

Computer Security and Privacy

Generally, clicking on a link is not enough to hurt you. Your browser will load a web page. There is a small chance that code on that page could find some vulnerability in your browser, if you haven't kept your software updated. But it's unlikely.A bigger risk is that the page could fool you into doing something bad, such as giving your login credentials.A valid risk is that the page could collect as much information as possible about you and your browser and machine, and send that information somewhere. At a minimum, it could record your IP address ("IP logging"). It could record what browser you're using, what OS you're using, etc. All the stuff listed in the Browser fingerprinting section.If you're using a VPN, and have turned on privacy and anti-tracking settings in your browser, maybe there will not be much info. But suppose the link looks like something you really want to see ("we tried to deliver a package to you"), and the page says "blocked because you're using a VPN; turn off your VPN" ? You might do it. Then the attacker could find out more information.

Opting out of everything probably is impossible, and a game of Whack-A-Mole. But at least hit some of the top places.If you're using a PO Box or PMB to hide your real address, probably don't opt-out in places where they have only your PO Box or PMB address. You want to have your data associated with that address, not your real location.Don't copy a standard opt-out request letter or email from some workbook, and send that to services. They're aware of standard formats, and ignore them. Instead, compose a request in your own words. Don't say you're doing it "for privacy", instead say your family has been getting strange phone calls giving personal information and threats, and is feeling endangered and stalked. Emphasize that you need your data removed from both their search results and their deeper listings.Often the first response to a "remove my data" request is an automated response. Respond to it and repeat your request, maybe changing it a little.Some opt-out services (on data-brokers, and on such services as Yahoo Mail) work by putting a cookie on your computer, telling their advertising code not to track you. But this conflicts with my desire to delete all cookies every time I close the browser.A couple of US states have registries of data-brokers ( Vermont and California ), so maybe you can use those to find opt-out addresses.Idea:From interesting audio podcast interview of a guy who runs people-search sites, The Complete Privacy & Security Podcast episode 071:Some big services used by private investigators and law-enforcement: Tracers

There are maybe 6 big players in the people-search industry ( Pipl's "Removal from Search Results" Radaris , MyLife, Intelius ), and a hundred subsidiaries/affiliates of them, and a hundred smaller competitors. And maybe 3000 web sites, owned by those companies. But they may create dozens of new web sites every week or month, trying to get into the top-ten results on Google Search.Some of the companies make money through ads, but mostly they make money when someone views their free report and decides to subscribe to get their full report.These companies are scraping data from everywhere: from each other, from govt, from companies such as real-estate agencies, from any account you create that allows sharing your data with third parties, etc. Some governments will sell driver's license data or car registration data.Getting a company to "delete your record" is not best, because your info probably will flow back in from somewhere else a week or a month later, and they'll treat it as a new record because they no longer have a record of you. It's better to have them "block your info", so they keep a record but don't give it out (if they're ethical).Disinformation can work, but it won't hide any real information, and you have to be consistent, using the same false info again and again, as many places as possible.Name, address, phone are the key items used to correlate data from various places, but I'm sure SSN, DOB, credit-card number are used when available.

Many legitimate standard apps or services, if set incorrectly, or set maliciously without your consent, could be used to spy on you or track you.For example, Google Maps on your phone will let you share your location with other people, maybe with your spouse or children. That's fine if you consent to that and know you're doing that. It's bad if you're having issues with your spouse and they turn that on without your consent.Various browsers and operating systems can be set to collect data about your behavior and report it to the manufacturer (usually called "telemetry"). Maybe the data is anonymized. Maybe it is limited to just crash reports. Or maybe it includes what sites you visit and what searches you do, even local searching of the hard disk. Check those settings. [Windows 10 in particular has an astonishing amount of this ( article1 ), but you can turn most of it off, I think: article2 . Or change OS to Windows 10 Ameliorated Suppose you install a remote-access application, or open an incoming VPN connection, so that you can access your home computer from work if you need to. But accidentally you allow anyone on the internet to access it, or someone in your house turns on access for themselves without your consent.A "sync" feature that automatically copies data among your devices is multiplying the places your data could be stolen. Smartphones tend to have the worst security, so syncing data from laptop to phone is weakening security. For example: "... Apple's universal clipboard functionality, which means that anything I copy on my Mac or iPad can be read by my iPhone, and vice versa. So, if TikTok is active on your phone while you work, the app can basically read anything and everything you copy on another device: passwords, work documents, sensitive emails, financial information. Anything." from Zak Doffman article I don't think any of the anti-virus scanners will report such settings to you as "potentially unwanted".

The more I think about it, updating is a major security issue for all OS's. What controls guarantee that an installer or updater will update only the application or component it is associated with ? Is the communication channel encrypted ?If something is updated through Windows Update or Linux's manager (Update Manager, on Mint) or an app store, maybe you can have some confidence that the process is efficient and secure. But if an individual app is reaching out of your system to its update server every day in some unknown way, that is questionable. If you have 20 such apps doing so every day, an attacker has lots of surface to attack, and there is lots of traffic for you to monitor or analyze for threats. Not to mention lots of little look-for-update processes running in the background all the time, maybe.What is the long-term solution for this ? Lobby Microsoft to let third-party apps use the Windows Update mechanism ? On Linux, only install apps via the main software manager on the system ? Add some kind of OS controls so an installer/updater can touch only the associated component's folder and registry tree ? I assume Windows Update and Linux's managers and app stores use TLS on their connection back to the server; true ?In response, someone pointed out: evilgrade

You can run a VM inside your real OS. It will look like a real machine to software, but then when you're finished doing stuff, you end the VM, and anything that happened inside it (including any bad stuff) is deleted.But some things I don't understand about this: So you can't bookmark any sites, unless you hop out of the VM and update the browser in your real OS ? If you download a picture or something, you can't get it out to the real machine, it's going to disappear when you shut down the VM ? If you want to copy something from web email to the clipboard, then save it in a file, that file will be in the VM, not the real OS ? If you log in to web email or reddit in the VM, and have a virus in the VM, it could do something nasty to your web email or reddit ? Do you never run a browser in the real OS ? Or you do only lightweight, throwaway browsing in the VM and do "serious" web stuff in the real OS ?From someone on reddit:From someone else on reddit:

I use Firefox, with the Facebook Container extension Firefox Multi-Account Containers extension , and Temporary Containers extension . and enable the "Container Tabs" option in Preferences / General / Tabs. People have created specific Container extensions for other sites such as reddit, Amazon.The Help for FMAC says if you use both FMAC and Facebook Containers, don't use FMAC to manage any Facebook-owned sites. I assume that is true for the other site-specific container extensions too.Some people point out: Container settings don't sync across multiple devices, and add-ons such as uMatrix know nothing about containers.Seems to be no way to save/export/import settings for Firefox Multi-Account Containers extension. Old instructions no longer work because of recent storage changes in FF.In Firefox about:config, set privacy.firstparty.isolate and privacy.firstparty.isolate.restrict_opener_access to false. Otherwise Yahoo Mail login doesn't work.Have to whitelist the FMAC extension in uMatrix.Containers sometimes screw up the browser history. You're in a uncontained page, you follow a link to a contained page, then the Back button has lost your history (no way to go Back to uncontained page).I suspect that making a separate container for PayPal or credit card, or enabling the "open external link in a new container" features of Temporary Containers, will interfere with paying for things online. If you're in an AirBNB container and on the AirBNB site and you want to pay with PayPal, you need the PayPal cookies accessible from the AirBNB container.I created a Containers import/export extension ( Containers settings export import ), but it's really limited, all it imports/exports is the container names and icons and colors. IMO the architecture of Containers is badly done. All of the working guts of each container, the mapping to a domain and such, is saved in the local storage of each separate extension such as Multi-Account Containers, Facebook Container, Google Container, etc. So my extension can't really get at those to import/export them.The Containerise extension is an alternative to the Firefox Multi-Account Containers extension; use one or the other but not both. I couldn't understand Containerise and get it to work for me. Also it has a far smaller user base. And 9/2019 the main dev is mulling a total rewrite of it.Test via BrowserLeaks.com / Social Media Login Detection

If you're connecting through a home Wi-Fi and cable router/modem (and no VPN), you probably can't change your external IP address. The router/modem probably is using one external IP address for all devices on your home network. To test this, open browsers on two devices simultaneously and go to showip.net on both devices. You'll probably see the same (external) IP address for both devices.Try power-cycling the fiber router/modem, and see if it comes up with a new external IP address. It may not. Try powering it off for longer, such as overnight.Try contacting your ISP and asking if they can change your IP address. If they ask for a reason, I guess you could say "to increase my privacy, to make it harder for advertisers to track me" ?If you're connecting some other way, you may have a chance of changing IP address. On Windows, create a CMD file containing "ipconfig /release && ipconfig /renew" and run it as Administrator. Check before and after, using showip.net

Such a card or card number has to have money deposited into it ahead of time; you have to maintain a positive balance in the account. Any transactions you do are paid from that balance. If you have multiple cards or card numbers, maybe each one has a separate balance ? Not sure.You can get a physical card, so not just for online use. But refunds may get complicated. Any balance you load into the card might not be protected by banking laws, certainly not at the $50 limit of protection on a credit card.From someone on reddit 2/2018:Pre-paid cards often have a web site you can use to track the purchases and remaining balance. All you need to access that info is the data printed on the card itself. So be wary of buying a card from somewhere sketchy, or using a card you received in the mail: someone could have copied that login information, and will use it to track you. Buy cards only from mainstream, reputable stores.Rules and fees vary greatly from company to company. Some allow only citizens or residents of certain countries. Some are accepted only by merchants in a specific country. Some have an annual fee per card, or a fee per transaction, or charge a percentage of the money you load into a card. Check to see how unused balances are handled; can you transfer money among cards, or get a refund, or do you just lose the unused money ? There seems to be a lot of turnover in this industry; what happens if your card-company stops offering cards or goes out of business ? Gunjan's article (with misleading title) Nick Beeny's article (with slightly misleading title)

Such a card or card number is connected to a real credit card or a bank account. Any transactions you do get "passed through" to the real account backing the virtual card or card number. Multiple cards or card numbers can be backed by the same real account.You can get one or more Virtual Credit Card numbers. You may be able to set a purchase limit or time limit on the number. You might be able to get such a number from your existing credit card company.Such a number is virtual, not physical, so you can use it only online, not in a store. Don't use it for something you buy online but then pick up in person: maybe air travel, hotel, rental car, event tickets. Virtual numbers often don't work for overseas transactions, only within the country of origin. If your real number and all virtual numbers are issued by the same company, that company still can see all of your activity.I wonder about the legal implications of this. In USA at least, consumers have a lot of rights to dispute credit card charges and be protected against losses. What happens to those rights if charges are going through another service first ?Also, real credit cards often give accident insurance when renting a car, or trip-cancellation insurance when buying plane tickets.Online, paying with a service such as PayPal gives less data to the merchant than paying with a credit card. But not all merchants accept PayPal, and I'm not sure about protections and benefits when paying with PayPal.Rules and fees vary greatly from company to company. Some allow only citizens or residents of certain countries. Some are accepted only by merchants in a specific country. Some have an annual fee per card, or a fee per transaction. Token (smartphone app only; Chrome extension being developed) Revolut (Premium plan, €8/month)My experience with Privacy.com since 1/2018:From someone on reddit about Privacy.com 7/2018:Don't make multiple cards for same merchant, probably best to use same card for eBay and PayPal; there is an unstated daily spending limit as well as the stated monthly limit.

Available to US or Canadian citizens only. Requires USA mailing address, requires email that can be verified, US phone number that can receive an SMS for verification. Will pay directly out of your bank account, so it requires your bank account username and password.Gave it credentials to my bank account at ETrade, but connection kept failing, they said there's a bug.A month later, I asked if they had fixed that bug, and instead they turned on ability to give ABA routing number and account number. I gave those numbers, they did 2 deposits to my account to confirm that it existed.A few days later, tried to create a number, and it failed. Turned out I hadn't quite finished the process, I was supposed to tell them exactly the amounts of the test-deposits.You can't create a physical credit card that carries a number created through Privacy.com, it won't work. [But it seems legal to possess a credit card writer; they're for sale on Amazon, eBay, etc. And you can buy blank white credit cards there, too. You might need a special printer to print on them; search for "credit card printer embosser". I'm not sure if any card-printing services will create a real, working credit card for you, unless you're a business, and ordering in largish quantities.] But 9/2019 Privacy.com says they MAY offer a physical card within the next 12 months.Each card you create can only be used atmerchant, the first where you use it. You can't create one card which you can use formerchant.Also not specified: what name is on the card. Asked Support, and got:So, you just have to give the right card number, CCV, and expiration date, and the card will work.Other than putting a "nickname" on each card on their web site, the web site gives no help for managing the cards. You can't tag each one with the name and address you're using with the card, for example. (Maybe better to do that in a password manager, anyway.)In my bank account, Privacy.com transactions show up as "direct debit" and description "something PRIVACYCOM". The "something" comes from the vendor, it's not the nickname of the card. You can change this by going to YourName / Account / Private Payments. My referral code for anyone who wants to create an account.Free account works fine. If you want 1% cash-back cards, you have to have $10/month account.

Maintain a secondary email account, on a different provider from your primary email. If something happens to your primary, you can use the secondary to send critical messages until you fix the primary. [Same for other things in your life: second bank account with ATM card, second credit card, etc.]What happens if your laptop display suddenly fails, and you need to send it out for repair ? Is any important info on disk encrypted ? Or can you remove the disk entirely before sending the laptop to the shop ? Also, for repairs, make it clear to the repair shop whether wiping all the data is okay. Smartphones often are "repaired" by completely replacing the entire guts of the device, so you lose all data.What happens if your phone suddenly fails or is stolen ? How would people contact you ? Would any accounts with two-factor authentication be disabled ?If your laptop or phone is absolutely critical to you, can't be without it for more than a few hours, maybe you should have a synced-up hot spare waiting, ready to use. Same for your internet router and modem on your LAN.What happens if your wallet or purse is stolen ? Do you have the info needed to notify your credit-card company, your bank, etc ? Do you have any papers in there with login details or PINs written down ? If your housekeys are lost/stolen, do they have your house address written on them ? It's safest to put your email address on physical things (keys, outside of phone and laptop, wallet, etc) so police or finder could contact you to return them. Put your email address on the lock screen of your phone, for same reason.What happens if the police come and confiscate ALL your devices to investigate something ?Is there any one thing you have where you can say "geez, if I ever lost that I'd be TOTALLY screwed" ? Then figure out a way to back up that thing, or reduce your reliance on that thing.

Don't ignore the account-recovery settings on your accounts, or put bad data in there. Sure, you'd rather not let Google or Yahoo or Facebook know your phone number or your second email address. But that information can save you if their security triggers get pulled for some reason. You travel, you try to access your email from laptop or internet cafe (seems not to happen when accessed from phone), you get "hey, we see a login attempt from a new country, we're turning off account access until you give us the code we're SMSing to your phone or emailing to your other account". Better hope you've kept the account-recovery options up-to-date.Similar can happen if someone tries to brute-force their way into your cloud or email account. The provider won't let them log in, but may turn off account access for everyone (including you) until you provide extra verification. Better hope you have that info.Similar can happen if someone wants to disable your email account to hide a scam. Suppose they get your Amazon credentials somehow, order something, then do a bunch of bad login attempts to your email account, to get your email account locked, so you can't see the Amazon order confirmation message.



> BACK UP YOUR DATA



And not just what's on your hard drive.



Do not trust the cloud!



Google recently ended my account for an unidentified TOS violation. I am not sure what I did. I just logged into gmail one day and instead of an inbox I saw a message saying my account had been disabled. I lost:



8 years of email contacts



6 years of favorited YouTube videos



About a dozen videos I made with my brother that were uploaded to YouTube.



All my Drive/Doc files including original writing.



My passwords to several sites, including banking and insurance sites.



Three albums I had purchased from Google Play.



Here's the kicker: I was a google believer. I am one of the 5 or so non-developers who actually owns a first generation Chromebook. I believed in the cloud!



Use and enjoy Google's services, but do NOT rely on them. Even though you buy their computers and purchase music from them, you are STILL not the consumer with google. You are the product (sold to advertisers). So when you are shut out from their garden, you have no customer service to appeal to, or to even find out why you got tossed. You might as well be staring at an angel with a flaming sword, wondering where your pants are.



> Didn't you contact Support ?



When you get the "your account has been disabled" screen, they give you a link to voice your grievance. After submitting, you get a message that says something to the effect of: "If we find we have reason to contact you, we will contact you."



You can also go the community forums and plead for help. Sometimes someone associated with google will actually say: "I'll have people take a look at this." In all my pleas, I never got a response. That is as far as support goes. You are not a customer. You are the product, and you are merely a commodity. Have you ever heard of "commodity support"? > BACK UP YOUR DATAAnd not just what's on your hard drive.trust the cloud!Google recently ended my account for an unidentified TOS violation. I am not sure what I did. I just logged into gmail one day and instead of an inbox I saw a message saying my account had been disabled. I lost:8 years of email contacts6 years of favorited YouTube videosAbout a dozen videos I made with my brother that were uploaded to YouTube.All my Drive/Doc files including original writing.My passwords to several sites, including banking and insurance sites.Three albums I had purchased from Google Play.Here's the kicker: I was a google believer.I believed in the cloud!Use and enjoy Google's services, but do NOT rely on them. Even though you buy their computers and purchase music from them, you are STILL not the consumer with google. You are the product (sold to advertisers). So when you are shut out from their garden, you have no customer service to appeal to, or to even find out why you got tossed. You might as well be staring at an angel with a flaming sword, wondering where your pants are.> Didn't you contact Support ?When you get the "your account has been disabled" screen, they give you a link to voice your grievance. After submitting, you get a message that says something to the effect of: "If we find we have reason to contact you, we will contact you."You can also go the community forums and plead for help. Sometimes someone associated with google will actually say: "I'll have people take a look at this." In all my pleas, I never got a response. That is as far as support goes. You are not a customer. You are the product, and you are merely a commodity. Have you ever heard of "commodity support"?



A few days ago my Facebook account was disabled suddenly and without warning. I've gone through what I thought was a fairly routine appeals process - filled in the form they link you to when you try to log in and included a scan of my photo ID as they requested to prove I'm a real person etc. However, I just received an email from Facebook saying the following:



> ... Upon investigation, we have determined that you

> are ineligible to use Facebook. ... Unfortunately, for

> safety and security reasons, we cannot provide

> additional information as to why your account

> was disabled. This decision is final. ...



This is really bizarre and quite upsetting - it's easy to forget just how much we rely on this service. If I can't get my account reactivated, that's six years of content (and memories) lost, and a huge blow to my ability to keep in contact with some friends and family.



The only possible reason I can think of for my account being disabled is what I was doing at the time - sending some photos to someone through the private messaging system. Some of the photos were (mildly) adult in nature (at her request!) which could be deemed a breach of the Community Standards if you look at it in strict black and white terms ("Facebook has a strict policy against the sharing of pornographic content"). However I can't bring myself to believe that there is someone monitoring private message attachments and instantly banning people if they see boobs. Beyond that, I genuinely can't conceive of a reason as to why my account was singled out for anything.



Any advice would be appreciated as to what I should do next - I am not yet willing to just give up and lose all of that content. I have replied to the email, though I doubt anyone will read it, but beyond that there's really no other contact options I can see, and Googling this problem does not produce much beyond more horror stories like this. A few days ago my Facebook account was disabled suddenly and without warning. I've gone through what I thought was a fairly routine appeals process - filled in the form they link you to when you try to log in and included a scan of my photo ID as they requested to prove I'm a real person etc. However, I just received an email from Facebook saying the following:> ... Upon investigation, we have determined that you> are ineligible to use Facebook. ... Unfortunately, for> safety and security reasons, we cannot provide> additional information as to why your account> was disabled. This decision is final. ...This is really bizarre and quite upsetting - it's easy to forget just how much we rely on this service. If I can't get my account reactivated, that's six years of content (and memories) lost, and a huge blow to my ability to keep in contact with some friends and family.The only possible reason I can think of for my account being disabled is what I was doing at the time - sending some photos to someone through the private messaging system. Some of the photos were (mildly) adult in nature (at her request!) which could be deemed a breach of the Community Standards if you look at it in strict black and white terms ("Facebook has a strict policy against the sharing of pornographic content"). However I can't bring myself to believe that there is someone monitoring private message attachments and instantly banning people if they see boobs. Beyond that, I genuinely can't conceive of a reason as to why my account was singled out for anything.Any advice would be appreciated as to what I should do next - I am not yet willing to just give up and lose all of that content. I have replied to the email, though I doubt anyone will read it, but beyond that there's really no other contact options I can see, and Googling this problem does not produce much beyond more horror stories like this.



I am writing this to warn Google users to back up their data, and to realize that everything you take for granted can be taken away in an instant.



About a week ago I attempted to log into my Gmail account and was greeted with a page saying my account was disabled. It says that it was disabled due to a perceived violation of the terms of service and product specific polices. I have read and reread the google terms of service, and I know I haven't done anything to violate them. The only possibility I can think of is that someone may have hacked into my account. I have been an enthusiastic gmail user since it first came out in beta, and you had to be invited to get an account. I have relied on google apps to make my life easier. I have filled in their account recovery form, and even tried calling members of the Gmail team, but have had no luck. I also have posted on the gmail help forum, but an expert there said he contacted google and there was nothing he could do and google wouldn't tell him anything "for privacy reasons".



This has created the ultimate real-life nightmare, and has turned my life upside down, a few examples of which are listed below.



All of my contacts were linked to this account. I now do not have access to emails, phone numbers, addresses, etc.



My google voice telephone number is no longer working. I had this phone number on my business cards and email signature, and now when someone dials the number, they are given an error recording. "We could not complete your call, please try again".



My youtube account with many videos I cherished of my children are now gone.



I have all of my photos backed up to the account for nearly my entire life, as I thought this was the safest place to keep them (the cloud!) I have photos of my beloved grandparents who have since passed away, and the thought that I can no longer access these photos makes me sick. I also have thousands of pictures from vacations and of my children that I fear are gone forever.



A nice chromebook that I purchased to access all of the google apps is now almost useless since my account has been disabled.



I have multiple documents in my google drive that I have spent hours of work on, and can no longer access them.



I placed an enormous amount of faith and trust into google's products and services, as millions of people have worldwide. It is a shame that something this important in someone's life cannot even warrant a response from a live person at Google.



I have been very depressed because my entire life was encased in google's products, and now everything is gone.



Again, I am writing this to warn others that this can happen to anyone at any time, so it would be wise to back up treasured items in your google account. Ironically, google provides the means to do this through their "takeout" app, which I did not learn about until after my account was disabled. If there is anyone out there reading this that can offer any guidance for getting my account reinstated, I would sure appreciate it! I am writing this to warn Google users to back up their data, and to realize that everything you take for granted can be taken away in an instant.About a week ago I attempted to log into my Gmail account and was greeted with a page saying my account was disabled. It says that it was disabled due to a perceived violation of the terms of service and product specific polices. I have read and reread the google terms of service, and I know I haven't done anything to violate them. The only possibility I can think of is that someone may have hacked into my account. I have been an enthusiastic gmail user since it first came out in beta, and you had to be invited to get an account. I have relied on google apps to make my life easier. I have filled in their account recovery form, and even tried calling members of the Gmail team, but have had no luck. I also have posted on the gmail help forum, but an expert there said he contacted google and there was nothing he could do and google wouldn't tell him anything "for privacy reasons".This has created the ultimate real-life nightmare, and has turned my life upside down, a few examples of which are listed below.All of my contacts were linked to this account. I now do not have access to emails, phone numbers, addresses, etc.My google voice telephone number is no longer working. I had this phone number on my business cards and email signature, and now when someone dials the number, they are given an error recording. "We could not complete your call, please try again".My youtube account with many videos I cherished of my children are now gone.I have all of my photos backed up to the account for nearly my entire life, as I thought this was the safest place to keep them (the cloud!) I have photos of my beloved grandparents who have since passed away, and the thought that I can no longer access these photos makes me sick. I also have thousands of pictures from vacations and of my children that I fear are gone forever.A nice chromebook that I purchased to access all of the google apps is now almost useless since my account has been disabled.I have multiple documents in my google drive that I have spent hours of work on, and can no longer access them.I placed an enormous amount of faith and trust into google's products and services, as millions of people have worldwide. It is a shame that something this important in someone's life cannot even warrant a response from a live person at Google.I have been very depressed because my entire life was encased in google's products, and now everything is gone.Again, I am writing this to warn others that this can happen to anyone at any time, so it would be wise to back up treasured items in your google account. Ironically, google provides the means to do this through their "takeout" app, which I did not learn about until after my account was disabled. If there is anyone out there reading this that can offer any guidance for getting my account reinstated, I would sure appreciate it!

From DrStephenPoop on reddit:From someone on reddit:From /u/sugarbreach on reddit:Paraphrased from someone on reddit 11/2019:"As a prank, a friend changed the name of our WhatsApp group to something obscene. WhatsApp then banned the group! My account has been banned !"[Related: don't let unknown people add you to groups; you could get suspended or banned for being added to a malicous group. In Android app, relevant setting is Settings / Account / Privacy / Groups.]Paraphrased from someone on reddit 12/2019:"My Facebook account got banned (maybe for creating two accounts ?), and then a week later my WhatsApp account got banned too, I assume because my Facebook account got banned."If you lose a cloud account, you can lose stored data, your calendar, remaining time on a subscription, any accumulated credit or gift cards, network link that makes some device (such as Amazon Echo, Google Home, etc) work, playlists, contact list, media you had bought or stored there, etc.Do NOT use Facebook or Google or Apple or Microsoft as your login to lots of other web sites. Not only does it let your activity get shared to Facebook or etc, but if Facebook or etc ever deactivates your account for some reason, you've lost access to those other sites too.Do NOT use Google's online password manager (holding passwords you've saved in Chrome or Android). If Google ever deactivates your account for some reason, maybe you've lost access to those other sites too, I'm not sure.Do NOT use Facebook or Google or Pinterest or Amazon or etc as the sole, critical host of your business, if you can avoid it. They give the "appearance of ownership", but in fact you do not own the platform, you have "digital tenancy". If the service ever deactivates your account for some reason, your business is dead. And content you write on them (in FB Pages, Amazon items for sale, etc) probably is in a non-standard format and hard to move to elsewhere. If you absolutely must use such a service as your critical host, plan for the possibility that they may drop you. Keep backups, have a separate web site and email, have pages on other services, etc.Do NOT rely on a high page-rank in Facebook or Google, or a high reputation rating in Amazon or iTunes or YouTube or AirBNB or Yelp or something, as the critical asset of your business, if you can avoid it. The algorithms behind those can change at any time. A couple of bad reviews from users can harm you greatly.Do NOT use a free email account supplied by your ISP or cell-phone service provider. If you ever change service provider for some reason, you may lose that email account.Maybe some people don't consider their email/messenger to be "cloud data", but it is. If you're saving 10 years of past messages in GMail or WhatsApp or something, it may be valuable to you, and it may be used or deleted by a hacker if your account gets hacked. It also may be hard to back up, and may be hard to move to elsewhere. I'm a big believer in keeping your email account as close to empty as feasible. Clean it out !If you're running a business on a cloud service (Facebook, eBay, Shopify, Etsy, GMail, Amazon, AirBNB, etc), back up your data. The service may or may not be backing it up for you. Even if they are backing it up, getting it restored may take a while. And if they turn off your account for some reason, you need that data so you can move to another platform and continue to serve your customers. These services give the "appearance of ownership", but in fact you do not own the platform, you have "digital tenancy". If there's a way to use a custom domain name that you own, that's safer than using one provided by the service: if the service fails then you can make the domain name point to some new server. Same is true of a phone number, especially a VOIP number: you don't really own it, the provider owns it, and you can lose the number through disuse or failure to pay or some other mishap.Do you actually "own" the things you think you own ? If a friend set up your domain registration or email account for you, is it in their name or yours ? If an employee administers the company email accounts on GMail, is the employee's personal account the only administrator for the whole company ? If someone gave you a used computer or phone or something, whose name is on any accounts or subscriptions associated with it ? If your relationship with your spouse or partner is failing, whose name is registered as the owner of various accounts ?If you do lose access to something important, be wary of. Lots of sites have been set up to provide "Facebook Support phone number" or "Unlock your banned WhatsApp account" or similar in search-engine results. But these big vendors with free services (Google, Facebook, WhatsApp, etc) deliberately do not HAVE a phone support number you can call. They have hundreds of millions or billions of free users; the LAST thing they want is for users to be able to call a human at their company. Any search result that gives you such a phone number is trying to connect you to a scammer. At best, they'll try to sell you something. At worst, they'll install ransomware, steal your money, and sell your information.