clock menu more-arrow no yes mobile

Filed under:

How do I protect my privacy online?

Digital security expert Tony Gambacorta answers your questions about security and privacy on Too Embarrassed to Ask.

Apple iPad Arrives In Stores Tom Pennington / Getty

Even for the technically minded, weighing all the potential threats to your digital privacy can be a headache. But especially for non-techies who take it for granted, the need to think about privacy has never been so urgent.

“The greatest threat is our own ignorance,” security expert Tony Gambacorta said on the latest episode of Too Embarrassed to Ask. “You can get really deep in the weeds, you can really geek out on this stuff, but even just a high-level understanding of it will help people become more educated, make some more informed decisions about it.”

On the new podcast, Gambacorta — a longtime security researcher who recently founded a firm called 1585 Security — explained some of the steps all consumers can take to better protect themselves. For example: Think carefully about whether you need that smart home gadget.

“These are devices,” he said. “They don’t know what they’re ‘for.’ If you have something that’s got a camera and a microphone on it, and it’s running some embedded software, you could use it as a toy or you could use it as a weapon. It’s all about the context of what’s happening.”

He noted that his own house is very “low-tech.”

“I don’t need a camera and the convenience it provides — it doesn’t balance out for me with ‘and someone else could look at it,’” Gambacorta said. “And I know what I’m doing, I know how to configure these things. People who put these cameras in their house rarely know how they work.”

You can listen to the new podcast on Apple Podcasts, Google Play Music, TuneIn, Stitcher and SoundCloud.

Gambacorta also shared advice around password managers, VPNs (he recommends this one) and why you probably shouldn’t use that public Wi-Fi network at the airport. He said consumers should take any opportunity they get to use two-factor authentication or a password manager such as 1Password, which throw more roadblocks in the way of “opportunistic” hackers.

“If you don’t have two-factor authentication, it’s a lot easier to get you,” he said. “If I’m in organized crime and my boss has told me, ‘Go get 1,000 accounts,’ you’re going to be one of the thousand that I get. I’m not going to expend the extra calories to catch the person that’s got the hard password because I don’t need to. There’s so much low-hanging fruit out there.”

However, don’t trick yourself into believing that you know what a “hard password” is, Gambacorta added.

“Everyone thinks they’re creative, but once you start playing with some of these things, running a horizontal password-guessing attack, you start to realize that everybody uses a date from their lifetime, 1900 to today,” he said. “We don’t have many different names for our dogs; a lot of the things we think are creative are just not.”

Have questions about protecting your privacy that we didn’t get to in this episode? Tweet them to @Recode with the hashtag #TooEmbarrassed, or email them to And don’t miss last week’s episode, in which Recode’s Tony Romm demystified just how the rules governing internet privacy are changing in the U.S.

Be sure to follow @LaurenGoode, @KaraSwisher and @Recode to be alerted when we're looking for questions about a specific topic.

If you like this show, you should also check out our other podcasts:

If you like what we’re doing, please write a review on Apple Podcasts — and if you don’t, just tweet-strafe Kara and Lauren. Tune in next Friday for another episode of Too Embarrassed to Ask!

This article originally appeared on

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.