Project Insight - Security Advice That's Easy to Understand

Project Insight was started to provide insightful articles that discuss the many different concepts of cyber security. We do our best to break down these concepts into an easy to understand discussion so that any user can utilize this information to better protect themselves.
Download the free Project Insight eBook.

Equifax Reveals Details of 2017 Breach

Equifax recently gave the information of just what data was breached. Showing that the personal information of half the American population was stolen.
Source: cnet
Date: May 8, 2018

Third Party Sites Using Facebook's API Vunerable To Web Trackers

It was found that third party services who use Facebook login pass that information off to additional services, giving them easier access to user data.
Source: CNBC
Date: April 19, 2018

Maclicous Chrome Extensions Posing as Ad Blockers

Discovered this week were several Chrome extensions claiming to be ad blockers that were actually malware, potentailly affecting over 2 million users.
Source: techradar
Date: April 19, 2018

Sears and Delta Customer Information Leaked in Data Breach

The firm responsible for storing customer data from both Sears and Delta Airlines reported a data breach including up to 100,000 personal records.
Source: CNBC
Date: April 5, 2018

Congress Just Failed in Ensuring Your Protection Online

This week congress passed the latest government spending bill, and attached to the bill was the CLOUD Act. The CLOUD act strips privacy and protection from citizens globally. See the linked article to find out the full effects.
Source: Electronic Frontier Foundation
Date: March 23, 2018

Why You Should Avoid Hotel Wifi

Staying connected while traveling is important and the wireless connection at your hotel is a key part of this, but using a hotel's wifi poses a significant threat that most travelers don't think about. Check out the article to know more.
Source: Techradar
Date: March 9, 2018

Equifax Reports Another 2.4 Million Customers Affected by Breach

Remember the Equifax breach last year with over 140 million customer accounts that were breached? Well there's another 2.4 million to add to it. Find out more about how this affects you in the linked article.
Source: Reuters
Date: March 1, 2018

FedEx Customer Data Leaked

Scanned passports and IDs were some of the files stored on a publicly accessible Amazon Web Service bucket. Read more to find out if you were affected.
Source: arsTechnica
Date: February 15, 2018

The Netflix Email Scam is Back

Be on the lookout for a potential scam email claiming to be Netflix staff asking for billing information. Remember our Project Insight rule for phishing, if an email is asking for personal information like address, credit card number or other financial information, then it's likely a scam. For more information click below.
Source: USA Today
Date: February 2, 2018

Only 10% of Gmail Users Have Two Factor Authentication Enabled

One of the best ways to add a bit of security to your online accounts is to use two factor authentication when logging into your email. Now that this article is public, it could encourage hackers to go after more Gmail accounts. Read more about it below.
Source: Tech Republic
Date: January 26th, 2018

New Vulneralibility in Your Devices' Processor

If you haven't already heard about the Meltdown/Spectre vulnerability, follow the linked article. In short, it's a serious security flaw within Intel, AMD and ARM processors that could allow potential attackers to gain access to sensitive information on your device. Read more to find out how you can protect yourself against this new threat.
Source: The Guardian
Date: January 9th, 2018

Website Bug Leads to Leak of Real-time Location of Almost Any US Cellphone

A service known as LocationSmart has a bug in their API allowing users to potentially see the majority of real-time location of Cellphone users in the US. All someone has to do is sign up for a free trial.
Date: May 18, 2018

Twitter Urges All Users To Change Passwords

Staff at Twitter were able to view a plaintext file of Twitter user information including passwords due to a code bug.
Source: arsTechnica
Date: May 4, 2018

#NoSecrets Breach Report 1

We've started a new initiative of uploading new breach data each week and providing analytics on the data we aquired. Read the full report now!
Source: Lockin via Peerlyst
Date: April 27, 2018

Thousands of Compromised Websites Infecting User Devices

Websites are being used to push Malware onto unsuspecting users through browser notifcations. Find out why most of these sites are built of WordPress and SquareSpace.
Source: arsTechnica
Date: April 12, 2018

26 of 115 Popular VPNs Are Secretly Tracking Users

VPN services are a great tool to protect yourself online, except when they have unethical user tracking. Find out which VPNs to avoid in the linked article.
Source: The Next Web
Date: March 27, 2018

Facebook Allowed Cambridge Analytica to Collect Data From 50 Million Users

The social media giant is known to have some questionable terms in their privacy policy, but a recent admission from Facebook's Chief Security Officer shows just how much data can be collected. Read more about the developing situation in the linked article.
Source: CNET
Date: March 19, 2018

400k Servers Could be at Risk of Remote Attack

A bug in a widley used email program could allow up to 400,000 servers to be attacked remotely. Find out how to patch this bug in the linked article.
Source: arsTechnica
Date: March 7, 2018

Tesla's Online Cloud Resources Have Been Hacked to Run Crypto-mining Malware.

As smarter automobiles start to gain wider consumer adoption, security technology for these connected cars should adapt with it. Tesla and other companies will have to face these challenges to protect consumers from both virtual and physical consequences. Read more about this below.
Source: Gizmodo
Date: February 20, 2018

New Consumer Report Finds Smart TVs Vunerable

Consumer Reports have found that smart TVs are susceptible to hacking with the capability to control the device and collect personal data from the device owener. Learn more about how to protect against in the linked article.
Source: Consumer Reports
Date: February 8, 2018

Tox Chat is nearing 0.2.0

Tox Messenger is moving ahead with its core library. Tox has been around for a couple of years and they have made huge improvements to their core protocol. The core is approaching 0.2.0 which is a substantial milestone for the project and the future of secure communication. Check out their latest blog posts, github issues, and give it a try.
Source: Toktok Github
Date: January 31st, 2018

Another vulnerablitity found in Intel processors

While trying to patch the latest Spectre and Meltdown vulnerabilities researchers have found another weakness in Intel processors that could have hackers in complete access to a device within 30 seconds. This attack does require physical access to the computer, but with such a short exploit time any computer left unattended for a few minutes could be compromised. Find out more in the link below.
Source: arsTechnica
Date: January 12th, 2018

Dell Sever Woes

We often take for granted that server hardware and low-tier code bases are secure, but as the cybersecurity firm "Digital Defense" discovered, that is not the case with Dell. If a malicious hacker would have found these flaws first this story could have ended badly. Click on this card to read the full article.
Date: January 9th, 2018

Article 8

So your data has been leaked onto the Internet, now what?

By: James Johnson

Article 1

Introduction to Safe Internet Browsing.

By: James Johnson

Article 2

Browser add ons for safe web browsing.

By: James Johnson

Article 3

Introduction to Safe Internet Browsing.

By: James Johnson

Article 4

Secure Email.

By: James Johnson

Article 5

Encrypted Messaging.

By: James Johnson

Article 6

Encrypted File Storage.

By: James Johnson

Article 7

Secure Operating Systems.

By: James Johnson

< Back To More Articles

Article 1: Introduction to Safe Internet Browsing

In 2016 there were over 35 million confirmed personal records compromised in the United States. In a comprehensive report from Identity Theft Resource Center, it breaks down several different areas with 72,000 from banks, 6 million from businesses, 1 million from education, 13 million from government and 15 million from medical. With this number rising every year, there are several ways to begin to safely browse the Internet while lowering the risk of having your personal data compromised. This article will serve as a general guide to some safe Internet browsing practices.

With so many Internet browsers across several platforms there is one browser that consistently provides the best user experience while offering strong security tools. Mozilla Firefox is a well maintained and modern Internet browser with a great development and support team. To start browsing securely go to, download and install Firefox for your operating system.

One of the simplest tools that can be utilized once Firefox is installed is it’s private mode. Private mode allows you to browse while not saving your history and information you input will not be saved anywhere in the browser cache.

Identifying Secure Websites
There are a few methods when it comes to identifying if a website is secure or not. One of the first things that can be found is in the URL (Uniform Resource Locator or Internet address) of the website you want to visit. Most URLs now start with “”, which means that data going from your computer to that website is encrypted. Visiting a website with only “http://” puts you at a substantial risk, especially if you are entering personal information on that website. You will typically also see a green lock icon in the top right of the address bar of your browser indicating the site you are visiting is secure. Satisfying these two conditions when browsing will reduce your risk of your data being compromised.

How to Avoid Potential Phishing
The following items describe different ways to recognize potential phishing attempts. Phishing is when someone attempts to collect your information without your consent through an email, a websites made to look like the websites you visit, or through other electronic communication. Using this information you will be better able to recognize and avoid losing your information through phishing.

The message contains a mismatched URL
The first method is when checking the URL in a suspicious email message. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address. If the link you intend to go to doesn’t match the URL in the address bar, it is most likely a phishing attempt.

An URL contains a strange domain name
People who launch phishing attempts often depend on the victim not knowing how the DNS (Domain Name System) naming structure for domains works. The last part of a domain name will be the indicator. For example, the domain name "" would be a child domain of "" because "" appears at the end of the full domain name. But an example like, "" would not have originated from "" because the reference to "" is on the left side of the domain name.

The message contains poor spelling and grammar
Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality. So if a message is filled with poor grammar or spelling mistakes, it probably didn't come from a major corporation's legal department.

The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number, it already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

The offer seems too good to be true
There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages.

You didn't initiate the action
If you get a message informing you that you have won a contest you did not enter, it will most likely be a phishing attempt

You're asked to send money to cover expenses
In the correspondence, the person will likely ask for money to cover expenses, taxes, or fees.

Something just doesn't look right
If it doesn’t feel right, there’s probably a reason why.

This article covered the basics of secure web browsing, including browser applications, Identifying secure websites and how to recognize phishing attempts. Look for more articles covering in depth information on these topics soon from Project Insight.

- "10 Tips for Spotting a Phishing Email." TechRepublic. N.p., 15 Oct. 2015. Web. 17 Jan. 2017.
- ”Data Breach Report.” ITRC. Dec. 13, 2016.

< Back To More Articles

< Back To More Articles

Article 2: Browser add ons for safe web browsing

Downloading and installing a safe Internet browser is an important first step in securing your interactions online. This article discusses add-on tools for Mozilla Firefox to greatly increase security. Some of these tools will affect the visual aspect of websites.

Installing and Managing Add-ons

To add any of the following mentioned add-ons you must go to your settings in Firefox. This menu is accessible in the top right corner of the browser.

From this menu select the puzzle piece icon labeled “Add-ons” and you’ll be brought to the add ons menu where it will show which tools you currently have installed. To install a new add on you need to click on “Get Add-ons” in the left side of the browser.

Scroll to the bottom of the page and click on “Get more Add-ons”.

On this page there will be a search box where you will search for the tools you want to add to the browser. The next section will go over each tool to install.


Ghostery is a tool for your web browser that blocks tracking and other widgets that are embedded in websites. This speeds up page loading while securing your browsing data.

HTTPS Everywhere

This extension will force HTTPS over any website that has an available certificate, this will make sure that any information traveling from the computer to the server is encrypted.


Adding NoScript to your browser tools allows you to control what content can be viewed for Java, Javascript and Flash plugins.

UBlock Origin

The last tool to add is Ublock Origin which blocks malicious websites, trackers and intrusive website advertisement.

Why is this Important?

Websites that do not charge anything can collect information on you so they can supply ads through the browser to match your interests, and sell your personal information to third parties for the same use. This is becoming very dangerous because this information could be leaked on the Internet. Theses steps will help with preventing these risks.

< Back To More Articles

< Back To More Articles

Article 3: Secure Connection Tools

Using a secure Internet browser along with various add on tools is a great way to protect your information when online, however there are some important tools that are available to use for when extra caution might be needed. Do keep in mind that these tools may affect your browsing experience including some content and location based services.

Tor Browser

The Tor browser allows users to browse the Internet while minimizing any tracking information to websites they visit. When using Tor your connection is distributed among a network of globally distributed relays. It also allows you to mask your computers location and access websites that are not available on the world wide web.

To install the Tor browser go to and select the correct download for your operating system. Depending on your operating system, download and run the installation file. Follow the prompts and once installed, run the executable file. It may take awhile for a connection to be established but once it is the browser will open. From there you can use it as you would any other Internet browser.

Using a VPN
A Virtual Private Network distributes your connection while encrypting your traffic from your device to the VPN server. It also masks your computers location. You can use a VPN on your devices including your computer, smartphone or tablet and is supported by most major operating systems.

PIA VPN can be downloaded for PC, Mac OS, Linux, iOS and Android. To install go to Keep in mind that this tool requires a subscription which starts at $3.33 a month.

< Back To More Articles

< Back To More Articles

Article 4: Secure Email

Emails are one of the most relied on methods of communication, especially in business. There are a few different services that can help ensure that information being transmitted is not compromised. This article will cover these services and discuss different options depending on your device.

Proton Mail

Proton mail offers a simple and easy to setup solution for encrypted email. Proton mail has a web based client for your PC or Mac and has apps for iOS and Android. Proton mail is a free, open source, and modern platform. It provides end to end encryption and the capability for anonymous email, all hosted in Switzerland which offers better privacy under Swiss Privacy laws.

To install use the link and sign up for an account and follow the sections for downloading for your device.

The Thunderbird email client is provided by Mozilla, the same people behind the Firefox browser. Like Firefox, Thunderbird has support for third party add ons, which allows users to have greater security. While Proton mail requires you to sign up for an account, Thunderbird can be setup using an already existing email address.

One of the best add-ons for Thunderbird is Enigmail. This tool enables users to encrypt their emails using PGP (Pretty Good Privacy). To use this you have to create a set of keys, one private key for yourself and one public that you send to whomever you are emailing. This is covered in further detail later in the article.

Use the link to download Thunderbird for your PC or Mac computer.

Since there is no native Thunderbird app for iOS or Android here are a couple options to setup email with PGP encryption.

K-9 Mail
K9 Mail is an app for android devices. Setup your account that you integrated with Thunderbird. You will also need an app like openKeychain to use PGP encryption when sending and receiving emails on your Android device.

To use openKeychain search for it in the google play store and install it on your android device. You will need to go through generating keys before you can use this app with K9 Mail which is explained later in this article.

Once you have your keys generated you will need to transfer the key file to your android device. Then open the openKeychain app add press the add button.Use the file browser to find the key file.

If you have keys from your contacts you can encrypt and decrypt emails. When opening an email a prompt will automatically popup to use your keys to decrypt.

When sending emails in K9 Mail there will now be a lock symbol next to the contact. You can press the symbol and select if you want to encrypt the email or not.


For iOS devices you can install iPGMail and setup your account like you did on Thunderbird. Since we don’t use iOS devices right now you may need to look up how to setup the iPGMail app.

Setting up PGP Encryption Keys

To use PGP Encryption on Thunderbird and mobile devices you will need to setup public and private keys for yourself as well as add the keys of those you wish to communicate with. To do so follow these steps:

1. Go to Thunderbird Setttings and click the right arrow on Enigmail and select key management.

2. Click on Generate and then on new key pair.

3. Fill in the details in the form the click Generate key. You need to remember your passphrase otherwise you will have to generate an new key pair.

4. Make sure you know where your keys are stored on your computer. You will need the key file if you change devices in the future.

5. When you want to begin emailing someone using PGP encryption you will start as you would with any normal regular email. Then you will notice in the top of the message window there are a few Enigmail options. If you are emailing someone for the first time you will send your public key.

6. At some point your contact will also have to send you their public key which you should store in a secure folder on your device.

7. Now that both you and your contact have each other’s public keys you can send and receive encrypted emails. To do so, click the lock symbol in the message window.

Setting up encrypted email is an important part of establishing better privacy and security. While regular mail services offer simplicity and convenience, taking these extra steps can take a short amount of time and ensure better electronic communication in the future.

< Back To More Articles

< Back To More Articles

Article 5: Encrypted Messaging Applications for Desktop and Mobile

With messaging being a main method of communication. There are several resources available for secure and private messaging.


Tox has been an ongoing, open source, project for several years and provides peer to peer encrypted messaging. The goal of the project is to provide a completely secure messaging platform that anyone can use without any prior knowledge of cryptography.

The main claim to fame for Tox is the server-less protocol it uses. Tox is completely p2p when communicating with a single friend or a group. This enables confidence in the platform since the only data stored is on your own machines. Tox allows you to route all your messages and calls through Tor which helps with keeping your IP anonymous.

Some other cool things are you don’t actually have an “account” on Tox. If you were to wipe your computer without backing up your Tox databases, your specific ToxID would be lost forever. This allows you to make as many accounts as you want with ease. The Tox team is currently working on device syncing (without servers) and battery improvements.

Tox can be used on Windows, MacOS and Linux along with an Android beta mobile client called AnTox and a iOS app called Antidote for Tox.

Once Tox is installed, you can setup your account and then go to your profile and copy your unique Tox key.

Only share this Tox key with another Tox user you want to message.


Conversations is a mobile app for Android users that offers more customization in the type of security tools you can use for messages along with a wide array of features.

Conversations is very different in the sense that it uses XMPP servers as the transport for messages. You can either find a public XMPP server like or create your own for ultimate privacy. (Below are links to both)

You can also use a wide variety of protocols for message encryption such as: OMEMO, OTR, and OpenPGP (our favorite here at Lockin). If you would like to learn more about each and every encryption protocol the Wikipedia page for each of these types would be a great place to start.

Conversations is available on the Google Play Store.


Signal is an application that uses end to end encryption. It offers most features seen in other messaging applications including video and audio calling.

This service has been co-created by the famous Moxie Marlinspike which uses the “Signal Protocol”. Big names like Google and Whatsapp also use the Signal Protocol in their applications making it one of the most widely used protocols in messaging services.

Signal has quite a few privacy features such as verifiable numbers and disappearing messages which are extremely useful for communicating with untrusted contacts. You can also create a pin code for the app so each time it is opened it requires additional authentication to enter the app. Something that other p2p calling services fail to do is hide your IP with the contact you talking to. Signal offers a setting to relay through their services to hide your IP address with the contact.

Signal is available for iOS, Android and Chrome.

< Back To More Articles

Article 6: Encrypted File Storage

If you choose to keep files digitally whether on your device or online it is important to know how to encrypt files where you may have personal or sensitive information. Think of what files you have stored, would you want someone peering in on the contents of these files like your taxes, finances, application forms, photos, and videos? Obtaining information to use against someone takes only a few key pieces of information. Encrypting files is one of the best ways to protect your information and in this article we’ll go over a couple of different methods to achieve this.

Hard Drive Encryption

To encrypt files on your computer you can use the utility “Veracrypt”. Veracrypt allows you to create specific encrypted folders along with the ability to encrypt drives and external storage devices. Veracrypt offers several different encryption methods, it is available for Windows, Mac OSX, and Linux.

To install head to the link below.

Setting up your encrypted folders or drives involves several steps, and we recommend referencing their guide to avoid making any mistakes or losing your files by improperly configuring Veracrypt. Their guide is available at the link below.

Cloud Storage Encryption

We have created and online file storage product called Vault we recommend for anyone looking to store their files online. We offer the same features of the big file storage names including, organizing, viewing, and sharing your files with other users. Vault requires minimal information to create an account and offers complete privacy for your files. Only you control who can access your files.

To use Vault visit the link below to sign up for an account. We also have a full tutorial covering how to use your account.

Mobile Device Encryption

While there are several applications that offer some folder and file encryption for mobile devices, none seem to offer the security of simply encrypting your entire device. For iOS devices, your device is encrypted using a passcode you set when initially setting up the device. Every time you restart your iOS device you have to enter this passcode.

For Android devices, there are security settings that you can setup initially but are not required. To encrypt your device, go to your settings and then go to security, you should then see the option to encrypt your phone. The process is different for some android devices but it will have you use a passcode or pattern that you will enter when you startup your device.

< Back To More Articles

< Back To More Articles

Article 7: Secure Operating Systems

Using secure tools on your computer is a great way to reduce the risk of data theft, however to better increase security, a change in operating system exponentially reduces risk. In this article we will go over what elements make up a secure operating system and provide our recommendation for users who are changing their operating system for the first time.

Elements to look for in a secure operating system

When searching to replace your current operating system there are a couple things to consider. Besides the dominate Windows and Mac OSx there are a wide range of operating systems. Most of these are based off of variations of Linux. Linux was created in 1991 and quickly grew to become the dominate server operating system because of its strong security. Today Android, the worlds largest mobile operating system with over 2 billion active devices and 84% world market share runs on components of Linux. There has been a resurgence in Linux desktop operating systems such as Elementary OS, which provides a great user interface instead of the terminals and complex looking applications that you may think of when someone talks about Linux.

The developers of Elementary OS have a great explanation of what “Open Source” means, in their blog they define open source as source code that is available for all users to view and use. Opening up resources to all users allows a more open collaboration and community. Having more people looking at code is a great way to spot potential bugs or vulnerabilities that the development team might not have seen before.

Linux can be a much more secure operating system due to its permission handling and software environment. Windows software gives complete access to everything which can be good for ease of use but allows malicious software the same level of access, which means it can control the whole system much easier. With the variety of Linux based operating systems, different applications have different software architectures, however Windows has the same architecture to build applications on which would make it easier for malicious code to infect the system.

Elementary OS

Our recommendation as a first time user coming from Windows or Mac OSx is Elementary OS. This particular version of Linux offers an easy to use interface and plenty of secure utilities backed by a great development community. Elementary OS has its own app store with an active community of users publishing new applications weekly.

The operating comes with all the essentials you need to get started without extra bloat and it has some of the same functionality you see from the major operating systems like workspaces from Mac OSX. Another benefit is that the system requires less resources to run smoothly, providing a great user experience and bringing better longevity to older computers.

Installing Elementary OS

If you haven’t installed a different operating system on your computer it may seem complex, but the process is usually not as difficult as it seems. The simplest process is to completely remove the old operating system however you can configure your computer to boot into several choices.

For this article we will be focusing on installing Elementary OS which has a very simple installation process. It is important to note that you should back up all your personal data onto a separate device as the installation process while format your computers hard drive.

*We are not responsible for any loss of data or damages to your device.*

For the complete set of instructions go to the link below.

< Back To More Articles

< Back To More Articles

Article 8: So your data has been leaked onto the Internet, now what?

So far we have discussed a lot of topics about protecting yourself from data theft when online. While there are many ways to accomplish this, there is always the chance that your data gets leaked anyway. With the recent news from the Equifax data leak, sometimes even if you do all the right things, another company with your data is not protecting itself as well as it should and your information is now in the wrong hands. In these cases there are several steps to mediate the loss of your personal information and ensure that the damage is minimal.

Checking to see if an account has been compromised

There are several different ways to know if an account you own has been compromised. One way is by receiving a notification from whatever business or service was breached, typically by email or post mail. It is best to be cautious with these as they can be fake notifications used to gain your personal information. If you refer to Article 1, it mentions that a business or service will never ask for things like your account number, social security number, or credit card number.

Our team at Lockin has built a website that allows users to search over 1.6 billion records that were leaked in some of the largest data breaches ever. The website allows you to search based on name, address, phone number, and email to see if your data was leaked. It also provides information on how take action to recover your online identity. The link to the website is below:

What actions you can take if your data has been leaked

When you are able to confirm if one of your accounts has been compromised there are some important steps that you need to take to prevent any potential loss of information or assets. If the hacked account is from a single business or company, you should immediately change your credentials including password, email, and phone number. If you are unable to access the account, go through their support channels. You should also disable any payment methods associated with that account and notify your bank that there could potentially be fraudulent charges. If it is an option, make sure to enable any form of two factor authentication that is offered to prevent future breaches.

In the case of a massive data breach from a larger business or corporation, like Equifax or Experian, there are other actions that should be taken. The FTC has outlined steps to freeze your credit report, which will reduce damage to your credit score. This can be accomplished by contacting the 3 major crediting reporting businesses and requesting to freeze your credit. Keep in mind that this will keep your credit frozen by default for the next 7 years, so once you are certain you are in control of your hacked accounts you will need to contact them and unfreeze your credit. Their phone numbers are below along with links to their information on freezing credit.




The most important thing to keep in mind is to act as quickly as you can if you know one of your accounts is breached. Be persistent when calling businesses or companies and continually check with your financial institutions to make there are no sudden changes in your balances and credit. More importantly, do not continue to use a service if your account has been breached because of them.
©2014-2018 Lockin™