that my parents could tell me from another caller :-)


I believe the standard strategy here is to say you've been in an accident, you're in the hospital while traveling, your jaw was broken, and that's why you sound different. Or you're having the nurse call them. Something to explain why your voice isn't what they expect.


This happened to my grandmother a few years ago, with somebody claiming to be me. Purportedly, I had broken my arm in Spain, and needed money for surgery. Fortunately, she had the good sense to call my parents and find out if I was actually in Spain.


Its a friend of you, who is in hospital too. And they need money and even more consent for emergency operations.



Maybe this is off-topic, but everything I know about personal security I learned from my mom. She gets spam calls like we all do, claiming to be health insurance or the IRS or something, and she'll always hang up, look up the right phone number, and call that back and see if there really is anything going on. Same with emails, she doesn't click links but instead goes to the website independently and logs in there. She taught me that if it's actually your health insurance or credit card company calling, they'll already have your information, so asking for your SSN or address is a red flag.

She's "not technical", which means she's a librarian instead of a software engineer, but she still knows much more than me about online security, and I'd bet most of our parents are kinda the same. She "runs" an iPhone and a Chromebook, which I think is the best setup for most people.


> She's "not technical", which means she's a librarian instead of a software engineer

Funnily enough, librarians are some of the most computer-savvy people I know. I wouldn't be surprised if your mother's "librarian training" of recognizing bad information and tracking down good sources is a big part of what makes her that good at navigating the net.


There are some phone numbers where you have to pay to call them, and so there is a current scam where you call people just to get them to call you back, and you'll have to pay.


I think he meant the mother would lookup the actual phone number in the yellow pages and call that number.


My mom doesn't know that her gmail and yahoo emails are different. I promise she's not more online security literate than HN readership on average.


> ...I'd bet most of our parents are kinda the same.

Haha, I am 100% sure that this is not the case.


I'm really surprised at the replies in this thread, some are almost patronising.

Parents might be old, but they're not dumb. People underestimate older people.

Obviously there are some vulnerable adults that need a helping hand, I get that, but try just talking and teaching, it works wonders.

The key is patience really.


>Parents might be old, but they're not dumb. People underestimate older people.

They aren't dumb, but many in that generation are willfully ignorant.

There was a great article in the NYT recently titled "Why high class people get away with incompetence":

https://www.nytimes.com/2019/05/20/science/social-class-conf...

If you've gone your entire life being able to bluster away criticism or force someone to do things for you ("delegate"), it can lead to a type of person who is not teachable, and when they inevitably suffer a breach will blame everyone but themselves.


It's not about parents being dumb. Some of these attacks are very manipulative and convincing.


You say that but there's mounting research that we get more susceptible to financial scams as we age, especially in retirement years when we have the most money and make the juiciest targets.

NPR ran a series last week on the topic that was fascinating and deeply concerning [0]. It's not something you should just dismiss out of hand when we're just now starting to learn why your intuition might be wrong.

[0] https://www.marketplace.org/collection/brains-losses-aging-f...


Yeah, well. A colleague of mine is an historian, in her early 50's I think.

For three years now she has been taking notes in her small notepad of the four same shortcuts: ctrl-A, alt-tab, etc. She still doesn't get attachments and doesn't understand the differences between a zip file and a folder (I blame windows but still...).

I think she's good at her job (research and producing articles) but she isn't catching up with the tech.

The struggle is real.


I think part of the problem is rote memorization rather than learning concepts.

(Eg: maybe if someone learns about the context of a "task switcher" and "shortcut" they could be taught how to search for 'task switcher shortcut windows'.

Instead we train users to treat keyboard shortcuts like magical incantations. I don't think that does a service to users of any age.


She's a knowledge worker, highly paid and was in her 20's when computers became ubiquitous.

Her education, the job she's supposed to do... it's like a carpenter who don't want to learn about electric screwdrivers.

As soon as you try to get a bit more general: “Ctrl-A works in any applications or folders or anything with multiple items... it allows you to select everything at once.” She shuts down and gets back to her task of writing stuff.

The thing is: computers aren't magical enough yet for that kind of user.


>The thing is: computers aren't magical enough yet for that kind of user.

Isn't it the other way around? Ctrl+A does nothing on my machine, because I haven't set it up to do anything.

I think the problem is that most OS's were designed with programmers in mind, then have had a kind of 'user-friendly' face lift pasted over fundamentals that have remained more or less the same. I can see why non-computer people don't want to deal with that - you engage most of the time with the user-friendly mask, but it's fundamentally incoherent and inconsistent, since it's just a mask, implemented half-heartedly, by programmers who don't use it.

Ctrl+A is basically just an incantation. When people are presented by a bunch of incantations with no logical consistency, by a machine they aren't interested in, it's unsurprising they learn the bare minimum.


> Isn't it the other way around? Ctrl+A does nothing on my machine, because I haven't set it up to do anything.

Is that trolling ?

Dude... she's not banging some Perl in emacs... She's writing words in Microsoft Word running on a Windows like a gazillion of people do in the 9-5 workforce, with the occasional excel spreadsheets and file manipulations in explorer.

Ctrl-a, ctrl-c, ctrl-v everywhere, all the time.

It has been for 30 years. The fact it has no logical consistency (although I am pretty sure ctrl-all is a good candidate) it's not an excuse to forget about it everyday. Does she forget where the brake pedal is in her car ?

I am dev. I know computers are voodoo and run on magic.

But it's not a reason to forget how to turn it on every morning.


It's not about age, it's about experience and trust.

My grandfather had an interest in technology, experience in how to use UI's, and used a computer on a almost-daily basis since the late 70's up until his death a few years ago. He never had any issues telling ads/fake popups from actual system messages and so forth, and he was quite comfortable using a computer on a rather advanced level.

Some younger relatives, on the other hand, have barely touched anything without a touch interface, can't really use a web browser properly, and is pretty much limited to whatever apps they can install. They solely rely on iTunes Store/Google Play to screen stuff for them and blindly trusts anything they install from a trusted source.

If I had to choose a scamming victim from those two categories I'd go with the younger, less experienced ones.


Just because they have problems with computers and computer-mediated technology, doesn't mean they're dumb. Lots of wisdom there. But, unfortunately, most electronic means of communication are very poorly matched to how older people have interacted with others all their life. You can believe they are very smart, and also believe they need to interact with electronics/computers/internet resources in a different way than works for the sort of people who comment in HN.

Of course, it varies depending on the person. Most often, the most reliable way of determining if an older person is comfortable with computers is to ask them. Those that find it difficult to make good decisions about passwords/phishing emails/security updates/etc., are more than willing to admit that they aren't great with computers.


Not dumb? I couldn't explain simple games like flood and untangle[0] to my grandma. She can drive a car, do online banking (learned 10 years ago), memorize facts, but any new logic seems to be beyond her or at least extremely slow. I don't know how I'll ever explain the concept of fake download links which are not memorization but I guess something like pattern recognition.

[0] https://www.chiark.greenend.org.uk/~sgtatham/puzzles/


For the most elderly, tech is dark magic. They simply don't want to understand and reject the idea of using it. If they are forced to use it to survive in this modern world, they really need to have the protection of our generation. It is sad but true. We all have parents, we all want them to understand but they simply don't want to.


Libertarian core value meltdown detected. Reality intrusion isolated, injecting idealism to stabilize ideology in 3-2-1


Can recommend Chromebook from personal experience.

Auto-updates painlessly. Probably worth getting one with touchscreen and ability to run Android Apps. I've just updated my mum's one to Acer Chromebook R11 CB5-132T (old one was no longer getting updates after c. 5 years)


Chromebooks are great, but there is certainly still some risk if extensions are enabled. My daughter was having problems with her Chromebook, and I found that a bunch of shady extensions had been installed (I had a flashback to the 90's and toolbars). Apparently they were masquerading as games and themes.


I think Chromebooks are about as safe as you can get these days. There is a limited amount of damage that can be done with extensions, especially now that they can only be installed via the chrome web store, and inline installations are blocked. AFAIK it's impossible to do stuff like steal credit cards or install a keylogger via an extension.


I guess you could solve that by making it a "managed" Chromebook. Not sure if that's possible to set up for a non-corporate/school environment though :)

Also: install ad-blocker of course!


Similar to how I’d protect young children: get them an iPad, pre-install essential apps, whitelist some web domains, and require your authorization for any new app installs or domain whitelisting. You’ll find that their web browsing actually is limited to a few domains, and they should never learn to bank, etc. outside the apps.


Thanks - good idea. Adding in a Pihole has been good for me - keeps the ads and pop ups to a minimum.


I scared them a lot initially (run away from exes, read all the things, never press next without reading), told them to Google everything before asking and a little bit of shouting to them. Also did a lot of explaining to them of what the green lock means, incognito, email attachments, etc. (essentially, that they are never safe online).

From my side I made sure all their browsers had ad-blockers. Also tried Ubuntu with them, but they preferred windows.

Few years later, my mom can now boot into Ubuntu if a family computer has a blue screen many times and run a hardware check and tells everyone, "google it!" when they ask her for questions. They also are way more confident now and don't fall for as many shit as before. I mean, they used to copy shortcuts to floppies, thinking they copied the whole program, and got scared of ads that the FBI was watching them, and that they had to pay.

Parents are 60 something, so I guess its never too late to teach them. In contrast however, my younger aunts are unteachable, like bricks, so it really depends on the character as well.


Just yesterday my mom called me asking me to check the logged in devices list on her email. She hasn’t been able to login and found out it had been hacked so she had to reset her password. I logged all the devices out and finally got her to stop using her last name as her password and we changed all of her passwords.

So, after years of my sister and me trying to get her to have proper passwords it took her getting hacked and seeing a bunch of failed spam emails to finally change her passwords. Maybe people reading this could “hack” their parents themselves so they could take security seriously. Yeah it’s lying but it’s safer than letting it happen organically.


I couldn't get my Dad off Windows, even though he kept getting malware and viruses and ask his helpdesk (me) to repair the damage (which meant hours of formatting and reinstalling windows and N apps and ...). Inertia and "but this is the way I do it" are hard to fight.

FWIW, if you're running Google Apps for your family email, you can require a certain level of password quality, and force-reset the offending passwords.


I locked down my dad's laptop. He thought it was broken so threw it out and bought a new one...sigh


what did you do to it???


Thankfully, my parents were technical back in the days of BASIC & CP/M.

So basically it comes down to making sure that the UI/UX they (and I tbh) like sticks over updates. As such, we've moved completely away from Firefox to Palemoon (with a "classical" theme), from Office & OpenOffice to LibreOffice, and to minimalist Windows theming to keep it looking like, well, Windows.

I use either uBlock or Adblock Latitude & Greasemonkey with the Aaklist setup, and Disconnect / Ghostery. They also have Avast! & MalwareBytes on their machines and I have a ClamAV client set up on a scheduled task.

As far as them getting phishing emails... they're not stupid. They've been seeing spam email since Prodigy and haven't fallen for more than one scam in that time (long story but it didn't hurt us monetarily). Oh, and if they're not sure, they ask me - or they search (using DuckDuckGo or Exalead, not Google) to figure out if it's real.


If you have uBlock Origin[1] you don't need Aaklist, Disconnect or Ghostery. Even with it's default settings, uBlock Origin will circumvent anti-adblock and will block more tracking then Disconnect and Ghostery combined.

In uBlock Origin's settings, I recommend enabling all filter lists under "Malware Domains" to block malware & scam websites.

[1]Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...

I believe uBlock Origin can be installed for Palemoon as well.


In the world of tech consulting, consultants follow a model called PPT: People , process , technology. Recognise that people are the weakest link. Like many commenters mentioned, please educate your parents not to fall for common scams. Ask them to call you in case they receive a call/e-mail from IRS! Process : Is there a low-fee/no-fee debit card you can setup for them with probably a 100$ or so for their casual shopping? Worst case they only lose that much. Technology: What is their use-case? If it is casual surfing/FaceTime/Skype, can you set them up with an iPad Pro/iPad with ad-blockers of course. if iPad is out of question, how about an Ubuntu Laptop with Firefox and Ad-blockers? The way I look at it, Ubuntu keeps a lot of virii at bay and certainly any "Microsoft" call-center scams! You need to only watch out for phishing scams.


Lots of good stuff in this thread. I'll add: introduce the tech into their lives yourself. Don't wait for them to call you and tell you they just bought a laptop at Bestbuy (just for example). Educate them, appeal to their already built in BS detectors. Pay attention and answer their technical support calls :) [also Apple store and Bestbuy are usually great customer service resources]

edit: if there are grandchildren around, get them involved in the project


Honestly consider having them offline. I have the same problem and my only solution is me being their proxy for internet. When they need something "online" like movie o buying something, they ask me.

Today most thing happen via a browser instead of programs and it's basically impossible to secure.

Consider using a tablet/smartphone instead of a computer. Apps are a little better than website in term of being "safe". By using something like privacy guard (feature of lineageos) and disabling the browser and email you can keep reasonably safe.

That's what i did. Bought them a tablet, install what they needed (netflix, amazon etc...) and a app for remote control, like teamviewer, disabled browser and playstore, and basicaly everything else. For anything else they call me.

It's not amazing but it work.

Desktop computer are, for me, a lost cause.


Chromebook would be the easiest route, then you have parental filters, which is ironic as they were born out of a need for parents to help protect their children. Today, that terminology needs revisiting - clearly.

I would equally suggest two email addresses - one for banking, one for everything else.

But do look at further education courses as many a local authority in some capacity offers training in some form (speaking about the UK here). Some banks also offer assistance in online safety courses.

But online safety today, is alas very much akin to the level of safe sex education in the 60's.

I would suggest showing them some youtube videos of people handling phone scammers - entertaining and educational.

But above all - tell them if they are in any doubt, to shout and call you. Remember your peace of mind is worth a few phone calls.


Multiple ideas.

The best one hands down was installing an ad blocker. Before that I had a few questions about "Is this thing saying I won an iPhone real? It seems to good to be true", now they don't even see it anymore.

The second is separate hardware for authentication. The bank login and wire transfer to an unknown account requires them to punch an 8 digit number on a card reader, and type back the result in the browser. This way, there can't be any full compromise.

Last one was education: snail mail scams were a thing in the past (I had no idea when they told me about it, which is quite humbling really). Draw the parallels: unless it's someone you know, they could be trying to take advantage of you.

So far it worked, no issues to report.


Get them a linux laptop, or a ChromeBook and enable 2FA on their Google accounts.


NEVER get them a linux laptop. ChromeBook is fine. Linux can be very advanced even for a regular starbucks user.


My dad is in his mid 60s and has been happily using Ubuntu for the better part of a year. He now no longer has to worry about most malware or windows updates interrupting his workflow. I think you are really overestimating the complexity of using Linux as a normal user.


This. Choose the right distro (ubuntu or derivatives, or elementaryOS) and it's as easy as windows for everyday tasks.

And for not-everyday tasks, you can just ssh in and fix it for them.


This Q has me projecting into the future and thinking how I'd like to be treated and what's likely to mess me up when I am 75... Probably something like getting a virus in my Oculus and not realizing I'm not interacting with reality or something. Lucid dream tests may come in handy at that point...

Anyways, FWIW I've told my mom to always ask to call back if the bank or other financial groups call. And then to either 1) call the number on her physical card or google it and call that number.


Lots of good advice in here, and on point I'd like to add is.. that's not only for older people. The question mentions parents and most answers reply to that - don't forget that HN people are good at tech not because we are younger, but because we are interested by it.

My wife, despite being a designer working in tech, would be as easily tricked as an older person new to the internet. So keep that in mind and think about safety for everyone, not only elder people.


There's lots of good advice here, but one thing I see mentioned often is "get them on to operating system X." Age plays a factor in this - much as I love macOS I wish I hadn't switched my mother (88 now, around 80 when she switched) from Windows. She'd learned personal computing with Windows, and there are still things that trip her up with macOS, including basic things like differences between Windows Explorer and Finder. There are trade-offs - I've been on macOS for a long time so fixing issues is easy, remote desktop is seamless, and the risk of viruses is lower - but overall I think the costs have outweighed the benefits. Setting her up with a password manager would be even more discombobulating, but thankfully she doesn't use online (or even telephone) banking, or social media, otherwise I'd insist. She also knows that she can phone me or forward emails if she's not sure about something, and so far has been canny about spotting things like "your PayPal account needs re-authorisation" scams.


I actually came to Hacker news to ask the same the question.

My Dad travelling to a different country for a month and the mobile network there was VOLTE, while at home its 3G. The phone (iphone 7) was having some issue and I was unable to help him. He took the phone to mobile shop and that guy installed a 3rd party app & made him put a passcode.

Actually the last time we travelled together & we both used that mobile network and there was no issue. So, there was no reason to put a passcode.

The issue is that when my dad has an issue, he tries to describe it to me and does not read to me exactly what he sees on the screen. It would be great if there was a remote desktop like I could see his device via my device and help him also. Also, have an admin account on the phone so that admin privileges are needed to install apps or even open the settings app.

In the past even my younger cousins or kids install apps (games or some hype app that they feel everyone must have) on his phone.


My father just turned 90, and my mother is 85. They both have Macs, as well as iPhones. No landline phones at all. They've had a Mac since around 1990 when I gave them my old Mac 128 that I'd upgraded to 512.

They LOVE the Internet. This morning I helped my dad install an antenna for a HAM radio, and he needed to terminate some coax cables, so found a YouTube video on how to do it. We watched it together and then did the cable.

My mom's an avid old time fiddling (violin but not classical) musician, and likes to find videos, recordings, and music online. Also a lot of things about knitting, plus finding podcasts to listen to.

That said, I worry about them. My father specifically. He's starting to have cognitive problems, and his long standing (and good in the past) habit of installing and trying things is starting to hurt his experience and his computer.

First, I keep finding extensions in Safari that are injecting ads into his web browsing - not sure where they come from.

Then the other day we found out Chrome and Firefox was completely uninstalled, and Chromium was installed. My guess is he downloaded some "bundle" that had it.

Then when his computer started getting slow, he found some "speed up your computer" thing for just $70 - that ended up being Linux on a thumb drive, and the idea was you boot from it, and your computer is now "faster". I tossed it before he ever tried it.

So right now, I'm thinking of installing a limited (can't install things) account for him on his Mac. Or turn on child protection settings.

So basically, his curiosity that's had him using a Mac since 1990 is his very downfall with the computer now that he's having cognitive decline. Ironic in a way.

Honestly it would be nice if someone like MS or Apple would make an "Elderly Parent" mode to go along with Child Mode. Similar idea, but different needs.


Apple's "elderly mode" is the iPad.

(I know it's not the same as a Mac, even if you try hard, which nobody should. However, the very things that make iOS more secure for some users are what sets it apart from macOS, making it less flexible but more resilient.)


Not a bad suggestion. Combine with a Bluetooth keyboard and he can write his long nightly emails.

The idea of "iPad mode" for a Mac is not bad. Basically it's very locked down, but has the full advantage of mouse and keyboard along with large screen.


going down the ios route is safest option.Pretty much in same boat as you taught my dad on online bill payments and banking in iPad . Set up a password manager and store all their personal information in there , make it available via touch id. Chromebook and linux are still tech stuff which can not be handled by elderly.


iOS/macOS with 1blockerX/1blocker and keychain has worked wonders for my parents.


I’d say use AdGuard instead of 1Blocker - the latter pretty much never updates its blacklists.


Ublock Origin by gorhill is better, although the trouble with any ad-blocking plugin being used by non-technical people is that they will occasionally break a site and have no clue how to turn it off.


This is for iOS though, where JavaScript-based plugins like uBlock don’t work (and in fact JS-based plugins are deprecated on desktop Safari as well).


I email my mom several times a month with info about the different scams going around. I hear about them all week because I help manage email servers, so we are always changing passwords for people that tell us they were scammed by X, Y, or Z.

The worst right now are the ones offering some kind of rebate or refund, and then a really tricky one where they overpay and have you send money to another "vendor" in the amount of the over-payment.

Elderly people where my wife works are constantly scammed by people telling them they are due for their free cancer screening, or their "grandchild" is asking them for bail money.


Avoid Linux, Windows, etc.

For non tech users, iOS is pretty safe.

Ipad + iPhone and you're good to go. Leave the notebooks and PCs in the 80s where they belong.


I disagree. I've Ubuntu LTS setup on my mother-in-law's PC since more than 6 years and it's been no problem. Very low maintenance, too.

All she needs is email and web browsing. I'm pretty sure as far as security threats are concerned she is vastly better of with Linux. The usual exploits targeted at end users simply won't work.

What makes you say "Avoid Linux"?


Choice of operating system won't affect whether or not people type away their details into random websites. Putting Windows and Linux in the same box and pushing iOS over them is also puzzling. Why would someone's non-technically literate parents happen to be running a Linux distribution on their personal computers and why would that make them more susceptible to giving their details away than running OSX?


OS X - it wouldn’t make a difference. But, apps are tightly sandboxed with iOS and it doesn’t even allow some of the permissions that Android does - like intercepting phone calls and text messages.


Is this the same iOS that recently allowed anybody to remotely activate the microphone and camera using Facetime?


Yep, it's still definitely considered one of the most secure consumer platforms both in fundamentals and in the practice of the number of bugs it's had.

No security is perfect, a small handful of bugs over the last so-many years is about as good as any platform can hope for.

If you're a CIA agent or run a bitcoin exchange it might not be good enough for you, but for most people it's a pretty good set of options.


ChromeOS is more secure and far less expensive than MacOS, although as long as you keep your parents off of Windows you won't have to worry about ransomware.


OP is discussing iOS. MacOS is free. Google hardware is definitely less expensive than Apple’s though.


MacOS is free? Where can I download it? I need to setup a MacOS VM for development.


Are you doing this from a non-Mac environment? The App Store site has it. It seems I’m missing something...


Yes, I am in Debian GNU/Linux but if MacOS is free then I'd like to setup a VM to run Xcode in.


macOS is free? Link? Are you a troll or an idiot?


uBlock Origin has been useful when it comes to protecting my family computer. There are so many hostile ads and websites out there. I highly recommend it (or Pi-hole or some other good filtering tool).


Enable all filter lists under "Malware Domains" to protect them from Malware/Scam sites.

uBlock Origin Chrome: https://chrome.google.com/webstore/detail/ublock-origin/cjpa... Firefox: https://addons.mozilla.org/en-US/firefox/addon/ublock-origin...


Personally, I have a lot of trouble with websites breaking because some script was rejected. I think its a big ask to say "if you think this website isn't working correctly, make sure the "*.cloudfront.com" is allowed to load JS resources.


If you can manage it, get them set up with a security key for their Gmail and Facebook accounts. You can do this unilaterally for them if it would be overwhelming.

They won't need to use the keys if they stay on the same device all the time, but it will have a big impact on anyone trying to steal their passwords. Instructions here: https://techsolidarity.org/resources/security_key_gmail.htm.


Everyone should educate their parents (and themselves) on the dangers of Multi-Level Marketing. One of my parents very nearly got sucked into a MLM scheme, and the most painful thing is if you say it's a bad idea, they assume you mean that the MLM system is fine and that they are just not smart/dedicated enough to be successful.

There was a good Penn & Teller: Bullshit! episode on this, called 'Easy Money'.


OpenDNS.

My parents machines, even the ones they buy without telling me, still connect to the internet through their router. OpenDNS blocks requests for blacklisted sites. It doesn't help their cellphones, but they are also under instructions not to do any banking on their phones.

Adblock+Noscript

It helps. They sometimes have to call me when websites don't work but it blocks the annoying popups that can sometimes confuse older people into scams.


Noscript is an interesting choice for "non-technical" parents, my understanding was that Noscript was for -advanced- users.


Set up a new iPad: + auto updating apps and OS + they don’t have the password to install anything new + install the apps they need for them + auto backups to iCloud

Then drill it into them that they should “never click any link in an email for any reason whatsoever. If the bank, for example, sends you a message with a link then ignore the link, leave the email app and log in to the bank the normal way to check the account.”


My recipe is AdBlocks + automated updates enabled + firewall enabled + desktop shortcut for web browser + regular antimalware check.

Regarding phishing, I set them up with a GMail account and their filter is quite good against this.

So far, not anything bad happened, some minor malware were installed through malicious web browser extensions, but no financial damage or identity theft.


One thing I would like to add: let them set long passwords [0], different ones for each service and write them down in a dedicated notebook.

[0]: https://xkcd.com/936/


wouldn't a password manager be better then having them write down/re enter long/complicated passwords?


From my experience, the password manager is just another issue to solve for this kind of people: it’s another software to use and these users do not like to use software.

As a result, paper is sort of natural for them, and the only way I found to impeach them from writing down their passwords is to make them use passphrases instead of passwords.

They do remember the passphrases they typed in, however the issue is that some websites still refuse passphrases because they are too long :(.


depends on the password style I guess.


It breaks my heart seeing so many people talk about intelligence. It's not intelligence that matters, it's sense (and experience). Highly intelligent people often fall for scams that 10 high school dropouts wouldn't. My mother is a reasonably computer literate R.N. yet I had to reformat her machine after she fell for a scam. I'd be much less worried about my dad if he used a computer (which he doesn't).

Also, on the Windows vs. Linux debate, a significant number of programs break if you're not running Windows as admin. I just installed Bitdefender and you can't do things like shut down protection to see if it broke something that was working fine if your account isn't admin. Nobody calls this out one Windows. Any programmed who did this on Linux would be hailed as the heir to the throne of idiots.


Check out what we're building at Badrap (https://badrap.io/). Our service is free, and you can use it to monitor your and your parents' IP and email addresses for known vulnerabilities and data breaches. Let me know if you have any questions. :)


Manage their PC, apply good security measures to it (use pihole, browser selection, disabling extensions, use extensions that prevent phishing). Teach them elementary online security and how to use a password manager.

On a more OOtB note, have all their web traffic route via a web proxy that will prevent phishing, MITMs, scan against viruses etc.


Do you have a recommendation for such a proxy? Is this something that could be accomplished at the router level without the need for additional configuration or hardware (on their part). Ideally, I’d love to flash OpenWRT or similar onto their router, enable some simple block lists and settings, and have reasonable assurance they’re protected (at least on their home network).

As I’m writing thing, I wonder if there is a “senior mode” distro/plugin for OpenWRT.


The best out of the box solution I’ve found is eero with eero plus subscription. It blocks ads at the router level as well as malware sites, phishing sites, certain downloads, etc..

It’s not perfect, but better than anything else I’ve ever used. Also comes with subscriptions to 1Password, Malwarebytes and Encrypt.me.


A friend of mine who isn't young but not as old as my parents is a professor and couldn't tell between a system alert and a fake one on a web page and attempted to click it just before I stopped her. My parents recently received a phone call concerning a problem about their google account and how to "correct it" in which they were very obliged to "fix" the issue and it took some undoing to get them out of that mess.

The point being...

There are training videos and certification tests for this sort of thing that are required in government related PII jobs as social engineering is too easy to fool people but its naive to think these tools will be used unless it was tied to getting a retirement check etc. I guess just hand hold them on those issue until they get it or give up?


It is an understandable wish, sadly it is not something you can control without them living with you and having all of their outside world access go through you.

This sad state of affairs because swindlers can get at them in many different ways. I have a sign near the phone that says "If they are asking you to buy gift cards hang up, what they have told you is a lie."

Of course online access is essential today, so it isn't easy to tell them they don't get to use the computer. Or Facebook. Or NextDoor. Or any other social media site. Or Chat service. Or other Forum.

There isn't any just "read only news" (no commenting) from sites with journalists, maps, phone numbers. Kind of appliance that you can get them.


I'd also like to add a simple thing a lot of us technical-minded folks don't think about that much, and that's making sure the parent's daily driver user account isn't an administrator. That shrinks the attack surface significantly.


There's a concept called "security awareness" that the InfoSec experts talk about a lot. It's basic course in staying safe online and, well, in the case of companies, keeping the company safe as well. You might want to consider running through some of that curriculum. I don't get the feeling it's long and arduous to get through but it has been shown to help. It's far from full proof because people can still make mistakes but it helps.

Also, of course, there are the usual things you can do to make their computing/networking environment more secure, which I'm sure other commenters have mentioned.


Note: You will quickly find examples of what's taught with a web search. You could do a stripped down version very quickly.


Phishing is a big problem for non-technical users. Google's Phishing Quiz (https://phishingquiz.withgoogle.com) is a surprisingly good resource.


Is there a good simple way that someone nontechnical could become confident that withgoogle.com is a trustworthy domain?


I am technical and I am not sure how to become confident that withgoogle.com is a trustworthy domain. I guess I would look for official links from Google.com to it. But why bother?


It's not necessary to confirm that withgoogle is a real Google domain because the page isn't asking for any information.

Of course it could have drive-by malware on it... but so could any link


I think an important part of being secure online is knowing when to be careful. This site doesn't ask for any real information, so it doesn't really matter that much if withgoogle.com is a trustworthy domain or not.

I think it would have been better if this quiz made up a name and e-mail for the user instead of asking for one though.


Very good point. I actually got the link a while back from someone from Google. But what you're saying makes 100% sense! You wouldn't know unless there is a concrete method to verify ownership of the domain.


There's probably a large amount of seniors who "think" they know better - they once understood computers (perhaps worked in technology) but no longer. My father (75) falls into this demographic. He got conned TWICE (luckily the bank stepped in and refunded - not huge amounts thankfully), although the second time was malware (fake AV).

Perhaps it's a pride thing, but despite my warnings/offers to help avoid such situations, he didn't pick up the phone and double-check with me.

Needless to say he's under strict instructions from my mother to run things by me first now ha ha


Three Dead Trolls and a Baggie did a video on this topic a while back: https://www.youtube.com/watch?v=-9R-2X9Bl5w


1. Firefox

2. U-block origin

3. Let them know they shouldn't ever download files from an email (even from relatives, because realistically non-technical people aren't sending each other files over email and it's likely one of them has malware that is trying to spread)

4. Disable their mic / webcam (they are not going to use it anyways)

The 4th point isn't so much to prevent malware, but it's to protect their privacy in case they somehow get compromised.

Since I've done all of the above, I haven't had to format a parent's machine due to a virus or malware. They run Windows too.


I've been thinking about this problem for a while as well.

The somewhat oversimplified approach is to use iOS/Android devices with you in charge of installing any new apps and also inbuilt adblockers. However this still doesn't prevent email phishing.

The more restrictive option would be to use a router level / AdBlocker whitelist for websites they can access.

Ex: Facebook, Google, YouTube, Utilities, Banks etc. This way any phishing domain will get blocked. Obviously highly restrictive but probably the safest bet. You can always add new sites as they need them.


Buy them a Chromebook/install ChromiumOS on their machine. Since it's a Linux distribution, it will make them safe from most infected e-mail attachments.


I don't know if this is any good, but I've seen TV ads for a tablet and service specifically meant for non-technical older people. It uses cellular service so there is no need for them to even have WiFi. It's called "GrandPad". Here is their FAQ [1].

[1] https://www.grandpad.net/frequently-asked-questions


Make them a list of hard "no" items.

Tell them no porn, no clicking on pop up ads, no cheezy viral articles with click bait titles, etc.

If you can visit them in person, check their computer for malware.

Find out what they want to use the internet for and help them create a white list. If they have enough safe ways to satisfy their needs, there is less temptation to randomly venture forth into things they don't really understand.


If you are able to talk about porn and ban it with your parents (presumably providing some alterate means, because you know they have needs), then well congratulations that sounds like a very open and sharing relationship.

For the rest of us though...


I would just make a written checklist of hard "no" items and list porn on it. If they call with a problem, ask "Were you clicking on a hard no item?" and don't get into whether or not it was porn.

If they call frequently because their computer is a giant mess of malware, eventually tell them they need to educate themselves because your efforts to keep them safe are proving insufficient.

If you honest to God can find no means to tell your parents that porn is a really big problem with regards to technical safety online, then I suggest you wash your hands of this issue and tell them you are wholly unqualified to help them and maybe point them to some resources to help them sort it out themselves. Hopefully, buried somewhere in those resources is the fact that porn is a problem.

Otherwise you are doing more harm than good by giving them the illusion of assistance when the real message is "Sorry, I can't actually protect you because it might involve admitting my parents, who probably did the wild thing to get me, might still have a sexuality." If that's the answer, don't pretend to help. Just refer them elsewhere to someone willing to have that conversation.

I will add that you need to know porn is an issue even if you don't consume it. Advising them that porn is a problem doesn't actually presume they consume it. I had to do a hard shut down of a laptop because I was moderating a forum and someone posted a porn link. I wanted to do my due diligence and not just assume. It opened a zillion popups and locked my computer up.


My parents are pretty old and technically illiterate. My absolute nightmare is for them to wake up one day to an empty bank account. Right now, they double check every financial email with me. We actually managed to thwart 3 phishing emails this way!!! They are preying on seniors pretty hard. They usually get the email addresses from online quizzes and other thin apps.


My recomendation is create a block server for ads in this case pi hole is a good option for all your devices (PC, Laptop, Smartphones, etc). For navegation i recommend create user with control on windows, the reason is they can't install apps or changes things in the system that compromise your information or install addons infected in the browsers


Computers are like cars, if you don't know how to use them safely, you shouldn't be using them unsupervised.


The best way to do this would be to set up a program similar to a built-in game that regularly tests them by presenting them with realistic situations and gauging their response. Pen testing with built-in realtime negative feedback of some kind when they make a mistake would keep them learning.


The only thing, I did for my mom was to install adblock plus in chrome/firefox and taught her a thing or two about 2FA. I set that up for her bank accounts. Most of her work gets done by Google products. Not that great for privacy, but keeps her relatively safe.



Once security keys are enrolled they are very easy to use and your parents can frankly probably just keep them plugged into their computer. Between that and antivirus with MacOS (or just using a Pixebook) that should cut down on a lot of attack vectors.


Have them use a u2fa token (that you help them setup) for their important accounts. Those are nearly, if not completely, impossible to phis and they are relatively inexpensive and really simple to use.


One basic thing is to get them to write down unique passwords and keep them in a safe place. Even if they're not using 2FA, making sure losing one ≠ losing all accounts is a big step.


Have them move all their account credentials to LastPass, and make sure every password is unique. Set up two factor auth on all bank, email, social, commerce accounts that allow it.


Walk through privacytools.io with them for at least their browser and their browser extensions, and possibly the email portion. That 30 min lesson may do them years worth of good.


My father checked his email in his employees computer, but forgot to log out.

He caught it when he saw searches of porn in his history

Both him and his employees did not even open private browsing!


Install Privacy Badger and HTTPS Everywhere in their browser.


Fakeblock works really well for this kind of stuff. It's a super nifty service that a whiz kid from the Bay came up with. They are going to get invested by the search campus up north soon. It uses state of the art privacy technology and will also be used as part of the new wall proposal that's going through congress. It should be able to protect against almost any kind of cyber attacks.


One of the difficulties of keeping seniors safe on the Web is that that even "the good guys" are doing dumb and harmful things (e.g., government office gratuitously running dotcom cross-site trackers on gov't sites, or outsourcing parts of site to companies that sell out private data), and "the good guys" companies are often outright some of the most insidious exploiters.

Two of the barriers are:

1. Most people of all ages don't actually understand the technology, and instead mimic their peers (and do things like people they know tell them to do, like install a particular thing to see photos). Both young and old people make much the same mistakes here.

2. Older people might come from times&places with different ideas of respectability and sense of duty. They probably can't even imagine the accepted sociopathy within the tech industry. Daughter/son went to work for that nice company that does the right thing, and surely they're keeping an eye on things (not systematically reading people's private messages, monitoring every page everyone reads and thing they do, and encouraging bad security practices that set up openings for other kinds of exploiters).


Shameless plug: I cohost a podcast about personal digital security, with a target audience of people who aren't (necessarily) in tech but are interested in understanding things and not just getting a pre-canned set of recommendations like "Use a Chromebook" (or "Use Signal use Tor"). https://looseleafsecurity.com

Some specific advice I'd give with relevant episodes:

- Use a password manager https://looseleafsecurity.com/episodes/securing-your-online-... so you can use strong, unique passwords, and and set up two-factor auth wherever possible (preferably with a security key) https://looseleafsecurity.com/episodes/two-factor-authentica... so that you're protected from the many possible attacks on passwords.

- Get an unwanted content blocker (aka ad blocker) like uBlock Origin to protect you against malicious ads, popups, etc., and/or a cross-site content blocker like Privacy Badger to protect you from being tracked across websites and also protect you against malicious embedded content. https://looseleafsecurity.com/episodes/web-security-continue...

- Set up backups, because it's the only reliable defense against ransomware, and it's the best defense against your computer getting malware - it's easier to wipe and start over than to try to pick out the malware (especially if their child isn't around!). https://looseleafsecurity.com/episodes/backups.html

- Learn about how to protect yourself from malware. It's not clear today that antivirus or similar software has enough benefit, and they often introduce their own security issues (or just slow down the computer enough that you'll want to turn it off). But your OS has various built-in knobs about running unknown software, and you're probably better served by turning those up to the safest settings and knowing what its security prompts mean. https://looseleafsecurity.com/episodes/malware-antivirus-and... (In particular, if you're not in tech, it's not obvious that every program you download has access to all your cookies and private files ... unless you get it from your OS's app store ... unless ... we talk about this complexity in this and previous episodes.)

We post both the entire transcript and additional notes / links to further reading, so if listening to people talk isn't your preferred way of consuming content (and honestly it's not mine either!) our website should still be pretty useful.



i was discussing this with my parents and uncle

im trying to get them to use a password manager and at least using chrome with ublock origin, teaching them how to interact with elements etc.

its really tough out here


Step 0: send them a fake email from their most trusted source (ask): president/their bank/Medicare... Rebound from that into the "no trust" talk, don't just start talking right away.


Give them Linux and ublock


Get them an iPad.


Get them an iPad.

Seriously.


You can't make them safe, any more than you can give them a car and make them safe on, say, a freeway. I think a better attitude is to teach them that the internet is a dangerous place, and they should 'drive' defensively.

Get them the simplest device possible. A cheap iPad is great. Preconfigure it to be even simpler (maybe using parental controls), and tell them not to mess with anything. Keep notes for yourself, and be prepared to restore from factory defaults every once in a while when things go weird.

Install as many layers of ad-blocking as possible, whether DNS blacklists, browser filters, etc. Some sites/apps won't function correctly, but rather than try to open holes, just say, 'Sorry, that doesn't work.' Trust me, your folks will just move on to something that does (maybe with your suggestions), and is likely safer.

Buy them a few subscriptions to reputable news sources (a good discussion itself) so they don't have an excuse that they can't pay for decent journalism and so have to pick it up from a Facebook/Youtube algorithm.

If you're up for it, be explicit and direct about them asking you for advice. For example, teach them how to forward an email to you -- or a screenshot or image from another camera -- so you can give them an idea of whether its safe or not.

If they're willing, teach them to use a password manager that creates/saves random passwords. If you can't, at least make sure their important accounts (email, bank, etc.) are adequately secured. I've (mostly) convinced my mom to write down all her passwords on pieces of paper, which are stored in an envelope in a known place in her apartment. It's not perfect, but way better than discovering every password is 'hello123'.

Try to teach them a little about the technology. I don't mean system architecture or code, but the basics of how online economics work (e.g., advertising vs personal data) and what algorithms are (use the analogy of meal recipes). If you discover accessible journalism that is critical of problematic technology (like privacy issues with Facebook), share it with them. I've done this a lot with older/non-tech folks and I've ever met someone who couldn't understand at least the basics.

Don't be afraid to tell them that you feel some technology is bad for them. You'll discover it's actually a relief for them to hear, as mostly what they're going to hear is that all technology is great, and much less about being critical about tech.

Finally, don't push them into any more tech than they truly need. Most non-tech people aren't that interested in exploring tech; they probably aren't going to be the folks downloading apps or plugins and trying random websites just for fun. If they're comfortable walking into their bank and dealing with their accounts in person, let them continue to do that. Even if it costs a little, they're actually better off than you (or someone else) convincing them online banking is 'better.' Don't digitize their lives without a really good reason.

(I'm saying all of the above with the experience of being online for 40+ years, and helping other folks over that whole time. Sadly, it's gotten more difficult.)


dont let them touch social media


Life at that age is so empty without social media.


tell them to stay offline ... but they won't listen




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: