- in iOS -> Settings -> Messages, enable "Filter Unknown Senders." Go through recent SMSes/iMessages and create contacts for short codes and numbers that he has communicated with.

This option won't block the messages, but it'll make them harder to find and make their links much harder to click on (AFAIK it's impossible unless he copies and pastes the URL or creates a contact for the sender).

- install uBlock Origin, which makes it much harder to reach the phishing scam sites that back a lot of these campaigns. They're often hosted on sites that are on malware filter lists. In uBO, enable all optional malware filter lists.

On iOS, do the same using AdGuard.

- in addition to the malware detection mentioned by others, consider enabling Google "Enhanced Safe Browsing": https://support.google.com/accounts/answer/11577602?hl=en

- for phone calls, install his carrier's robocall/fraud detection and blocking app. For AT&T, it's "ActiveArmor" (https://www.att.com/security/). If he has a landline, pay for caller ID and consider a phone that speaks the caller's ID (example: AT&T TL96273).

- depending on how his bills are paid: only put a small amount of money (a month or two of expenses) in accounts that are accessible without physically visiting a bank branch. If an account has no online access, no checks (nothing to read the account number off of), and no debit card, at least the maximum possible damage from a scam is limited. Either visit a branch one a month to transfer money or use a credit card for expenses.

Teach him to not click links in emails. Amazon wants him to do something? Easy. Go to the Amazon app. Amazon app not showing it? Maybe it was a scammer. This isn’t easy, and it isn’t foolproof. But just using the apps directly will help ensure he is interacting with the company he intends.

Make activities contextual to hardware. Buy things on the Amazon app on his phone, even if he browses on a desktop. The phone has the app, so there’s no uncertainty that this is Amazon. In a way it is less convenient, but in a way it is far more so.

Have the hard conversation. Maybe Dad needs a little extra oversight. Not because Dad is weak, but because Dad has already been strong enough to do the same for you when you were in need. (I’m being presumptuous here, apologies if that doesn’t track.) Maybe Dad needs shared accounts. Not because you don’t trust Dad. Because you don’t trust the internet, and it is a scary place.

A different way to look at it is that right now your description sounds like reactive support. Something goes wrong. You try to help. I’m not assuming you haven’t attempted proactive support, but it sounds like it might need more of it. Especially with family members, it is easy to inadvertently do too little to avoid doing too much.

And yes, I have been entirely reactive to it. I’ve explained how these scams worked, reminded him to stay vigilant, used all the typical tips, but I do think I need to make it harder for him to get in trouble.

But that’s very difficult to reconcile, as this person raised you. It is hard not to internalize some feeling of “how dare I?” in these cases. Since when does a parent need their child’s help at such basic things? Parents raise their children, but I don’t know of a term that captures that same feeling about an adult caring for their elderly parent. If there isn’t, there ought to be.

Additionally, consider looking into resources for caregivers. Reading material, maybe a support group, I don’t know. Whatever sounds right, if it sounds right.

You are one, a caregiver, even if you didn’t know it. That’s hard work! Sometimes invisible, even to the worker. If you feel exhausted from all of this, that’s not an unreasonable feeling. It’s hard to be proactive if you’re worn out.

Be aware of the necessary ongoing investment for anything “Home IT” you do. If it requires being on-site, if something goes wrong and you are hours away it could be a big issue.

Technical options are not bad. Sometimes they are the best. Just don’t forget to factor in ongoing maintenance and support, and all the ways that can go sideways.

It’s important to not look at the problem in isolation, too. Sure, you might be a networking expert, run your own vpn in a colo, etc, etc.

Do you have the necessary on-call AND on-site availability for when Mom can’t use Facebook because your pi-hole ate the sd card and you never got around to upgrading it to use a ssd?

Also have a small chat with him about not clicking on e-mail attachments, & not installing extensions. As an extra measure, turn on 2FA for all his accounts too.

Multiple times, I've checked up on their installs and found their accounts riddled with malicious browser extensions and search engine hijacks. They claim that they were aware of not clicking on stuff asking to install browser extensions, but they got tricked (multiple times) anyway. I suspect that the search engine hijacks helped the process.

After having this happen many times, I'm now of the stance that while ChromeOS itself is far more secure than Windows, it's very far from a turnkey silver bullet.

You really need a multi-prong strategy (ChromeOS/iOS, uBlock Origin/reputable content blockers, user education and vigilance, etc)

In addition to being more resistant to malware, chromebooks are really easy to remotely support.

I also setup 2 factor with a yubikey for my Dad's chromebooks, with my phone as a backup authenticator. The key is simple to use (plug it in, press the button), and once you authenticate the chromebook does not need to be re-authenticated.

Smartphones are really not a great solution for seniors with limited dexterity, poor eyesight and limited computer skills.

Changed his desktop pc so his account is no longer admim (can't install software). Additionally, the websites he can visit are now allow-list only with everything else blocked.

What I determined was that he was getting frustrated by the browser popups, and would click on anything that looked like it would make them go away so he could get back to what he was doing. That led to his machine being constantly reinfected after I would clean it.

Watching the "scam the scammer" education videos on Youtube would be of limited use because he would get in trouble "in the moment" and wouldn't think about his actions until much later (if at all).

If he were still around I'd install an adblocker as well as removing his admin rights.

Would he be willing and able to follow a strict rule "never give your bank account info without me"? That need should be a rare occurrence.

As for credit cards, maybe you could set up an account for him and don't even tell him the card number. Sign up for everything legitimate yourself, Netflix, Amazon, etc. If those accounts need to be updated for whatever reason, he calls you, just like with the bank.

And then if he insists that he still needs a card for one-off purchases, give him a prepaid card with limited funds, or "virtual number" that you can change. That way if it gets compromised he has a lot fewer, if any, places to change the number.

Cause they aren’t basic, only to the inside group of “UX designers”. I struggle with it every time I have to show my grandma how to do basic things on her devices. Buttons that don’t look like buttons, arrows that blend into background, icons that mean nothing, visual effects not followed by an action. This bullshit has no end.

Back to the subj. One of my concerns was to explain that nothing out there can make you lose money unless you pay explicitly. Because I see it as the only possible attack vector, like “oh, you just entered paid/illegal site, please do … to cancel”. Otherwise, she is completely aware that her cardnum/cvc/pincodes are secret and doesn’t buy ads and baits (mostly). Another great rule is to use apps only, not sites. She only goes to her bank and services through the home screen. And searches through “google” app. Browser is something she avoids. That said, I too have to turn off non-essential notifications very often. She ok-clicks away anything incomprehensible and god there’s a lot of it even in non-scam UX.

I think it’s worth to dig what drives your dad to make mistakes rather than guarding him from endless tricks. Analyze why. Some uninformed anxiety about how it all works or something like that.

Gestures that require swiping are the worst, in my experience. Even worse than borderless buttons. They're undiscoverable and if there is any tutorial showing how to use them it's only shown once.

I recently had to disable the opaque swipe-to-answer on my dad's Samsung because some jackass designed and/or business owner made that the default.

I wish designers, etc, would all have to go through an annual boot camp where they have to watch older people navigate their products (without being able to intervene and help).

Set it up on all devices + aggressively make it filter crap (there are block lists you can leverage)

Ublock + privacy badger + https anywhere

Other more extreme approaches: get him a router that has these capabilities and/or if friedly to running a custom firmware on it. Filter at router level.

Set up an always on vpn through a server you control. Filter the traffic.

some people...

That will need some fine-tuning at first (and also another device at his house) but especially with a daily update of the adlists this should prevent him from going to the most common scam URLs...

If he's using his phone on the go, maybe throw in Wireguard/OpenVPN into the mix and make sure that it connects as soon as he leaves his home Wifi...

This is one of the reasons I pay for NextDNS and set my parents' network up to use it.

I haven't used their hardware myself, but I'd be curious to hear any experiences. While on the expensive side, they seem to do a good job of targeting the "I don't want to mess with this nor maintain it on an ongoing basis because I don't have the time" demographic.

[0] https://github.com/firewalla/firewalla/blob/master/LICENSE

I've done a ton of things here but the latest that has actually given me some piece of mind is setting up a financial aggregator app with all her accounts + some basic notification rules for withdrawals >$X connected to my email. Obviously this requires a lot of trust from your parent, a lot of trust in Plaid (which I hate and worry about), and doesn't fully protect against the worst cases since it's reactive not preventive. But it's felt like a good backstop at the very least.

This entire process has been so frustrating and nerve-racking that I'd happily pay quite a bit for a "digital security for seniors" service if something like that existed.

Good luck!

Android OS is notorious for this nonsense. Spammy apps are constantly advertised and it turns out that old people not familiar with technology can hardly differentiate between legit apps and “install to boost your battery!”…I think the right choice for a start is to get an iOS device.

What I did was (a) got financial & medical power of attorney (b) got my father's long time doctor to provide me a Letter of (in)Competency which states my father cannot make financial/medical decisions on his own. That letter is ammunition for me, if I have to fight a scammer who somehow tricked my father to assign financial power of attorney to them. (c) I also had several discussions with my father's priest so in the worst case scenario, I can rely on my father's doctor and priest as witnesses if I have to go court, file legal motions, etc.

What this experience taught me, is that when it is my turn to become senile, the best strategy is to transfer my assets before hand as much as possible. So that the damage scammers can do is minimized.

The place to look for is certainly 'parental control' apps and set-up where you can put enough guards and notifications. More or less acting like a parent to old parent and hone on things based on their usage patterns.

They were never very outgoing people, weren't highly skilled at English being immigrants, and didn't engage in the polite courtesies that prepare you to be a well adjusted and sociable kid growing up in the USA. They had no cares for my arguments about being felt left out of activities or such.

But you know what, it's perfect for them not being scammed now, decades later. They just don't pick up the phone for anyone, or if they do and don't understand anything, they just hang up. They don't pay attention to emails or feel like they're missing out on some amazing deal that comes their way. All they have is a tendency to forward news articles that are slightly "oh I saw this 5 years ago".

Funny, it's like some evolutionary niche. Things that are a detriment in one environment turn out to be a saving grace and success in another.

Self-reference is important here when you are applying an observation of aggregate groups.

Both options cost money but all the free solutions I know of would confuse or frustrate an elderly person that recently got into using computers and Gmail's spam detection has gotten significantly worse in the last few years.

I wonder if there's room for a service that does something like this; rent/buy a laptop which is locked down and has recommended extensions preinstalled, and a phone service (or maybe even in-person) when the user needs help.

I'm probably describing something that already exists, I just don't know it. Or maybe it isn't profitable at all.

1. "MDM for seniors." Basically, make sure all the stuff we've talked about is installed, running, and current. $x/device/month.

2. Consulting like you described - sort of an "MSP for seniors." I think this would be pretty time-intensive/hard to productize, and thus prohibitively expensive. (There are MSPs which target senior living centers, just not individuals.)

3. A membership/mailing list -- imagine an "AARP Tech Recommendations" with the changes in these HN comments, delivered 2-4x/year. It would be a standalone document with implementation-level instructions, not part of a magazine. "Hand this flyer to your kids, grandkids, or a tech-savvy friend."

To me, #3 seems most compelling. Obviously it relies on someone else to make the changes, but doing so would make it much cheaper.

AARP publishes consumer tech news (https://www.aarp.org/home-family/personal-technology/), but doesn't distill it to a quarterly-or-so cheat sheet. Arguably AARP would be the ideal distributor, and distribution through AARP might be the only way to get the CAC and price low enough.

(If anyone wants to create #3 above as a service, contact me and I'll be your first paying customer. This HN thread inspired me to ask a slightly more directed version of your question on Mastodon: https://mas.to/@troyd/110130476826925592. No replies yet.)

Edit: May be available for free with DNS changes: https://adguard-dns.io/en/public-dns.html (I haven't tried this)

Oh the sub also comes with 1password (quite complex) and malware bytes which might stop some after the fact damage.

I put in a feature request to make threat blocking work the same. But the nice thing is it’s on router level so it’s enabled without having to setup a device

For email: could you maybe handle his email for him? I dunno how much he uses email.

I would set him up with a credit card with a provider that can generate temporary numbers. Or just have multiple accounts; one is a very low limit, another higher. Keep cash in one or two different bank acts, one of them just enough to pay bills.

Some wifi routers have parental controls (lol, the irony) that let you whitelist URLs. I would whitelist the common websites he uses and block all others.

I'm actually totally on board with his anger towards tech. If I didn't do tech as a living I would eliminate all my internet connections. It is just a distraction. There is so much more to life.

It gives him a connection to the world. He spends a lot of time watching YouTube videos about art and music techniques but he’s much more comfortable using his phone than computer. He’s been casually teaching himself Danish for a few years using Duolingo, also on the phone.

He takes a lot of photos when he’s out, usually trees so he can study them for paintings or drawings.

My mom died about ten years ago and he lives by himself in a sleepy neighborhood. He’s in an apartment building and his neighbors check in on him but he tells me that if I didn’t call daily, he could go a week without talking to another person. A dumb phone could do this but we FaceTime nightly so he and my daughter can talk.

He frequently looks at photos and videos of his granddaughter. He loves getting updates about her and goes back through his archives frequently.

He goes for long walks to the grocery store or to run errands. I think he’s started using Maps on his phone. I enabled location sharing so I can see where he has a habit of walking too far on too hot days with too little water, so I worry.

His hearing aids (Starkey Evolv AI, I think?) connect to his phone. He can control them from the app. This is also a constant source of frustration but he’s gradually getting better with them.

Most of these things could be done with single-purpose devices but that would be more complexity, more things to carry, charge, lose, break, etc,… He likes his phone. It helps him feel independent and connected.

I do wish there was a more scaled back version of the iPhone that was friendlier for the tech-averse, something closer to an Apple-improved dumb phone. He’s using an iPhone 8 Max now and if we had to replace it, we’d be forced to go to the smaller iPhone SE because there’s no way in hell that the buttonless iPhone would ever work for him. The tech keeps changing and he really needs stability and simplicity.

Personally for facetime - my dad finds it easier to communicate (he is in the early stages of dementia), to track his position and so he can use apple pay (he always forgets his wallet).

And lately it's the same sort of shit... My dad will get a text message on Facebook from a "friend" (usually a dead friend) and it'll say something like, "I'm Joe's kid, and things are hard since Joe died and we need some money or we'll have to pull our kid out of school..." paraphrased, but that's generally the angle people take. And the scammers will send hundreds of messages... it makes it so hard.

I'll ask, "Dad, why did you have a 200 message conversation with this person?"

"Oh, I thought they were a scammer, but you never know... and after a while they just seemed legit." Again, paraphrased. Dad can't talk for less than 30 minutes at a time. =P

So what do I do?

1) I lock his devices and home router. I turn off data on his phone so he can only make calls when he's not on Wifi. I block ads (since those can take him to sites he doesn't need to be on), and I block fake news. https://github.com/StevenBlack/hosts

2) I sit down with him once a month and delete people on his Facebook account. I want to delete the whole account... but he uses it to talk to some of his friends... and it's important for him to keep connections. That said... FUCK Facebook for not doing more to prevent scammers. On some level, there's just no way to stay clean there. We delete anyone who died, or anyone who he hasn't spoken with in 1 year, and anyone who he has had any sort of falling out with. And man... the most frustrating thing is how many of these people we delete that just keep re-adding themselves. Facebook really should not re-suggest a friend if you delete them. It's such a sticky cancer with how it operates.

3) I sit down with him once every 2-3 months and we delete everyone in his phone and make sure contacts are up to date. I tell him to never take a call from a number he doesn't recognize, and to call me immediately if there's ever any doubt.

4) I run all the updates on his computer every month. And I check for programs that he doesn't need. Dad only has "User" access on his laptop, and I've toyed with the idea of taking away his ability to install any programs... but when we did that it meant he'd call me a lot more because someone had a Zoom meeting and he needed me to run an update. It's always a cost vs. benefit analysis with restrictions.

5) I have his phone paired to an old Tablet so I can keep tabs on him... I hate that I have to do this, but he's lost over $50k in the last 10 years to scams. And it's not the money that even matters... it's how down and how he cuts off connections with everyone once he gets scammed. The las time he lost like $5k... he wrote a check and mailed it, and somehow the person was able to cash it even though they weren't the name on the check. Anyway Dad really beat himself up over that, but it's not healthy for old people to be shut-ins. They need to talk with other people every day or the risk of dementia goes through the roof...

6) While not a perfect protection... we keep like $2k in his debit card, and we don't use credit cards. He has protections on his debit card from his bank, and that way he's got minimal exposure to online spending and credit card fraud. We just transfer over money every month from his savings / retirement accounts. And now that Dad is in his 80s, I mostly manage those for him.

7) I love for him to interact with people. Every time he goes to the dog park or gets out and meets a new friend... I'm happy and I want him to have conversations with people. But fucking hell, I swear 90% of the people who want to talk to the elderly are scammers. And at some level too... Dad doesn't mind being scammed if someone is willing to talk to him for 30 minutes... just listen to his stories. That's the hardest part. I tried hiring a nanny, just a local kid who was a baby sitter... to go and talk to him. It was OK. I tried Better Help, and tried to find a shrink that would work with him and not tell him she was a shrink... not be so overt about the whole process, but that was a disaster. Once Dad found out it was a "mental health" related call he got really mad... past generations don't have good opinions on that sort of thing. It's hard... I don't have a great solution. I got Dad a personal trainer, and a maid, and a nanny... and between them he has enough random people to talk to every week. He looks forward to it, and that helps him avoid being lonely and talking to scammers online I guess. I don't know, it's sad and it's hard.

8) I try and go grocery shopping with him, so that way random people don't "offer to help" and then hit him up for payment. One other thing I noticed is that Dad literally has no concept of money. On one hand, "Candy bars cost a nickel!" and on the other, "Oh that Uber ride to the VA at peak hours just cost you $155..." or "The dentist wants $8,500..." and like... it's hard to have any sense of what things should cost. He doesn't want to be seen as cheap, so if someone drives him to the grocery store he normally gives them like $100... and then, if that person is shady they'll start offering to drive him other places... and like I said I don't know the answer here, at some point he will need to be put in a home away from people. It's hard. Right now he lives in an apartment near me, and there area all ages there. He isn't sick, he walks 5-10 miles a day with his dog... he's active, likes to go dancing, but he's just so SO very lonely. Desperate for anyone to talk to... but he can't hear, and he only wants to talk about things he's an expert in, and only to people who want to listen to him with a lot of respect... so it's hard. The moment someone scoffs at a story, or doesn't just sit attentive and focused... Dad will get mad. He just wants to be relevant, and he's not. Right? Like that's the core problem is how do you gracefully allow yourself to be comfortable with not being relevant? All of his friends are dead. Most of his knowledge is really old. It's all part of the dying process I guess, but it sucks. And I'm sure it'll suck for me too if I ever get that age.

9) Dad has coverage through the VA -- and just real quick, we're all so screwed if we don't fix health care. The only thing that makes any of this possible is that it's "free" and there aren't insurance companies sending bills... I can't hardly deal with my insurance companies now, and if I have to do this when I'm 80... well, fuck... I'm sure I'll just not bother going. It's all so damn complicated. I have no clue how much money something will cost -- and while that's "ok" for me now, for someone on a fixed income that would be debilitating. I just don't know... I feel like we're all really sunk if we don't get health costs under control in the US. It's a total shit show.

10) "Use the app" -- fuck this for the elderly... every time someone is like, "Please use this call system, that changes the volume every recording..." (those just blow out his hearing aids) or someone tells him to "download an app to book an appointment!" I want to scream. Accessibility issues are real, especially for the elderly. And nobody takes any of it seriously. His phone uses 250% font size. Guess what apps work? Like none. And still everyone wants him to use an app. I hate it. I end up installing all the apps for him on my phone and just doing it for him.

11) Fuck all the people who sell data about the elderly. Looking at you, American Airlines. Not 30 seconds after I booked a flight where I requested "Sky Cab" (the golf cart service) they called him to offer him some sort of emergency medical alert device, that comes with a monthly service fee. AND they told me it was "to help with your upcoming flight" -- Dad totally would have bought this if I hadn't gotten the call. And this sort of shit is all over... it's not just people scamming the elderly, it's all these shitty companies. Highly recommend using your phone number for a few months to get a feel for what it's like for the old folks. It's really bad out there to be old. Any sort of predatory advertising to the elderly... I wish I could just zap the people doing it in the balls. It shouldn't exist. Makes me so mad... and like I said, it's all over. The scammers sales people know where to find data on who is old, and AI is just going to make spotting the real messages that much harder.

That was a rant, sorry... this shit is hard. And I wish it wasn't.

And... don't get me started on how child care has a tax break, but elder care doesn't. And how shitty workplaces generally are about taking time off to help elderly parents, vs. someone just calling in, "My kid is sick." I don't want things to be harder for parents with kids, but I do want things to be easier for adults to who take care of their parents. It's all just really shitty and a ton of work. Dad has PT once a week, and he had some other health issues that were once a week... and let's be honest... my boss at the time was a real See You Next Thursday about me taking time off to help Dad, meanwhile she never gave anyone flak for cutting out early to have to pick their kids up from school. Having older parents who need a hand... it all just sucks. But it beats the alternative.

Christ, I can't even stand driving an automatic car. I'm gonna be just as bad as he is with adapting to new tech. I am already. That automated voice in TikToc is the thing of my nightmares -- I hear it and it's like instant rage. I know exactly how Dad feels when he has to use a phone app! (=

When Dad grew up, he was in a very rural setting. He didn't get electricity until his senior year of high school. Then he went to work in a mine, then he went into the army. He was 21 before he ever met someone who didn't look like he did. Or ventured more than 50 miles away from his home. Computers came out and then the internet and then phones, and he had a flip phone until probably 2016.

And he was successful at what he did. Without the tech. So he had no motivation to learn it. He knew what worked for him, he knew how to get what he needed to done. The change he went through in his life time... I totally get it's been hard to keep up with it all.

But yeah man, we should have a Discord server or something (that's how you say IRC group now, yeah?) -- it's all been a bit much to deal with. Love to have some people to share experiences with. Plus... I think Dad would probably get a kick out of talking to other old people who have kids in tech.

"My son works with computers, does your son work with computers too?" I can just see them trying to explain the jobs of their offspring to one another. It'd be fucking adorable. Depending on who you ask, Dad has left the people with the impression that I do medical transcription, or program robots for welding, or farm bit coin. I love it.

ChatGPT isn't there yet, but I can see a future where it serves as a biographer for old people and automatically records and documents their lives, and prompts them daily to fill out more details. Then plays it back for them so they can approve changes to the story. I think Dad would really benefit from something like that... an obedient ego-less listener with infinite time who wanted to spend it helping immortalize Dad's story... he'd love it. And I don't feel like it's too far off.

But anyway, it'd be cool to swap stories. My email is in my profile. Cheers mate!

> the most frustrating thing is how many of these people we delete that just keep re-adding themselves. Facebook really should not re-suggest a friend if you delete them.

Try blocking them? That might prevent re-recommendation.

But the moment you un-friend someone, they instantly show back up in your friend suggestions. So while Dad doesn't really talk to these people, the desire to not offend them, and their desire to connect with names the recognize, just puts everyone in a spot where they are prompted to re-friend one another.

Thanks though! I don't use Facebook myself, so there may be some other options I'm not aware of. I just want to not see those people and not have them show up in a friend suggestion, but also not block them from talking to Dad if they ever need to.

It's the overly-political ones, or the ones that spew fake news, that I worry about. Dad would say, "Oh I trust their father, they aren't going to lie to me, if they said they saw Joe Biden at a satanic ritual eating freshly killed Christian babies, they wouldn't lie about it!" =P (Only slightly exaggerated from some of the stuff these wackos post.) Or he thinks the internet is moderated by Walter Cronkite, "They wouldn't let them post it if it wasn't true!" (And honestly the "citation needed" marks have made things worse since a lot of times they don't show up and that makes Dad think it's been verified.)

Blocking them may be the best call... but it's hard if they find out they are blocked since that makes more drama. Then they call, "Why did you block me on Facebook, was your account hacked?" kind of stuff. I just want like a "mute" button that makes the person not ever show up in the feed or comments, but doesn't cause them to ever show up as "blocked." If you know how to do that in Facebook let me know. "Shadowban" is that the right term? =P Opt out!

My dad's Yahoo account was 90% spam. As somebody who gets maybe one message a year miss my filters, I found it really alien looking at a wall of drug and investment scams.

Possibly go one further and find a provider that only allows a whitelist of senders, that you can manage for him.

And per the other comments, a good ad blocker. Again, the raw internet feels pretty alien to anyone using a good blocker.

Follow up question - how are we going to keep ourselves safe in the future? What are you putting in place now to help your future self be ok?

[0]: https://nextdns.io/

[1]: https://adguard.com/

[2]: https://adguard-dns.io/en/welcome.html

Long term, use many uncorrelated solutions: with humans "you can fool all of the people some of the time, and some of the people all of the time", but with a single AI (as with all software) once you know how to fool it, you can simultaneously fool every single person in the world who is using it.

Also, there is some asymmetry in this problem. E.g. a little more false positives (a detection, but no actual threat) is not so bad, so we can err on that side.

- uBlock Origin [0] in every single browser in every single computer in the household. This is non-negotiable in my opinion. It's the single best deterrent of scams and malware you can set up for anyone.

- NextDNS [1] as the router DNS, as the system DNS for every device, and as the DNS for every browser. This allows you to control more blocklists remotely for your father if he finds any issues. It also provides dynamic DNS-level blocking through AI and heuristics, along with the usual blocklists.

- Not used to macOS, but you likely can set up the user account to not be able to install applications (i.e. no root), this should help a lot. Using macOS or Linux is a huge win in security, simply due to distribution repositories or the app store being way more secure than downloading random EXE files from the internet.

- You will not manage to get him to use a password manager, or at least won't get him to use one correctly, so set up SMS 2FA in all of their accounts. "SMS? Isn't that insecure?", well the truth is that they will have awful passwords, you won't be able to change that, and they won't bother TOTP codes, so SMS 2FA is the next best thing. SIM swaps shouldn't be in their threat model.

-- Regarding password managers, you may be able to set one up to autofill, change password to generated ones, set up TOTP in the password manager. However, the big thing is to not expect your father or anyone else to actually bother with the password manager when creating new accounts. If you do set it up this way, tell them about it, educate them on how to use it, but make sure to nail on your father's head to NEVER type a password that's in the password manager, and instead always rely on autofill. If you're not sure which password manager to set up, take a look at Bitwarden [2] (FOSS) or 1Password [3] (which I hear is very simple for "normal people").

- Regarding credits cards, tell them to set up strict spending limits. I'm not in the US, so I don't know how's the situation there regarding virtual credits cards, but I personally choose to create a new credit card for every purchase I do. If your father has any subscriptions they have to pay, you could help him set up these virtual credit cards and assigning them to different services. Don't even take note of the password, the only use they should have is to be cancelled, you shouldn't use them to spend on anything else.

- Regarding phone security, set up caller ID and maybe even block unknown callers. For caller ID I personally have them set up with a Samsung phone which ships it by default, I'm also aware in the US some carriers may provide that service to you for the landline too apart from an app in the smartphone.

- Last, but not least, set up an email client or email service which is excellent when it comes to blocking spam. Gmail ain't it, unfortunately. I can't give you many pointers regarding this though because I'm not sure how often email will be needed nor what applications exist for macOS email clients, so you'll to search more on this.

Overall, these are the tips I'd give, so you can get started. Be aware this won't solve all issues, but it should make your life and your father life orders of magnitude easier. Best of luck and godspeed.

[0]: https://ublockorigin.com/

[1]: https://nextdns.io/

[2]: https://bitwarden.com/

[3]: https://1password.com/

Give dad a limited UI that does the basics that he needs: email and chatting with family. Problem solved.