Use Encryption



This blog post is inspired by this article on Medium: How to encrypt your entire life in less than an hour. I decided to add some thoughts and notes to the initial idea, and below are set of steps you can take for improving security and safety of your digital life.

#1. Use two-factor authentication

Enable 2-factor authentification on all services you use: email, Google Applications, web bank, etc.

Switching to Apple’s two-factor authentication.

Here is a good web page which tracks websites and whether or not they support 2FA.

#2. Encrypt your hard drive

All of popular operating systems support partially and full disk encription.

There are plenty of good tutorials on this topic in the Internet. For example, here is a good article on full disk encryption on a Linux-server from Linode. And here is official documentation on configuring disc encryption on mac OS X. Also, good article on maximizing filevault security on mac OS X.

#3. Turn on phone-password protection

Enable PIN-code/password protection on your smartphone. Many mobile applications also do support password/PIN protection, don’t neglect it.

#4. Use different password for each service

Consider of using 1password, lastpass, or another similar service for generating, storing and syncing your passwords. Use different passwords for every service or web site.

#5. Send private messages with signal

Use Signal for sending messages and making calls, - it is built basing on an open source code, and its good crypto is confirmed to be good. Also consider of using Telegram Messenger, whose UI looks better than Signal’s, and also it has more features. Altough, code base of Telegram is private so it’s impossible to estimate if it has any backdoors or if its crypto is really good. Note that code base of Viber, Skype, Whatsapp, and other well known messengers is also private, so you can’t be really sure that KGB won’t read your messages that you sent via these apps. Here is a good and detailed article on starting with Signal and strong crypto.

#6. Use tor

Use TOR, - it’s a kind of «dark net», which also can be used for anonymous accessing old good Internet. But please remember that it doesn’t 100% guarantee anonymousness. Here is short but useful introduction into installing and using TOR under macOS.

#7. Use duck-duck-go

Use DuckDuckGo for searching through Internet. Google is better in searching data in the Internet, although it tracks and stores a lot of data about you. Also see item #16 for more details on Google.

#8. Use bitcoin

Use bitcoin, but remember that it is NOT anonymous. They CAN trace you through bitcoin transactions. Other cryptocurrencies provide more anonymity, but most of them are still «beta».

#9. Use encypted backups

On macOS, use Time Machine with enabled encrypion. You can also use alternative solutions, such as tarsnap, but don’t forget to encrypt you backups.

#10. PGP

Use PGP for encrypting and signing files, emails, and other kinds of data. Also, read about 15 reasons not to start using PGP (yes, PGP is not silver bullet) about possible concerns, cons and pros of using PGP. Also, PGP is not supported by native applications on most platforms, so consider of using S/MIME (see item #11).

#11. Use S/MIME for emails

S/MIME can be an even better alternatve to PGP for encrypting and signing emails. It is also natively supported by all most popular devices and platforms. Here is a great article on configuring S/MIME on iOS devices, but you easily can find relevant instructions for Android, MS Windows, and other platforms.

#12. Yubikey, 2FA or TOTP for SSH

If you use SSH for accessing your servers, consider of using two-factor authentication: One-Time Passwords for Two-Factor Authentication with SSH. Also, Yubikey might be a good alternative.

#13. Encrypt your mobile

Check if your mobile device does support data encryption, enable it if so. Here is a good example on iPhone encryption.

#14. Advanced security for specific platform

Check safety/security options for your specific platform/OS. For example, here is a great article on security for OS X, but it also gives general view of the topic that might be relevant for other platforms too.

#15. Encrypt files in clouds

If you’re using cloud services such as iCloud, Dropbox, Box, and others, you should know that you can’t be sure they actually encrypt your data. To make sure that NSA and KGB can’t read your data, you should encrypt your data before you sent it to the cloud. There are couple of ways for doing the trick. One of the ways is to use file system encryption libs.

#16. Disable Google MyActivity

By default, Google tracks and stores a lot of data about you: search words, GPS coordinates of your movings, YouTube history, etc. Review Google MyActivity and you ight be very surprised of how many Google knows about you. Clear the history data, and disable tracking if you don’t want Google to spy on you.

#17. Use anti-spy software

There is a kind of software that can track all suspicious activity on your computer and block it. For example, take a look at LittleSnitch - it can track network activity on your computer, so you can be sure that no any software on your machine is making any hidden unauthoried connections stealing your data. Also consider of using LittleFlocker, which can track and block suspicious software activity on your computer: unauthorized using of video camera, mic, starting applications, and other.

#18. Don’t use Google Mail

Google (like many other companies) is well-known to like tracking as much data about you as it can, and this can be very bad for your privacy and for your business. Thus, Google Mail is very comfortable and has great features, but once upon a time it might be threat for you. There are many alternative email services that were not spotted as being tracking their customers. Here are a pretty good article on moving from GMail to FastMail. But probably even better would be moving to ProtonMail, - an email service that is all on security and safety. If you have your own virtual server, consider of using your own hosted email solution.

#19. Beware social networks

Social networks (like Facebook) also track your activity and store a lot of information about you. Here is great intro on getting your loved ones off Facebook. Also, check out this nice article on reclaiming your privacy in social networks.

Any updates and peer requests are welcome.