Mac 101: 7 tips for Data Privacy Day 2009
Today is Data Privacy Day, a global initiative to highlight information security rights and practices, especially among teens, professionals, corporations, and the government.
As part of the celebration, TUAW (along with our sister blog Download Squad) has seven good ideas for you about how to keep your data safe and away from prying eyes with Mac OS X Leopard. Also, be sure to browse TUAW articles filed under Security for other tips and alerts about keeping your data safe.
1: Turn on your firewall
Leopard, as we all know, comes with a built in firewall to prevent other computers from connecting to internet-facing ports on your computer. But: Did you know it's turned off by default?
To turn on your firewall, open System Preferences, and click the Security icon. Then, click the Firewall tab. Make sure either "Allow only essential services" is selected, or you can choose to "set access for specific services and applications" yourself.
You can also use "Stealth Mode": when enabled, computers that send data to blocked ports won't even get acknowledgement that the data was received. To enable Stealth Mode, click the Advanced button on the Firewall tab of the Security preference pane, and click the check box next to "Enable Stealth Mode."
2: Set a screen saver password
A feature popular with Windows users, Mac OS X can also lock your screen when your computer sleeps or when the screen saver comes on. Simply open System Preferences, select Security, and choose the General tab. Click the check box next to "require password to wake this computer from sleep or screen saver," and you're all set.
If you have automatic login enabled and click the "require password" check box, Mac OS X will recommend that you disable automatic login. This means you'll have to enter your password to turn your computer on, too; nefarious nogoodniks won't be able to restart your Mac while the screen saver is on to circumvent the need for a password. Good thinking.
3: Use encrypted disk images
I use Quicken to manage what little finances I have. The version of Quicken I use (Quicken 2006 -- I know, I need to upgrade) stores its data in an unencrypted file on my hard disk. ¡No es bueno! What can we do to protect that information? We can keep it on an encrypted disk image.
To create an encrypted disk image, start Disk Utility (which lives in /Applications/Utilities). Click the New Image button in the toolbar, or from the menu bar, choose File > New > Blank Disk Image.
Once you choose a name and location to store the disk image, a size, and a format, make sure to select strong 256-bit encryption for your image (though for large disk images, 128-bit encryption can be faster). Make sure also that the image format allows you to both read and write to the disk image. Then, click Create.
You can copy what files you want to securely store onto the disk image. Once that's done and the disk image is un-mounted, your data is safely stowed away on your hard disk. To use data on the disk image, simply double-click it to mount it first.
But what to do with the files you just copied that still live on your hard disk? Securely delete them, of course!
4: Delete your files securely
When you delete a file from your hard disk, the file still exists on the physical drive: it's just hidden from view, and the system can write over the file if it needs to. But if there's a file you need to delete and make sure it can't be recovered, Secure Empty Trash is for you.
It couldn't be easier to use: From the Finder menu, choose "Secure Empty Trash." It takes a little longer than emptying the Trash regularly, because the Finder writes data over the top of the files you just deleted. Think of it as not only erasing a pencil mark, but also obliterating it with White-Out.
5: Erase old hard disks securely
If that old bondi-blue iMac is finally going to Goodwill, you'll want to make sure that its hard disk is well and truly erased before putting it on the truck. Similar to emptying the Trash, erasing a hard disk can sometimes leave traces of files on the drive, and possibly leave sensitive files recoverable. Make sure your data is completely wiped from that hard disk by securely erasing it with Disk Utility.
With Disk Utility, select the disk in the source list, and then choose the Erase tab. After choosing a format and a name for the erased disk, click the Security Options button.
There are three degrees of secure erasitude -- each more secure than the last. "Zero Out Data" works like "Secure Empty Trash" -- writing a single layer of zeroes over the top of whatever is on the disk. If a single pass still sounds risky, a "7-Pass Erase" repeats this process seven times: Good enough for the U.S. military. For the truly paranoid, "35-Pass Erase" zeroes out all the data on the disk 35 times.
Each pass takes a while to write (depending on the size of the disk), so setting this process up to run overnight (or over a weekend) isn't a bad idea. The time it takes, though, is a small price to pay to prevent someone from stealing your sensitive information.
6: Encrypt your home folder
Laptops and the forgetful (like me) are often a terrible mix. Leaving your laptop in a café or at an airport checkpoint can be the beginning of a terrible day. But with good backups and FileVault, things might not be so bad.
FileVault encrypts your entire home folder, much like an encrypted disk image. Without your master password, your home folder is gobbledegook to prying eyes after your important data. To turn on FileVault, open System Preferences and click the Security icon. Then, click the FileVault tab.
First, set a strong master password -- different from your login password -- that you can remember in case you forget your login password. You might even write it down and keep it in a safe deposit box at the bank. Do this first by clicking the "Set Master Password" button.
Then you can turn on FileVault. Enabling FileVault takes some time (depending on the size of your home folder). It might be a good task to run overnight. Once its turned on, the contents of your home folder are available only to you with either your login password or the master password you just set.
Several commenters have noted that using FileVault can be a little troublesome in certain circumstances. Also, note that using encrypted disk images and FileVault is unnecessarily redundant, so feel free to choose which one is right for you. Thanks, all!
7: Browse the Web safely
There are lots of reasons to buy a Mac, and freedom from the popups and malware that Windows web browsers fall prey to is one of them. Since you're already using Safari or Firefox, you've taken a good first step in browsing safely. But there's more to do.
In Safari, you'll want to make sure files don't automatically open after you download them. From the Safari menu, choose Preferences. In the General section, make sure the "Open 'safe' files after downloading" check box is not checked. That way, you can rest assured Safari won't automatically unwrap any presents you don't want.
The best and easiest advice for browsing the web doesn't even require software: Slow down, and think about what you're downloading. If you have any doubts about the website you're on (whether its trustworthy, honest or otherwise forthright), close the browser window straight away.
If you've clicked a link and something mysterious has begun to download, don't panic: If you followed my advice above (about Safari's "safe" files setting), you have nothing to fear. Simply find the file on your hard disk (usually in your Downloads folder or on your Desktop) and throw it in the Trash. Easy peasy.
There are plenty of internet tools to disguise your identity online, too, and erase any path you may have took to where you are now. An excellent list by Alisa Miller is available here.
Be safe out there!
Many -- myself included -- are cynical about data privacy. With so much information about us online, privacy is not anonymity, and both are something of an illusion. If you're truly worried about someone getting their hands on something of yours, don't keep it on a computer at all. Write it down, and keep it locked away.
Even so, with these few simple steps, you can try and protect yourself at least. As Mad-Eye Moody says, constant vigilance! is your task when it comes to securing your data.
Software Updatesmore updates
- Apple Remote Desktop updated with Yosemite support
- OS X Yosemite 10.10.2, iOS 8.1.3 updates now available
- Sports Illustrated 120 SPORTS channel comes to Apple TV
- Logic Pro X update brings AirDrop support, new effects, tools, and more
- Parallels Access 2.5 released, adds file manager, computer-to-computer remote access
- The Google Translate iOS app is about to get a lot smarter