The WIRED Guide to Protecting Yourself From Government SurveillanceNEWS | 14 November 2024Ahead of that impending new reality, WIRED asked security and privacy experts for their advice for hardening personal privacy protections and resisting surveillance. Here are their recommendations.
Encrypted Communications
Securing your data starts with securing your communications, and securing your communications means using end-to-end encryption.
End-to-end encrypted messengers like Signal, WhatsApp, and Apple’s iMessage and FaceTime are all designed to encrypt your messages and phone calls such that no one can decrypt and access your conversations other than the recipient—not even the company that offers the service. That’s very different from traditional calls and texts, which are subject to law enforcement interception and data requests to your phone carrier.
Digital services like Facebook Messenger, Telegram, or X may say their direct messages offer “encryption,” but in the default setting that almost everyone uses, they only encrypt information in transit to the server that runs the service. On that server, the information is then decrypted and accessible to the company that controls that server, or any government agency that demands they share that data—like the Nebraska police who demanded Facebook hand over chats about a 17-year-old’s illegal abortion in 2022, then brought criminal charges against her and her mother.
Among actual end-to-end encrypted messengers, Signal is broadly recommended as offering the best privacy protections. Importantly, Signal doesn’t collect or store metadata about who is calling or texting whom, information that can often be nearly as sensitive as the content of conversations. That’s a crucial safeguard given that Trump has said in his recent campaigning, for instance, that he will hunt down and prosecute government staffers leaking information to journalists—and his previous administration seized the phone and email records of reporters at The New York Times and CNN. With Signal, there are no records to seize. “Metadata matters,” says Holmes.
Just as important is that Signal offers flexible settings for “disappearing messages” that self-delete on every device used in a conversation after a chosen time, in as little as five seconds. Be sure to turn this feature on to prevent messages from being read in the event that your phone is seized—or the phone of the person on the other side of the conversation. Signal also doesn’t back up communication logs to iCloud or other cloud services, so there’s less risk that a participant in the conversation will accidentally leak everyone’s messages to a server where they can be accessed. “If it's up to me, I will choose Signal, because I know that there is less that you can do on your end to potentially put our communications at risk,” says Granitt’s Sandvik.
Encrypted Devices
Just as important as encrypting your conversations is strongly encrypting your devices themselves.
On modern iOS and Android smartphones, that’s relatively easy. They’re designed to use full disk encryption by default: All the data is encrypted when they’re locked. That means setting a six-digit passcode is enough to make cracking the device a serious challenge, given that both Android and iOS limit the number of times someone can guess a passcode before the device is wiped as a security measure. Still, the Freedom of the Press Foundation’s Holmes recommends setting a longer alphanumeric password or passphrase on your phone to make it harder still to break into. (On an iPhone, go to “Settings,” “FaceID & Passcode,” “Change Passcode,” “Passcode Options,” re-enter your passcode and then choose “Custom Alphanumeric Code.“ On Android, the path to change the setting varies by device.)Author: Caroline Haskins. Andy Greenberg. Lily Hay Newman. Vas Panagiotopoulos. Zach Dorfman. Todd Feathers. Tess Owen. David Gilbert. Ilica Mahajan. Dhruv Mehrotra. Source
