Well, we are in a new era in 2017, so nice once again to look at how to stay safe and private in this new age, here are some recommendations.
For the truly tin foiled hat paranoids
Remember just because you are paranoid doesn’t mean you don’t have people snoopy into your digital life, so here are some recommendations from Bruce Schneier. Note that as always, the actually applications these guys produce can be hacked, but you have to trust someone.
- Signal. While there are many secure messaging applications out there, this one is open source and really protected. The main issue is that the other person has to be on Signal too. So I get maybe a message month, still it is the safest.
- ProtonMail or Lavabit. In the post Snowden era, this seems way more practical than trying to use OpenPGP keys etc. They do allow web browsing of your mail by the way.
- Tor Browser. This browser is slow, slow, slow and disables just about anything useful, but it is the safest out there for looking at cnn.com without anyone knowing you are doing it.
- Air Gapped PCs. They do seem take their security seriously and if you keep your connection time to the internet at a minimum. Some would say never connect it and use a hand scroll to copy notes from an air gapped machine to another, you should be safe.
- Veracrypt. With TrueCrypt dead, the best source of on disk encryption is still open for me. But basically you have to encrypt the files that really matter. I need to give this one a try, but it uses Fuse to create a new file system handler so it is pretty transparent. You can get Fuse for OS X from Macports or from Homebrew by the way
- Hashed user names. It is pretty useless to use all this if you just use the same user name for everything, so you want to create a random user name for everything.
Tinfoil bootstrap
Ok, for the double double paranoid, the question is how you got your laptop in the first place and how to prevent recognition given all the cameras out there in the real world.
- Wear sunglasses and a hoodie. OK there are lots of security cameras, so people are selling actual camo gear to confuse image recognition (I said this was about the paranoid didn’t I?).
- And of course take public transportation and map the cameras so you to find some blind spots and change your clothes in them. OK I feel like Jason Bourne now.
- Burner phone and laptop. Walk into a store (preferably about miles from you usually live) with your camo gear and buy a phone. You’ve seen it on Breaking Bad I’m sure and change them often. It’s good that burners and chromebooks are so cheap now 🙂
- Tails . Run the operating system for your laptop from a USB key so you don’t have to worry about viruses. OK, this is getting a little crazy!
- Make sure that when you turn on your laptop or phone, it is in a very public spot as your MAC id on your laptop and IMEI on your phone do identify you the local cell phone tower or access point. You can spoof your Mac ID, I’m not sure about your IMEI
- Throw away your phone and laptop regularly.
For the concerned but practical
If you actually want to talk to more than the 3 tinfoils people in your life here are some other choices.
- WhatsApp. This actually uses the same open source security protocol as Signal and is end to end encrypted. You can tell because Facebook gets in trouble all the time around the world with this applications. It’s less secure than Signal, but more people use it.
- iMessage. Another proof by example, but this should be reasonably safe which SMS definitely is not.
- Private Internet Access VPN. You have to trust your VPN provider, but this will at least get you partially there. These guys are outside the US, so maybe a little safer.
- Startpage. If you do not want Google to track what you do then you want to use an anonymize for your queries. Startpages is one of these companies that give you some protection.
- Apple Encrypted DMG and FileVault. Turn on file vault to on disk encrypt your hard disk. And for really secret stuff create an encrypted DMG on top of that.
- 1Password. They have a zero knowledge system of storage so that they do not know what is being encrypted which also means if you forget then your keys are lost forever, but in the world of encryption, they allow you to use really random passwords.