Additional Resources

Good public guidance

These are trusted, consumer-friendly resources that help average people and small organizations take practical steps to secure their digital lives. They offer clear explanations, checklists, and action plans rooted in real-world threats, not myths.

Consumer Reports Security Planner. A personalized step-by-step action plan to secure your data.
https://securityplanner.consumerreports.org

EFF – Surveillance Self-Defense. Clear, situational threat modeling for people at different risk levels.
https://ssd.eff.org especially the page on managing your digital footprint.

FTC – Consumer Advice: Online Security. Practical, scam-focused security guidance backed by enforcement authority.
https://consumer.ftc.gov/online-security

StaySafeOnline. Accessible infographics and safety checklists for the general public.
https://staysafeonline.org/resources

CISA – Secure Our World. Clear, nontechnical advice for consumers and small businesses on passwords, MFA, updates, and phishing.
https://www.cisa.gov/secure-our-world

Small business guidance

CISA. Cyber Guidance for Small Businesses
https://www.cisa.gov/cyber-guidance-small-businesses

Cyber Readiness Institute. Free online self-paced program designed for SMBs
https://cyberreadinessinstitute.org

IST. Blueprint for Ransomware Defense: An Action Plan for Ransomware Mitigation, Response, and Recovery for Small- and Medium-Sized Enterprises
https://securityandtechnology.org/virtual-library/report/blueprint-for-ransomware-defense

Online services

Major platforms offer built-in tools that protect your accounts, data, and devices. These links explain the safety features already available on your phone, computer, and cloud accounts, and how to use them effectively.

Google – Safety Center. Explains core safety tools: MFA, password manager, phishing protection, and security checkups.
https://safety.google

Apple – Privacy and Security Overview. Great examples of consumer-friendly platform protections.
https://support.apple.com/en-us/102614

Microsoft – Security Tips for Consumers. Basics on Windows, Office, and identity protection.
https://support.microsoft.com/security

Password and authentication best practices

These resources explain what modern research says about strong passwords, passphrases, password managers, and passkeys. They focus on practical habits that prevent the most common real-world attacks.

NCSC UK – Using Password Managers and Passphrases. Excellent plain-language explanations for why frequent password changes are bad advice.
https://www.ncsc.gov.uk/collection/passwords

FIDO Alliance – What Are Passkeys? Simple intro to the next generation of MFA.
https://fidoalliance.org/passkeys

Troy Hunt – Have I Been Pwned. Safe, public tool for checking if your credentials were in a breach.
https://haveibeenpwned.com

Secure by Design Software

These links highlight the growing movement to build systems that are safe before they reach users. Secure by Design focuses on engineering, transparency, and incentives that improve software quality at scale.

CISA Secure by Design main page. Includes a video summary of secure by design software
https://www.cisa.gov/securebydesign

Applying “Secure By Design” Thinking to Events in the News.
https://www.cisa.gov/news-events/news/applying-secure-design-thinking-events-news

Resources for High-Risk Individuals

Some people face greater digital threats than the general public—journalists, activists, public officials, and executives among them. These trusted resources offer guidance for those who need more than the basics.

The Citizen Lab: Independent research into spyware and surveillance threats, plus practical safety recommendations for at-risk individuals.
https://citizenlab.ca

CISA – Cybersecurity Resources for High-Risk Communities: A U.S. government catalog of practical tools and programs for journalists, activists, public officials, and others at elevated risk.
https://www.cisa.gov/audiences/high-risk-communities

EFF – Surveillance Self-Defense: Scenario-based guides for protecting devices, accounts, and communications from targeted surveillance or harassment.
https://ssd.eff.org

Amnesty International Security Lab – Digital Security Resources: Step-by-step guidance for high-risk users, including Lockdown Mode, safe communication, and secure device setup.
https://securitylab.amnesty.org/digital-resources

Front Line Defenders – Digital Security for Human Rights Defenders: Comprehensive training materials and checklists for activists and journalists working under repressive regimes.
https://www.frontlinedefenders.org/en/digital-security-resources
https://securityinabox.org

Committee to Protect Journalists – Digital Safety Kit: Practical safety advice for reporters and editors on protecting sources, data, and online presence.
https://cpj.org/safety-kit/digital-safety

Freedom of the Press Foundation – Digital Security Training Hub: Hands-on workshops and resources for journalists managing sensitive information.
https://freedom.press/training

Access Now – Digital Security Helpline: 24/7 rapid-response support for individuals or organizations under active digital attack.
https://www.accessnow.org/help

NPSA (UK National Protective Security Authority) – Guidance for High-Risk Individuals: Practical personal and cyber-security advice for senior officials and executives.
https://www.npsa.gov.uk/security-guidance/industry/high-risk-individuals

CISA – Personal Security Considerations for Public Officials: Practical recommendations for election workers and public servants facing harassment or doxxing.
https://www.cisa.gov/election-security

Consumer Reports — Emergency Resources: A list of organizations that include online harassment and stalking that put you at risk of harm.
https://securityplanner.consumerreports.org/tool/emergency-resources

VPNs

VPNs are heavily marketed, but most people do not need one for security. These resources explain when a VPN is useful, when it is not, and why built-in protections on modern devices already handle many of the risks.

Marcus Hutchins: You Don't Need To Buy a VPN To Stay Secure On Public Wi-Fi
https://www.youtube.com/watch?v=i7GwjGGwxzg

Sun Knudsen: Why I no longer use a VPN (most of the time) and nor should you
https://www.youtube.com/watch?v=pp-INfssWBo

Tom Scott: This Video Is Sponsored By ███ VPN
https://www.youtube.com/watch?v=WVDQEoe6ZWY

All Things Secured: STOP using a VPN for Security! (here's why)
https://www.youtube.com/watch?v=8x1BJCKwqpI

About iCloud Private Relay. Not a VPN, but a subscription service that encrypts network traffic through two separate relays.
https://support.apple.com/en-us/102602
https://developer.apple.com/videos/play/wwdc2021/10096

New York Times: It’s Time to Stop Paying for a VPN
https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html

Techcrunch: Think you need a VPN? Start here.
https://techcrunch.com/2024/11/15/think-you-need-a-vpn-guide-start-here

Citizen Lab: Hidden Links:Analyzing Secret Families of VPN Apps
https://citizenlab.ca/2025/08/hidden-links-analyzing-secret-families-of-vpn-apps/ 

Bob Lord’s Blogs

These essays explore how internet security has evolved, how myths form, and what real-world evidence shows about risks like public WiFi, juice jacking, and encrypted traffic. They offer deeper background for anyone who wants to understand the data behind the hacklore.org project.

Attack of the Evil Barista. Analysis of the author’s personal network traffic.
https://medium.com/@boblord/attack-of-the-evil-baristas-b204436f0853

The Quiet HTTPS Revolution. Reflections on how the internet slowly became encrypted.
https://medium.com/@boblord/the-quiet-https-revolution-637a1c40ec6a

Juice-jacking Hacklore. Chasing down leads on alleged juice-jacking attacks.
https://medium.com/@boblord/cybersecurity-hacklore-8a5be4e8fa3e