VPNs: Why, when, and where?A virtual private network is a way to create a secure tunnel through the inherently insecure internet. Data packets are encrypted before they are sent to a destination server, which also results in IP addresses and your location becoming hidden. Many VPNs will also include a 'kill switch' that cuts off your internet access temporarily if connections drop in order to keep your online activity secure.
VPNs have now entered the mainstream. Many users will only adopt these services to access geolocation-blocked content -- such as websites and apps banned in select countries -- for example, a user in the United States could make themselves appear to be located in the United Kingdom, and vice versa.
However, VPNs have also surged in popularity in response to increased surveillance, making their use a popular option for activists or those in countries ruled by censorship.
(For a more detailed look at how VPNs operate,
check out our guide.)
VPNs are not a silver bullet for security; far from it, but they can help mask your online presence. It is worth noting, however, that VPN usage is banned in some countries.
FREE VS. PREMIUM VPNsPremium, paid services are often more trustworthy. Free options are often slower and will offer limited bandwidth capacity. VPNs cost money to run and so providers will also require users of free services to agree to alternative means for them to turn a profit -- and this may include tracking and selling your data.
Remember, when you are using a free service, whether it's a VPN or Facebook, you are the product and not the customer.
WHICH VPN SHOULD I USE?The most important element to consider when deciding on a VPN is trust. Using a VPN requires all your traffic to go through a third-party. If this third-party VPN is unsecured or uses this information for nefarious reasons, then the whole point of using a VPN for additional privacy is negated.
Conflicts of interest, VPN providers being hosted in countries of which governments can demand their data, and sometimes less-than-transparent business practices can all make finding a trustworthy option a complex and convoluted journey.
However, to make this trip easier, our favorites include
NordVPN,
Private Internet Access,
ExpressVPN, and
TorGuard. CNET has also provided an
up-to-date directory of good VPN options.
Passwords and vaultsThis kind of advice is repeated ad nauseam but it is worth saying again: using complex passwords is the first line of defense you have to secure your online accounts.
Thankfully, many vendors now actively prevent you from using simple combinations that are easy to break, such as QWERTY12345 or PASSWORD123, with dictionary-based and brute-force attacks.
However, it is difficult to remember complicated password credentials when you are using multiple online services, and this is where password vaults come in.
Password managers are specialized pieces of software used to securely record the credentials required to access your online services. Rather than needing to remember each set of credentials, these systems keep everything in one place, accessed through one master password, and they will use security measures such as AES-256 encryption to prevent exposure.
Vaults may also generate strong and complex passwords on your behalf, as well as proactively change old and weak ones.
It is true that many popular password managers and vaults do have vulnerable design elements that can be exploited on already-compromised machines, but when you balance risk, it is still recommended to use such software. Vendors with the best ratings include LastPass, Keeper, and Blur, but for a full range, check out CNET's
password manager directory.
ENABLE TWO-FACTOR AUTHENTICATION (2FA)Two-factor authentication (2FA) is a widely-implemented method of adding an extra layer of security to your accounts and services after you have submitted a password.
The most common methods are via an SMS message, a biometric marker such as a fingerprint or iris scan, a PIN number, pattern, or physical fob. Using 2FA does create an additional step to access your accounts and data.
How to enable 2FA:
Facebook |
Twitter |
Instagram |
Snapchat |
Apple iOS |
Google |
Microsoft |
AmazonTutorials for other major services can be found at
Turn it On.
You can also use standalone mobile apps to add 2FA to websites. Google Authenticator, available for
Android and
iOS, is a popular option, as well as
Authy.
Secure your mobile devicesMobile devices can act as a secondary means of protection for your accounts through 2FA, but these endpoints can also be the weak link that completely breaks down your privacy and security.
Both Apple iPhones and mobile devices based on Google's Android operating system have sold by the millions. Android has maintained the lion's share of the global smartphone and tablet market for years, but due to its popularity, the majority of mobile malware samples are geared towards this OS.
The open-source nature of Android has also opened the way for hackers to search for vulnerabilities in its code, but to combat this, Google does run a bug bounty program and consistent security patch cycle.
iOS, in contrast, is a proprietary operating system and iPhones are generally considered more secure -- despite the emergence of security flaws on occasion, which are almost laughable.
(Google has previously said that Android security is now as good as iOS, but we are still waiting to see the real-world evidence of this claim.)
PATCH, PATCH, PATCHThe first and easiest way to keep mobile devices on either platform secure is to accept security updates when they appear over the air. These patches resolve new bugs and flaws, as well as sometimes provide performance fixes, and can keep your device from being exploited by attackers.
To check your device is up to date on
iOS, go to
Settings >
General >
Software Update. On
Android, go to
Settings >
Software Update.
LOCK IT DOWNIt sounds simple, but many of us don't do it -- make sure your mobile device is locked in some way to prevent its physical compromise.
You can turn on your
iPhone's
Passcode feature to enter a four or six-digit passcode, as well as select the 'custom' option to set either a numeric or alphanumeric code. On iPhone X and later, go to Settings > Face ID & Passcode, while on earlier iPhone devices, go to Settings > Touch ID & Passcode. If TouchID is not a feature on your iPhone, the menu option will simply show Passcode.
On
Android, you can choose to
set a pattern, PIN number, or password with a minimum of four digits. You can choose by tapping
Settings >
Security & location/Security >
Lock Screen.
BIOMETRICSFace recognition, iris scanning, and fingerprints are biometric authentication options found on modern iPhones and Android devices. These services can be convenient, although it is worth noting that in the US, law enforcement may be able to force you to unlock your devices as biometrics are not protected under the Fifth Amendment.
FIND YOUR PHONEWe want to stop ourselves from being monitored without consent, but some technologies can be beneficial for tracking down our own lost or stolen property.
Find my iPhone is a security feature for iOS devices that you can enable to allow you to track your device through iCloud. The system also includes a remote lock to prevent others from using your iPhone, iPad or iPod Touch in the case of theft.
In order to enable Find my iPhone, go to Settings > [your name] > iCloud. Scroll to the bottom to tap Find my iPhone, and slide to turn on.
Google's
Find My Device can be used to ring a missing device, remotely secure your smartphone, and also wipe all content on your stolen property. The service is automatically made available by default once a Google account is connected to your device but it does require the device to be turned on, to have an active internet connection, and to have both location and the Find My Device feature enabled.
In order to do so, open
Settings >
Security & Location/Security >
Find My Device.
Other privacy settingsFOR THE IPHONEUSB Restricted Mode: A handy security feature introduced in iOS 11.4.1, USB Restricted Mode prevents USB accessories from automatically being able to connect to an iPhone if an hour has elapsed since the last time it was unlocked. In order to enable, go to Settings > Touch ID/Face ID > USB Accessories.
ANDROIDDisable the option to enable unknown developers/apps: If there have been apps you simply had to install outside of Google Play, make sure the "Unknown Sources" or "Install Unknown Apps" option is not left open afterward. Sideloading isn't necessarily a problem on occasion but leaving this avenue open could result in malicious .APKs making their way onto your smartphone.
To
disable it, select
Settings >
Security >
Unknown Sources. On the later
Android models, the option is usually found in
Apps >
Top-right corner >
Special access.
Encryption: Depending on your smartphone's model, you may have to enable device encryption, or some will be encrypted by default once a password, PIN, or lock screen option is in place. If you have such a device you can generally encrypt your smartphone through
Settings >
Security >
Encrypt Device.
Other models, such as the Samsung Galaxy S8, do not have this option as encryption is enabled by default but you can choose to
encrypt accompanying SD cards by going to
Biometrics and security >
Encrypt SD card.
You can also choose to enable the Secure Folder option in the same settings area to protect individual folders and files.
JAILBREAKINGRooting your device to allow the installation of software that has not been verified by vendors or made available in official app stores has security ramifications. You may not only invalidate your warranty but also open up your device to malware, malicious apps, and data theft.
An example of this is KeyRaider, a malicious campaign uncovered by Palo Alto Networks in 2015. The malware specifically targeted jailbroken iOS devices, leading to the theft of
225,000 Apple accounts and their passwords.
Encrypt your messagesThere was once a time when Pretty Good Privacy (PGP) was one of only a handful of options available to secure and encrypt your online communication that existed. PGP is a program that can be used for cryptographic protection, however, PGP is complicated to set up and use and there are other options out there that are more palatable to the average user.
If you still wish to use PGP, the Electronic Frontier Foundation
has useful guides on its implementation for
Windows,
MacOS, and
Linux. Vulnerabilities were found in the system last year but have since been patched.
keybase.io, an open-source app built based on PGP for mobile and desktop systems available for
macOS/iOS,
Android,
Linux, and
Windows, is another option for making use of PGP and end-to-end encryption without the technical difficulties usually involved.
There are a number of encrypted messaging applications:
SIGNALSignal is widely regarded as the most accessible, secure messaging service in existence today. Available for Android, iOS, MacOS, and Windows, the free app -- developed by Open Whisper Systems -- implements end-to-end encryption and no data is stored by the company's servers, which means that none of your conversations can be seized or read by law enforcement or hackers.
In order to use the service, you will need to tie a phone number to the app. You can also use Signal to
replace traditional SMS messaging, but the same encryption and protections do not apply unless both recipients are using Signal.
WHATSAPPWhatsApp is an alternative messaging app, which completed a rollout of end-to-end encryption across all compatible devices in 2016.
Available for Android, iOS, Windows Phone, Mac, Windows, and desktop, the messaging app is a simple and secure means to conduct chats between either a single recipient or a group. Having grown even more popular in recent years and now boasting over one billion users, WhatsApp is certainly worth downloading to replace traditional chat apps. However, to tighten things up, make sure you visit the Chat Backup option in "Chats" and turn it off.
IMESSAGEApple's iMessage, a communications platform that comes with Mac and iOS products, is another option if you want to secure and protect your digital communications.
However, this does come with some caveats.
Messages are encrypted on your devices via a private key and cannot be accessed without a passcode. However, if you choose to back up your data to iCloud, a copy of the key protecting these conversations is also stored -- and this has the possibility of being accessed by law enforcement.
In order to keep your messages truly private, turn off the backup option. Apple will then generate an on-device key to protect your messages and this is not stored by the company.
In addition, only conversations
taking place between iPhones -- rather than an iPhone and Android device, for example -- are encrypted.
FACEBOOK MESSENGERFacebook Messenger is not encrypted by default. The chat service does, however, have a feature called "
Secret Conversations" on iOS and Android -- but not the standard web domain -- which is end-to-end encrypted.
In order to
start a secret conversation, go to the
chat bubble, tap the "
write" icon, tap "
Secret," and select who you want to message. You can also choose to set a timer for messages to vanish.
A word of warning, however: Not only is Facebook constantly under fire for its attitude to the privacy and security of its users and their data, but US law enforcement is reportedly
attempting to pressure the social network into planting a backdoor into Facebook Messenger to monitor conversations.
With other end-to-end options available, it's not worth the risk.
TELEGRAMTelegram, which received over three million new signups during the Facebook outage in March 2019, is another popular chat application worth noting as many presume chats made through this app are automatically secure and encrypted -- which is not the case.
Available for Android, iOS, Windows Phone, macOS, Linux, Windows, and desktop, Telegram is not encrypted by default but does have a "Secret Chat" option that is end-to-end encrypted and kept away from the Telegram cloud. These particular chats are device-specific and include a self-destruct option.
It is also worth keeping an eye on the rumored, upcoming Facebook Messenger, WhatsApp, and Instagram merger. Facebook CEO Mark Zuckerberg has reportedly ordered end-to-end encryption services to be added to the combined platform to create secure, cross-app messaging, which may make the combined service a future possibility for secure chats. However, the integration is not expected to be ready for commercial release until 2020.
source
