Last-minute cybersecurity and privacy gifts your friends and family won't hate

I'll start by saying that I'm generally not a fan of gift guides. If you've ever spent hours on the web struggling to find anything of value in a vast ocean of "best of" lists only to come up with nothing, you're not alone. 

This year, I wanted to suggest some gift ideas that can help your friends and family stay better protected online, more equipped to take on a home project or two, or learn something new altogether. 

Or, if the bar for you is simply looking for "security and privacy gifts that aren't complete shit," then at least you're in the right place.

Cybersecurity is also something that's deeply personal to some people. Nobody wants a gift (or to give a gift) that could inadvertently create a security or privacy risk. That's why these gift suggestions span a range of ideas and skillsets, and are designed to be useful but optional.

Do I make a commission on any of these? Nope! Do I get kickbacks for anything listed? Hell no! Every one of these suggestions is from my heart, no strings attached. Take it or leave it; I'm trying to save you some time.

But if you do like what you see here and find it helpful, please consider a paying subscription to ~this week in security~ for mid-week analysis, blogs, and much more exclusive content from me, your trusted source in cyber, because it helps me do even more thoughtful writing and reporting on the topics that are most interesting to you.

Gift a subscription to your favorite news source

Independent journalists have broken some of the most important news stories of the year, and absolutely deserve your subscription dollars. There are countless numbers of independent outlets driving the cybersecurity conversation (and beyond!) that you can give as a gift to a friend, or take one for yourself. 

Just to name a few, the folks at 404 Media have done incredible reporting this year covering ICE's deportation machine, Flock surveillance, and airlines ceasing sharing your flight records with the government. Plus, it's a great all-round read, and they make it easy to grab a gift subscription for $100. 404 Media also has merch you can buy, if you want something beyond the blogs as well.

There's also the incredible Kim Zetter, who blogs at Zero Day on the regular with cybersecurity and national security analysis, blogs, and more. 

Lawdork, a legal blog by Chris Geidner, is a must-read resource for all the major legal and courtroom news of the day — which, these days, there's a lot. Geidner blogs daily about how the news affects you, and the rights of wider America. And, Court Watch by Seamus Hughes is another fantastic legal blog that frequently covers news relating to cybersecurity and national security. 

I'm also a fan of The Handbasket by Marisa Kabas, who does incredible reporting on a broad range of topics that affect everyone, from politics to the erosion of democracy, and does a brilliant job of holding powers to account where few others are. Kabas also has a separate post on gifting journalism from independent media outlets with more ideas.

Tools that scrub the web of your public information

Have you tried Googling yourself recently? Data brokers are constantly finding new ways to scrape your personal information, from your addresses to your phone numbers, and make it available to anyone who wants to pay for it. There's also an ever-growing industry of online deletion services that automatically send removal requests to data collectors on your behalf to remove your personal information from their websites, and to opt-out of data collection in the future. 

Consumer Reports tested a bunch of these data removal services in 2024 and found some perform better than others (even if doing it yourself is ultimately the most effective of all.) I personally like using DeleteMe; it's a pretty decent service that you can set-up and then largely forget, until it notifies you periodically of all the sites it's opting you out of. DeleteMe also allows you to sign up a family member on your own account (ideal for a surprise gift!), and also allows you to use virtual credit card numbers so you can pay for things online without giving over your actual card number to a potentially dodgy website. Just be mindful that some services, like Optery, now rely on AI, which might not be for everyone.

A Flipper Zero hacking tool can keep curious minds entertained

Flipper Zero devices are multi-functional hacking tools akin to a digital Swiss army knife, allowing their operators to tinker, experiment, and occasionally cause light mayhem with nearby wireless technologies like Wi-Fi, Bluetooth, NFC, and infrared, while fusing the chill vibes of a modern-day Tamagotchi. 

I've had a Flipper Zero for a few years and, shy of any actual need for one, it's just fun to experiment with, such as reading and cloning RFID keycards, covertly remotely switching off boring television channels in busy bars, and running custom scripts over Bluetooth.

There's so much you can do with these things — including browsing its own app store and by loading your own open-source code — that it can keep anyone with a cyber-curious mind busy for hours on end. Flipper Zero's land at $199 for its base model.

Gift someone regular shipments of their favorite coffee

I'd be lost without my morning coffee, or my mid-morning coffee… or my late afternoon coffee. To gift someone a regular delivery of their favorite grind, Mistobox provides a sliding-scale subscription that makes it easy for recipients to sign up with their favorite types of coffee and receive a variety of fresh shipments from small business roasters and coffee shops all over the United States. I'm a big fan of their dark roast selections, and thoroughly enjoyed getting (in my case) a new monthly shipment sent to my house. 

A subscription to a decent password manager

For the cybersecurity novice, consider a gift subscription to a password manager, which allows you to store your passwords, credit card numbers, and other digital keys in one place and securely take them with you. Password managers help to encourage strong online security by generating strong and unique passwords as you browse the web, rather than having you rely on a single password that you've remembered for years that you use to log into every site. There's one major problem with that: If one site gets hacked, that same password is busted everywhere else.

Not all password managers are created equally, but the most convenient ones let you take your passwords with you as a phone app. 1Password is a great password manager (and provides gift cards!), and Bitwarden is also a popular favorite and also offers gifting options. Subscriptions start at a few dollars a year, and go up from there. 

Both 1Password and Bitwarden also support passkeys, a newer and far more secure way to login to websites and online services. As such, you probably won't have much need for a hardware security key, such as a Yubikey, unless you want a login option that is physically separated from the internet.

Go exploring for exposed tech with a Shodan membership

Shodan is a search engine for exposed internet devices and databases, from digital video recorders and unprotected webcams to occasionally military emails. Using Shodan is an easy way to get into bug bounty hunting, data breach dumpster diving, and more. I've used Shodan for years as part of identifying and tracking down data breaches, so it's a helpful tool to have in your back pocket. Also, you never know what you'll find on Shodan Safari, which refers to some of the most interesting (and worst!) things that people have put on the internet, from watching a single weed plant to monitoring an entire dairy farm.

You can sign up for a one-time $49 fee for membership, with no subscription required. There's no easy way to gift, but you could create an account, buy the membership, then hand off the username and password to the gift recipient. The gift recipient should be able to change their email address to something else. (You'll also get a notification about this when it's complete.) 

Build your first homelab with a network attached storage (NAS) drive

If you want to splurge a little on someone who you know loves to tinker, I absolutely have to recommend buying a network attached storage (NAS) drive, such as those sold by Synology and Western Digital. 

A NAS box is more than just an internet-connected hard drive that lives somewhere in your house to store your computer backups. A NAS is also a way to host your own applications and data, and build your very first homelab. I host a bunch of things at home, such as a RSS feed reader to catch up on all of my favorite news sources (FreshRSS); an ad-blocker for my entire network; so I can watch all of my own TV and movies from my own self-hosted streaming platform (Plex); and to keep track of web pages that change over time (such as a price dip on a shopping page) using a website page monitor (ChangeDetection); and more.

NAS devices are meant to be easy for anyone to use. But don't be surprised if you end up getting hooked on clawing back your data from the clutches of Big Tech. For me, it's really been a lot of fun to learn new things along the way.

Counter-surveillance clothing can protect you from prying eyes

Facial recognition and camera surveillance are on the rise, but so are efforts to evade intrusive tracking and unwanted photo-taking.

Just to name a couple: The folks at Urban Privacy have a whole selection of clothing that's designed to confuse facial recognition systems and protect against unsolicited photos. There's also Capable.Design, the fashion outlet that Petapixel wrote about in 2023, which makes clothing that tries to trick and deceive AI-enabled surveillance cameras by confusing their detection capabilities. 

The glasses maker Zenni also has new lenses that can make it more difficult for some facial recognition systems to track wearers, though as 404 Media found, your mileage may vary.

When everything online fails, these cyber books won't let you down

And lastly, you can't go wrong with a good book — and there are plenty to go around for anyone's cyber interests. 

I co-authored our book club reading list on TechCrunch with a few suggestions that cover a range of topics, from espionage to cybercrime, the history of hacking and historical hacks, and beyond. Our post has all of the classics you'd expect, from Kim Zetter's incredible book Countdown to Zero-Day to Joe Menn's revised edition profiling Cult of the Dead Cow, and the breathtakingly good read Dark Wire by Joseph Cox to name a handful. 

Plus, BBC cyber reporter Joe Tidy has published his debut book, CTRL+ALT+CHAOS, exploring how teenage hackers have run riot across the web and become a formidable cybercrime threat. And, author and journalist Geoff White also has a few books worth checking out as well, including one of the definitive books on North Korean crypto-stealing hacks and more.

What tech not to buy!

There are a few notable mentions of technology that you should probably try to steer clear of, given some of the associated privacy and security risks. To wit:

• Surveillance tech like Ring doorbell cameras constantly stream video footage from your front door, which can include passers-by and your neighbors. Now these cameras are using facial recognition, adding a whole new dimension of creepy. Police and other authorities can request these videos without your consent, footage that can then be used against your neighbors. 
• Smart speakers with an internet connection, like Amazon Echo and Google Nest devices, have microphones that not everyone would want in their home. Plus, smart speakers and voice assistants have been prone to audio activation lapses and other eavesdropping-related privacy issues.
• Family monitoring software is often on sale and highly advertised year-round, but is also susceptible to security lapses and exposing people's private location data. Avoid location monitoring, family tracking, or any kind of snooping software.
• Wearable tech is a controversial one as it can be used to monitor your own health, for example, and in other cases wearable tech can be used to monitor other people. Don't be one of those wankers who wear gross Meta Ray-Ban camera glasses. And if you're thinking about gifting an Oura ring to someone, remember that the company can access its customers' health data, and governments can come along and demand access to that data as well. Yeah.
• Virtual private network providers or VPNs are often touted as a security and privacy tool that can keep you safe and anonymous online. But commercial VPNs don't offer any more security and privacy for most people than not using one, notes Hacklore. VPNs are also really controversial because they just funnel all of your internet traffic to that VPN provider, which can see which websites you visit and sell that data to third parties. Even the "trusted" companies aren't actually that trustworthy. The best VPN is one that you set-up and control yourself!

Thank you so much for reading ~this week in security~! Please reach out with any feedback, questions, or comments about this article (or even your own gift suggestions!) to this@weekinsecurity.com.