Digital security or cyber security refers to the prevention of unauthorized access to computer systems (not to be confused with privacy, which concerns self-determination with respect to information such as through confidentiality, anonymity, and autonomy). Security mechanisms—for example, encryption—are often employed in service of digital privacy with great effectiveness. In some cases, security mechanisms may not aid privacy at all, or may even be actively harmful.
Security for Whom?
An analysis of who represents the beneficiary of a given security policy can elucidate how that policy might affect your privacy stance and help build your threat model around that system. Free software puts the user in control, which ensures that the user of the software and the beneficiary of its security features are one in the same. Proprietary software, on the other hand, takes away that control by restricting the user’s rights, which often includes preventing the user from knowing how the software works. This denies the user power and autonomy over the software and reserves that power for the software’s developer(s) instead, which can lead to the inclusion of anti-features in the software.
Apple’s mobile operating system, iOS, is a case study in security anti-features.1
- Apple withholds root access to the system from the user, claiming that it increases security by disallowing unauthorized access by third parties. In reality, it reserves control of the system by Apple itself and prevents the user from bypassing any restrictions they choose to impose.
- All software is distributed through the App Store, with the result that Apple has total control: they decide what software is allowed on your system, know what software you have installed at any given time, and can force application developers to conform to Apple’s policies for inclusion in the App Store. Apple argues that this gate-keeping is necessary to protect users from malware.
- The App Store and iOS’s system update mechanisms represent universal back doors to your device, which allows Apple to remotely apply security fixes, but also gives them the power to make any other changes they want to the system without the user’s knowledge or consent.
- Apple disallows the installation of alternative operating systems on their devices through DRM, claiming that it increases security by preventing an attacker from modifying the operating system.
Each of these anti-features negatively impacts the user’s digital privacy by introducing surveillance and censorship, because the security policies are being employed against the user, despite what the marketing might say.
Privacy-Enabling Security
What security measure you employ can depend on your threat models, but these security practices are generally applicable to everyone:
- Encrypt your communications. Encrypted chat, voice, and video calling is widely available and easy to use. Conversely, avoid insecure modes of communication, such as SMS and traditional voice calls over the phone network.
- Use a password manager. Maintaining a list of unique, strong passwords in your mind alone is impractical. A password manager can help you generate strong, unique passwords and securely maintain your password database.
- Encrypt your storage media. Most operating systems provide some mechanism for encrypting your disk as well as external storage media. Encrypting data at rest can protect you in case an adversary gains physical access to your device.
- Keep software up to date. Security vulnerabilities are an inevitability of complex software. Ideally security-sensitive bugs are patched as they are discovered. In order to benefit from these fixes as soon as possible, you should regularly update your operating system and programs you use.