Episode 31: Three Steps to a Safer Digital Life
Small Changes to Implement That Pay Huge Dividends for Online Privacy
It sure feels like this, sometimes, doesn’t it?!
I don’t know about you, but in the past year, I’ve been bomBARDED with news stories about privacy and security on the internet. Good: I love seeing that kind of progress! When I first started writing about matters of security and privacy for Medium back in 2017, I was one of only a few writers who understood that these matters were so crucial for the future of everyone’s online lives, not just for techies and dweebs. I consider it encouraging that more people - even those who aren’t technical - are talking about these topics now.
Only, how do we separate the signal (the important matters) from the noise (everything else) when it comes to these important topics? For me, it’s always best to focus on the basics. Those basics are:
Making small, reasonable changes which are simple enough that almost every person can do them, regardless of their technical abilities.
Leveraging the use of cheap or free technologies so that cost isn’t a barrier for most people.
Maximizing security and privacy when its needed most and leaving it behind when they aren’t.
Much has changed in the tech world since I wrote my first piece for MacTech magazine way back in 2009. What hasn’t changed is the approach that I advocate: simplicity, honesty, and self-empowerment.
So, my friends: let’s get back to basics, shsll well? As always, there is one very importat caveat:
There’s no such thing as perfect privacy or security online. There are only best efforts and best practices.
With that in mind, let’s dive in…
The Best Browsers For Security & Privacy
For Solid Privacy: Brave Browser. Cost: free.
Can you use Chrome and load it up with a bunch of effective privacy blockers like HTTPS Everywhere, Privacy Badger, and uBlock Origin? Sure, you could. But why bother?!? Chrome, which is made by Google, is designed to provide your data to others. “Don’t polish a turd,” as my dad would say: choose another browser.
Brave is a browser that’s open-source which means that anyone - ANYONE! - can have a look at the code, spot errors, and then fix them. It also means that anyone trying to put malicious code into Brave will be quickly spotted. This is why open-source software is considered “best in class” over commercial software.
Brave has made its security and privacy-minded browser extremely easy to use: just download the application, install it, and start browsing. That’s it. By default, Brave activates security and privacy settings that will block ads, tracking cookies, fingerprints and other kinds of malware. Wanna see how many ads, trackers, or cookies it’s blocking? Of course, you do! Then look no further than the orange Brave lion icon at the far right-hand side of the URL bar, shown here in a blue square. Click that icon for more information about what’s being blocked and a window opens revealing more:
There are many great reasons to use Brave but, honestly: given how easy it is to use, given how fast it loads web pages, and given how well it protects your privacy/security online, there’s no need to explain more. Give it a try. If you don’t like, I’ll refund the cost of your purchase.
That’s a joke: it’s free. 😂
Brave is available for every major desktop and mobile OS.
For Top-Tier Privacy: The Tor Browser Cost: free.
What if the US Navy took a tricked out version of the popular Firefox browser and made it work by routing every user’s internet data through three, randomized servers run by volunteers located all over the globe? Not safe enough? Well, how about encrypting your data three different times, each time one of the new servers relays it forward? Well, friends: this is something called “The Onion Router”, better known by its acronym: TOR. The Tor Browser is a fascinating and devilishly smart invention that prevents almost everyone from gathering your information.
The technology baked into TOR is kind of miraculous. Among other things it:
Prevents surveillance from hackers, corporations, and governments by making its users anonymous
Allow citizens of repressive regimes to visit websites their government has censored or restricted
Allows journalists and others who require private communication to go about their jobs
Provides access to the “Dark Web” a rather enormous portion of the internet that isn’t available on regular web browsers.
What’s the catch? Just one: the Tor Browser is slower than any other browser. That’s because it’s far more secure than any other browser. Encrypting your data three times as it routes through three random servers in three different global locations takes some extra time, yes. But if you need top-tier security and privacy, then so what? Have a cup of chamomile, chill the hell out, and enjoy knowing that most people on the planet won’t be able to track who you or what you’re doing while you’re using Tor.
Just remember: be smart! Never use TOR for the kinds of casual browsing which you usually do. That will only identify yourself. Therefore, if you’re browsing on TOR, just avoid any of the following:
logging in to your social media sites
entering your name or address on any web form
logging into your bank’s website and paying bills
Instead, use TOR for the kinds of activities that you’d prefer to keep anonymous and away from prying eyes:
learning about topics which your government censors
researching controversial or dangerous subjects
protecting the IP of your business by hiding your online patterns and routines
Some of you might be tempted to think that those desiring that level of privacy or security equates to illegal activity. In some cases, that may be true. In some countries it’s illegal to view content that the government deems unsafe. This might include pornography, independent journalism, and other programming that others decide is off limits to their citizens.
My take on this is that all adults deserve the right to seek whatever knowledge they wish for themselves without anyone - a dictator, an oppressive regime, an unjust law - preventing them from doing so.
Bonus Note for Purists: Firefox. Cost: free.
Look: some of you might insist on using a browser that requires all kinds of fancy tweaks and changes so you can be super specific about what kinds of data you want your browser to allow. I get it. But most of my readers don’t have 3-4 hours to figure out how to use property lists or XML configuration files just to make their web browser safer. That’s why I recommend Brave. It just works out of the box.
But… for those of you who are angling for total control over security, then Firefox is your browser. Download the long-championed browser here and then use this guide to tweak the configuration so you can make it extremely secure.
Now stop complaining in my inbox. Sheesh.
The Best Messaging Applications For Security & Privacy
For those who’d like to be able to text with friends, family, and business colleagues with increased (or full) privacy, here are the key technologies to look for in the solutions you’ll eventually need to choose:
End-to-end encryption: Also called “E2EE”, this technology means that no one — not even the company hosting the service — can read your messages except for you and the other person/people with whom you’re chatting.
Open-source: Open source software is considered the gold standard because the code is publicaly available for anyone to see, fix, or improve. Open-source is the opposite of commercially owned or private software such as Microsoft Word.
Stores little or no data: There’s no real privacy when the hosting company that makes your app keep bits and pieces of your identifiable information on their servers.
Disappearing or “self-destructing” messages: This tech, popularized by the social media platform Snapchat, allows you to set a time-limit on your messages to others, after which they self-destruct forever.
Screenshot notifications: Also popularized by Snapchat, this is a feature that alerts you when someone attempts to bypass your disappearing message by screen-shotting your text or image. That’s a big no-no.
Blocks third party keyboards: Yup, this sounds odd, but it’s possible for a malicious (or sloppy) coder to create a keyboard which has access to everything you type and can store that info on its servers. No, I’m not joking. Some messaging apps block these, a nice bonus feature. For those that don’t, please do yourself a favor and never use 3rd party keyboard apps. Instead, just use the default keyboards that come on your iOS or Android device. Thank me laters.
Deleting your messages from other people’s devices: Yeh, I know. This sounds like magic, but it’s true. Some of the newer secure messaging apps allow you to delete messages that you’ve already sent to others. Nice touch if you send something by mistake or change your mind later.
Password locking the application itself: If someone has access to your fingerprint, faceprint, or password, they have access to all of your data. Or do they? Not if you lock your secure messaging app with a different password… Nice feature when you can find it.
For Solid Privacy: Wire. Cost: free for personal use.
Some folks rank Wire as being more secure than Signal, my choice for top-tier messaging privacy. I disagree but I am swayed when public security professionals — like this well-known fella here — give the platform some praise:
Unlike Signal, Wire does NOT ask you to provide a phone number to be able to use its services. For many people, that’s incredibly important. I get it. Equally important to me: Wire’s easy-to-use, 100% open-source and has been vetted by outside security professionals although it’s been a few years. Hey, Wire: the clock’s ticking, gang. Maybe get another audit?
More than anything else: I like Wire because it offers something that Signal doesn’t: a security screen. So check this out… If the Wire app is open but not in use, it locks itself down from prying eyes. That means if I switch from Wire to browsing the web and then navigating back to Wire, I will NOT be able to see all of my in-progress chats. Instead, I’ll be met with a Touch ID/Face ID challenge to unlock Wire and see what’s on the screen. Very smart feature. It prevents someone from grabbing my still unlocked phone and having immediate access to all of my unencrypted messages. Here are the app preferences I’d recommend to set, including THAT one which you’ll see in red at lower right:
By the way: here’s a short video I made that you all need to see.
While it demonstrates how Wire’s password lock screen works it ALSO demonstrates how Apple’s Safari and Messages actually reveal the contents of the running apps. While minor, this is a security hole and something to be aware of for those of you who want to lock things down. You’ll notice in the video that more secure apps like Brave, Signal, and Wire block what you can see on the screen while app switching in iOS, a more secure solution when it comes to privacy.
For some of you, that kind of privacy is worth having, so be aware:
After this email went out, I was contacted by one of my passionate and knowledgeable readers who offered the following. I thought it was a worthwhile counterpoint to what I’d offered about Wire and so, with his permission, I’m including it here. In our correspondance, we discussed his rather strong dislike for the Wire application - especially for enterprise or corporate communications - and how other apps were more worthy options:
I know the developers of Threema GmbH, and while I don't agree with their decisions sometimes (like prioritizing implementation of emojis over more useful functionality such as conference capability), it is a highly reliable, secure, and working application and I don't think I've ever experienced a pull-out-your-hair level of frustration due to the app simply not doing what it says it does.
Wire, on the other hand, while we were attempting to utilize 100% of its functionality, didn't work the way we wanted it to as much as 30% of the time, and I thought about this number a lot to ensure a lack of exaggeration. I'd use and recommend Signal or Wickr with Silent for calls over Wire any day of the week.
For Top-Tier Privacy: Signal. Cost: free.
Signal is considered best-in-class by most security/privacy experts. It’s easy to use, 100% free, funded entirely by a non-profit organization, is totally encrypted and is available for all major desktop and mobile operating systems.
Did I mention how easy it is to use? It’s SO easy, you’re probably using it already. No, I’m not joking. Turns out: Signal isn’t just an application you can use, it’s also an entire messaging ecosystem that’s used by other companies as their own platform. That’s right tech lovers! Signal’s messaging platform is actually the foundation for Whatsapp, Wire, Skype’s Private Conversations and Facebook Messenger’s Secret Conversations. So do yourself a favor and ditch all of those other copycats and wanna-bes and go with the original and still fabulous recipe, dig?
Signal is open-source software which offers:
End-to-end encryption for audio, video, and text communication
So what’s not to like?!? Well, there is one thing, actually. Some extreme privacy supporters continue to fault Signal for requiring a phone number to register. I get it: providing a phone number is a big no-no for people who are afraid that their government is monitoring or spying on them.
But here’s the thing: Signal doesn’t care which phone number you use. They only require that you use some phone number. Don’t want to use your own phone number? Fine! I support that! Then go get a free, alternate phone number from TextNow, Google Voice, FreedomPop, or TextFree.
Bonus Info for my Hardcore Privacy Fans:
Once you’ve installed and set up Signal on your device, I recommend using the following toggles in the Privacy portion of the application’s settings to best maximize your privacy and that of the people with whom you are communicating. There’s no sense in using a best-in-class private messaging system if you set up to allow others to easily have access to your data, right?
The Best EMail For Security & Privacy
Yes, you use Gmail. So does everyone. If not, they probably use Yahoo, Outlook, or (gasp!) Hotmail or AOL. Fun fact: did you know that 2.1 million people still use AOL?!? If you’re like me, that probably makes you barf in your mouth a little bit given how insecure AOL is and how God-AWFUL it’s graphical user interface (or GUI) is. Some people like what they have. Amen. More power to you folks.
But for those of us who need to use email to send sensitive or secure documents, there’s honestly only one real choice in this category, so let’s just jump right in:
For Top-Tier Email: Proton Mail. Cost: free.
If Signal were designed for email, it’d probably look a lot like Proton Mail. It’s an extremely secure platform, designed by scientists from CERN and MIT, and keeps its servers located in a secure vault in Switzerland that’s buried one kilometer under ground. No, I’m not joking. The place is a decommissioned Swiss military bunker dug into a granite mountain. I mean… come ON, right? Pics and videos here for those geeks and dweebs that want a closer look.
Proton Mail leverages a very humorously-named technology known as “Pretty Good Privacy” (or PGP) that encrypts your emails, making it impossible for ProtonMail or anyone else to read them. What’s so great about ProtonMail’s version of PGP is that it all happens behind-the-scenes, by default, with no extra work or setup required on your part. If you’ve ever tried to install and use PGP (I sure have), then trust me when I tell you: this is a far, far easier solution.
As using PGP is essential for private email communication, it’s esessential that you and all of your most secure contacts all use it. In a perfect world, the easiest way to make this happen is for everyone to have free accounts on ProtonMail and to only email each other using that system.
Why It’s So Good At What It Does:
Proton Mail doesn’t requre a phone number or email address to set up your account.
Like Wire, Proton Mail offers a screen lock security pin so no one can see your screen, even if they pick up your unlocked phone and launch the app. TouchID/FaceID are also possible, but I wouldn’t use those.
Like Signal, Proton Mail offers disappering (they call them “expiring”) messages.
Proton Mail offers password protected emails for one, extra layer of security.
All of this and they continue to offer a free tier of service??! Yes, please.
Currently, there is no email service which can encrypt your email’s metadata, that’s your subject line, IP address, and other revealing information. PGP only encrypts your email message. Email was designed as an inherently open and is, therefore, an unsafe medium for communicating about private matters in the current age. Therefore, build that knowledge into your security gameplan! For those who need the highest levels of security/privacy but still need to send email:
Use Signal to alert contacts that you’ll be emailing them
Only use subject lines that are neutral or misleading
Use a reputable VPN service when going online
After logging into your VPN, use the Tor Browser to surf to Proton Mail
And that’s a wrap for today’s episode, everyone. Thank you again, for reading and for being a subscriber. Let me know your thoughts & questions in the comments section. All subscribers can read & leave comments.
As always… surf safe.
Click here for my guide on how to choose a privacy-focused VPN.
If you’re looking to set up a VERY secure iPhone, click here.
To learn how to remove your personal data from the web, click here.
For a super cool way to NOT give your personal email address to everyone, click here.
Click here for a crash course on how to keep your devices updated.
Lastly, please know that some links in this story pay me a small commission if you decide to purchase a product that I’ve recommended. While it’s not a lot of money, I need to be transparent. Every product and service I recommend are those I’ve personally purchased, tested, or use myself. Other recommendations may include products that I’ve deeply researched before making a recommendation.