Complacency with privacy invasion has become our 6th sense. Handing over the intimate details of our lives to corporate and government stooges has become a virtue and . It should come as no surprise that, even for a society dripping with tech-savviness, the average person would rather their government than to take action themselves. According to : civic duty act Pew Research Six-in-ten Americans (61%) have said they would like to do more to protect their privacy. Additionally, two-thirds have said current laws are not good enough in protecting people’s privacy, and 64% support more regulation of advertisers. In an effort to get you off the sideline, here is a list of basic tools that involve little-to-no effort and are either free or extremely affordable. By no means is any tool 100% full-proof in keeping prying eyes out (it is very likely nothing ever will be), but rather, make it extremely difficult, time-consuming and costly for those seeking to molest your privacy. Turn Off Mobile Device Biometric Security — Facial or Fingerprint Scanning Apple’s Face & Touch ID were revolutionary for mobile identity authentication. It’s , but . To the average person, these features are more about convenience than a̶ ̶f̶a̶l̶s̶e̶ ̶s̶e̶n̶s̶e̶ ̶o̶f̶ security. tough to beat not impossible Even still, there’s one fatal flaw to biometric security: they are routinely included in warrants, making it simple for police to access the contents of your phone. This is exactly the permissions for those alleged to have satiated rapper Mac Miller’s appetite for drugs. the DEA requested FBI report detailing text messages between Mac Miller (McCormick) and his alleged drug dealer, Cameron Pettit. WHAT TO DO INSTEAD You should be using an alphanumeric passcode. Better yet, use a passphrase. By default, most devices have you choose 4 or 6 numbers. As Johns Hopkins Professor of Cryptography Matthew Green would tell you, that's pretty easy to crack. By using a passcode or passphrase rather than a biometric authentication, you are free to invoke the 5th amendment… or a strange case of amnesia. HOW TO DO IT iPhone/iPad users Android users Signal — Encrypted Text Messaging When Edward Snowden revealed the massive by the NSA, had knowledge of the program, and yet a massive majority did not alter their use of technology. data collection campaign 87% of Americans is an communication tool for your phone and computer that allows you to send encrypted messages. Being open source, the software’s code has been peer-reviewed and audited for gaping security holes or government backdoors. In fact, Signal was issued a federal subpoena and, because the company keeps minimal logs and does not own or see your encryption keys, they . The same for WhatsApp, a popular, Facebook-owned s̶e̶c̶u̶r̶e̶ messaging app. Signal open source weren’t able to produce much can’t be said There is one catch, though — whoever you are messaging also has be using the Signal app. Make sure to spread the word to your friends, family and/or drug dealing mistress. ProtonMail — Encrypted Email Email still remains one of the most dominant forms of communication, in particular for businesses, and so it is constantly being attacked through ever-evolving holes. Other times, users just . open up the front door Protonmail.com takes the security of AES, RSA and OpenPGP encryption and makes it accessible to the non-techie. Based in Switzerland, who happens to have some of the strongest privacy protection laws in the world, ProtonMail’s servers are stored under 1,000 meters of solid rock. So take comfort in knowing that nuclear bomb won’t stop your email from reaching Grandma. ProtonMail Keep in mind that this is still a centralized solution and thus, you are trusting a 3rd party to transmit/store your data, even if they may not be able to access it; it may be worthwhile to read . ProtonMail’s response Full-Disk Encryption Encryption and cryptography are complicated topics to comprehend and even harder to explain. In it’s simplest form, think of it like this: to protect unencrypted data on your computer is like relying only on your home’s door locks to keep intruders out — they could still kick the door in, break a window, etc. If they did manage to get into your home and you were using encryption, the entire contents of your house would appear invisible unless they knew the special password to make it visible (decrypt) again. using a password Townsendsecurity.com iPhones have had hardware-level 256-bit AES encryption built-in since the iPhone 3GS. Since iOS 8, if you have a passcode, even Apple itself . Google has taken similar steps in Android. can’t unlock your phone Apple’s FileVault is off by default on Mac computers, but is . simple to turn on For Windows or Linux (or Mac), I recommend . Veracrypt Virtual Private Networks A Virtual Private Network (VPN) is a simple concept that has been around for decades. They can be purchased for cheap monthly or annual fees. You’ll see VPN services offered for free, but it’s better to avoid these since they’re often slower than paid services. Many of these companies are set up in countries with strong privacy/data protection laws (Germany, Switzerland, etc.). And while it is a secure method, it isn’t without flaws. One of the key things to look for when selecting a VPN is reputation and whether or not the company keeps activity logs. Most will claim that they do not maintain user information or activity, but that’s . clearly a sham That isn’t to say you shouldn’t use a VPN, but do not let it give you a false sense of security. Your data is encrypted and it helps keep out prying eyes, but remember, you are still relying on a 3rd party. A good review of many VPNs is available. Password Managers Password managers are essentially an encrypted bucket for you to store all your most important details inside of. One simple, yet effective way hackers access your accounts is by exploiting a flaw of the human brain — poor memory. Most people reuse the same few, memorable passwords across all their accounts. Unfortunately, these are usually insecure things like Password123 or Pen15Club. You can ignore how easy these are to because all it takes is you to have an account at one company that experiences a data breach. Banking on the fact that you’ll likely use the same password elsewhere, hackers simply go try those credentials on various other platforms like your bank account. brute-force Password managers allow you generate random passwords for each site you use to prevent the above scenario. It then stores all these credentials behind your encryption key. You might be asking yourself, well isn’t that like putting all my eggs in one basket? Sort of. You need to create a strong master passphrase that is long and memorable. sit chapel slaying degree Something like the above passphrase would take approximately to brute-force crack. However, you should use something with at least 6 words. Longer is always better, but not to the point it risks your ability to recall it. 6,000,126 centuries HOW TO DO IT (Windows, Mac, iOS, Android) 1 Password (iOS, Android; Chrome plugin works on Windows, Mac, Linux) LastPass (Linux, Windows, Mac, Android) KeePass For the truly paranoid, you can even use what is called . It works like this: Diceware A long list of words are assigned to 5 digit strings. EXAMPLE 16664 cleat 16665 cleft 16666 clerk 21111 cliche 21112 click Roll your die 5 times, writing down the resulting number for each roll. Lookup the resulting combination in the list from step 1 and write it down. Repeat 5 more times. The result is your new 6-word passphrase truly generated at random. Two-Factor Authentication A 2FA device that has been used for decades in the corporate world. Two-Factor Authentication, or 2FA, is an additional layer that protects your online accounts. After enabling 2FA and logging in to your account, a code is generated and sent to a secondary device you own, most commonly a text message to your phone. This code acts as an additional measure that you’re the person you are claiming to be. Obviously, the main security concern here is what happens if your phone is stolen? Well, hopefully you followed the rest of the advice above… More and more websites are supporting 2FA and even with its limitations, enabling 2FA is more secure than not using it. is readily available. A list of websites/services that support 2FA If you want want to take a non-SMS (text message) route, apps like generate something called a Time-based One-Time Passcode (TOTP). This is the software-based equivalent of the RSA SecurID pictured above. Authy Other Tools There are plenty of other ways to protect your privacy. Here are a few: Tools from the Electronic Frontier Foundation A for your browser d/tracking blockers Open-source, privacy-focused operating systems Privacy-focused browsers — & Tor Firefox Decentralized networking & apps Secure file-sharing like a Dropbox Host your own cloud server No logging/tracking search engine Cryptocurrency Decentralized social media to delete your account from web services A directory of direct links from your tracking you around the web Stop Facebook email or email Disposable masked/alias If you found value in this article, I’d be stoked if you bought me a beer — after all, it’s what fuels articles like this! Stay safe out there and please, if you have other tools or corrections, please leave them in the comments!
