Monthly security notes particularly for ios

Time once again for my monthly security reminders here is what I learned (relearned):

  1. iMessage. This is actually quite a safe protocol. It is zero knowledge in that Apple cannot read the messages while in transit. Way better than sending a text or email both are unencrypted. The main vulnerabilities are that Apple can be compelled by a government to change the software and not tell you, so be warned of the dangers of any closed source. That said, it is the safest thing around given Apple’s stance on privacy.
  2. Signal. The safest thing to do is to use the their party application Signal. this is not only open source but peer to peer. Of course the big problem is that you have to convince your friends to use it.
  3. Wickr and telegram are closed source. Other similar ones are Wickr, ChatSecure and Telegram, but I’ve not evaluated those. Chat secure uses OTR over existing chat protocols like google and Facebook messenger. See http://www.slant.co/topics/2172/viewpoints/2/~cross-platform-encrypted-messaging-apps~chatsecure
  4. VPNs. You should really use one although they are a pain. The easier ones are commercial ones like privateinternetaccess.com, but for real safety that is also a complete pain, use the Tor Browser. On an iPhone, you have to use a VPN like Red Onion Browser or on Android, it is Orbot.
  5. DNSCrypt. A bump to myself, but the DNS queries are being recorded and aren’t particularly secure. The solutions are to use Opennic and find a DNS server that does not log and which implements DNSSec and DNSCrypt. then you have to download software like DNSCrypt for the Mac to make it all work. What a pain! In looking at. https://servers.opennicproject.org which lists the characteristics, only a few are like this notably https://servers.opennicproject.org/edit.php?srv=ns8.ga.us.dns.opennic.glue is a good default. On iOS there isn’t an iOS crypt but u can manually set the DNs to your own. Much better than letting your Isp or phone company record all your queries 
  6. Turn off google history. Wow those guys really record everything and their menus are nearly impossible to get through but for sure they know every place you been so turn maps off 
  7. Switch to DuckDuckGo or startpage. Both anonymize you. And DuckDuckGo is an iOS default.