Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

A: If you use a credit card to pay for the service, and have forgotten your password, it is routine to use your credit card number to validate your identity.

To help secure your online activities:

  • Use strong passwords, with 15 or more characters.
  • Use unique passwords, a different password for every site and service.
  • Use a password manager to create strong passwords and to store your passwords. I’m fond of Bitwarden.
  • Whenever possible, enable two-factor authentication, sometimes called multi-factor authentication. One of the reasons I recommend Bitwarden is that it can act as your 2FA utility.
Q: Can a person remotely control my phone with just my number or email without a password? Is there an app for them to do it?

Q: Can a person remotely control my phone with just my number or email without a password? Is there an app for them to do it?

A: If we are talking state actors, like CIA? Sure it can and has been done. The Pegasus malware has been in the news lately for doing just that. if you are talking hackers or high-level organized crime? There has been no evidence of it ever done.

But, now that we have proof of concept (Pegasus), it is sure to happen sooner rather than later.

The good news is that, at least as of now, it is extraordinarily expensive to design such a tool. This is what has limited release to only very high value targets. And as soon as it was discovered, OS updates were released to block it.

Q: Why is Security So important to Apple?

Q: Why is Security So important to Apple?

A: Just an educated guess here…

Every business, to be successful, must differentiate themselves from the competition.

An obvious differentiator to use is security and privacy. MS has a long history of paying little attention to security and privacy. This makes it easy for a competitor – particularly one with a history of having better security and privacy (Apple) to fill that niche.

Now with that differentiator in place, a potential buyer needs to make a decision as to what product to buy. They can weigh price, features, availability, stability, appearance, performance, compatibility, AND security and privacy.

If security and privacy are more important to the buyer than other issues, they will likely go with Apple.

Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

Q: What is the best anti-virus software to use with Firefox, and why?

A: Antivirus software typically works with your operating system. But there are a few that are specifically designed for use with browsers. As such, they are browser plug-ins or extensions. Such antivirus tools can block access to malicious websites or downloading malicious files.

My favorite is Bitdefender Trafficlight.

Keep in mind that you still need an antivirus for system protection. Again, my preference is Bitdefender antivirus.

Q: How do I hide browsing history from a network administrator?

Q: How do I hide browsing history from a network administrator?

A: You don’t. That is why they are the administrator and you are not! In any organization I support, attempting such action would be considered a breach of computer policy, with termination as the likely result.

If the user enables private browsing mode on their browser, there will be no browsing history on the computer. However, this doesn’t stop browsing history from being recorded by the office router. This cannot be bypassed. The Internet Service Provider will maintain a browsing log. This can be bypassed by using Virtual Private Network (VPN). The DNS provider will also maintain a log. This can be bypassed by switching to a DNS provider that does not maintain logs.

Keep in mind that using VPN or switching DNS provider is very easy for the administrator to spot.

Q: Can a MacBook last 10 years?

Q: Can a MacBook last 10 years?

A: Physically, easy. I suspect the majority of computers can physically outlive their owner.

Realistically, no. Apple (as well as Microsoft and other vendors) will continue to provide system updates for 5–7 years. Once your computer is too old to receive system and application updates, it is HIGHLY vulnerable to malware and breach.

This puts useful lifespan to around 5–7 years.

An unasked question is is it worth it to keep a computer 10 years?

If the computer is used in a business or otherwise make money, I don’t see a way for an older computer to be profitable, or “worth” keeping around. Around 15 years back I created a program that calculated the cost/benefit of a computer versus purchasing a new computer. I used this to provide hard numbers to clients. In almost every case, if the current computer was two years or older, it was the more responsible choice to replace it with a new computer. In addition to getting a new sparkly, the company almost completely eliminates technical support costs, has little to no support-related downtime, no need to pay for extended warranty, and the user can be more productive.

If the computer is not used for business or make money, and the user doesn’t mind operating in the slow lane, as long as the computer receives OS and app updates, go for it.

Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

Q: How do I protect a Google Doc?

A: A google doc is just an html file, like a web page. Primary protection is in the form of permissions protection. Be specific who has access, and what permissions they have.

Second, having a viable backup is critical to protect against corruption, change, or deletion. For this, you need a cloud backup of your document. There are several internet providers that specialize in this, such as Backupify and SpinBackup. Yup, you will be using an internet service to backup your internet files! A local backup will be of little use.

Another option is to download your Google docs in either .pdf or Microsoft Office format.

Q: Why is Security So important to Apple?

Q: What is the best way to back up your data and keep it safe?

A: It is vital to back up all of your data in case the original becomes damaged, corrupt, or deleted. To protect your data you must have AT LEAST one local and one remote backup.

A local backup is typically saved to an external hard disk drive or flash drive. You will need a drive with at least four times the capacity of the data to be backed up. This is to allow for growth as your files are edited and additional files are created. The drive needs to be encrypted. This can be done with Time Machine or Disk Utility (macOS), or Bitlocker (Windows).

The remote backup can be a drive like the local backup, but stored off-site. In many cases a better alternative is to use online backup. This can be done with Google Drive, Microsoft OneDrive, or one of the dozens of commercial internet backup tools.

Q: Would an online dating site request a credit card IMFO for a forgotten password? If fraud, what’s the next step?

Q: How Do I Know if My Personal Information Has Been Hacked?

ANSWER: A bit of background information is probably in order.

  1. It is almost certain that much of what you think of as personal information is already “out there” and readily available to marketing groups, criminal hackers, advertisers, and other miscreants. Organizations such as social media, Google, your Internet Service Provider, and all major websites track your online activities. Over time, this accumulation of data creates a near perfect personal profile. This profile is sold to marketing groups and others. There isn’t a thing you can do about this – other than to be wise with how you interact with social media, and to operate with as much anonymity and security as you can whenever connected to the internet.
  2. Some of your personal information comes from breaches of websites where you have freely provided your information. For example, health providers, banks, credit card companies, social media, etc. You can check for such breaches at https://haveibeenpwned.com. If you find a breach, again, not much you can do about it, but it is time to change your password for the site.
  3. Almost nobody practices wise cybersecurity and internet privacy. A recent study found that the majority of adults use the same one or two passwords for everything. 85% of high school kids use the same password for everything, with almost 50% freely sharing their passwords with friends. There are some standards to put into practice:
    1. Use a different password for EVERY site and service.
    2. Passwords should be a minimum of 15 characters in length. Complexity doesn’t matter – length matters.
    3. Don’t write down passwords. Instead, use a quality password manager (I’m fond of Bitwarden) to store passwords in an encrypted database.
    4. Use multi-factor or two-factor authentication whenever it is available. For sites such as health care, banking, credit card, financials – if they don’t offer multi-factor authentication, change to another provider that does. This indicates they don’t care about security and privacy.
    5. Don’t share your passwords with anyone.
    6. Don’t use a non-private domain email. For example mary@google.com. Instead, spend a few dollars to set up your own private domain email, for example marc@maryxsmith.com, and make sure you have a quality email provider as your host. I recommend Proton Mail, Google, and Microsoft. Once you have this, ask your provide for help setting up your SPF, DKIM, and DMARC records. This will help prevent getting spam and help prevent your account being used to spam others.
    7. Contact the three major credit reporting organizations to get copies of your credit at least yearly. Review for any errors, and then get them resolved.

Oh, did I mention to be smart about your cybersecurity and internet privacy? Did your eyes roll to the back of your head when you read that? It is actually quite quick and easy, once you know the How! Interested in the how? Have I got a book or two for you: Practical Paranoia Security Essentials.

Q: How Vulnerable Are My Children To a Cybersecurity Or Internet Privacy Breach?

Q: How Vulnerable Are My Children To a Cybersecurity Or Internet Privacy Breach?

A: It is almost a sure bet your child has been knowingly or unknowingly a victim of cybersecurity or internet privacy breach (if they have internet accounts).

According to a report released today (August 11, 2021) by NIST (National Institute of Standards and Technology), 87% of high schoolers use the same password for everything45% of high schoolers share passwords with their friends. According to the research, teens don’t see password sharing as risky behavior, but a way to build friendships and trust.

Apparently, this is not an issue with not knowing cyber best practices. Children as young as third grade know and understand why passwords are needed, and why to use and how to create strong passwords.

So, with almost 90% of children using the same password for everything (my head almost explodes just writing  that), and almost half sharing that singular password with friends, is it any wonder you can bet they have been breached?

Unfortunately, if they have freely shared their password(s) with friends, there isn’t a viable way to determine if this password has been used by friends to access their other accounts. But the doors are wide open for friendly fire upon their social media, email, banking, and school accounts to haunt them for years.

This might be a great time to spend five minutes with your child to review password best practices. For those whose own memory may be a bit dusty 😉 …

  • Use a different password for every website and service.
  • Passwords should be a minimum of 15 characters.
  • Password complexity isn’t important. Better to have an easy to enter passphrase.
  • Whenever possible, enable two-factor authentication (also called multi-factor authentication). This prevents someone who knows your password from accessing your account.
  • Do not share passwords with anyone.
  • Do not write passwords. Instead, store passwords in a password manager utility, which encrypts your data. My preference is Bitwarden for all OS’s.

While you are at it, check all family member accounts for breaches by visiting https://haveibeenpwned.comAlthough this site won’t tell if you have been a victim of friendly fire, it will tell if your account has been attacked.

Q: What’s the Big Deal Over Two-Factor Authentication?

No matter how “great” or “strong” your password, it can be broken, hijacked, or bypassed. Perhaps the most common method to usurp your password is by breaching the user database of a major vendor. For example, recent attacks include:

  • Audi: 2.7 million accounts
  • Guntrader: 112,000 accounts
  • University of California: 547,000 accounts

Once a major site has been breached, the criminal gains access to all of the user accounts and passwords. If the passwords are strongly encrypted, it is simply a matter of time before automated cracking software resolves that bump in the road. More typically, however, is the passwords were either not encrypted at all, or used weak encryption that can be quickly and easily broken.

Given there are currently over 11 BILLION hacked accounts sitting on the dark web waiting for criminals to scoop them up, what can you and I do?

This is where two-factor authentication (2FA) (also called multi-factor authentication) rides in to rescue the day.

With 2FA in place, even if the criminal gains access to your password, they still need the second authentication factor in order to access your account – and only you have it!

What Is Two-Factor Authentication

2FA is just a second way that you can provide proof you are authenticated to access an account. The first way is knowing the password.

The second method can be:

  • Knowing a one-time-use code that is sent to your email.
  • Knowing a one-time-use code that is sent to your smartphone via text or voice.
  • Knowing a one-time use code that is randomly generated every 30 seconds via software or a hardware key.
  • Knowing a one-time use code that was given to you when you registered for 2FA on the site.

Best Practices currently recommends against codes sent to your smartphone, as they are easily intercepted.

How to Stop Business Email Compromise (BEC) Attacks

How to Stop Business Email Compromise (BEC) Attacks

Business Email Compromise (BEC) is any type of cyber attack using email that in itself does not contain a malicious attachment. Although there are many different BEC attack vectors, the dominant one is spoofing, used in almost 50% of all BEC attacks. In a spoofing attack, the criminal sends an email that appears to be from a high-ranking member of the organization, requesting a transfer of funds.

A few statistics to act as a wake-up call:

  • In a recent survey, 71% of organizations acknowledged experiencing a BEC attack over the past year.
  • The FBI’s Internet Crime Complaint Center reports that in 2020 there were 19,369 BEC complaints, with losses of approximately $1.8 billion.
  • One of the largest BEC losses came to Nikkei, the Japanese media group, in the amount of $29 million.

A BEC attack generally works like this:

  1. The criminal acquires the name and email address of a senior-level executive within an organization.
  2. The criminal sends an email, spoofing the name and email address of this executive, to their executive assistant or the accounting department, requesting that monies be sent to some account outside of the organization.
  3. Because this email appears to be from a senior-level executive, there is often no expenditure authorization policy in place to limit amounts, and no requirement for secondary approvals.
  4. The monies are sent to the requested accounts, which are immediately cashed out by the criminal.

What Can I Do To Help Prevent an Attack

Expenditure Authorization Policies

Although it will likely result in a few bruised egos, and introduce some time delays, it is vital that expenditure authorization policies mandate that any significant financial request, from any member of the organization–even the owner, president, or CEO–must be cleared through a secondary approval process. Even something as simple as a required video call to the requestor could block most of these attacks.

Staff Education

As part of staff continuing cybersecurity and internet privacy training, all staff should be educated on how a BEC attack works, and what the new expenditure authorization policies are.


The corner stone of a BEC attack is the ability to send an email that appears to be from a legitimate source. We do have technology that can help stop this from occurring. These go by the terms Sender Policy Framework (SPF), Domain Keys Identified mail (DKIM), and Domain-based Message Authentication, Reporting & Conformance (DMARC). 

If your eyes just rolled up to the back of your head, I understand, but stay with me.

SPF is an email validation system. It provides a mechanism to authorize servers and services to send email using your domain. This allows a receiving mail server to verify that incoming mail from a specific domain is coming from a host authorized to send that mail. If a criminal sends email to you with spoofed “from” information, your email server can validate or invalidate the authenticity of the incoming email. This prevents email from a forged or spoofed address from reaching an inbox.

DKIM accomplishes much the same as SPF, but from the opposite direction. It provides a mechanism for the receiver to verify that an email stating to have come from a server which has been authorized to send mail for a specific domain via SPF is indeed the server that is sending the email.

DMARC is a configurable policy that determines how to deal with email that has failed the SPF or DKIM validation.

In a nutshell, SPF authorizes a server to send email on behalf of a specific domain, DKIM authenticates the sending server, and DMARC determines what to do with the email if it fails authentication.

Configuring SPF, DKIM, and DMARC doesn’t require an IT professional. Your email service provider may be willing to set it all up for you. Better yet, do it yourself and be certain it is done properly! The entire step-by-step takes only four pages and less than an hour of your time. Where can you find the steps? They are assignments 13.11.1 through 13.11.4 in any of our current Practical Paranoia Security Essentials books.

Oh! I almost forgot… You can now become master of your cybersecurity and internet privacy even if you wouldn’t know an SSL from a TLS (ok, nerd humor isn’t even funny to other nerds). In just 1 hour a day over 10 days with our Practical Paranoia Online Workshops. If you can tap, double-tap, and save a file, you can quickly and easily secure your computer, tablet, phone, data, and communications using the same steps as used by governments, military, and big business. All you are missing is knowing the how. Lucky for you, we’ve got the know-how to spare, and we will share it all with you in the workshop.

Register by July 31, 2021 and receive 55% discount.


Finally, Online, Instructor-Led, Cybersecurity Workshop for Non-IT Users

Finally, Online, Instructor-Led, Cybersecurity Workshop for Non-IT Users

It doesn’t take an Apple Genius, Google Guru, or Microsoft Engineer to help secure your devices, data, and communications.

If you can tap, double-tap, and save a file, we can walk you step-by-step through ensuring your cybersecurity and internet privacy to industry standards.

Register NOW and receive a 55% discount – only $125 for any workshop in August.

How Often Should I Change Passwords

How Often Should I Change Passwords

There was a time, not so long ago, where most IT administrators mandated that every password for everything be changed every three months.

In my specific case, I currently have 940 passwords in my password vault. That means I would be changing at least 10 passwords every day. And getting very little else accomplished!

Thankfully, someone took a deep breath and gave some time to actual critical thinking about the whole password life span issue. The conclusion? Unless a password has been breached, or you think it could have been breached, no need to change it for…ever.

That is right. According to the current guidelines by most of the major US government IT overlords, you never need to change a password unless it may have been compromised.

But, that answer isn’t really quite that simple.

First, there are plenty of old-school IT administrators in the field who refuse to do their own critical thinking, and insist on mandating password changes every X months. Good luck getting these folks to wake up.

Second, this guideline assumes your password habits are healthy. What are healthy password habits?

  • Every website and service uses a unique password. No password is used more than once.
  • All passwords are strong. “Strong” is defined differently by different standards-setting organizations. But a good generalization is a minimum of 15 characters. A password of 123456789012345 is technically as strong as $g1A7^bY0&qX4%r.
  • No password uses a part of your name, address, phone number, social security number, pet name, or is otherwise guessible.

This is far easier than the old-school rules of:

  • At least 1 upper-case letter
  • At least 1 lower-case letter
  • At least 1 number
  • At least 1 special character
  • At least 1 drop of unicorn blood

But now you have a trove of passwords, at least 15 characters in length, none of which are rememberable.

What to do?

Use a password manager to do the remembering for you.

If you are a Mac user, macOS, iOS, iPadOS, and Safari work together to remember and autofill your passwords.

If you are a Windows user, Edge will remember and autofill your passwords.

Brave, Firefox, and Chrome also have their own built-in password managers.

However, my recommendation is to use Bitwarden. Bitwarden is a third-party free/for-fee password manager and Multi-factor Authentication utility (free for password management, for-fee to access the MFA). It works with almost all browsers, all OS’s, and across all of your devices. So a password created on my iPhone is immediately available to my Chromebook, Windows PC, MacBook, and Android tablet. For less than what you will find in your couch cushions, you can have peace of mind in the password department.

World peace will take a bit more.

Enroll by July 31 and Save 55%


Can Law Enforcement Force You to Unlock Your Computer?

Can Law Enforcement Force You to Unlock Your Computer?

As of Thursday, July 21, 2021, the short answer is YES. As reported by CNN, a federal judge forced a January 6, 2021 US Capitol rioter Guy Refitt to sit in front of his computer to allow face recognition to unlock the computer. The prosecution stated that the computer most likely held video footage of the riot from the helmet cam worn by Refitt. Whatever your views and politics are regarding the Capitol riots, this is seen a blow for cybersecurity and internet privacy. Whether or not law enforcement could force a person to unlock their computer or mobile device has long been a hotly contested issue. This federal ruling will add weight to the debate over using face recognition. However, the question over having to enter a password is still in the balance.

What Does This Mean For Me?

I have long recommended to clients that they NOT use biometrics for computer or mobile device log in. My primary reason is that biometrics (Face ID, Touch ID) can be easily circumvented. It now looks like biometrics provide little protection against law enforcement penetration as well.

Stop Being the Victim of:

  • Data Loss

  • Ransomware

  • Malware

  • Hackers

  • Malicious Websites

  • Identity Theft

  • and Stolen Passwords

Take Control of Your Cybersecurity and Internet Privacy

  • Just 1 Hour a Day for 10 Days

  • The Easiest, Fastest, Step-By-Step DIY Course Available

  • Includes the Best Selling Practical Paranoia Security Essentials Workbook and Private Instructor Hours

Starts August 2, 2021

55% Early Registration Discount until September 31

Visit https://thepracticalparanoid.com

How to Have Secure Encrypted Voice, Video, and Text Communications

How to Have Secure Encrypted Voice, Video, and Text Communications

Surveillance technologies now available–
including the monitoring of virtually all digital information–
have advanced to the point where
much of the essential apparatus of a police state is already in place.
– Al Gore

The manufacturers or developers (such as Apple, Facebook, Google, etc.) and carriers (Verizon, AT&T, etc.) for each party can intercept any traffic that crosses their networks. This interception may extend to any third parties that work with your carrier, such as contractors or subsidiaries. In addition, your local, state, and federal government monitor data in dragnet-style snooping.

How can you communicate easily and securely?

If you are interested in cross-platform, end-to-end encrypted, text, voice and video conferencing solutions, a few options are available.

Wire and Signal are our choices for end-to-end encrypted voice, video, instant messaging, and group communications. Both provide end-to-end encrypted communications between Android, Chrome OS, iOS/iPadOS, macOS, and Windows.

Wire is a for-fee commercial service. It offers a free 30-day trial.

Signal is an independent nonprofit that provides its product and services for free. We use Signal for the rest of this blog.

HIPAA Considerations

HIPAA is concerned about securing Protected Health Information (PHI) from leakage, but at the same time, requires that instant messaging have an audit trail. This requires that all messaging be logged to a centralized server so the log can be reviewed. In addition, HIPAA requires that the vendor be willing to sign a Business Associate Agreement (BAA). As a BAA puts the vendor at a potential liability should their service or software be found responsible for leaking protected health information, you will not find free or inexpensive software that meets HIPAA compliance requirements.

Most readers of this blog want to leave no record of an encrypted conversation, and have no need of a BAA.

If your instant messaging needs include HIPAA compliance (this requires meeting Joint Commission guidelines), then the rest of this blog does not apply to you. I recommend you perform an internet search to find and assess the few options available. Then work with an IT expert to implement your HIPAA-compliant program.


Signal is a free platform for peer-to-peer (no centralization) and group secure, end-to-end encrypted communications using instant messaging, voice, and video.

Install Signal

In this assignment, you create a Signal account. This account allows you to make fully secure, encrypted instant messaging, voice calls, and video conferences with friends and business associates.

  • Prerequisite: If you wish to use Signal on a Chrome OS, macOS, or Windows computer, you will first need to create a Signal account registered on an Android or iOS mobile device (performed in this assignment).

Download and install Signal onto a mobile device

  1. On your iOS or Android mobile device, open a browser window to https://signal.org.
  2. Tap Get Signal. If using an iOS device, the App Store opens to Signal-Private Messenger. If using an Android device, the Google Play Store opens to Signal-Private Messenger.
  3. Download and Install Signal to your mobile device.
  4. On your mobile device, open the Signal
  5. Follow the onscreen instructions to complete the registration process.

Download and install Signal onto a PC 

  1. Open a browser and go to https://signal.org, then tap the Get Signal
  2. Open the downloaded installer file and follow the prompts to install the app.
  3. Launch Signal.
  4. Signal displays a QR code.
  5. If using an iOS mobile device, open Signal.app > Signal Settings > Linked devices > Link New Device. If using an Android mobile device, tap the + button.
  6. Use your mobile device to scan the QR code.
  7. Assign a name for your Linked Device, then tap Finish.

Your Signal desktop app is now ready to use!

Invite People to Signal

Before you can communicate with someone else using Signal they must also have a Signal account.

In this assignment, you invite someone to install Signal and create an account.

  • Prerequisite: Access to your mobile device with Signal installed.
  1. Open Signal on your phone (invitations do not yet work with Signal Desktop.)
  2. Tap your profile picture in the top left corner > Invite Your Friends.
  3. Select to send either a Message or
  4. A list of all your phone contacts appears. Select the target contact(s), then tap
  5. A new emailmessage is created with each of your target contacts listed in the Bcc field, with a link to downloadSignal on their phone.
  6. Customize the emailto your taste, then tap the Send
  7. Once your target contacts have installed Signalon their phone, you receive a text from Signal they have joined, and their name appears in your Signal Contacts

Secure Instant Message with Signal

In this assignment, you instant message your new Signal friend.

  1. Open Signal (for this assignment, on your computer.)
  2. From the sidebar, select the desired Contact.
  3. In the main body area of the Signalwindow, at the bottom in the Send A Message, enter a text message for your contact, then tap the Return The message is sent to your contact and received in seconds.

Secure Voice or Video Call with Signal

In this assignment, you make a secure, encrypted voice call to a Signal friend.

  1. Open Signal.
  2. Select a Signalcontact to call.
  3. In the top right corner of the Signalwindow tap either the phone or the video
  4. Tap the Start Call
  5. On your friends Signaldevice, they hear their device ringing, and an Incoming Call message in if they wish to answer, they tap the Signal Phone icon.
  6. The two of you can now speak in complete privacy (even better than Maxwell Smart’s Cone of Silence).


How to Run Windows 11 on Apple silicon Mac

How to Run Windows 11 on Apple silicon Mac

If you are a Mac user, but also need to run Windows, there are several easy ways to do it all on one machine.

However, if you are on Apple silicon (M1) Mac, and want to run Windows 11? So far the path has hit a brick wall. Parallels promises to have a version out when they have mastered how to do it. But what if you just… can’t… wait?!

I may just have to magical codes to deliver.

My thanks to ytechb.com for most of the pointers.

WARNING: Windows 11 is still in beta/preview development. This is not stable software (oh, hell. When is Windows all that stable anyhow?)

WARNING: These steps require making changes to your registry. This is not something to be taken lightly. However, the changes are minor.


  • An Apple silicon Mac with all current updates.
  • At least 22 GB free space on your boot drive.
  • Parallels (current version).
  • Internet connection.
  1. Download and install Parallels from https://parallels.com.
  2. Download and install Windows 10 Insider Preview from https://insider.windows.com/en-us/
  3. From Parallels, install the Windows 10 Insider Preview.
  4. Run Windows Update to verify you have the latest version of Window 10 Insider Preview installed.Normally, this is as far as you can currently go with updates, as Windows 11 Insider Preview will not install on an Apple silicon Mac. But there are two brick walls we are going to go through like they were butter.
  5. Open the Windows Registry Editor, then go to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > WindowsSelfHost > UI > Selection.
  6. Double-tap on UIBranch, then change the value to Dev.
  7. In Registry Editor, go to HKEY_LOCAL_MACHINE > SOFTWARE > Microsoft > WindowsSelfHost > Applicability.
  8. Double-tap on BranchName, then change the value to Dev.
  9. Close Registry Editor.
  10. Restart Windows.
  11. Go to Windows Update Settings > Check for Updates.
  12. The Windows 11 Insider Preview will be seen as available.
  13. Tap the button to download the Windows 11 Insider Preview.
  14. The download will start, but will soon pop-up an error message that Windows 11 cannot be installed as there is no TPM 2 chip found (Macs do not have a TPM chip, although they have their own hardware security chip in use).
  15. Don’t close the error message.
  16. Open File Explorer, then search for AppraiserRes.dll.
  17. When AppraiserRes.dll is found, open the parent folder, drag AppraiserRes.dll to the desktop, then delete the found AppraiserRes.dll. KEEP THIS PARENT FOLDER OPEN.
  18. Go back to the error message and click Continue.
  19. In the Windows Update window, tap the Fix issues button. The Windows 11 installer will continue downloading.
  20. An Almost Ready message will appear. You can close it.
  21. Once the download has progressed past the point it had stopped earlier (probably around 10%), you can drag and drop the AppraiserRes.dll back into the folder in which it was found.
  22. When download has completed, an alert will prompt to Restart Now. Tap this button to restart.
  23. Once restarted, Windows 11 will continue to install.
  24. When back to the desktop, return to Windows Update Settings > Check for Updates, and check for additional updates.
  25. When the updates download, you are done, and have Windows 11 Insider Preview waiting to be used.


July 4th – Biggest Announcement EVER from The Practical Paranoid

July 4th – Biggest Announcement EVER from The Practical Paranoid

Click the Play button below for the audio version of this posting.

On the Fourth of July, Americans celebrate independence, declaring we are no longer subject and subordinate to the monarch of Britain.

But today we are subject to greater tyranny through constant internet surveillance and breach of our online privacy. We are at the mercy of our government, Facebook, Google, cyber criminals, and other bad actors intent on knowing, seeing, and recording our every digital nanosecond.

Time for an updated Independence Day.

I’m Marc Mintz, Project Director for The Practical Paranoid (TPP).

TPP and I have worked to enlighten the public that it does not take an Apple Genius, Google Guru, or a Microsoft Engineer to secure your systems, data, and communications. Almost everything the government and big business do to ensure their cybersecurity and internet privacy can be done for you, by YOU, for less than what we spend on coffee. And in just a few hours.

Our Practical Paranoia Security Essentials books have been showing non-technical users how to do this for over eight years.

The number one comment we receive from buyers of Practical Paranoia Security Essentials books is how surprised they are at how fast and easy it was to secure their phone, text, email, browsing, and entire digital life.


The second most common comment from buyers is how intimidating Practical Paranoia books appear. Some buyers never jump into using a book after they purchase it.


With release of five new operating systems this year – Android 12, Chrome OS, iOS 15, macOS 12, and Windows 11 – we needed to remove the intimidation factor so that everyone could learn how to protect their data, communications, and privacy. And we did it. 

Announcing five brand-new Practical Paranoia Security Essentials Online Workshops that cover all the new OS products.

Protecting your digital life is as important as locking your home and carrying a driver’s license.

There are three paths to cybersecurity and internet privacy:

  1. You can pay a certified cybersecurity professional to do all the work that you will do in a TPP workshop. But pros cost $1,000-$4,000.
  2. You can buy the Practical Paranoia book and DIY for only $64.95. But you would have done it already if it weren’t for that pesky intimidation factor.
  3. Now you can do the work on your own–but with an industry leader guiding you in a workshop– the only workshop of its kind available anywhere at any price.

Think you don’t have the skills or background knowledge to do your own cybersecurity? We designed each workshop for the non-technical computer, tablet, and smartphone user. If you can tap, double-tap, and save a file, this course was made for you!

Each OS workshop consists of:

  • A series of 7 to 10 one-hour classes on Zoom
  • A copy of the latest best-selling TPP book, a $64.95 value
  • Our August beta workshops will be presented live by an industry expert who has taught technology courses internationally
  • Each class is recorded for students to access if they miss the live session
  • Easy hands-on assignments to harden your security and privacy to industry standards
  • AND Private Instructor Hours via Zoom to help you over any rough patches

The Practical Paranoia Security Essentials Online Workshops are only $275. And, it gets even better!

If you register for any of our first beta workshops in August 2021, your cost is only $125 for any workshop. Registration for beta workshops is limited and will close quickly.

Protecting you, your family, and your business cybersecurity and internet privacy is fast, easy, and inexpensive. You may even have fun doing it!

Visit https://thepracticalparanoid.com
for more information and to register for a one of a kind experience.

online course

5.8 Million Android Apps Installed Steal Users’ Facebook Credentials

5.8 Million Android Apps Installed Steal Users’ Facebook Credentials

Nine Android apps with a combined downloaded of over 5.8 million have been removed from the Google Play Store for stealing users’ Facebook credentials.

The apps are:

  • PIP Photo
  • Processing Photo
  • Rubbish Cleaner
  • Horoscope Daily
  • Inwell Fitness
  • App Lock Keep
  • Lockit Master
  • Horoscope Pi
  • App Lock Manager

These fully functional apps performed their theft by requesting users to log into their Facebook account in order to disable in-app ads.

As a general cybersecurity and internet privacy guideline, never log in to one account in order to access another account or features of another account. The most common example of this is when a newly installed app requires creating a user account, and gives the option of creating an account on the app site, or using your existing Google account to log in.

What To Do If I’ve Installed One of These Apps?

  1. Uninstall the app.
  2. Change your Facebook password.
  3. If you do not already have it, enable two-factor authentication with Facebook.

You Know You Need Cybersecurity and Internet Privacy for Yourself, Your Family, and Your Business, But:

  • I can’t afford to hire a qualified cybersecurity professional.
  • I’ve bought the DIY books, but they are too intimidating.
  • I don’t have the time to DIY, and besides, even if I did find the time, who would help guide me when I get confused.

Announcing Practical Paranoia Security Essentials Online Workshops

  • Designed for the new to average user
  • Workshops available for Android, Chrome OS, iOS/iPadOS, macOS, and Windows
  • Each Zoom workshop is presented by a certified industry leader
  • Quick and easy one-hour classes cover the entire best-selling Practical Paranoia Security Essentials book
  • Includes private one-on-one instructor time should you have questions
  • Includes the Practical Paranoia Security Essentials book ($64.95 value)
  • If you can tap, double-tap, and save a file, this course is made for you!
  • New beta workshops with limited seating available at over 50% discount–only $125

For more information and to register, visit https://thepracticalparanoid.com/