Install at least one ad blocker and use something like nextdns as additional protection. Give him a talk about scams and how there is no free money floating around on the internet. Tell him about how no one is scam proof and that you are always going to be available for him to double check anything he might want to buy or pay money for. Don't get him signed up with his banks or financial institutions over email - he has been fine this long without digital access and he can keep it that way. Fake urgency is a big thing they use to try to scare people into going along with the grift. Be careful about your response if he does come to you after the fact if he is ever scammed. Part of the scam is making people feel ashamed about what happened, so they don't tell others.
posted by soelo at 7:49 AM on March 14

If you just need an email to sign him up for things, you can always do that and manage whatever emails come in. My in-laws have no computer or cellphone skills but would like to use the local supermarket app to get coupons, since those don't actually exist anymore. Is that something that would work?
posted by fiercekitten at 8:22 AM on March 14

i'm wondering if you could set up a gmail account where both you and he would have the password. Set up filters where desired emails go to the inbox and everything else goes straight to trash. You could log in once every couple of weeks and scan the trash to see if there is anything that needs to be added to the white list.
posted by metahawk at 12:13 PM on March 14 [2 favorites]

I wouldn't expect a general-purpose email provider to provide this kind of whitelist functionality (GMail has some whitelist settings for paid workspace accounts, but these are for bypassing spam filters, not for bypassing a default global block). This kind of restriction at the server level is something you would probably have to configure in a self-hosted provider (and self-hosting email in the modern era is a can of worms that I wouldn't recommend to anyone).

However, it should be doable in a mail client with filters or other settings, assuming that the threat model here is your dad reflexively falling for a phishing scam that arrives in his inbox, not your dad going out of his way to bypass your filter settings and find the phishing scams in the location where you hide filtered mail.

You can set up filters in GMail: for example, a rule like NOT from:(friend1@foo.com OR friend2@bar.com OR friend3@baz.org) which labels the message as DUBIOUS and archives it.

This may be easier to do in a different dedicated phone mail app with a security focus. Unfortunately I have no specific recommendations because I just use my phone as an away-from-home substitute for my desktop computer, and the standard GMail app is fine for this. FWIW I've had a GMail account for decades, it's probably been exposed just about everywhere by now, and I hardly ever see a spam message unless I go to look in the spam folder.
posted by confluency at 12:29 PM on March 14 [1 favorite]

Do you trust him to never enter credit card or bank information on the internet? (You could maybe help him get set up with a virtual credit card that has very strict and low limits on monthly spending, to use in the app store or for subscribing to a newsletter or whatever--but it seems like it would be simplest to just tell him not to spend money via the phone).
posted by rivenwanderer at 12:32 PM on March 14

I would be more concerned about handing him a device with Android 10, which is several years old, and with the Moto G7 not receiving security updates since early 2021.
posted by tubedogg at 1:24 PM on March 14 [1 favorite]

Generally, it's better to hand him a cheap modern phone than an old phone, as the cheap modern phone would still be covered by security updates.

There are phones with simplified interface and locked down so he can't get into much trouble. Something like a Lively Jitterbug Smart4. Monthly plan starts at $20, with higher tiered plans offering more concierge type service.
posted by kschang at 1:45 PM on March 14 [1 favorite]

And you can set up a white list but there's no guarantee that the people on that list won't forward garbage to your dad.
posted by gerygone at 3:04 PM on March 14 [3 favorites]

FWIW I set up my family's phones with AnyDesk. Then I can easily log into them any time - from my phone or from a computer or whatever - and set things up or whatever. It makes things pretty much as easy as being there in person. You need to get it all set up and tested on both devices some time when you physically have both of them in the same location (it's possible to set up remotely but depending on the non-techy person to press the right buttons and such can be a challenge - it's just far easier to do it all yourself. Make sure to write down all necessary numbers, passwords, etc, and then test logging in to the other device a few times. Once you can do that, the most the remote person might have to do is power the phone on, maybe start the AnyDesk app.)

RE: Android 10, personally I would not be excessively worried about security vulnerabilities of Android 10 per se, vs the other types of vulnerabilities someone is going to be susceptible to (some of which you identified above) that will not be solved even if you could move him up to Android 20 super cyber lockdown version or whatever.

However: If you want to move the phone to a more recent operating system, it looks like the G7 is compatible with LineageOS and you can go all the way up to LineageOS 22.1 (Android 15).

It's something of a pain to fiddle around with the bootloader blah-blah-blah and do all that setup, but I did it with a G7 Power and it worked very well.

So that is a viable option if you don't mind spending a few hours on it.
posted by flug at 4:14 PM on March 14

Why a phone? If he is not going to make calls, he can have a much better experience with a tablet, or even a Chromebook.

There are controls meant for parents to limit what their kids can do.
posted by SemiSalt at 6:00 AM on March 15