TFC’s tech guru answers some questions about how to secure your devices

 

(TFC) – For the non-technical persons who wish to have a baseline of security/privacy, here are the answers to the questions I get asked often:

Mobile devices:
Apple OS has generally less malware than Android OS.
Both are quite insecure in the hands of an unskilled user.
Jailbreaking is a terrible idea if you want security.
For mobile devices, Apple products are generally a far better option for those with less technical capability. They are patched faster, and supported for longer. Their architecture is generally better for the purposes of safeguarding data.
If you choose Android, the Google and Blackberry devices receive security updates much faster than the rest. Blackberry also takes additional steps to harden their Android devices.

Steps you can take with your mobile device:
Disable your ICloud backup and enable a complex passphrase
(Android) Disable your Google backup, enable encryption and enable a complex passphrase.

Secure Messaging:
Use Signal when you can, and Whatsapp or Wire when you need something else. Wire is good when you need to give a person a way to contact you and do not care to give out your number, it is not considered as secure as Signal.
Do not install apps that you do not need, such as flashlight apps.
Doing a manual backup of your device (copy the photos/videos you wish to save and write down the numbers you wish to keep) and a factory reset (replace the SD card if this applies) is the simple way to remove malware.
Disable connections you do not need at that time, such as Bluetooth and Wi-Fi.

PCs:
In short, PC’s have a much higher threat surface than an up to date mobile device, provided it is used correctly. it takes a significant amount of technical expertise to harden a PC well.
General security and privacy tips for the non-technical:
Update everything regularly, and use an up to date Operating System.
Use a modern and secure browser, such as Chrome.
-Install “Privacy Badger”, “Disconnect” and “Ublock Origin” in your browser.
Use a quality antivirus
-Recommended: Norton or Kaspersky
-Free options: BitDefender, Avira, AVG
Use a quality firewall
-Free options:  ZoneAlarm, Comodo
Quality anti-malware
-Recommended: Malwarebytes
Use a quality VPN always
-Recommended: Private Internet Access, NordVPN

Disable any connections you do not need open, such as Bluetooth.
Use Full-Disk Encryption. If on a Windows machine, use VeraCrypt. Bitlocker can be accessed as the recovery key is stored in plaintext.
If not using a SSD, then securely erase files you do not wish recovered by using CCleaner, BleachBit, or Eraser.
Use CCleaner to clean many logs that would otherwise help a person determine many things about your PC usage.
Do not store information in your browser other than bookmarks beyond the end of the session. Set your browser to delete all cookies/data each time you close it.
Do not use google.com or other mainstream search engines, use duckduckgo.com or startpage.com, they do not track you or your searches.

pixabay

Use passcodes that are as complex as the site/app allows, or at least 15 totally random characters
Example:  psk49^w)l4dR$HX
Do not attempt to memorize these passcodes, use a password manager, such as LastPass, 1Password, or DashLane
Enable two-factor authentication whenever possible.
Two-factor authentication methods in a nutshell: Yubikey (best, cheap), Authy (very good, free), SMS (text) messaging is better than nothing if that’s all the site will allow.
Use a random phrase for your login for various websites, not your name/email whenever possible.
Use a secure email, such as tutanota.com or protonmail.com, which you never give out to anyone, for the purposes of secure accounts, like social media, banking, shopping, etc.

Do not download/install anything you do not absolutely need, as this increases the threat surface for a hacker.
Encrypt everything you can, and remember that if anyone ever has physical control over your device, it is no longer your device (think checked baggage, etc.)
Check all of your accounts to see what tracking you can opt-out of. those who are using Windows, look through your settings and see what you can opt out of. Consider upgrading to the pro version, as it gives you more control over what data Microsoft gathers about you.
Note: Apple gathers data as well, but they are not as open about what they gather.
Facebook preferences to change.

Google preferences to change.

Can the State access my phone? If so what can they get from it even if I have a strong password?
The answer
Note: As of this writing, Blackberry Android devices are not on this list.

Traveling Internationally
The best thing is to use new devices with nothing on them that you do not mind being shared. If this is not an option, then one method you may consider is to keep a flash drive at home (encrypted with a known password) of a list of long complex character strings.
Example:

gRg!H8#Nv+Q7Jz~SEeu%6UPt9(Se8V
H:YKV4Yw>X}V3ePSG}S8JV[FqX\Y3M
Ydu!xr46T#yFr49bT$XZp^US&(9bNW
fCu8&Gcb6=afC3fBR.AAG’pTC,y[NMx
grj`hE!M#nz2CY&7ZSk4*LzgQ6RRqL

Keep another flash drive (also encrypted with a password) with you that contains a copy of the same text file. Do not attempt to memorize the complex character strings. Make sure that each device you need to secure is fully encrypted, for example, your Windows PC is fully encrypted using VeraCrypt. Before traveling through any checkpoints, change the passphrase you normally use to the chosen complex passphrase then destroy the flash drive. If asked to decrypt your computer, phone, etc., then you can tell them that you cannot, as you do not have the ability to do so. Feel free to explain why. This will not likely be copacetic with the power-tripping child molesters that want full access to your life, but your data is safe without a search warrant for your home.

Last, but far from least, change the default passwords on every connected device you use. This goes for every “smart” device, and particularly for routers. Also, change the default name of the router to make it harder for a person to figure out to make and model.

Any questions? Feel free to ask.