Facebook security

Everyone uses Social Media these days and we’re trusting it with more and more of our personally identifiable information (PII).

Our interests, comments, check-ins, likes and the network of friends and family we build-up all contribute to a context-heavy online identity.

If an attacker gains control of your online identity, they can easily:

  • Steal all your personal information
  • Post content and messages on your behalf to hurt you or your network of friends and family
  • Use implicit trust to gain access to other online services
  • Impersonate you, abusing the trust you have with your network of friends and family to infiltrate their online identities and networks
    etc.

In this guide, I’ll focus on the social media platform Facebook and talk about how to review your security settings.

Review your public profile

It’s important to review exactly what information you’ve entered as part of your Facebook Public Profile – as it’s exactly that: Public.

You may have entered something personal, inappropriate, misleading, regrettable or just incorrect without realising it’s being broadcast to the world. The settings controlling what’s displayed as part of your public profile are separate from Facebook’s general security settings so must be reviewed independently.

To configure your Public Profile, do this:

  1. Browse to https://www.facebook.com and log in
  2. Find your mini profile picture and name in the top of the left navigation bar.
  3. Click on the the 3 vertical dots next to your name
  4. Click on Edit Profile from the pop-up menu
  5. Your Edit profile popup window will appear

Examine all photos and read all text and options in this window from top to bottom. Whatever you see here  is publicly visible to the whole world.

After making a change, remember to click the Save button that appears.

Edit your About Info

IMPORTANT: Make sure you click on the Edit your About Info link at the bottom of the Edit Profile window.

The About Info section can contain a huge amount of personal information you might want to keep private.

Go down the navigation items on the left and examine each panel of information on the right. Examine everything here. If there’s something you’d rather keep private or don’t want the world to see or know about – such as your mobile phone number or your relationship status, change it here.

 

Security and privacy settings

Facebook security settings can be accessed via the Facebook. Accessing the Facebook security settings:

  1. Browse to https://www.facebook.com and log in
  2. Click on the down arrow ▼ in the top right corner
  3. Select Settings from the drop down list

Facebook Security Settings

There are lots of security-related settings here, so to save you time I’ve use the following colour coding:

[QUICK WIN] = You should address these straight away

[EFFORT] = Require a bit more thought and effort but will definitely improve your security posture

[REVIEW] = Items for you to review. These are mainly about privacy but also cover notifications and alerting.

 

Security and login

Where you’re logged in [REVIEW]

This is a list of all devices and locations that are currently logged into your Facebook account.

If you have a home PC, a laptop, a smart phone, a tablet etc. you’ll see multiple entries here. Facebook will try and identify the type of device and where geographically it’s logged in from.

Make sure you click on the See more button to display everything.

Look down the list and if there’s anything there you don’t recognise, click the three dots menu icon on the right and select Not you?. This tells Facebook that you are not responsible for this login and will help Facebook block this connection in the future.

If you’re knowingly using a VPN or routing your traffic via a different country, you’ll see that reflected here.

Seeing anything unexpected here can indicate that your Facebook account has been compromised and someone else is logging into your account without your knowledge. Is this is the case, I would recommend that you immediately do the following:

  1. Change your Facebook password
  2. Go back to the Where you’re logged in list and click Log out of all sessions at the bottom.

This will cause every device on the list to be logged out. If they try and log in again, they’ll be prompted to enter your password which you’ve just changed.

Setting up extra security

Get alerts about unrecognised logins [QUICK WIN]

This works hand-in-hand with the Where you’re logged in list (explained above).

Facebook can send you a notification if it sees a login that’s from a previously unknown device, browser or location. This is really important so you can react quickly if your account is compromised.

If this isn’t already On, click the Edit button and make sure notifications are enabled for all alert types. Remember to click Save Changes.

If you’ve just turned something on, you’ll get an alert saying so.

Use two-factor authentication [EFFORT]

You can learn more about the concept of Two Factor Authentication (2FA) by reading my guide here.

TL;DR; In order for a new device or browser to log into your Facebook account, a person will need to know not just your username and password (which might have been leaked) but also have access to your unlocked mobile device and use its code generator app.

If you enable 2FA in Facebook, it requires a minimum of your mobile phone number and a code generator of some sort.

The Facebook smartphone app will serve as a code generator, but if you’re embracing the concept of 2FA to protect your online identity across multiple online services, you should take the option to set up a third-party app as a code generator.

After you’ve read my guide to 2FA, adding Facebook’s QR code to your code generator app will be a breeze.

Choose 3 to 5 friends to contact if you are locked out [REVIEW]

Your Facebook account can be locked-out if someone is trying to brute-force your login credentials or someone has reported your account behaving maliciously – usually after it’s been compromised.

You can choose a few trusted Facebook contacts to help you out if your account becomes locked-out. They will be contacted by Facebook to help your identity to prove you are who you say you are.

Privacy

Your activity

Who can see your future posts [QUICK WIN]

Unless you are a public figure and want everyone to know exactly what you had for lunch or where you went last night and with whom, I would strongly recommend making sure only your Friends can see your future posts.

This setting usually defaults to Friends, but can switch if you’ve recently changed the visibility of a post to Public.

If this is set to anything other than Friends, click the Edit button, change to Friends then click Close. This setting doesn’t have a Save Changes button and takes effect immediately.

Limit the audience of old posts on your timeline [QUICK WIN]

If you’ve posted stuff in the past that you might have thought was a good idea to make Public, or may have accidentally made Public, you can fix this and set everything you’ve done back to Friends.

Click Limit Past Posts then click the Limit Past Posts button that appears below, then click the Limit Past Posts button in the window that appears, then click Close. The change will take effect immediately.

How people can find and contact you

Who can see your friends list? [REVIEW]

If you want to stop people you don’t know seeing a list of your Facebook Friends, you can change that here.

Click Edit, then change the visibility button to Friends. The change takes effect immediately.

If you’re happy for people you don’t know to see your list of Facebook friends, leave it as Public.

Who can look you up using the email address you provided? [REVIEW]

If you want to prevent people you don’t know from finding your Facebook Profile via your email address, you can change that here.

Click Edit, then change the visibility button to either Friends or Friends of friends. The change takes effect immediately.

If you’re happy for people you don’t know to find you by your email address, leave it as Everyone.

Who can look you up using the phone number you provided? [REVIEW]

If you want to prevent people you don’t know from finding your Facebook Profile via your mobile phone number, you can change that here.

Click Edit, then change the visibility button to either Friends or Friends of friends. The change takes effect immediately.

If you’re happy for people you don’t know to find you by your mobile phone number, leave it as Everyone.

Do you want search engines outside of Facebook to link to your Profile? [REVIEW]

You can stop your Facebook Profile page from appearing in search engine results by changing this option.

Click the Edit button and either tick or un-tick Allow search engines outside of Facebook to link to your Profile, then click Close.

It can take days or weeks for your profile to disappear from search engine results, so don’t expect an immediate effect. If you’re still seeing your profile coming up in search engine results, you’ll need to contact the search engine company directly and request your profile to be removed.

Timeline and tagging

Timeline

Who can post on your timeline? [QUICK WIN]

TO DO

Who can see what others post on your timeline? [REVIEW]

TO DO

Tagging

Who can see posts that you’re tagged in on your timeline? [REVIEW]

TO DO

When you’re tagged in a post, who do you want to add to the audience of the post if they can’t already see it? [REVIEW]

TO DO

Review

Review posts that you’re tagged in before the posts appear on your timeline? [REVIEW]

TO DO

Review what other people see on your timeline [REVIEW]

TO DO

Review tags that people add to your posts before the tags appear on Facebook? [REVIEW]

TO DO

Public posts

Who Can Follow Me [REVIEW]

TO DO

Public Post Comments [REVIEW]

TO DO

Public Post Notifications [REVIEW]

TO DO

Public Profile Info [REVIEW]

TO DO

Apps and websites

Every time you interact with a Facebook app, you grant it access to one or more elements of your profile. This can include your personal profile i.e. age, sex, religion, address, email etc and your friends list.

Some apps, also demand permissions to post on your behalf.

This page is split into 3 tabs: “Active”, “Expired” and “Removed”.

Apps under “Active” have continued access to your data.

Apps under “Expired” previously had access to your data but their access has now expired.

Apps under “Removed” are those that have had access to your data removed manually by yourself.

For all “Active” apps, you can check exactly what privileges it has by clicking “View and edit”.

If you’re certain you don’t want an “Active” app to access your data any more, tick it’s box and click the “remove” button.

You should perform this simple check regularly – especially if you’re in the habit of completing Facebook quizzes, questionnaires or playing Facebook games.

 

Apps, Websites and games [QUICK WIN]

 

Game and app notifications [REVIEW]

TO DO

 

Payments

TO DO

 

 

Setting up and using Multi Factor Authentication (2FA/MFA)

What’s wrong with my username and password?

Typical online authentication requires a username and a password – this is something a user has to know.

These can be (and are frequently) written down, shared with other people or leaked to the world via hackers.

Users will often setup the same username and password with multiple online services. This is super-convenient because they only have to remember one set of credentials, but if those credentials get leaked, hackers will have access to all services where that set of credentials have been used.

This could be your mailbox, your social media accounts, online shops, dating sites (!) etc. and once an attacker has access to your mailbox, they can use the “forgot password” function of any website to reset your password and control your account.

To remedy all this, you can add an additional layer of security called Two Factor Authentication (2FA), sometimes called Multi Factor Authentication (MFA).

What is Multi Factor Authentication?

This is so-called because it adds an additional factor to the authentication process – specifically it relies on something a user has in addition to something they know.

MFA is typically implemented on a physical device such as a security fob or smartphone. The device generates a 6 to 8 digit number every 30 seconds which is unique to the owner of the device and the online service that provided the code.

To log into an online service protected by MFA, you now need to provide your username and password (something you know) and the number displayed by your code generator (something you have). The online service knows the number your code generator will produce and checks all three items before logging you in.

to be continued…

Weak passwords and how to choose a strong complex memorable password

LoginA weak password is one that can be easily guessed or broken.

This might be because it’s made up of public information associated with you. For example:

  • You or your family’s dates of birth
  • Names of your family members
  • Your pet’s names
  • Your nickname
  • your car
  • your favourite football team
    etc.

Your password might be a known default password.

Many items of computer hardware which connect to the Internet have factory default usernames and passwords. These are often variations of the words admin and password.

Recently installed, but unconfigured software or content management systems will often use a default password which is publicly known and published in online manuals.

So far these are examples of public information being used as passwords.

For passwords made up of secret information, brute-force methods can be used to guess a password.

Common passwords

You might think your password is so easy to remember and type but so obscure, that no-one else would have ever thought of it, but you’re probably wrong.

Here are the top 20 most popular passwords that crop up on the leaked lists:

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • letmein
  • 1234567
  • football
  • iloveyou
  • admin
  • welcome
  • monkey
  • login
  • abc123
  • starwars
  • 123123
  • dragon
  • passw0rd
  • master’s degree

In 2017, it was estimated that almost 10% of people used at least one of the 100 most popular passwords and almost 3% of people have used 123456 as their password.

These lists are regularly used for brute-forcing passwords, so anything on this this list should be avoided.

You can check whether your password is on one of the leaked lists using this website: https://haveibeenpwned.com/Passwords

Password complexity

The more complex a password is, the more difficult it will be for brute-force methods to succeed.

Password complexity can be improved by doing one or more (or all) of the following:

  • Avoid using a single word from a dictionary as your password. This will be found straight away when a list of dictionary words are tried one after another.
  • Increase the number of characters in the password. A four character password is much weaker than an eight character password for example.
  • Include upper and lower case characters in the password. Don’t just use a single uppercase letter followed by all lowercase letters.
  • Include numbers and symbols in the password.

It used to be popular to replace letters with numbers that look like their alphabetic counterparts. For example, replace O (oh) with 0 (zero), L with 1 (one), A with 4, S with 5 etc. to created words like:

  • Baseball = b455b411
  • password = pa55w0rd
  • secret = s3cr3t

However, the brute-force algorithms have long been wise to this, so this sort of character replacement is one of the first things they try.

The most secure passwords

The most secure form of password is a long string of random uppercase and lowercase letters, numbers and symbols like this:

zKa4zD#5    (8 chars)

$f4qX6rxBU&B    (12 chars)

1!^B5qUA$t0iU7l%    (16 chars)

The disadvantage of these un-guessable context-free, complex passwords, is that they’re almost impossible to remember and as a result are then written-down – which completely defeats their purpose.

Passwords are often found written on Post-it notes and stuck under keyboards, in front or back covers of notebooks or on computer monitors.

Hawaii Emergency Broadcast System now broadcasting their passwords

Using a Password Manager

I would always recommend the use of long strong complex passwords in conjunction with a Password Manager. A password manager will generate, remember and enter long strong complex passwords for you, so you don’t need to write them down.

Read my guide about setting up and using a password manager.

Of course, you’ll still need at least one strong complex memorable password to protect your password manager, so read-on.

Choosing a strong complex memorable password

  1. Think of 3 or 4 random words. Look around you and get some inspiration. Don’t choose words that can be guessed by someone else or could be associated with you.
  2. Imagine a silly or weird situation in your mind that can be described using those words. This image is the key to memorising your password.

If you’re forced to use special characters by someone’s password policy:

  1. Choose where to put your capital letters. Don’t use a capital letter as the first character. Maybe the start of the 2nd and/or 3rd words?
  2. Can one of your words be a number? Change it to its numeric version.
  3. Pick one or more symbol characters and put them somewhere in the middle of the password. Don’t use them as the 1st or last characters.

Here’s a fun cartoon from xkcd.com

xkcd Password Strength

This is a really popular cartoon, so please don’t use correcthorsebatterystaple as your password as I’m certain its now on every password cracking dictionary  🙂

Setting up and using a Password Manager

What is a Password Manager

A Password Manager (PM) is a service or app that generates, stores and manages usernames and passwords for online services.

The core concept is that you have a single strong but memorable Master Password that secures access to the PM. The PM will generate un-guessable passwords for you, store them securely and type them in automatically when you need to log in to somewhere online. It does this by providing an extension or plugin to your browser.

Why should I use one?

Read my post titled Stop using the same password everywhere!

Getting started

There are a few password managers out there and at time of writing, two popular ones are LastPass and 1Password. Both offer their basic features as a free service. They both also offer a paid-for service for more advanced users.

I’ve been using LastPass for many years and this guide continues assuming you’re using the free service offered by LastPass.

Disclaimer

I have personally paid for the more advanced services provided by LastPass and have not received any incentives or payments from either of the two PMs mentioned in this post.

Do this straight away

Choose a strong un-guessable password for your Master Password.

Read my guide here about weak passwords.

content to follow

Mid to Long term use

content to follow

 

Stop using the same password everywhere!

Why is this a bad thing?

Using the same password everywhere makes everyone’s life easier. It means you can log into your bank, your online shopping, your mailbox and social media without having to remember dozens of passwords.

However, using the same password on multiple online services is like using the same key to unlock your front door, your car, your suitcase and your safety deposit box.

If someone sees your key and makes a copy of it, they can now unlock everything. They can not only steal whatever you’re protecting with that key (money, personal information etc), but they can also impersonate you to steal your friends and family’s money and personal information buy abusing their trust in you.

My password is secret, so no-one will ever know it

You might think your password is secure because you’ve not told anyone about it.

You might be guilty of writing it down somewhere, but you’ve kept that private too. So there’s no problem right?

Wrong.

Every time you use a password, it gets sent over the internet. If it’s correct, you get logged in.

In order for an online service to validate your login, it has to know your password – or at least enough about it to ensure what you’ve provided is a match.

If an online service contains security vulnerabilities, it won’t be long before all the usernames and passwords of all its customers will be stolen and end end up online for all to see. Hackers do this for fun and commercial gain.

Can I find out if my credentials have been leaked?

Have I Been Pwned?Yes you can. Check out the website of Troy Hunt: https://haveibeenpwned.com

Troy is a reputable and professional Information Security advisor. He’s been collecting published usernames and password lists over the last few years and has built a free service where anyone can check to see if their email address or username has been leaked.

At time of writing, Troy’s database has over four billion unique username and passwords.

His site also allows you to check whether your password has been publicised. It doesn’t give anything away other than saying that it’s known and that it should never be changed immediately.

What should I do?

The first step is to make a conscious decision to never ever use the same password for any online service ever again. This means having a unique password for every one.

You can do this by enlisting the help of a Password Manager and being tidy and disciplined.

Set up and use a Password Manager

Here’s my guide for setting up and using a Password Manager.

 

Be tidy

Your password manager is the only place you should store your passwords.

To avoid storing (potentially different) passwords in different places, you should:

  • Stop your browser from remembering passwords – you will be using your Password Manager for this. Here’s how.
  • When you’ve got everything in your password manager, clear down all passwords stored in your browser. Here’s how.

Be disciplined

  • Always use your password manager and never store your passwords in a browser on any device.
  • Whenever you sign up for an online service, use your password manager to generate and store a unique password.
  • If you can’t use the password generation feature of your password manager, for example on your Smart TV, never use a weak password. Here’s a guide.

Add an extra layer of security

More and more online services also give you the option to add an extra layer of security called Two Factor Authentication (2FA) – sometimes called Multi Factor Authentication (MFA).

It sounds complicated, but is actually very straightforward and relatively friction-free.

Here’s my guide to setting up and using Multi Factor Authentication (MFA)

Red Sea Liveaboard Packing List

http://www.aziab.com/RED%20SEA%20YEAR%20-%20TIME%20TABLE.htm

  • First dive may be around 6am when the air temperature could be much cooler.
  • September is the windiest month at around 17 knot (~19.5 mph)
  • Air temperature averages 23-34 °C
  • Water temperature averages 28 °C

Hand-luggage

  • Regs (Apeks XTX 200)
  • Dive computer (primary) (Shearwater Perdix)
  • Dive computer (backup) (Vyper Air)
  • Dive Computer Transmitter (loose, not fitted)
  • Primary Light-For-Me 4-TEC with Dive Rite quick connect for 2” webbing fitted
  • Lip balm
  • Sunglasses
  • Baby wipes
  • Paracetamol
  • Ibuprofen
  • Benadryl blue
  • Macbook Pro
  • Kindle
  • Headphones
  • Powerbank
  • iPhone
  • Wallet
  • “Outbound” Travel documents
    • Passport
    • Scuba qualification card (will this allow for extra baggage allowance with Thomson?)
    • Boarding pass (if printed)
    • Holiday booking
    • Extra legroom booking (if booked)
    • Parking booking

Dive gear

  • Dive rite harness & wing
  • Quick-release weight pockets for harness
  • Custom divers weight pockets
  • 2 x double-ended boltsnaps (1 attached to harness – doubles as tank banger)
  • Line cutter (threaded onto harness)
  • Bungee loop for backup torch on harness
  • Regulators (Apeks XTX200) (in hand luggage)
  • Mares fins
  • Snorkel
  • DSMB
  • Finger spool & double ended bolt snap
  • Mask (black)
  • Spare mask (clear)
  • 1 x Light-For-Me 3XPG torch
  • Primary dive computer (Shearwater Perdix) (hand luggage)
  • Backup dive computer (Suunto Vyper Air) (hand luggage)
  • Transmitter (in hand luggage, but not fitted)
  • Spare torch batteries
  • Dive computer battery kit (Suunto Vyper Air)
  • Spare AA batteries (Shearwater Perdix)
  • 4-TEC charger
  • Boots (Waterproof)
  • Lycra socks (2 pairs)
  • 3.5mm wetsuit (Waterproof W3)
  • 5mm wetsuit (Waterproof W1)
  • Rash vest (Full length)
  • Neoprene bandanna (Scap) and/or Bare beanie

Toolkit

  • Bungee (varying thicknesses)
  • Cigarette lighter
  • Permanent marker
  • Battery kit for dive computer
  • Adjustable wrench
  • Multi-allen key tool – make sure it fits
  • Beaver dive multi-tool
  • Cone spanners that fit Apeks regs

“Save-a-dive” kit

  • O rings (nitrox)
  • Silicone grease
  • Zip ties (small and large)
  • Spare mask strap
  • Spare regular mouthpiece (Apeks)

Electricals

  • iPhone
  • Headphones
  • MacBook Pro
  • Kindle
  • Multi-way USB charger
  • Toothbrush charger
  • Reliable alarm clock
  • Cables
    • HDMI cable

Food/Drink

  • Biscuits/chocolate/snacks
  • Lots of sweets (gummy bears, jelly babies, fizzy things to hand out)

Medicines

  • Decongestants
    • Sudafed blocked-nose spray
  • Sun
    • SPF15 Sun cream
    • Sun stick (1st)
  • Painkillers
    • Paracetamol
    • Ibuprofen
  • Sings/bites
    • Sing relief
    • Hydrocortisone cream
    • Benadryl white (antihistamine)
  • Allergies
    • Benadryl blue+white
  • Ears
    • Swim-Ear drops
  • Stomach
    • Rennie
    • Rehydration salts (lots)
  • Skin
    • Fabric plasters – not the clear waterproof ones
    • Liquid skin

Wash bag

  • Washing
    • Shampoo (duty free)
    • Conditioner (duty free)
    • Shower gel (duty free)
    • Shower scrunchie
  • Skin
    • Nivea (tube)
  • Shaving
    • Razor
    • Shave gel
    • Aftershave (tiny bottle)
  • Deodorant
  • Lip balm (2nd)
  • Hair product
  • Toothbrush + toothpaste

Clothes

  • Sun hat
  • Boxers x 7
  • Swimming trunks
    • At least 2 for under wetsuit
    • At least 2 for swimming/sunbathing
  • Tops
    • Thin fleece (evening/travel)
    • 7 x T shirts  (day)
    • 7 x Lightweight polo shirts (evening)
  • Bottoms
    • Lightweight shorts (day)
    • Travel in denim shorts (rewear in the evening/on shore)
  • Flip flops (wear for travel)

Travel paperwork

  • Passport
  • Flight tickets / boarding passes
  • Parking details
  • Holiday booking confirmation
  • Airport lounge booking confirmation
  • Extra legroom booking confirmation

Dive paperwork

  • Dive qualification cards
    • PADI Tec Instructor card
    • PADI Nitrox Card (40%)
  • Blank dive log book pages (enough for 22 dives)
  • Copy of latest HSE medical
  • DAN Insurance Card

Misc

  • Money for tips (£80 sterling)
  • Money to pay end-of-week balance
  • Money to buy extra-legroom seat at check-in (~60 GBP)
  • Soft wheeled hold-all
  • Swim ear plugs
  • Tinted swim goggles (for last day at hotel)
  • Lip balm (1st)
  • Sunglasses
  • Clothes pegs (non-metal)
  • Large non-marking plastic bulldog/crocodile/alligator clips
    (to secure stuff to railings i.e. wetsuit when drying)
  • Water bottle marking device (coloured bungee)

Stationery

  • Pens x 2
  • Business cards to hand out

Kindle Collection Manager

I wrote the Kindle Collection Manager many years ago to add missing functionality to the Amazon Kindle range of eBook readers.

It’s a Windows desktop app that allows books to be arranged into collections – both manually and automatically based on folders – then the collection configuration is uploaded to the Kindle device.

Unfortunately Amazon locked down the file system on all devices from the Paperwhite onward which renders the app unusable.

For owners of previous versions of the Kindle eBook reader where the collections.json file is still accessible over USB, the KCM will still work.

Here’s a link to download the last version that was released.

Connecting a digital piano, an iPad, an audio mixer and headphones

I recently bought a Yamaha P-115 Digital Piano (which I love) in an attempt to teach myself to play piano. Its piano sounds are amazing and the graded-hammer-action on the keys really do feel like an acoustic piano.

I quickly discovered there are some really great apps available on iOS for learning piano and the majority of them allow you to connect your iOS device to your digital piano via its MIDI port. This means the app can check which keys you’re playing and help guide you though your piano lessons.

This is all well and good but to anyone in the house, having to listen to someone bashing away on a piano with some cheesy backing music or the app chatting away, can be pretty annoying.

So to get round this, I came up with a solution that allows me to play the piano, listen to its amazing natural sounds and listen to the iOS app at the same time – all through a single set of headphones – and without disturbing anyone*.

I’ll go through the list of kit I’ve used and how I’ve configured it. I’ll also recommend a few iOS apps I’ve been using.

* Apparently the sound of me hitting the piano keys still reverberates through the floor and my foot tapping to keep time still annoys.

Here’s a list of the kit I’m using

Yamaha P-115 Digital Piano
Any keyboard or digital piano with a USB MIDI interface will work here. Most use the larger USB-B connector, but some use the mini and micro USB connectors. Be careful with these as they can be easily dislodged.

Male USB-B to male USB-A cable.
If your keyboard or digital piano has a different connector, you’ll need a different cable. Whatever you get, it must have a standard male USB-A connector on one end. This plugs into the Apple Lightning to USB Camera Adapter.

Apple Lightning to USB Camera Adapter
This connects to your iOS device through its lightning connector and allows you to plug in a cable with a USB-A connector. It also has a lightning socket so you can charge your iOS device at the same time. You’ll need a second lightning cable to do this.

This is expensive for what it is and there are cheaper alternatives out there. However these cheap versions are very poorly made, have bad internal connections and fall apart. I’ve tried some of them and ended up throwing them away after a couple of days.

Worse case, they could damage your Apple device or invalidate your warranty.
Don’t scrimp here – go and buy the right tool for the job.

Male 3.5mm to male 3.5mm stereo audio cable
You’ll need one of these to take the audio from your iOS device to the audio mixer. An angled connector is also a good option and can keep the cables a bit tidier.

 

Male 6.35mm (¼”) to male 3.5mm stereo audio cable
This will connect the headphone output of your keyboard to the audio mixer. If your keyboard has a smaller 3.5mm headphone socket, then you’ll need another 3.5mm to 3.5mm stereo audio cable (like the one above).

If you’re really lucky and your keyboard has an AUX output, then definitely use that instead. My Yamaha P-115 has a pair or mono 6.35mm AUX sockets on the back, so I use a cable with 2 x male mono 6.35mm to a single stereo male 3.5mm connector.

Simple stereo audio mixer
This is the key part of your setup. This is where the audio from your iOS device and your keyboard is mixed and sent to your headphones.

You’ll need a mixer that allows at least 2 x stereo audio inputs and a headphone output. This particular one has 3 x 3.5mm stereo inputs and a 3.5mm headphone output – which is perfect for what we need. It can be powered either by a couple of AA batteries (!) or via a micro USB cable.

Hooking it all up

Here’s how it all fits together

Configuring audio levels

I tend to set the audio on my iOS device to a maximum of 50% using it’s volume buttons. This reduces the strength of the signal to the mixer.

If you’re using the headphone output of the keyboard, you should set its volume to 50% for the same reason. If you’re using the AUX output on your keyboard, this will be delivered at an industry-standard level so you don’t have to worry about the output volume.

The mixer has input volume and gain settings for each channel and an output volume. I’ll assume your iOS device is using channel 1 and the keyboard is channel 2.

Here’s how I set mine up:

  1. Make sure everything is connected-up but turned off
  2. On the mixer:
    • Set the channel balance dials to zero i.e. equal left/right balance
    • Set all the channel volume sliders to zero
    • Set all the gain and AUX dials to 50%
    • Set the output (master) volume slider to 100%
  3. Turn on your iOS device
    • Set the volume on your iOS device and keyboard to 50%
  4. Turn on your keyboard
    • Set your keyboard volume to 50% (or zero if you’re using AUX output)
  5. Turn on the mixer
  6. Put on your headphones
  7. Set some audio playing on your one of your piano apps on your your iOS device
  8. Slide the volume slider of channel 1 (iOS device) up until it’s at a level you like.
  9. Play a few notes and chords on your keyboard while sliding the volume of channel 2 (keyboard) up.

Find a mix of channels 1 and 2 where you can hear the iOS device and your piano notes clearly. I like the piano channel (2) slightly louder so I can hear myself clearly while playing along with backing tracks.

Getting rid of the hiss, hum and crackle

You will hear some hiss, hum and crackle through your headphones.

Before fiddling with the mixer, try changing how your cables are laying and what they’re near i.e. power cables, chargers, adapters, speakers etc. Moving the cables can change the contact between plug and socket and 3.5mm jacks are particularly prone to bad connections.

To reduce any residual hiss, hum and buzzing, use the gain dials of both channels to find the sweet spot where it disappears. Adjust one channel at a time.

Each channel’s gain dial controls the input volume into that channel. Each channel’s volume slider controls the output volume of that channel.  The master slider controls the overall output volume of the mixer to the headphones.

Increased gain will increase the output volume of that channel, so you may need to adjust the channel’s volume slider down slightly to stop things getting too loud.

Once you’ve set one channel, the second channel is much easier. Just turn the gain dial until the hiss disappears completely. Again, tweak the volume slightly as the gain affects the volume.

In this particular mixer, the channels are not completely isolated and insulated from one another. This means changing the gain and volume of one channel can cause hiss and hum in the other. After a couple of minutes of slightly changing gains and volumes, you’ll soon have a nice clean mix.

I’ve included a diagram of roughly how my mixer looks for my setup of a Yamaha P-115 and iPad Pro.

Red Sea Liveaboard tips and tricks

Here’s a brain-dump of everything I’ve learned and experienced during my annual Red Sea Liveaboard holidays.

I’ve written it to help people prepare for their first liveaboard and to give more seasoned travellers some tips and tricks I’ve picked up along the way.

Packing

Don’t take a hard case. Take a wheeled soft case as this will take up less room after you’ve emptied it and it’s been stored below deck.

Pack anything delicate or pressure-sensitive in your hand luggage. For me this includes:

  • Regulators
  • Torches
  • Dive computers
  • Camera

This has the advantage of moving some of the weight of your dive gear into your hand luggage. Be careful though if your airline has a weight limit on your hand luggage.

There are urban-myths about diving with gloves and a knife in the Red Sea. This is to deter people from touching or damaging anything. I would say: if you feel the cold, wear gloves. You will be carrying a DSMB and reel/spool so instead of a knife, I would attach a discrete line cutter to the webbing on your BCD. Something like a Trilobite EZCut.

Don’t pack anything with a blade in your hand luggage.

Make sure you weigh your hand luggage and case before you leave home.

Dive Gear

Weights

There’ll be a crate of beaten-up solid “block” weights on board. They’ll be in various denominations and might be imperial or metric (i.e. pounds or kilos). You can either thread these onto your weight belt or put them in your quick-release BCD pouches or dedicated weight pockets.

Weight belts, pockets or harnesses will not be provided. Bring what you need and are practised using.

The Red Sea is much more salty than other oceans so you’ll need another 1-2 kilos on top of whatever you use in salt water. I’d recommend having this extra weight “as far forward” as possible – ideally in trim pockets behind your shoulders or in dedicated weight pockets attached to a cam band on the shoulder of your cylinder.

Mask

Bring a spare mask and a spare mask strap.

If you’re taking a brand new mask, make sure you’ve scrubbed it with toothpaste a few times before using it to stop it fogging up.

Fins

I know people who do all 21 dives in slipper/pool fins and have a great time. The advantage of these is that they’re easy to put on and take off and they’re very lightweight. The disadvantage is they don’t provide much power and can easily fall off.

I’d recommend wearing neoprene dive boots and fins with spring or rubber straps.

Under your dive boots I strongly recommend you wear Lycra socks. These will stop you getting blisters from your fins. Blisters in salt water just don’t heal and will make your dives miserable.

Don’t take rubber “technical” fins as they’re very heavy. Stick to more lightweight fins such as the Mares Avanti Quattro Plus fins. These come with surgical tubing straps as standard.

DSMB & Reel

You will be expected to carry a DSMB/safety-sausage and reel/spool. More importantly, you will be expected to know how to safely use one and be experienced in it’s use. If you don’t yet own one, don’t borrow someone else’s, go out and buy one. Then practice first in the pool, then in open water from varying depths.

You’ll be deploying a DSMB at the end of almost every dive from between 12 to 6 metres.

Wetsuits & thermal protection

I’ve worn both 3mm and 5mm full-length wetsuits to the Red Sea.

3mm is fine for the first couple of days, but as the week went on and I started to acclimatise, I felt cold towards the end of the dives and night-diving was just chilly from the start. Wearing a long sleeve rash vest did help.

On other trips I’ve taken both a 3mm and a 5mm full length wetsuit. I started out in the 3mm, then switched to the 5mm halfway though the week. Although this sounds ideal, it does mean you have to pack 2 wetsuits (which are heavy) and when you switch between them, your weighting will be all over the place.

To keep things simple, I now just wear a 5mm wetsuit throughout the week. I get my weighting sorted on day 1 and never change a thing.

Tool kit

The boat will have a typical dive toolkit, but if you’ve got something unusual that required a special tool make sure you bring it along.

I like to have a few bits and bobs in a small waterproof plastic bag so I can sort myself out if I have a problem.

  • Bungee (varying thicknesses)
  • Cigarette lighter (for sealing cut bungee)
  • Silicone grease
  • Permanent marker
  • Battery kit for dive computer and one for your transmitter (if worn)
  • Adjustable wrench
  • Allen keys/hex wrenches (that fit whatever kit you’re taking i.e. 1st-stage blanking bolts)
  • Cone spanners that fit your regs/transmitter.

“Save-a-dive” kit

  • Zip ties (small and large)
  • Spare mask strap
  • Spare regular mouthpiece
  • Double-ended boltsnap

Clothes

Clothing needed on a Red Sea liveaboard holiday is very different to an Egypt shore-based holiday.

Don’t worry about “being seen in the same thing twice”. Everyone will live in the same swimsuit, shorts and t-shirts all week.

I tend to bring more swimwear and rash-vests than I think I’ll need, then find I wear them all and don’t wear all my regular “dry” clothes.

For a week’s liveaboard (and because I like clean t-shirts), I bring:

  • 7  x  t-shirts
  • 2  x  quick-drying pairs of shorts
  • 7  x  sets of underwear
  • 2  x  swimsuits
  • 2  x  long sleeved rash vests
  • 2 x pairs of Lycra socks

I wear a warm hooded top, a t-shirt, shorts and flip-flops to the airport (no socks). You’ll wear your flip-flops around the hotel on your last day (see later).

Electronics

Personal electronic devices like phones, iPods and eBook readers are useful to have on board. They can be charged in your cabin while you’re in there or on deck in a special charging rack on the wall.

Remember to bring your own charger!

Making calls or using data while at sea is usually problematic. Network coverage off-shore and particularly in the Ras Mohamed National Park is very poor indeed.

The liveaboard will usually have a Wi-fi router with a 3G data card so you can make a data connection. The quality and speed of your connection is entirely dependent on the network coverage in the area, so don’t depend on it. Most of the time you’ll have no data and when you do, everyone will be trying to use it.

If you’re taking a camera, bring lots of batteries, a charger and lots of data cards. Also if possible, bring some sort of storage device which you can empty your cards onto. This is useful for also taking copies of other people’s photos and videos.

If you’re not taking a camera, take a USB pen drive so you can take copies of other people’s photos and videos.

If you’re taking a GoPro (and most people do nowadays) you might want to take an underwater selfie stick. There are some tough neutrally buoyant telescopic versions that are popular.

Medicines

If you suffer from sea-sickness, bring whatever works for you and take them.

Bring electrolyte / hydration powders. These weigh nothing and are great to rapidly rehydrate you after your flight or illness. I take 2 doses as soon as I get on board and take some every day along with gallons of water.

Wet skin is easily damaged and only starts to heal when left to dry for a few days. This isn’t possible on a liveaboard, so bring fabric plasters (not the thin waterproof ones – as they’re not) and “liquid skin” to seal up cuts and grazes.

Sun screen is a must if you’re in the sun, but don’t use it before diving as (a) it’ll get in your eyes and there’s nothing you can do about it under water and (b) it’s harmful to sea animals and plants.

It’s up to you if you bring decongestants or antihistamines. Standard “medication-before-diving” precautions apply here, but if you’re on a liveaboard for a week and have paid for 21 dives, you need to make the decision whether to sit them out or self-medicate.

Documentation

Remember to bring the following essential documentation:

  • Passport
  • Flight tickets/boarding passes
  • Money as Sterling – don’t bring US Dollars or Egyptian Pounds
  • Dive agency membership card
  • Dive certification. If there are dives over 18m, remember to bring whatever certification shows you can do this.
  • Log book showing previous dives (with 21 blank pages 🙂
  • Gas certification. If you’ve decided to use Nitrox, bring your relevant cert.
  • If you have any condition that mean you answer “yes” on your health disclaimer form, bring a doctor’s certificate showing you’re fit to dive.
  • A copy of your dive insurance certificate or card. I would recommend getting DAN insurance before travelling.

Travel

Flights

Check before you fly, but some airlines will give you a few extra kilos of luggage allowance if you show them your dive certificates. I know Monarch give you 3KG extra taking you up to 23 KG for hold luggage.

I’ve never had my hand-luggage weighed (fortunately) but after the x-ray scanners, I’m often asked what’s in there. I guess it looks pretty weird on the screens. My umbilical torch and canister usually gets quite a lot of interest. Once I switch it on to demonstrate it’s a torch, they wave me through 🙂

Make sure you’ve packed a pen in your hand luggage so that you can fill in your immigration. This will be handed out during the flight. Don’t put it off, fill it in straight away and put it inside your passport.

Arrival

At the airport arrivals area before security you’ll be met by a liveaboard rep and asked to wait around so you can be issued with a tourist visa. These are necessary as you’re travelling out of Sharm El Sheikh. They cost 20 USD and come in the form of a full-page sticker that’s goes in your passport (make sure there’s a free page). Some liveaboard operators will have built this cost into your holiday price, so it’s just a matter of being handed one.

The visa is stamped by security and then (for a reason I’ve never been able to fathom) is checked again by a chap sitting on a plastic chair on the other side of security. So don’t put your passport away until you’ve cleared both checks.

Transfer

Once you’d got your luggage you’ll be herded onto a couple of coaches outside the terminal.

At this point you’ll be asked to double-check that you’ve got a visa in your passport and it’s been stamped. Every time I’ve been on a liveaboard there’s always someone who has either not been issued a visa or hasn’t had it stamped. These poor individuals are then frog-marched back to arrivals by the rep to get things resolved. This delays the coach by half an hour. Please don’t be “that guy”.

The coaches will transfer you to where the liveaboard is berthed. For Sharm, this will be Travco marina. On the way there you’ll get a load of information in heavily accented Egyptian about your options for your last day. This is just what you don’t want to think about before you’ve even started your holiday!

You will spend your last day at a hotel and be provided lunch and given use of all the facilities (pool, sunbeds etc). What they’re telling you is: you have the option to buy a room for the day at the hotel. This is extremely useful and isn’t expensive at all. It’s a great way to securely store your luggage, experience lovely air conditioning, have a snooze, have a hot bath/shower, use lovely clean dry towels and a toilet that you can flush paper down (and doesn’t involve a hosepipe). The rooms are usually twins and you can share the room (and the cost) with up to 4 other people.

While on board and towards the end of the trip, you’ll be asked to decide whether you want to buy a room for your last day and this will be phoned through to the hotel.

When you arrive at the marina you’ll need to queue up (again) and have your passports checked (again) and all your luggage and hand-luggage x-ray’ed (again) by the port authorities. You then carry your own luggage onto the boat.

Life on board

Getting settled

Once on the boat, your shoes will immediately be confiscated. You’ll then find out which cabin you’re in and who you’ll be sharing with. I’ve been extremely lucky on all my liveaboard trips to have always been allocated a twin cabin to myself. I think it’s because I’m a solo traveller among groups of dive-club members who know each other.

You’ll take your suitcase to your cabin and empty it – completely. Your case is then stowed below-deck and – like your shoes – will not be seen again until you leave the boat.

There’s also some paperwork to do so have your dive certs, logbook and doctor’s certificate (if required) ready.

Most people assemble their dive gear now and fill up their crates before dinner.

After an exhausting day of travel, a late arrival in a hot country and dinner on-board, you’ll sleep while berthed at the marina.

Your first “check” dive will be the following morning at a site just outside the marine.

Your daily routine – Eat, Sleep, Dive, Repeat

You’ll be woken with a “MORNING” and a knock on your door between 5:30 and 6am every day!

The ship’s bell is rung whenever it’s time for a briefing or food!

Before each dive, remember to:

  • Analyse your gas and if using Nitrox, log the mix
  • Attend the pre-dive briefing
  • Write your buddy pair names on the whiteboard

After each dive, remember to…

  • Rub your name off the whiteboard on the dive deck. This tells the crew that you’re back on board.
  • Disconnect your first stage from your cylinder
  • Log your air out, max depth and time in the log book in the saloon

The crew will refill your cylinder with either air or nitrox and put tape around the pillar valve when it’s full.

Each day will go like this:

  1. Wake up
  2. Pre-breakfast dive
  3. Breakfast
  4. Pre lunch dive
  5. Lunch
  6. Afternoon dive
  7. Night dive
  8. Dinner
  9. Bed
  10. Start again at #1

Toilets

There’s no septic tank on a liveaboard, so whatever goes down the toilet eventually goes into the sea. This means you should never put toilet paper down there. Instead, put it in the small bin next to the toilet.

Now, to us Westerners who are used to robust sewage systems, and flushing away all sorts of things, this rule raises a few questions – specifically “what do I do then?”. Well, taking a pee shouldn’t pose any problems, but what about “the other thing” ?

OK, here’s what you do…

  1. You do what you need to do.
  2. There’s a hosepipe on the wall next to the toilet with a hand-operated jet on the end.
  3. You wash yourself with the hose. You’ll get the hand of it – try not to get water everywhere 😉
  4. Here’s the key part: you dry yourself with toilet paper
  5. You put the toilet paper in the bin

There you have it. This means no smell form the bin and everyone’s happy.

Liveaboard Etiquette

DO…

  • Remember to tell the dive guides whether you’re doing the morning dive or not, otherwise you’ll get woken up when you want a lie-in.
  • Remember to take the 1st stage off your cylinder otherwise it won’t get filled
  • Remember to Analyse your gas and log the result before your dive
  • Remember to put your name on the buddy pairs whiteboard after the briefing
  • Remember to rub your name off the whiteboard when you’re back on board
  • Remember to write down what you’ve had from the bar in the honesty book and pay the bill at the end of the week.
  • Stick to the dive plan and stay with your buddy

DON’T…

  • Don’t ignore the briefing or think “I’ve done this one before – I’ll do what I want”
  • Don’t wash any of your dive kit in the “cameras only” rinse tank on the dive deck.
  • Put paper down the toilet.
  • Don’t take forever to get ready for a dive. Do as much checking and fiddling with kit before the briefing.
  • Don’t spread your kit out or get in other people’s way during kitting up
  • Don’t skip the buddy check – for any dive on any day

Preparing to go ashore

The boat will be moored-up at Travco Marina for your last evening and overnight.

 

Drying your kit

After your last dive of the week, you’ll wash all your dive gear in fresh water and take it to the top desk and hang it all up to dry. This will stay here overnight drying in the warm windy Egyptian air.

The next morning you’ll retrieve all your dry kit, pack up your suitcase and take everything off the boat.

Your last evening on board

You’ll be given the choice to either stay on board or go into Naama Bay. I would definitely recommend the latter. Naama Bay is bright, loud and a mad mix of Benidorm and Cairo with some great restaurants and bars.

It’s a wonderful contrast to the serene diving you’ll have done all week.

Your last day

You’ll be taken from the boat on a coach to spend your last day at a hotel in Naama Bay – probably the Sharm El Sheikh Mariott Resort.

You’ll have already decided whether you want a room for the day. If you do, it’s important that you do the following:

  1. Get the passports of everyone who’s sharing the room.
  2. Get the money or payment method ready.
  3. Designate a single member of the sharing party to run to get near the front of the queue at the hotel reception desk taking the money and passports. The rest of the group can look after the luggage.
  4. Remember to ask for a room key for each sharing party so you can all come and go.

You’ll be allocated a room right at the far end of the complex. There’s another smaller pool up there and a pool bar which we’ve often commandeered.

You can have lunch at the hotel but nothing else is included. If you want drinks or water from the bar, you’ll have to pay for them.

You can leave the hotel, cross the main road and use the facilities of the other half of the hotel too – next to the beach. There are also some good bars on the beach.

You’ll be picked up from the hotel late afternoon and taken to the airport.