Anyone using a browser that isn't chromium based and isn't Firefox or Safari?

[estwig]

pfsense like anything by sisco, is far too much for me to understand. This would mean putting myself in the hands of someone else, an IT security expert of some sort. I don't want to be in someone elses hands, for what could be a very long time. The guys who are good at this aren't interested in helping a one-man band, they want contracts with companies.

 

[gpietersz]

This is all very different to anything you guys have seen before, he is not motivated to steal my data, blackmail me, there is no ransom. He is motivated to spy on me and disrupt my life, he is putting considerable effort into doing this.

Yes and no. I only need to be concerned about the security of a a narrow range of internet connected servers, and my own home network and devices. ON the other hand, attacks motived by pure malice are not that uncommon and are a threat. I have only had to deal with one myself - probably a politically motivated attack in that case. Online game servers are a common target for DDOS attacks, very often because of a grudge or to win a game.

Also, regardless of motive, the technical means (and therefore the defences) are the same. The main differences here are 1) he is putting more effort into this than anyone would normally put into attacking a home network and 2) he is willing to take bigger risks in terms of being caught doing something illegal.

The guys who are good at this aren't interested in helping a one-man band, they want contracts with companies.

That is true.

pfsense like anything by sisco, is far too much for me to understand.

If you buy one of these (the cheapest!) or similar:

pfSense Plus How to buy

Purchase pfSense Plus software on a Netgate Appliance, on AWS or Azure as a cloud instance , or as a virtual machine

www.netgate.com

You can configure it through a web based interface. Not all that much more difficult than configuring a router which I think you have already done?

This would mean putting myself in the hands of someone else, an IT security expert of some sort. I don't want to be in someone elses hands, for what could be a very long time.

I can understand that, but your choices are either to do it yourself, or rely on someone else.

Another thing to consider is that the people who are best at this sort of thing use a mixture of human and computer weaknesses. Anything from phishing to getting physical access to premises to getting information indirectly to posing as you to get information that helps the attack....

 

[estwig]

Thank you gpietersz, you make some very good points, maybe I will take a punt on pfsense, if it solves my problems it's money well spent.

I don't see how a firewall can stop the following.........

I believe he gets on my android device, I have no proof of how he initially gets on my device, once he has a foothold he builds a stronger presence. He is very good at misdirection and laying false trails.

I have some 2000 contacts all synced across google, Samsung and windows, they are mostly clients. If one of those contacts is him, let's say he is Fred Smith, or he has put his mobile number and email into Fred Smiths contact info, google and Samsung will give him certain sharing rights with me, if he is close by google and Samsung will assume we know and trust each other. He would need a mobile configured to be Fred Smith, with me as a trusted contact. All my sharing settings are locked down, google and Samsung change these when apps update, to open up sharing options for me, they think it helps. He can then share executable files with me, without my permission.

If I'm right about the above, I may not be I have no proof, it seems very difficult to stop it from happening.

These are some of things I have experienced over the last two years........

A DDOS attack which completely fried a draytek router, the main page was a mess of words and rubbish, I managed to see some of the logs to confirm a DDOS attack.

My google account registered as a test account for chrome extensions, it was registered by a developer account to install malicious extensions.

I've found malicious apps on my android TV.

A jammer being used at close range to block my CCTV.
A jammer being used at close range to block my access to O2, therefore forcing me onto WIFI.

Old mobiles used as tracking devices on my car.

He even hacked into my Google Nest thermostat, at one time in the middle of summer, my house was getting close to 40 degrees in the middle of the night!

I live with the assumption there is always a device near my home.

Firefox, chrome and edge, having an unknown work account administer them.

Various malicious versions of android apps including, whatsapp, Bitdefender, wish, cert installer, android auto, my phone companion, nearby device sharing, duo, quick share, work profile, YouTube, bixby routines, group sharing, the list goes on and on

Once he is on my andriod device, if I have anything synced like a browser, or any connection between the phone and windows, that seems to be used to move across to windows, which he then infects with malicious apps.

 

[NickGrogan]

If you're having these problems due to syncing, then surely a first step would be to stop syncing devices.

You have a google account on your phone as it's android, but there is no reason to use the same account on any other devices.

I have separate accounts for all my devices, and my phone and PC have never been connected, physically or remotely.

My laptop has its own accounts but doesn't connect to my phone or my pc.

My wife phone and laptop are synced to each other but not to anything else.

Hacking any one device does not give access to any others.

Even cheap routers like the bt homehub let you setup separate networks for the 2.4 and 5Mhz bands. This means that hacking one band does not give you access to the other.

So devices like thermostats can be on one and computers on the other.

 

[estwig]

It's very difficult not to have my contacts syncing, I need this for work, it is a problem I am trying to find a solution for.

The thermostat is on a guest wifi which is an isolated network, everything else is all on separate LAN's as well.

Separate google accounts for the phone and windows, thats a good idea!

 

[gpietersz]

The thermostat is on a guest wifi which is an isolated network, everything else is all on separate LAN's as well.

Guest wifi provided by your router? Not reliably isolated if your router is compromised.

He can then share executable files with me, without my permission.

They should not run though. If you are syncing via a cloud service they should be able to prevent this.

It's very difficult not to have my contacts syncing, I need this for work, it is a problem I am trying to find a solution for.

Export, copy, and import. Android contacts can be exported to vCard (.vcf IIRC) and imported else where. Share between then by transferring on physical media or cloud storage like dropbox - or just email between the two.

Do you use your mobile devices on your LAN? Would it be possible to just connect them to mobile data only, ever? Even better, completely turn off your wifi. Nest stuff will be a problem with this approach though. Maybe use a mobile hotspot just for those.

They you hardly need a firewall.

My google account registered as a test account for chrome extensions, it was registered by a developer account to install malicious extensions.

He still needs access to the computer Chrome is on to actually install the extensions. I am pretty sure you need to turn on developer mode in Chrome, and you need to get the files on the computer too. You might want to check whether developer mode is on or off (settings > exensions).

don't see how a firewall can stop the following

Do something like this:

network switch connect to one port of the firewall device. wireless AP connects to other. the two should be configured as isolated networks.

other port of firewall device connects to the router. you no longer connect anything directly to the router.

at this point

1. the firewall stops any intrusion beyond the router is the router is compromised
2. it provides some protection from devices on the wired network from those on the wifi and vice-versa. You can completely isolate them if you want to.

 

[Nico Albrecht]

This is all very different to anything you guys have seen before

Maybe for some but what you describe is normal cases we get in all the time. Yours is actually pretty boring.

It always amazes me how those cases are exactly like yours and pretty much the same responses and outcomes.

Nothing you wrote makes sense and most stuff contradicts itself. It's very inconsistence and attitude wise not even getting started. I've never seen so many different attack vectors at the same time with very complex systems. Based on my expertise in this field I'm not buying it.

My best advise for anybody here trying to help is to be careful and not feed too much into it and actually ask for data and evidence before advising further.

One of the main reasons is that not a single piece of evidence was provided such as a log file , screenshots you name it. Apparently security guys were useless but no outcome from them or report posted either. Did they come to the same conclusion.

I work all the time on such cases and when devices being brought into the lab and 100% guaranteed this is hacked device etc... and 1 week later after full inspection no issues found. We have either denial or a another device is being presented.

As with any other category on here we should refer to what is your account or solicitor saying should be the same here and be very careful what we advise here further.

 

[gpietersz]

@Nico Albrecht that is very interesting. What makes people think that their systems have been compromised when they have not? Panic and fear of the unknown? Buggy software (otherwise known as "any software not actually running a nuclear reactor") behaving oddly. Bad advice - i.e. someone wrongly tells them something has been compromised?

I know one person who twice thought she was being hacked because a phone acted weird so I can understand it happens. I just thought it was a rare one off.

 

[The Byre]

I think he has convinced you that he is really skilled and you are interpreting everything in that light - i.e. confirmation bias. At the moment you seem to be trying things at random that you have heard of (trying a different browser, two routers, switching from Android to Apple). You need to calm down and re-evaluate and then get some advice.

This!

I find this thread fascinating because our @estwig is obviously being gaslighted by a classic narcissist. Yes, this does lead to paranoia and one starts to imagine all kinds of things that actually have nothing to do with the stalker. That's part of the gaslighting process.

But there are things you can do to mitigate the whole situation - starting with getting rid of all the useless and pointless toys you have accumulated such as smartphones and heating systems that can be activated remotely. As for the idea that your stalker is placing trackers on your car - I very much doubt it when there are so many other ways to track a person, especially one that insists on taking a mobile phone with them everywhere they go!

But this mania you seem to have for connecting everything to everything else has to stop. Nobody on Planet Earth needs to have a heating system or indeed any other household device connected to anything - that's asking for trouble. Also, your heating system should be turned off when not in use - and I mean turned off at the mains!

When you go to bed, turn the whole interweb and all phones off at the mains.

Deactivate all LANs. If you want to move data, either FTP it or stick it on a stick or SSD instead.

Get a cheap anonymous burner phone with a new number if you insist on having a phone with you at all times.

Never ever store passwords anywhere other than handwritten and on a piece of paper!

Never ever install or use anything with voice commands, such as Alexa or any of the other useless connected toys being pushed today (nothing to do with your stalker, but everything to do with your privacy!)

You have been given some excellent advice here by @Nico Albrecht on how to harden your systems.

And stop ascribing this idiot stalker of yours with superhuman powers. It reminds me of when I was a kid, I learned how to pick locks - it was easy because they all work the same way with simple pins or tines and barriers. But all my buddies thought I was some lock-picking genius because I created a passkey for our whole school.

Well, your Captain Genius here is doing the same thing - using some simple way into your over-connected household and it's probably something he did whilst you two were still together.

(If you really want to have fun, get someone who is a real expert and knows how to create a virtual PC with a Trojan Horse that wipes his system, inc. all smartphones.)

 

[gpietersz]

I find this thread fascinating because our @estwig is obviously being gaslighted by a classic narcissist. Yes, this does lead to paranoia and one starts to imagine all kinds of things that actually have nothing to do with the stalker. That's part of the gaslighting process.

I was thinking that but thought it was not appropriate to say so - I also thought it was possible, rather than obvious.

I agree entirely about avoiding unnecessary network connected gadgets. Every single thing you connect to the internet in another security weakness, and takes away a bit of your privacy. The problem is that they are getting built into things like cars - so cars will be even more tracked than at the moment as standard, will get hacked, and will be unusable when the manufacturer decides to stop providing software updates.

Smartphones can be and I got my first a few weeks ago (mostly for maps when I am walking) but I am very careful about what I install, use non-Google apps to safeguard my privacy, etc.

Deactivate all LANs. If you want to move data, either FTP it or stick it on a stick or SSD instead.

That is going a bit to far for me. Anyway, how are you going to FTP data without a LAN? I hope you mean SFTP?

Never ever store passwords anywhere other than handwritten and on a piece of paper!

Noooooooo! Pieces of paper can be lost or stolen. Use a password manager.

And stop ascribing this idiot stalker of yours with superhuman powers. It reminds me of when I was a kid, I learned how to pick locks - it was easy because they all work the same way with simple pins or tines and barriers. But all my buddies thought I was some lock-picking genius because I created a passkey for our whole school.

Richard Feynman did the same, at Los Alamos, and caused a bit of a furore: https://www.cs.virginia.edu/cs588/safecracker.pdf

As for the idea that your stalker is placing trackers on your car - I very much doubt it when there are so many other ways to track a person, especially one that insists on taking a mobile phone with them everywhere they go!

Its easier, unless you have had access to the smartphone to install a tracking app.

That and the crude and obvious way it was done (as described by @estwig ) are proof he is no super cracker.

 

[DontAsk]

Noooooooo! Pieces of paper can be lost or stolen. Use a password manager.

And put everything in the hands of 3rd party software that could be compromised or the vendor starts demanding subscription payments (it has happened).

 

[gpietersz]

And put everything in the hands of 3rd party software that could be compromised or the vendor starts demanding subscription payments (it has happened).

It depends what password manager you use. KeepassXC for PCs (in the old sense - not only Windows machines) with KeepassDX on mobile.

 

[DontAsk]

It depends what password manager you use. KeepassXC for PCs (in the old sense - not only Windows machines) with KeepassDX on mobile.

Open source software to protect your passwords? I just hope no one ever manages to get a compromised pull request accepted.

 

[Kerwin]

Open source software to protect your passwords? I just hope no one ever manages to get a compromised pull request accepted.

Open source software tends to suffer fewer security bugs than closed source software.

 

[IanSuth]

There is an interesting article on the BBC at present explaining how lots of women have been fleeced for multi thousands after having phone & card stolen from a gym and the fraudster setting up access to their accounts by setting up account access on another device seeing the verification code sent via txt flash up on the lock screen of the phone.

How is a thief taking thousands from London gym-goers?

A serial thief is targeting well-off young women across London's gyms. How is she doing it?

www.bbc.co.uk

Whilst at first glance you would think "wow they hacked all these banking systems" - you soon realise that the interaction between different systems is where the vulnerabilities lie. In this case secure app, secure messaging but a setting on the phone allows clear sight of the means to create access without any hacking skills

 

[DontAsk]

Some companies send the code at the end of a long message and it is not visible in the preview. At least not on my phone, maybe screen size is a factor.

Others put the code in the first line of two, so there is potentially a very easy fix, other than turning off the preview.

To turn off the preview you have to disable all lock screen notifications on Android which is an inconvenience, at least on Moto G where you can just nudge the phone and see the notifications.

 

[gpietersz]

Open source software to protect your passwords? I just hope no one ever manages to get a compromised pull request accepted.

Unless you are using an out of date web browser (Edge 44 was the last purely/mostly proprietary major web browser) that is a huge security issue, you will almost certainly be typing your passwords into a web browser assembled most from open source components. It then goes through your router, which almost certainly runs on an open source OS and uses a number of other components. It then gets routed, very like by more open source software, somewhere, to a webserver that is probably open source. This then may then route it on to another webserver (e.g. if you are using Cloudflare or similar in front of your website) which is also probably open source. The webserver then sends it to a web app that probably runs on an open source framework, probably written in an open source web app, that probably runs on an open source OS.

If you do not trust open source you should stop using the internet, and probably computers in general (take a look at the list of licences for open source software Microsoft uses, for example - its on their web site somewhere).

 

[IanSuth]

Some companies send the code at the end of a long message and it is not visible in the preview. At least not on my phone, maybe screen size is a factor.

Others put the code in the first line of two, so there is potentially a very easy fix, other than turning off the preview.

To turn off the preview you have to disable all lock screen notifications on Android which is an inconvenience, at least on Moto G where you can just nudge the phone and see the notifications.

My point was more that something that looks at first glance to require major hacking skills actually just requires procedural understanding of how the 2 step verification works and what you need to steal to own both parts

 

[DefinitelyMaybeUK]

To turn off the preview you have to disable all lock screen notifications on Android which is an inconvenience, at least on Moto G where you can just nudge the phone and see the notifications.

There is an intermediate setting for "on the lock screen" which is "hide sensitive notification content" - this just shows the title of the app as the notification and no content - seems to work ok as a best of both worlds choice on a couple of different era Moto G here.

Regarding banking app, why anyone thought it would be a good idea that someone would/should need to view their physical card PIN on their phone is beyond me

 

[WaveJumper]

Some companies send the code at the end of a long message and it is not visible in the preview. At least not on my phone, maybe screen size is a factor.

Others put the code in the first line of two, so there is potentially a very easy fix, other than turning off the preview.

To turn off the preview you have to disable all lock screen notifications on Android which is an inconvenience, at least on Moto G where you can just nudge the phone and see the notifications.

I actually think this is a great bit of advice we were having this conversation here at home only a few days ago (phone security) many 2 step verification messages are short as you mention and some even from banks have the code within the first line if you have notifications popping up on your locked screen they can be seen by others and if you have not got the setting right when your phone is locked one nudge and the screen comes to life if only for a brief moment. I personally also shy away from any banking apps.

 

[The Byre]

Noooooooo! Pieces of paper can be lost or stolen. Use a password manager.

I have a piece of paper and on that are all the critical websites and each is marked with one or two single letters. Each letter refers to a seven- or eight-digit multiplier. The product of that calculation is interspersed with letters and symbols depending on the product and the name of the website. This results in a 10-to-20 position password.

Although this sounds devilishly convoluted, I do this in my head pretty much instantly.

So even if I handed you that piece of paper, you would be none the wiser!

Its easier, unless you have had access to the smartphone to install a tracking app.

He had access as he was the BF. He could have installed all kinds of nonsense in the time they were together. Any one of the better parental control and monitoring packages would do the trick!

I was thinking that but thought it was not appropriate to say so - I also thought it was possible, rather than obvious.

This is very, very typical behaviour for a male, malignant narcissist. Filled with what we used to call an inferiority complex, they compensate by drawing attention to themselves and/or imposing their will upon others. They seek to control. When they cannot control, they seek to draw attention to themselves and disrupt.

These people are not only dangerous in private life, but are very dangerous in the workplace - and not just as employees, but even as customers. These are the people that complain about minor details, demand rebates, spread rumors and post false stories in social media - stuff like that.

They seek to make themselves important. Like a spoilt child at a party, they want to be the centre of attention and if they are not the centre of attention, they make a scene and disrupt.

 

[Nico Albrecht]

He had access as he was the BF. He could have installed all kinds of nonsense in the time they were together.

Doubtful. I had the same thought but the Samsung S22 was released while he was in jail so no physical access was possible. But I had the same thought. Any decent MDM software such as google enterprise would explain certain behaviours and could create such behaviours.

What makes people think that their systems have been compromised

Their lack of understanding technology in debt or even understanding IT at all + misinformation on the internet and a certain paranoia and you have a disaster waiting to happen. We had to change our angle for consumers and they are not allowed anymore to direct communicate or put a work request in. They need to come through a solicitor and they instruct us as it got out of control. Reading all her comments and answers it looks like they all use the same approach. My best advise stay away and not feed to much info as this can even make it worst.

secure messaging

Anybody that uses 2FA with text message as confirmation should be hacked and deserves it! There is absolute no need in 2022 to use such outdated security solution. For security the lowest I would go is 2FA authenticator apps to approves request not text messages. There is no need to fiddle around with notifications on iOS or android to block out information's that can be used by a 3rd party to bypass security.

 

[Nico Albrecht]

Basically you have to start layering if you practice reasonable hygiene. I prefer YubiKey currently.

 

[Kerwin]

Anybody that uses 2FA with text message as confirmation should be hacked and deserves it! There is absolute no need in 2022 to use such outdated security solution. For security the lowest I would go is 2FA authenticator apps to approves request not text messages. There is no need to fiddle around with notifications on iOS or android to block out information's that can be used by a 3rd party to bypass security.

I agree. I've got a couple of Yubikeys for 2FA and wouldn't use anything less for my essential accounts, but for websites that do not support Yubikeys, I use Authy on my iPhone.

Edit: Hah! We posted at the same time.

 

[tony84]

I use Opera.

 

[alan1302]

I use Opera.

Which is based on Chromium.

 

[estwig]

All my passwords are stored in LastPass, at some point you have to trust something, everything is then 2FA, with an authenticator app using biometrics, nothing happens without my fingerprint!

Android and browsers are horribly insecure, it's a joke.

My ex bf is far too adept at sitting in a coffee shop, setting up a mobile hotspot to look like the coffee shops free wifi. Once you're connected to him, he can poke around on your phone, see if your card details are stored in an app, wish seems to be an easy target. He'll then move £50.00 to paypal, google pay or western union, or buy something in the app and having posted to an address, the amount is too low for Visa or the bank to be bothered with. Do this half a dozen times in an afternoon, it becomes easy.

 

[Nico Albrecht]

Android and browsers are horribly insecure, it's a joke.

Wait until you start using iOS and safari browser. You will be in for a treat with even more security issues and hacks.

Once you're connected to him, he can poke around on your phone, see if your card details are stored in an app, wish seems to be an easy target.

Stop embarrassing yourself on this one and him. Samsung Knox has successfully met the rigorous security requirements set by governments and major enterprises around the world, providing business users with a robust mobile security solution.

 

[estwig]

Stop embarrassing yourself on this one and him. Samsung Knox has successfully met the rigorous security requirements set by governments and major enterprises around the world, providing business users with a robust mobile security solution.

Samsung Knox................hahahaha!!
I know, I have seen and experienced for myself many times, that Samsung Knox is just useless, as is google play protect!!

 

[gpietersz]

We had to change our angle for consumers and they are not allowed anymore to direct communicate or put a work request in. They need to come through a solicitor and they instruct us as it got out of control. R

Yikes! I did not expect to to be that bad!

Anybody that uses 2FA with text message as confirmation should be hacked and deserves it!

Yes, but its not the end user who makes the choice of what 2FA to use.

What all of us can do is practice good password security.

With mobile apps, having the app and whatever method of authentication is used on the same device seems like a bad idea to me. Another argument for Yubikey and the like.

 

[gpietersz]

I have a piece of paper and on that are all the critical websites and each is marked with one or two single letters. Each letter refers to a seven- or eight-digit multiplier. The product of that calculation is interspersed with letters and symbols depending on the product and the name of the website. This results in a 10-to-20 position password.

You are essentially doing manually a less sophisticated version of what a password manager would do.

Definitely good enough to defeat a casual thief. Very likely a cryptographer would figure it out but that is not something most of us need worry about.

This is very, very typical behaviour for a male, malignant narcissist.

Oh, I agree with that. Unfortunately, I have experience of dealing with narcissistic behaviour. I was just not as sure as you were about it.

 

[estwig]

He certainly is narcissistic, no doubt about it, he also a stalker, convicted after he pleaded guilty, he served six months. I'm still annoyed that they dropped the two assault charges, and four counts of the vandalism of my car.

I do understand that my comments aren't consistent, this is a mixture of me not fully understanding what has happened, me not having the correct terminology to articulate what has happened. More importantly this is not one incident, it is a lot of different incidents, over a course of more than two years.

 

[estwig]

I'm going to add that I don't help myself at times....

I will only go so far in changing my lifestyle because of him.

The idea of not having the convenience of connected devices like my heating system, for example, isn't acceptable. I luv listening to music, I have a series of great music systems in the house, they are as secure as I can make them.

The way I choose to live and work, including family members who depend on me, means I need to have a mobile phone connected and on me at all times.

 

[The Byre]

He certainly is narcissistic, no doubt about it, he also a stalker, convicted after he pleaded guilty, he served six months. I'm still annoyed that they dropped the two assault charges, and four counts of the vandalism of my car.

Link for you https://www.youtube.com/watch?v=wIZ8pdqP-Cw Other videos on this subject are available! I have had to deal with two such people in my family and more than that in my business. If you want to reach out, feel free to PM me.

The idea of not having the convenience of connected devices like my heating system, for example, isn't acceptable. I luv listening to music, I have a series of great music systems in the house, they are as secure as I can make them.

Considering mankind has managed to struggle on without Alexa, Hive, etc., etc. until a couple of years ago . . . but that is a separate subject. The real answer is to get a security specialist to go through your systems and find out what is really going on.

The way I choose to live and work, including family members who depend on me, means I need to have a mobile phone connected and on me at all times.

There are plenty of ways around this problem, starting with a virtual landline and a burner phone using a different card - hardly my area of expertise. Again, a specialist can help here. Good luck!

 

[UkAppCoder]

Oh wow! I actually thought you were posting a wind-up here because of something I wrote in a different thread just a matter of hours before you started this thread. So if there's any "paranoid nut" around here, then it must be me! LOL!

Seriously though, there is no such thing as an "accomplished hacker". A 'hacker' is a bit like a chemical engineering student dropping out of uni and resorting to alchemy in order to achieve his/her goals!

In my experience of software engineering and programming (over two decades), hackers, by definition, are pretty crap at pretty much everything they try. Nearly every day, they blindly guess around systems using elementary programming skills, along with deceit plus trial and error learning, in order to stagger towards an ill-defined objective which any real programmer would be able to properly define and reach in a fraction of the time. 'Hackers' hardly ever reach their objectives because they are too lazy, disorganised and just not disciplined or clever enough.

So don't worry about it, mate. And I'll follow on what @The Byre has already offered - PM me any time if you need some reassurance or advice!

 

[OMGVape]

Awesome response ?

 

[estwig]

I do appreciate everyone's responses thank you.

The problem I'm seeing here, is the same problem I encounter with IT security experts, friends and family. Responses and advice have to be based on what you know, your experience or perception of a 'hacker', or your perception of me, or the problems I've been dealing with for over two years.

You don't know what you don't know!

You do not know if there are individuals, capable of doing the things I describe. There are large online communities not unlike this one, devoted to sharing knowledge of hacking google, android, Microsoft, apple and every app you can think of. As well as Visa, paypal, western union and all the financial organizations.

Android is open source, nothing really wrong with that, from my very limited understanding, it has more holes than a Swiss cheese!

 

[The Byre]

The idea of not having the convenience of connected devices like my heating system, for example, isn't acceptable. I luv listening to music, I have a series of great music systems in the house, they are as secure as I can make them.

BTW, I do hope that you realise what a dangerous attitude that really is!

If you can control your heating/music/cooker/water and all the other systems in your home, so can others - and I'm not talking about your ex this time.

"Alexa, turn up the heating to 20. I feel cold."
Alexa - All heating in this area has been limited to 17 to conserve energy.
"Alexa, I'm tired of hearing about Mrs. Queen being dead. Play The Sex Pistols version of God Save the Queen!"
Alexa - Out of respect to Her Majesty, that song is no longer available.

We shall be getting a so-called CBDC (Central Bank Digital Currency) soon and you will be losing control over how you live when your money is connected to your online life. Whereas I can choose to be warm or cold, watch whatever film I want to, drive anywhere I want to go, you will be connected to a central control that will make those choices for you. And all of course, in your best interest - i.e. the state's best interest.

It's not called 'Hive' for nothing!

 

[gpietersz]

I do hope that you realise what a dangerous attitude that really is!

I agree, but most people prefer convenience to privacy or security. (at least until something happens).

We shall be getting a so-called CBDC (Central Bank Digital Currency) soo

We al;ready have it. Most money in developed countries exists as balances recorded in databases, not cash, and the use of cash is slowly disappearing. The government and the banks are very keen to get rid of cash, and many people are happy to go along (how many people here no longer carry cash?).

 

[gpietersz]

your experience or perception of a 'hacker',

You are right insofar as the word hacker has multiple meanings and can be ambiguous.

There are large online communities not unlike this one, devoted to sharing knowledge of hacking

I think anyone who has had even the slightest involvement in IT security is aware of that.

Visa, paypal, western union and all the financial organizations.

and yet they are all still around and have not had all their money stolen by these people.

Android is open source, nothing really wrong with that, from my very limited understanding, it has more holes than a Swiss cheese!

Actually Android has a pretty good good security record for a consumer OS - better than iOS/OSX or Windows recently as far as I can see.

You do not know if there are individuals, capable of doing the things I describe.

I do not know whether the world is ruled by alien lizards either, but I think most people would agree its not something likely enough to worry about.

The problem I'm seeing here, is the same problem I encounter with IT security experts, friends and family.

Its clear to me that @Nico Albrecht at least has experience of very similar problems. Nor can your ex magically do things that other people cannot.

You seem to be describing a Hollywood hacker, not a real world one.