A Simple Guide to Digital Privacy and Security

The information below will teach you how to securely communicate and encrypt your personal devices (phones, laptops, computers, storage, etc.).

I have written this article without complicated technology jargon, and an understanding that many of my readers and supporters are young adults entering a world that is rapidly changing. It is important to note here that if the technology that needs to be protected is for a business then using advanced computer security for businesses, from companies like SimplicIT can help set up your security systems and guide you into the right direction. However, for information about how you can personally help to protect your computer systems, then just follow these tips.

Edward Snowden: “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”

Use a VPN (Virtual Private Network)

A Virtual Private Network, or “VPN”, is a group of computers networked together over the Internet.

A common use of VPNs is to connect a series of business computers together remotely. Consumer usage of VPNs has often been as a substitute for proxy services such as those hosted on https://free-proxy-list.net/ which people use to bypass region-locks on websites and content.

However VPNs have the potential to fully encrypt one’s internet data, meaning it is difficult for another person to access what you have done on the internet. As such, VPS are being used increasingly by consumers and civilians for secure communications when using an untrusted network.

When you connect to a VPN your computer and client exchange ‘keys’ with a far away server, encrypting your data and securing it from outside threats. The goal of the VPN is to secure all the data you’re sending and receiving through encryption.

Both Android and Apple devices support mobile VPN use (I encourage the use of Apple devices following their recent stance on supporting consumer privacy, and refusal to decrypt devices for Government agencies).

For an exhaustive list and guide to some of the best VPN Service Providers, see here.

Do not use text messages

Text messaging is a legacy system, and rides off of the back of existing telecommunications data and signals. While it is convenient to send a text message, it is an extremely vulnerable system, and every text you send is stored with your telecommunications provider.

This means that at any time law enforcement or Government can request entire copies of your text message and communication history, and your telecommunications provider has to comply (under specific circumstances such as a court-ordered warrant).

The most convenient solution to this is to use Apple’s iMessage system. iMessage is recognised by the Electronic Frontier Foundation as one of the most secure consumer communications platforms. It is so secure that Apple have repeatedly stated they do not have decryption keys for any user’s devices.

An excellent solution for Android users is TextSecure, developed by non-profit organisation Whisper Systems, a company with experience in the development and research of open source encrypted communications.

Do use secure messaging platforms

Verbal communication remains one of the most truly secure ways to communicate with other people, but even that has vulnerabilities, for example: do you trust the other person? Will they communicate under duress? Are your conversations being recorded externally? Sometimes it is not possible to meet with another person physically.

There are many online platforms for secure communication, many of which are free and open source (so people can check the code and look for security flaws and vulnerabilities). One of the most popular (and one I have used a lot) is CryptoCat. CryptoCat is an open source web and mobile application that allows secure, encrypted communications between multiple parties using end-to-end encryption.

Unlike iMessage, which exists purely as a consumer service, CryptoCat’s expressed goal is to make encrypted communication more commonly accessible to users of any background, creating a bridge between personal security/privacy and usability. CryptoCat was used by Edward Snowden and Guardian journalists to discuss the NSA’s domestic and international illegal spying program, PRISM.

CryptoCat is available on mobile devices, and features inbuilt authentication software that allows you to ask a “Secret Question” to the other party. Make this something only you and the recipient would know, which adds another level of security.

Alternatives to CryptoCat for mobile include Signal and Wickr, both highly secure, open source applications that received a perfect score from the Electronic Frontier Foundation. Wickr was ‘famously’ used by Australian politicians to plot a leadership spill. I have used Wickr to communicate with military personnel and sources in Ukraine’s east.

Ultimately, when using web applications, it is important to consider security at all times. Moreover, in case you were not already aware, web application security is the process of protecting websites and online services against different security threats that exploit vulnerabilities in application coding. Common targets for web application attacks are content management systems, database administration tools and SaaS applications.

Accordingly, if you would like further information about software testing, the Open Web Application Security Project (OWASP), and even some of the most common security flaws, then you can find out here. Above all the more steps that you can take to protect yourself, the better. All software needs layers of protection to assist in mitigating any disasters that may strike, businesses need to know that any software they are using will not become compromised, putting their systems in jeopardy. For more protection, checking out articles such as – https://www.mirantis.com/software/docker/security/ will help show what steps to take to make sure security runs throughout the software application.

Use strong passwords

Weak passwords can be broken by automated computer programs easily accessible through the internet.

The best way to defeat these brute force methods is to use a difficult password, one with numbers and both case-sensitive and special characters. There are various tools online such as The Password Meter that allow you to strength check your password.

Use different passwords for different platforms. This is a great way to avoid someone compromising your entire online presence, or gaining access to all of your devices simply because they knew one password.

If your devices are taken or stolen, a strong and secure password is your best bet to ensure that your personal data and information isn’t exposed.

Encrypt your storage devices

Storage and device encryption is an effective and simple way to ensure that your data privacy is maintained, especially in the event your hardware is taken or stolen.

In the age of the internet, encryption solutions have become far more prevalent and are no longer a niche solution for the technologically-advanced among us. Many entirely-free, open source encryption solutions exist, including popular tools such as VeraCrypt and BitLocker, which is built into many Windows installations by default.

For Mac users, Apple continues to support FileVault, a highly secure encryption software built into the operating system itself. FileVault uses your login password as the encryption/decryption pass phrase, so be sure to use the previous tip and include a strong password.

Use Tor Browser

Tor Browser (or “Tor”) is a free Internet browsing program that allows the use of secure browsing and communication. Like CryptoCat, Tor’s main goal is to allow the use of secure browsing and communications for users, recognising internet privacy and security as highly important.

Tor directs your internet traffic through a free, global communications network that consists of more than 6,000 relays. This hides your location and identity, making it extremely difficult for you to be located or detected as the source of internet traffic.

Unlike common browsers such as Google Chrome, Tor does not include tracking/cookie code, and does not remember visited websites. Tor can be used inside an encrypted drive/volume to completely hide all traces of anything you browsed or used to communicate with another person.

Feel free to Contact me with any questions, including advice on how you can better secure your devices and online communications.

Disclaimer: All of the advice above is exactly that – advice. I encourage you to do your own research, and come to your own conclusions.

Bryce Wilson is a photographer, filmmaker, and freelance photojournalist from Melbourne, Australia.