How Andrej Karpathy approaches his digital hygiene makes emminent sense for the “…computer scientist renowned for his work in machine learning, computer vision, and artificial intelligence.” (source)

You and I, though, are not founding members of OpenAI, or founders of Eureka Labs, an AI+Education company. And while we can learn a thing or two from how Karpathy approaches online security, we’re unlikely to spend more than $700 annually to protect ourselves.

There is a middle road, though, where we can protect ourselves intelligently while not breaking the bank. Come along, and we’ll walk it together.

I have heard of Karpathy many times in the last couple of years. As a founding member of OpenAI, he is often discussed in conversations which touch on Sam Altman, Elon Musk, and the headlong rush to construct artificial general intelligence.

Karpathy has been on the leading edge of artificial intelligence development for a while. Because of that, how he thinks about the security of his digital information is very interesting to me considering my recent articles on password managers and two-factor authentication.

A recent post on X led me to Karpathy’s blog where he details how he thinks about his “Digital Hygiene.” It’s a fascinating breakdown of all the tools and methods he uses now and is considering using to safeguard his online information and identity.

Karpathy’s post, is a deep, dense dive which he describes as:

the most basic digital hygiene tips, starting with the most basic to a bit more niche.

“Most basic” is a misnomer considering Karpathy goes well down the proverbial rabbit hole. It works for him – a person on the cutting edge of some of the most transformational technological breakthroughs of our age – but it’s far too much for you and me.

Karpathy groups his post into four sections: Authentication, Communication, Privacy, and Security. We’re going to view it differently:

• Doing Now
• Considering
• Not Necessary

Doing Now

For Karpathy, “Authentication” covers three levels:

• A password manager
• Second factor authentication
• Biometrics

He uses 1Password which requires a paid subscription. I use Bitwarden with full, open-source functionality for free. I think you should use it too, and, when you are asked to provide answers to security questions, treat them as extra passwords as Karpathy recommends.

For example, when asked to provide the the name of my school, I might enter “School of Rock” or something similarly nonsensical. Online security can be rough. Have fun with it when possible.

Karpathy relies on physical security keys which cost $25 a piece for entry level devices. For me, two-factor authentication secured through Bitwarden works well and integrates securely.

For biometrics, Face ID secures my password manager and every other sensitive item on my devices. Karpathy does likewise.

For “Security” on his Mac, Karpathy uses the default File Vault. Since reading his post, I’ve done likewise although I should have set it up sooner so, in case my laptop goes missing, nobody could access the files on it.

Considering

Although I just switched to using the Brave browser, as Karpathy recommends, I’m going to put it here. It works well, is more secure than Safari, but doesn’t work as seamlessly across devices as Safari does, at least not yet.

Regardless, there’s value for me to learn how to use a new browser, customize all its settings, etc. if only to get the functionality of Chrome without Google’s prying eyes. Plus I may share a bit more about the process soon.

I am also considering a paid Proton email subscription for an ad-free, open-source, encrypted inbox. Although I switched from Gmail to Outlook to get more privacy and access to the Office suite of applications, there are aspects of it I’m not thrilled with.

I’ve used the Signal messaging platform for years and highly recommend it. It helped me protect confidential messages at a time in my life when that was very important.

The drawback is the switching cost. Texting with friends and family in the native Messages app is so convenient that asking people to install a separate app to connect with me seems like a bridge too far. That said, I wouldn’t have to deal with spam texts in Signal.

Hmmm, yes. Considering.

I am also thinking about using privacy.com which lets you “…mint new credit cards for every single transaction or merchant.” Although I haven’t had a payment card hacked in a few years, this makes eminent sense, although it may be something I don’t need to spend money on now.

Another common sense tool is a VPN, or virtual private network, which shields your location and IP from online services. Karpathy uses Mullvad VPN, which I did use but let the subscription lapse. For now, a free Proton VPN account works for me when I need it, and may be fine for you, too.

Not Necessary

The final three components of Karpathy’s digital shield are not things I need to worry about. He uses a service to digitize his physical mail and email it to him, has a tool to block ads at the domain level, and runs an application which lets him monitor what calls his computer is making to servers in the background.

Interesting, and a degree of security neither you nor I are likely to ever need.

Final Tally

When I totaled the cost of the services Karpathy uses now and indicates he is considering shifting to, my eyes popped:

Recurring Costs, $678.45 annually

• 1Password, Personal Plan, 1 Year, Annual Price, $35.88
• Brave Search, Privacy-first search, $29.99
• Privacy.com, New credit cards for all merchants, $60
• Virtual Private Mail Plus plan, Unlimited scans, $420.00
• ProtonMail, End-to-end Encrypted Email, $47.88
• Mullvad VPN, $64.80
• NextDNS, Block ads at domain level, $19.90

One-time Costs, $134

• Yubico, Security Key Series x 3, $75.00
• LittleSnitch, Network monitor on Mac, $59.00

No Cost

• FaceID, Biometrics
• Security Questions, Use them as an added password
• Disk Encryption, Included w/Mac
• Signal, End-to-end Encrypted messaging
• Brave Browser, Secure Chromium-based browser

Instead of spending, over a five-year span, more than $3,500 for online security like Karpathy will, my current approach is less of a budget buster. If I take the plunge for Proton Mail and privacy.com added to what I pay for Bitwarden, my price tag would be a far more affordable $589, or $118 per year

That’s a middle road which can work for me and you.

Unless, of course, we stumble onto artificial general intelligence in the lab. Then we might need to up our game.