The other day I went over to my cousin’s, who has a wife and two kids. My cousin, is what you would call an average parent overwhelmed by our infinite momentum into the digital age. Like many parents and adults his age, his young children are starting to understand electronics, computers, and technology a lot faster and better than he does. For the majority of you running a family, this is pretty much inevitable. Although this is more so a good thing, it can potentially have unwanted affects and facilitate dubious, (or at the very least, unconventional) technological behavior by our children, without us even knowing. A major debacle that I’m sure you are familiar with, is properly organizing your digital life and identies (how many email addresses do you have by now, how many facebook profiles do you have, is your email for your linkedin account different than your email for facebook and instagram, do you also have a work email, do you and your spouse share an email address and thus, share contacts, possibly having duplicate contacts in each others address books? etc. etc.?) into a cohesive structure.

If you are a younger adult like me, you probably even still have a .edu email address that you may or may not still use from college. Unfortunately, that email is going to eventually expire, and all of your information registered to that email address is going to have to be painstaikengly retrieved, and reset, to use your current email address. To make things even worse, do you already have a child logging in to his xbox or playstation using your email address so he can download games, chat with friends online, create and embrace his gaming identity, etc. etc.? If you do, (just as my cousin did), then you are already merging your online identity, with your childs, which is going to get very messy once your children leave the house and want to bring their digital identies, friends lists, logins, etc. etc. with them to college.

Beyond this digital cluster-u-know-what, parents may also want to just protect their children from dangerous or unwanted things that can easily (intentionally or unintentionally) be accessed on the internet i.e. pornography, chat rooms, illegal downloads (most likely filled with virus’s that steal from you), anarchist or illicit websites promoting things you want kept away from your family, etc. etc. On a more subtle scale, you might think something is completely harmless, until you realize it’s not. A good example is believing that anything on youtube is okay for your children to browse, until you realize that there is almost a deep-web-esque dark side to youtube where you can find content like fake Snuff videos and other taboo material. Another concern might be that your child is gaming with his headset on his xbox, but making friends with a foul mouthed older teenager who is filled with bad ideas and is a bad influence. Or even worse (although less likely), a pedophile looking to befriend his next victim. The disconnect between technology, and our ability to understand it on an end user level, is growing rapidly. Thus making it overly complex, to keep track of who we are online, and who we are offline. It is my prediction, that in the next 10 years, privacy and security companies that go above and beyond the Norton or Symantec standards, by specializing in Enterprise security for the family home and digital assets, are going to almost become a standard package when signing up with an internet service provider. In our current state, enterprise security for the home is a much needed standard. The average family dad isn’t capable of, nor has the time to, understand very basic privacy/security and firewall settings on his Windows PC, let alone understand how to set up iptables on a router flashed with open source firmware such as DD-wrt or Tomato. All in all, things are just becomming too complicated if you aren’t a techie who works in the industry and stares at computers all day.

If you look back to the 80’s and 90’s, hackers could single handedly hack into companies, corporations, databases, or any entity that used technology. Technology used to be simple enough that a single person or small group of friends could easily best organizations by hacking. Now-a-days, as technology has become more complex, it is rare for one single person to be technicalogically elite enough to single handedly hack a large entity. Instead, just as companies and nation states do, black hat hackers work in large groups. It isn’t feasable anymore for one guy to hack a multibillion dollar corporation. It requires teams. And now we are approaching an era where it just isn’t going to be feasible to be your own household IT administrator anymore. If you go to Walmart, and look at the back of a router box, or a laptop, can you even tell me what the advertised specs of that product mean? Do you know what the advertised Beamforming, 802.11ac, and DoS attack prevention features on your router even mean? I suspect not. The point is, as technology gets more complex, the less our individual selves can understand how it works, and how it may have or be having an effect (positive or negative) on our lives. We are in an era in which we are becomming integrated with machines and data, as much as machines and data are becomming integrated with us. In this era, it’s important to recognize that there are tradeoffs for everything. Implementing technology into our modern home and family, doesn’t come without those tradeoffs.

Before I get carried away on a topic reserved for my next article (in which I will be discussing how we inadvertantly sell our privacy and our childrens privacy to big corporations, governments, and big data driven organizations) lets get to the point and learn about how we can secure our children’s digital identity/portfolio and protect their privacy, until they are of legal adult age (should your children be allowed to accept online cookies?) and ready to take responsibility for thier digital life.

We are going to loosely base your child’s email addresses and accounts off of the information classification system used by the U.S. government. In this system there are different levels of security. The Classified levels of information are catagorized in order of importance and severity of damage if leaked, by Top Secret, Secret, Confidential, and Public trust. The last category and least secure (in general for our intents and purposes), is just considered unclassified. The classified realm, should have zero connection whatsoever with the unclassified realm, and both realm should never touch. They should be completely isolated from each other in order to keep important information in the right hands, while allowing common information to flow freely. With this general heirarchy in mind, we are going to create a system of accounts to protect your childs personal and Classified life, while still allowing them to be digitally exposed publicly with their unclassified life. We are also going to incorporate your childs future Professional life in this system as well.

Step 1) Log out of everything and Change your DNS

The first thing you are going to want to do is log out of any cloud apps, or Microsoft/Apple cloud based login’s that your computer may be tied to. Log out of EVERYTHING. Literally. Your web browsers, your email, your icloud, your windows store, your itunes store, etc. etc. etc., log out of it all!

Next, you are going to want to change your router’s DNS servers, to a DNS server that doesn’t log your activity unlike your currently monitored ISP’s DNS servers. To do this I recommend changing your router’s DNS settings to DNS.watch DNS. The ip addresses for dns.watch are as follows:

dnswatch ipv4-1: 84.200.69.80
dnswatch ipv4-2: 84.200.70.40
dnswatch ipv6-1: 2001:1608:10:25::1c04:b12f
dnswatch ipv6-2: 2001:1608:10:25::9249:d69b

You can find detailed instructions on how to do this at https://www.lifewire.com/how-to-change-dns-servers-on-most-popular-routers-2617995. Otherwise, I suggest doing a quick google search for your router model and find a guide or tutorial that shows you how to log into it and change it’s DNS settings. Either way, before proceeding, change your DNS settings to dnswatch so your internet service provider isn’t logging everything you do.

Step 2) Create a new user identity and clean account

Next, create a new user account on your computer, and be sure not to log in with anything while using that account. Log out of any cloud apps, or Microsoft/Apple cloud based login’s that your computer may be tied to. Log out of EVERYTHING. Literally. Then create that brand new user account on your mac or pc, and be sure not to sign into anything while logged into that freshly created account.

Step 3) Secure and privatize your internet activity with a VPN

Your next objective is to get a paid VPN from a provider that doesn’t log your activity. This is a means to secure your connection from your computer, to a private (paid for) server, that doesn’t log your internet activity. If properly used, in conjunction with other techniques, a vpn from a trusted company is one of the several measures you can take to keep your internet service provider, google, and the NSA (although i think the NSA being proactive could be a good thing) out of your family photos and reuinion plans. I recommend using Mulvad VPN and paying with bitcoin (Say, if you have any stockpiled up from bitcoin mining), as they have a very hardcore privacy policy in support of their customers, but for these circumstances, it isn’t totally necessary to keep your payment anonymous. In fact, although less “anonymous” (not that anyone can ever truly be anonymous online in this era), it may be even more secure to attach your payment directly to your vpn as opposed to using cryptocurrency. Either way, it’s more important that your connection is private and encrypted (there is a difference between online privacy and online anonyniminity), which Mulvad will do. Once you sign up with a trustworthy VPN provider that has a good track record of not logging user activity, you can go a head and follow your new vpn providers instructions as how to install their app and start recieving your new VPN service. Once your VPN is installed on your freshly created mac/pc user account, go ahead and use your vpn to connect to a location of your choosing. Before moving on, check your vpn settings and ensure that you have a Killswitch activated. This will prevent you from connecting to the internet if the VPN gets disconnected. Now, you are ready to set up your childs accounts that will be with them for the rest of their lives.

Step 4) Create your childs Top Secret Control & Recovery email account

The first account you will create is going to be your Top Secret email, that serves one purpose, and one purpose alone. This email is going to be your strongest, most secretive, most encrypted, and most hidden account you have, and will exhist for the sole purpose of being the ultimate safety net to recovering your most important accounts incase one of, or all of them get hacked. For all intents and purposes, this Top Secret email account doesn’t exhist, except on a single piece of paper, inside of a high security safety deposit box in your local bank. You wan’t security? Then yes, we are taking it this far. I recommend using one of two email providers for this account, either Tutanota (Open Source is the best), or Proton mail (the former being my strongest recommendation, as it seems Proton mail is quite the target for darknet hackers, as well as nation state attacks). Keep in mind, the tradeoff with using Tutanota, is that if you are using a free account, you MUST log in to your account every six month, so they don’t cancel it. Proton mail on the other hand, reserves the right to delete an inactive account after 3 months, however they declare that it is not current practice for them to do so. These are tradeoffs you need to consider, as you DO NOT WANT TO LOSE ACCESS to this email account due to inactivity. Another option you may consider is to buy an upgraded premium tutanota account, in which they will then NEVER delete your account or revoke access.

Go to one of the email providers websites and create a name for your email address. This name SHOULD NOT be anything related to you, your family, or anything you know whatsoever. It should be a complete and utterly anonymous alias, preferably one that doesnt’ even contain a single word. Remember, you are not going to actually be using this account for any sort of communication. This email is strictly your childs Top Secret lifeline to recover and secure their Secret and Confidentialaccounts in case they ever get hacked.

Continueing… for the user name under desired email address, I would enter something totally random, that can’t in any way help a hacker personally identify you or associate that email with you. A name such as HTM-C19BD-LXXQ, would suffice, thus, making your email address HTM-C19BD-LXXQ@tutanota.com

In the password section below, you are going to want to create a future proof (while striving for a quantum proof) password that is once again, completely and totally random, using upper case, lower case, and special characters. Your password length should be a minimum of 64 characters long. This will provide you with an insane amount of longevity and protection against password crackers. Furthermore, you should use https://passwordsgenerator.net/, to help provide you with good examples of random passwords. Optionally (and highly recommended), you can download Keepass 2.40 for windows or download my wine port of Keepass 2.40 called Keepass4mac, and use the built in password generator on either of those versions, to locally generate a secure password from that app. Go to that site choose your password length as 80. Then make sure a checkmark is next to the following options: Include Symbols, Include Numbers, Include LowercaseInclude Uppercase Exclude Similar and Generate on your device. Once you’ve selected those options, hit the Generate Password button and study the password it gives you. This website is only to be used as an example of a good password. For security reasons, I DO NOT reccommend using the actual password it gives you. Instead I recommend you grab a sheet of paper (don’t document your password on your computer no matter what), and start jotting down at least 64 random numbers, letters (uppercase/lowercase), special characters, etc. etc. Be sure to note any characters that could easily be confused with other characters. For example, make sure you put a line through your zeros, so you don’t confuse them with a capital O. Furthermore, you should underline all of your uppercase letters, and put a line above all of your lower case letters. This will make sure that you will be able to distinguish your password correctly if you ever need to use it. If you followed my instructions properly, you should have credentials that resemble this format:

Desired email address: HTM-C19BD-LXXQ@tutanota.com
Password:7'4uFa>^KWg(%BV,Gv9t4=4c<MB5n\KUavFwKMw6:65h0&D0qa!,v?]v[Nu&420sC8#pnM:vT;.K>%PQ1v6$t4=4c<MB5n\K#GFeBses22@@!82472048_F_-_Fkw;CMkA:@_D_D_1i2231:KoDPS(!!!*@5dhD*023:FDSJ"\qwe"D

and your tutanota email signup page should look something like this:

Tutanota Signup Example For Nerd-Tech.net tutorial 2

Finally, when you have your hand written password jotted down on the most important piece of paper of your childs digital life, you can go ahead and enter it into the password box on the tutanota website, then enter it into the repeat password box also. Fill out everything else, click the confirmation, and create your account. Welcome to your new highly secure Tutanota inbox.

Remember, if you didn’t purchase a premium tutanota plan, or aren’t using proton mail, you need to log into this account once every six months to keep it active. Schedule that in your calanders on a repeat basis!

For now, until you have finished the rest of this guide, keep the hand written password for this account in front of you, but be prepared to put it in your private safety deposit box afterwords, because that is what you are going to do.

Step 5) Create your childs tier 2 Classified email account

Next, you are going to create your childs regularly used Classified Confidential email address. This email address is to be used strictly for things related to your childs financial accounts/assets, or to exchange with institutions that deal with personal identity. An example would be registering this email address as contact information to the social security office when recieveing a SS Card, or birth certificate for your child. Another example would be to use this as contact information if you were to buy your child a life insurance policy or some other kind of financial assett.

For email address number two, you once again, are going to excercise security through obscurity, by titling this email address with a nickname for your child. Since this email address is a tier 2 address in terms of security, it doesn’t have to be totally anonymous or untraceable, but please, don’t make it your childs full first and last name. Save that for his public and professional identities, which will be used to exchange the least critical information about your child (we’ll get there). Also, you are going to be using gmail for this account, and also going online to https://www.yubico.com/product/yubikey-4-series/#yubikey-4, and ordering a YubiKey 4 for yourself until you can pass it down to your child. So go ahead and order that key, and set it up with your newly created gmail address.

Now, go to gmail.com and prepare to create your childs Confidential email address which will also be used as your childs control account for his future professional, social, and scholarly (.edu) email addresses. Remember, this email should be named with moderate to high obscurity, as it will contain your childs future banking information and such. A example for naming this account would be, if your childs full name is Samual Alexander Johnson, try creating an email address (if the name isn’t already taken for that email) along the lines of SJ4thewin@gmail.com or SAJ22!@gmail.com.Gmail signup create a new google account tier 2 security www.nerd-tech.net tutorials.png

If you get an error saying this email is already taken, try adding some numbers to the end.Gmail signup create a new google account username taken www.nerd-tech.net tutorials.png

Now, lets get started. Go to gmail.com. Use Alias’s or nicknames for first & last name. use alias’s for the username create a STRONG memorable password. Don’t use a password you have ever used before. Be sure to use upper case, lower case, special characters, and a minimum of 16 characters for your password.

However, Since this is going to be a Lesssecure and more commonly used account, you can use a password technique that i’ve found successeful although it requires a bit of initial thought. This technique facilitates a strong password, while still maintaining it’s memorability. Here’ is what you do. Use numbers or special characters in combination with speaking the password phoenetically. In other words, if I wanted to create a strong password that is seemingly random, but also memorable, I would do something like 4#‘sofF@tI8thatRU?ing’that.191

if you read this password phoenetically while typing, it sounds like this: Four Pounds of Fat I ate that are you questioning that dot one nine one

Lastly, you will want to note that google now has age requirements to sign up for an email account. That being said, it is highly possible that while registering for a new google account, it will ask you your birthdate. Enter and document a birthday that makes the registrant 16 years or older (technically, this is your google account until you pass it on to your adult child). Once you’ve filled out all of the information go ahead and click “Create account”, and be prepared to temporarily give google either your private cell phone number, or your house phone number. Gmail signup Verify your phone number Nerd-Tech.net Tutorials.pngGoogle now requires a phone number for registration and authentication, so you must use a number you own, until your child gets a cellphone, and you can transfer that gmail account to be registered with his phone number. Once you enter your number, it will call or text you asking you to verify the secret password. Do so. Now you should be able to log into gmail with your childs new tier 2 confidential account.

Step 6) Create your 2 step verification on your new gmail account using your tutanota (or other) Secure email address.

Once logged into your new gmail, go to your login preferences by clicking on this link:

https://myaccount.google.com/signinoptions/two-step-verification

Then click the “Recovery email” address option. Enter your password, and then click the pencil icon. In the popup screen, enter your Tier 1 Top Secret recovery email address (Your tutanota email, the first email you created).

Gmail Recovery Email address, use your most secure email www.nerd-tech.net tutorials.png

Then go back one step, and click on “Alternate emails”.  Verify your password and add your tutanota account to the alternate email address option as well. Now, you are done with securing this account. If you ever get locked out of this gmail by a hacker, you can have google send you a verification email to your tutanota email address in order for you to recover this account. Next step!

Step 7) Create your childs public,social, and professional email addresses.

Repeat the above steps, setting up a new gmail account, except this time name your gmail email as close to possible as your childs full name. Furthermore, you should simultaneously create an outlook.com email address, as well as a icloud.com email address, verifying that the name you have chosen works with each company. Thus after creating these accounts simultaneously, if your childs name is Mark Romano, you will have 3 accounts in that name, all of them exactly the same format:

mark.romano22@gmail.com

mark.romano22@outlook.com

mark.romano22@icloud.com

Once you have created these newly public, social, and professional (Tier 3 Emails), go back into your Tier 2 gmail and import these accounts. In gmail, click on the gear in the upper right hand corner, then click Settingsgmail settings gear icon www.nerd-tech.net tutorials.png

Then click Accounts and Import.

Screen Shot 2018-09-27 at 3.42.51 PM.png

And finally click the Add another email address option:

Gmail Settings Add another email address www.nerd-tech.net tutorials.png

Enter your credentials for each of the three new email addresses you just created.

Gmail add your outlook account www.nerd-tech.net tutorials.pngGmail add your gmail account www.nerd-tech.net tutorials.pngGmail add your icloud account www.nerd-tech.net tutorials.png

and continue to follow the steps to import your new public email addresses into your Confidential gmail account. Now, do the same for the Check Mail from Other accounts option. Screen Shot 2018-09-27 at 3.59.59 PM.png

After adding your newly created accounts to this 2nd tier gmail account, you will now have all of your public accounts secured and usable via your 2ndary confidential gmail account. Lastly, go into each of your public email accounts and set them up with a two step verification email. That email should be your Tier 2 gmail account, NOT your tutanota account. This way, you have a tiered system of security for all of your email accounts.

Finally, Which accounts do I use and for what?

Public email accounts Tier 3:

Use your public email accounts with your full name attached to them for all of your professional, social, and gaming emails and accounts. Use these accounts to log into your childs (Yes, it’s time to make him a facebook page), facebook page, his youtube accounts, his skype account, etc. etc. etc.

Confidential Email Accounts Tier 2:

Use your confidential email accounts with your alias attached to the name of the email, for online banking, financial logins, highly personal information logins etc. Do not use this account for anything public. Stick to using this for your childs bank account and possibly credit card accounts. Anything financial or identity related.

 

Top Secret Email Account Tier 1:

Use this for NOTHING, except recovering your hacked 2nd tier gmail account. All of the other corresponding accounts will be recoverable afterwords. This is your ultimate safety net account.

 

Final Step:

Put the piece of paper with your Tier 1 Top Secret email account and password in a private safety deposit box that you pay for in your bank. Don’t store it in your house. Don’t store it anywhere but a safety deposit box. This will keep your Tier 1 account extremely safe and unused except for in an emergency scenerio.

 

I hope you like this tutorial! Feel free to post comments or suggestions about other techniques to securing your childrens digital Identitiy!