Practical privacy and simple cybersecurity.
TheNewOil.org

Mom’s Guide to Online Child Safety

Tomorrow is Mother’s Day here in the US. (That was your last reminder to buy a card.) Happy Mother’s Day to all the moms out there! As a general rule, most mothers care deeply about their children and want them to be safe, happy, and successful. And as a general rule, today we are faced with a myriad of threats that we never before faced online, some more likely, more dangerous, or harder to defend against than others. So this year, I’d like to offer all the moms out there some encouragement with a quick guide on how to help protect your kiddos online. This post assumes your kids are coming up on or around the preteen age – basically still at that age where you are heavily involved in their decision making but it's time to start teaching them to be independent.

Freeze Your Credit

This is something I harp on a lot but with good reason. Identity theft of minors is still on the rise and is a hugely lucrative market. Think about it: if your kid is five and I steal their identity, I can open up credit cards in their name that won’t be detected for at least ten years. Credit freezes are non-negotiable – and free – if you’re a US resident. Equifax and TransUnion will require you to create an account, but Experian still uses a PIN-based model. I recommend doing this for your child and holding onto this information until they’re old enough to start doing things like getting jobs and opening bank accounts. You can find more information about the process here.

Operational Security (aka OPSEC)

I’m sure this goes without saying but this really is the biggest and most obvious thing out there: make sure your kids know not to give any details to strangers. “Details” varies from person to person. For example, saying you’re from New York City is probably fairly safe – there’s over 10 million people in the city. Saying you’re in Brooklyn or Mountain View, Idaho – probably less safe. Interests, I think, are probably less dangerous than personal information like real names (especially if the name is unique), dates of birth, schedules, and locations. Again, this is probably common sense for parents these days, but it’s worth saying.

Disinformation

In fact, I would argue that it’s valuable to actively encourage your child to engage in disinformation online. Say you’re from Los Angeles if you’re really from San Diego. Say your name is Jake when it’s really John. If there’s anything we’re learning it’s that disinformation is becoming vital to outsmarting people search sites and data aggregators these days. Not to mention the rampant data breaches which are becoming an almost daily occurrence. It’s only a matter of time before that forum your kid signed up for gets hacked. Train your kids young how to use disinformation effectively and when to use it. And on that topic…

Compartmentalize

This is more something you may want to do with your kids rather than just talking to them and leaving it up to them, but teach your kids the value and proper execution of compartmentalizing. They want to sign up for a new game? This is a good opportunity to teach them how to use AnonAddy or SimpleLogin and Bitwarden. Teach them how to randomly generate usernames that don’t reveal anything about them by using Bitwarden to generate a passphrase and then use two of the words. My recommendation is to have a unique forwarding email, unique password, and unique username on every site, all recorded in your password manager. This will make any potential stalker's job significantly harder – though not impossible.

VPNs

Normally I say VPNs are a lower concern, but when we’re talking about keeping kids safe I think they’re a bit more important. Realistically, the odds that your kid is facing attention from a sophisticated predator are low, but technology is getting easier and more user-friendly by the day. Something like figuring out your IP address was a monumental task ten years ago. These days it’s as easy as getting your kid to click on a link – which is probably pretty easy. Kids are kids. Even if you educate them, they’ll make mistakes. Keeping your kids’ devices safely behind a VPN at all times will reduce the risk that if they slip up, a predator can grab their IP address and therefore their real location (sometimes accurate within a couple blocks).

Apps

Up til now, I’ve framed most of my recommendations in the context of protecting your kids from predators, but those same techniques can be used to help your kids defend against the ever-growing surveillance capitalist state. One super important thing you can do to help protect your kids is to teach them to be judicious with the apps they install. Kids are fickle and are not prone to thinking ahead. If all their friends are all jumping on the TikTok bandwagon, they may want to as well without realizing how incredibly invasive social media and other such apps can be (and also how quickly these fads will blow over. Anyone remember Snapchat? Or Vero?). Create an environment where you talk about every app they want to download and you can help them see that it may not be worth it, or how to mitigate the risks (ex, only using Facebook on desktop rather than the app).

Settings

Another major life skill you can teach them is to evaluate the settings on any new account. If your kid wants to sign up for something and you have talked to them and approved it, go through the account settings with them and help them figure out which settings they can safely disable (like public posts). The key there was to go through it with them, not for them. The goal is to teach your kids to be smart, critical-thinking, productive members of society who can look out for themselves. Don’t just make changes and hand the phone back to them. Talk to them about each setting, what are the benefits and risks of each, etc. You’re not always going to be there to make decisions for them. Teach them how to make their own decisions.

Schools

Schools are not immune to the data breach phenomenon. In fact, they’re a big target because they contain so much sensitive information. I don’t know exactly what information is required to register a child in school, but honestly I think you should lie on as much of it as possible. I personally think everyone should have a PO Box if possible, so use that for your home address. Or use the address of a relative who doesn’t have kids (with their consent). Or a local hotel. I realize that one is tricky cause it may put your kid in a different school district, so plan ahead there. Put in a Voice-over-IP phone number instead of your SIM number. Recently several schools have suffered data breaches that resulted in information as sensitive as age, date of birth, and home address. That could make your child a perfect target for a predator and lead them literally right to your home. Make sure to obfuscate anything that might lead a predator back to your child. I also strongly encourage you to make specific email accounts and VOIP numbers for school-related business for this same reason.

Schools Devices

A big concern with schools these days has become technology and online learning. Schools have begun using Chromebooks as their defacto devices because Chromebooks are cheap, but there are many concerns that this has a “get ‘em while they’re young” effect, turning children into lifelong Google users with a long, ripe trail of data to be harvested. This has become a threat unto itself. There are a lot of questions and concerns about how to use a school-issued Chromebook right, which I addressed in this blog post late last year. If your situation allows, personally I wouldn’t even use the school-issued device. I’d create a virtual machine on your home computer, or use your backup browser (such as Brave or Firefox) for online meetings. Resist the urge to sign up for Zoom or download the app, even if it sounds convenient.

Conclusion

Personally I don’t believe in “the good old days.” I think society has always had problems, even if they were better hidden. We all look back at the past through rose-colored nostalgia glasses. Having said that, I really do think we live in times with a new set of threats to beware of. Not to be an alarmist, but I also think it’s worth noting that statistically, a person is most likely to be victimized by someone they know rather than a total stranger on the internet. It’s a common human fallacy to misjudge what the real threat is or how serious that threat is. But that's not to say your children today don't face a wide variety of threats from both corporations attempting to hook, track, and control them from the get-go and from posting something that could come back to harm them in the future, either at the hands of a predator or at the rejection of a potential job or school. As a parent, it is your responsibility to protect your children and teach them to be responsible, both online and off. I hope this post hasn’t been too alarmist and makes you feel more equipped to know what threats to look for and gives you some starting points on how to mitigate them.

Tech changes fast, so be sure to check TheNewOil.org for the latest recommendations on tools, services, settings, and more. You can find our other content across the web here or support our work in a variety of ways here. You can also leave a comment on this post here: Discuss...