Protect Particular Services

Nearly every kind of service offers an encrypted option, and, fortunately, most modern services employ some kind of encryption by default. Here’s a laundry list of what you should consider:

• Email: There’s no good reason not to employ TLS for email. If your mail host doesn’t provide secured email for your incoming email and for your outgoing email, find a new host. Without security, email programs may send passwords in the clear or with weak encryption, and likely send all data in the clear. Most modern mail programs, especially those that ship with an operating systems, will attempt to configure your mail settings securely.

• Secure access to websites: A huge movement in the last couple of years has shifted most websites to secured connections for all requests, not just for commerce or banking. Browsers now warn you if you connect to a site that isn’t using HTTPS; some may even block you and require an override warning that it’s not secure.

• Transfer files to a server securely: When making an FTP connection, use only a secured alternative to plain FTP, such as the SSH-based SFTP or one of several TLS-protected methods. FTP programs otherwise send passwords and data in the clear.

These items are protected without any extra effort:

• iMessage and FaceTime in Apple’s ecosystem: Apple builds in end-to-end encryption in such a way that even the company can’t decipher your messages. In fact, it’s so secure, governments around the world—including the U.S. and China—aren’t happy about it.

• Skype, sort of: Microsoft’s Skype was the earliest message, voice, and video service to use end-to-end encryption. Still, some aspects of how it keeps your conversations private have received criticism. Microsoft has never improved on this or fully responded.

• Other instant-messaging and audio/video chat services: These have varying levels of protection, but Signal from Whisper Systems is the best. WhatsApp from Facebook can be configured and used very securely, too, for the moment.

• Dropbox, Box, iCloud Drive, Google Drive, and others: File-sync services use encrypted transport for all the data that moves between your various devices and central sync or storage servers.

Encrypt Files and Email

It may seem surprising, but there’s no built-in or simple way to use strong encryption to lock a file that you send to someone. There’s also no straightforward way to handle this in email.

Even when you have a method, typically limited to a single platform (and often Windows only), you have to figure out how to exchange a key or password/passphrase with someone else securely, too!

This is why so many people rely on WhatsApp, Signal, iMessage, and similar messaging tools, which use end-to-end encryption without configuration, and let you attach or transmit files along with messages.

While there are file- and folder-encryption packages for Windows, Linux, and macOS, these aren’t helpful with Android, iOS, and iPadOS because of how the built-in email program and file management work. At the moment, there’s no effective solution outside of secured messaging apps.

Umbrella Protection with a VPN

A virtual private network (VPN) connection is a nifty way to prevent any sniffing of your local network hookup. A VPN encrypts all the data coming from and going to a device—such as an Android phone, iMac, or a Windows laptop—creating an encrypted tunnel that extends between the device and a VPN server somewhere else on the internet.

Think of this tunnel as a Willy Wonka-like boat journey, in which to everyone outside the tunnel, it appears like a meaningless blur of unconnected details, while those inside arrive intact and safely at their destination.

The VPN tunnel lets your information traverse any local network and hubs, as well as every node on the internet between the two points, with protection. For corporations, VPNs extend the aegis of corporate security to remote devices. With a company, the VPN server is within the corporate network and any data leaving that server is protected by company firewalls and intrusion prevention.

But for individuals, that’s not the case, because there’s no definitive end point. Your encrypted tunnel ends (or terminates) typically in a well-protected data center. From that data center to its destination, data is unprotected (unless wrapped in an encrypted method, like TLS on the web, described earlier), but that’s typically fine. The main locus of risk is the local link, like a café, school, or other shared network.

And because major internet sites—like Google, Apple, and the rest—have distributed sets of computers and even private links to big data centers, the hop from the VPN server to the destination network may be within the same building or close by.

Because it’s exceedingly inexpensive for an app developer to set up VPN service, many thousands of offerings proliferate, and it’s difficult to figure out which ones to trust. I recommend turning to Macworld, PCWorld, and Wirecutter for recommendations, as they both not only tested the technical requirements and looked at price versus services offered, but also dug into company backgrounds and privacy policies.

Every major operating system has a section for setting up a VPN connection, and all the best VPN services provide step-by-step instructions for every platform. Some even include downloadable profiles that you can install to manage all the configuration.