At Re:Publica 14, Elmine and I both attended a workshop on making your Mac more secure.
Here’s a quick checklist of basic things to make your Mac more secure:
- Upgrade to OSX Mavericks as it contains additional safety measures
- Use a password for your laptop
- Use a password manager so you can have unique passwords for various things. Clean up the password list of those you no longer use.
- Switch on Firewall
- Switch on FileVault (because otherwise your HD can still be copied, without your password, through the firewire port e.g.) Do store your reactivation code away from your laptop, and don’t share it with Apple.
- Use ’empty trash securely’ instead of ’empty trash’, so deleted files are not retrievable from your HD
- Name your machine something innocuous, other than your own name (your machine name is being broadcast by your Mac on local networks)
- Use an innocuous user name, not your own name, for the same reasons
- Regularly remove items from the list of remembered wifi networks (your Mac broadcasts that list when searching for wifi, which is basically a list of places where you have been to), especially before and after traveling
- Name your home / work wifi networks something innocuous
- Switch of wifi and Bluetooth when not in use
- Use a VPN service (this is helpful both for making surfing on open wifi more secure against listening in, to mask your true location, or mask your surfing patterns
From that list, Elmine and I already do some, but not all.
VPN was already in use by Elmine (to watch Dutch tv while traveling), and since the session I have also started using VPN from PrivateVPN.com, a Swedish service that seems widely recommended. It gives me a wide range of data centers to use as location, and allows me to connect up to 4 devices, and costs 66 Euro/yr. I also installed Viscosity (at $9) although you can do without. Viscosity gives me the option to switch between the various VPN locations available to me.
Filevault I didn’t use yet, as I did not know my HD could be copied without a password by connecting to one of the ports on the laptop. After returning home from Berlin, and doing a back-up, I’ve now switched it on. It means that when I am not logged in, all files on the laptop are encrypted.
I wasn’t aware of securely emptying trash before.
Cleaning up the list of wifi networks you’ve used I did every now and then already. But I wasn’t aware that my Mac actually broadcasts that list when trying to find a wifi network. The Tactical Tech people had a sniffer that showed us what info our machines were sending out. It was quite surprising to see info rolling across the screen I wasn’t aware of sharing.
All this stuff is of course not enough if you’re paranoid, but the things mentioned form a good list of basic common sense things to do, that help keep your machine safer and make it harder for others to violate your privacy.