Having worked in tech for years, I had in myself a confident conviction that I would never be as dumb as falling for online traps. I am well acquainted with all of the common hacking attacks and have never been at the receiving end of one of them so far as I remember. Some of my credentials I found in leaks, but that, I was not responsible for. I avoid downloading random apps and files from the internet and have been using a password manager with these long, random types of passwords, called Strong Passwords, or Digital Gibberish, which you'd not be able to memorize even three consecutive characters from at a glance, unless one were a gifted person (I am not). Added on top of it, I had 2FA active on every service.

Who doesn't like to go to a website, be prompted to get authenticated, open their password manager which also might need you to authenticate, type in their master password, search for the name of the said website, copy the password, paste it in, be prompted for an authentication code, pull up their phone or email client, which again might need another authentication, proceed and repeat. I call this endless exercise Digital Suffering. Security is important, of course, but on a universal level, we're missing a cohesive master plan, in which a user, a human, need not undertake endless and repeated manual fend-off of the devil. We have mostly figured out how to securely communicate between two computers; we need to now figure out how to do that between a computer and a human. If I sit down at my desk, my computer should know it is me, the owner, and spare me any efforts of authentication, verification, and all that mundaneness; across all arms and limbs of the Digital. One Signal to rule them all!

All of the devices I own, that I paid for with my time, which I will never get back, don't act like they really know and belong to me. All the digital goods that make money out of me don't do me the service that I think I (ideally) deserve. At every turn, they ask me, "Who are you?" although we might have just been together some minutes ago. "I don't care if you were here just some minutes ago; I must forget about it. I must stay faithful to the protocol!" Even days past should not mean they ought to forget me. They require a constant and repeated "OK, this thing belongs to me, let me in now!" yell. I yell, but it replies back, "You need to yell that in the correct order!" I do it, but it comes back with, "You're not going to like it, but you must do it again!" The laws of Digitalism we must follow.

"Subdue your digital security or it will subdue you."

— Horace (apparently)

I did not fear that I would ever be owned by something as trivial as phishing or URL spoofing. I was too smart to fall for those. I thought, perhaps, only if a dedicated, notable hacker, if they ever decided I was too much of an important subject, poured their full attention on me, could have easily done it. But that was very unlikely: I'm a simple man not worthy of the time of those who could instead rob a bank, or anything that's more valuable. Then, if that were never going to be the case, it would be the traps to not fall for.

I like to read a lot. My large monitor, at night, combined with the blazing white of the webpages and papers I read, puts a heavy strain on my eyes. I went on looking for one of those browser extensions that made it easier to read. Mercy, I had to have for my eyes, I installed a few that came up first. Being overtly stubborn, I had to find the perfect one, with the cleanest user interface, the best features, the most convenient, across all cases and needs. I cycled through a number of those without spending a dime of thought and care on whether they were not a caravan for malign actors. Google, the giant, the almighty, would be taking care of that, I thought to myself. I went on with life, accumulating the codes of the devil in my backyard.

The first blow came as an email, from Kleinanzeigen, the previously eBay-owned but now independent German online marketplace: "Deine Anzeige wurde erfolgreich veröffentlicht!"

It meant that I supposedly had posted items to sell on the platform: a handful of Victron Energy MultiPlus-II chargers for fairly good prices. When the dust settled, I had a chance to check the messaging between the hacker, who was persuading the unsuspecting prospects to complete the trade without a Käuferschutz, which is something obviously that an Honest Man would never propose, because the Dishonest Man in question, allegedly, had "bad experiences" with it, and to receive the payment for the goods on PayPal. He was a good (or rather, an average one) hacker, but a terrible salesman, as no interested customers fell for the obvious trickery and held their guard firm. Later, the platform thankfully had taken control of the matter: "We've detected suspicious activity and have suspended your account because it seems you're sleeping on it!"

I was indeed sleeping on it. I reacted in a completely normal manner: sent an appeal with an explanation and had it back shortly after. I thought, "This must've been some kind of thing that had nothing to do with me." All was good until later, when a similar thing happened with my X (formerly Twitter) account. Crypto scam posts were made by me, apparently, on crypto communities where crypto experts usually hang out to scam other crypto-enthusiasts, who were also there to find a quick way to get rich. Found it out shortly, deleted the posts, changed my password, called it a day. I had one brow raised, a little suspicious, but not very much to initiate a full-scale defense.

A few days later, the same thing happened with my TikTok and Reddit accounts. I repeated the previous steps now that I had gotten used to them. This time I raised two of my brows with a little more suspicion. Still not quite there, though. I had not entertained the possibility of the thing. At this point, I am the old lady who is driving to a Target to buy gift cards and give them to Jared, who is the Amazon Customer Support specialist with a suspiciously heavy Indian accent, waiting on the phone. I am saddened now to remember the fun I was having when watching the likes of Kitboga roleplaying unsuspecting victims falling for very obvious scams. In my defense: I would never transfer a cent to receive a refund on a purchase I have never made.

It took me a little more time, but eventually, I started to connect the dots: the common thing between all these platforms that had suspicious activities is that I was actively using them on my Chrome browser, all logged in from there, well in the open. It was my browser that was compromised through a malicious extension, getting access to my session tokens and performing whatever scammers and hackers usually like to do. Luckily, the infection had not reached my serious master services; Google and Apple accounts were safe. I stopped the sync, changed all passwords, uninstalled extensions, deleted browser data, uninstalled the browser itself, deleted its leftover data from here and there, and had a fresh start. I was clean now.

Though the bill I got in the end was not pleasant: TikTok deemed I should not have access to my account ever again, and X (formerly Twitter) is delaying a response to my appeal to the suspension, but I have not much hope; I reckon it's gone for good. I may have lost all the personal contacts and content from there, but on the bright side, that has taught and made me see some other things, besides the importance of being a little smarter to not blindly install extensions like my life depended on it. That I have understood perfectly well.