CloudSLAW Holiday Special: Family Tech Support

Two easy ideas to secure those in-laws over the holidays

Hi Everyone,

One of the downsides of how I set up CloudSLAW is that all of you are rolling through the labs in different stages and I don’t get to send out anything timely. So from time to time I plan to send some CloudSLAW posts to everyone at once. I expect to keep this less than once a month because, really, listening to me once a week is bad enough.

I’m sending this out the Friday before Christmas. A holiday I invest a surprising amount of time and effort into, considering I’m an atheist Jew.

Consider this a real-time practical lab, with nothing to do with enterprise security but a lot to do with keeping your family safer. Like most of you I am the primary tech support for my entire extended family, who looks at my 20+ year career and multiple executive positions and thinks, “oh cool, free help desk”.

Over the past few years I have dealt with a string of family and friends (including some adults younger than me) falling for various online scams. To be fair, the scammers are very good at what they do, and I don’t expect non-techies to stay up to date on the latest fake helpdesk tricks. Nearly all of these start with a popup or email tricking someone into thinking they need to call Apple/Microsoft/whoever because their computer “has been hacked”.

The scammers then use this to trick the person into giving up personal or credit card information, or to install malware. I’m guessing 98.2% of you have also experienced this.

Here’s how to stop most of it within a few minutes. This is what I started doing, and it’s been working well for me. To be clear: this post is not sponsored and these companies have no idea I’m writing this.

I now use 2 different services that, together, have virtually eliminated popup scams and search result scams. They do cost money, but both are very inexpensive.

NextDNS for… DNS

NextDNS is a cloud-based, for-pay DNS service. You can find them at https://nextdns.io. It’s super-easy to set up; you just route your DNS queries through it and it filters based on the rules you set. The defaults are great. Personally I use the Pro plan:

I have my home router set up to use NextDNS as the default, which covers my entire network. That can be a little twitchy across upgrades, so for my extended family I install the local software, which is available for every major operating system.

NextDNS supports parental controls and allow lists, and you can pick from dozens of different block lists and even run them all at the same time. But my favorite feature for remote support is the logs:

My logs as I write this

This is PURE GOLD for supporting family. I can drop into the logs any time they run into issues, and either allow a connection or teach them how to turn NextDNS off on their device (which, I absolutely regret for… reasons).

NextDNS has virtually eliminated popup scams for my entire family, and the logs allow me to investigate remotely!!!!

Thanks to John Gruber at https://daringfireball.net for keying me into Kagi. Kagi is a paid search engine with excellent results and even better features. Kagi has no advertising and all search results are “clean”.

A very large percentage of the crappy sites family members click on come from web search; Kagi eliminates that risk and is also just a better search experience.

I’m currently on the Pro plan ($10/mo) and am upgrading today to the family plan ($20/mo) to roll it out family-wide like NextDNS.

And for my personal lab this month I’m going to test auto-redirecting Google searches to Kagi using NextDNS:

Next on my research list…

This will pretty much drop me down to just worrying about obfuscated Facebook/social links.

Here’s what I like about my family security setup:

  • It is cost-effective. For my entire close family I’ll only pay $22/mo. That is not $0 but still feels like a bargain for the value.

  • NextDNS + Kagi is easy to set up. We are talking 15 minutes for both.

  • The combination virtually eliminates the main source of online popup scams, and also happens to block most ads and many other vectors for attacks. Yes, it really is always DNS in the end.

  • It’s easy to support remotely. These are cloud services and I can keep an eye on things from my phone while walking through a foreign airport (been there, got the t-shirt).

Nothing is perfect, but I’ve been using NextDNS for about a year and it hasn’t failed me. Kagi is newer, but I already love it for myself, and it will close the loop by providing a good search experience without things getting blocked by NextDNS.

Happy holidays everyone, and I hope this helps reduce some of your holiday tech support stress.

-Rich

Reply

or to participate.