These days Apple is one of the only (if not the only) global-scale consumer tech companies that seems to prioritize customer privacy.
Apple doesn't merely keep your personal data private, they increasingly make it harder for them (or anyone) to even collect it in the first place. Yes, even including those snoopy government agencies.
Although Apple deeply embeds privacy features across its products and services, many of them only work if you turn them on, and perhaps change a few habits. As an incredibly paranoid security professional who sometimes travels to more... hostile... environments, here are my favorite Apple-centric privacy tips and tricks.
Much of this advice comes from knowing how criminals, and even digital forensics experts, recover private data in the real world.
Rich Mogull is a renowned security expert, analyst, and author. Founder and CEO of Securosis he specializes in data security, application security, emerging security technologies, and security management. If you let him, he'll help you keep everything on your iPhone, iPad, and Mac safer, more private, and more secure. — Ed
Use a strong device passcode
iOS is demonstrably one of the most secure computing platforms available. Heck, even the Director of the FBI wants a back door to access encrypted phones, which is one of the best compliments a crypto developer could ever ask for. To keep your iPhone or iPad private:
- Use a strong passcode of at least eight characters, and preferably more. Apple combines your passcode with a special ID embedded in your device's hardware that can't be removed, forcing an attacker to brute force your code on the device itself, which puts in special speed limits to slow things down. Even with that extra security, a 4 digit PIN is easy to break in hours or days. An eight-character passphrase could take pretty much forever. Mine is easy to type and remember, but still 11 characters long.
- Stick with newer devices that have better encryption hardware. Preferably newer than an iPhone 4s or iPad 1.
- Use encrypted backups, and don't store the encryption passcode in your Keychain. Even if someone hacks your Mac, they can't access everything that's on your phone.
- Although iCloud backups are encrypted and protected by Apple, since the data is stored on their servers with an encryption key they possess, they can technically retrieve your data if forced to. If that's a concern, stick to local encrypted backups.
- Use FileVault 2 encryption on your Macs, but use an even better, stronger passcode since Macs lack the extra hardware encryption found on iPhones and iPads.
One last tidbit: The first time your iOS device is plugged into a computer, you are asked if you want to trust the computer. By trusting the computer, pairing keys are generated and stored on the computer, allowing the computer to freely read data from that device. A common technique to forensically recover iOS data is to grab those pairing keys. If you want to be super-private, be very careful which computers you trust.
Encrypt communications with Messages and FaceTime
Don't want anyone reading your text messages or listening to your phone calls? Switch to using iMessages and FaceTime. Both services encrypt all communications from end to end, in a way Apple could technically subvert, but not without some serious system changes.
When you turn the services on your device — not Apple's servers — generates a set of keypairs. The public keys are stored on Apple's directory servers, and the private keys in your device's keychain.
When you start a conversation, your device individually encrypts and sends the message to each user's device. If it's a FaceTime call, the same mechanism is used to swap a key used to encrypt the protected call. Apple can't read any messages since they never have the private keys, and can't listen on any calls. Everything is encrypted from start to finish, on your device.
To crack the system a snooper would need to add one of their devices to Apple's directory, which currently triggers a notification to all your devices. If you use iCloud two-step verification, this adds even another security layer and another passcode is required to add devices.
Know iCloud's strengths and limitations
iCloud is a mixed bag when it comes to privacy. The general rule of thumb is Apple minimizes what they can see, but sometimes needs access for core features.
If you can see something in your web browser at iCloud.com, so can Apple. Thus although Apple strongly secures and encrypts them, email, documents, photos, and other data are potentially snoopable. Turning on iCloud two-step verification will stop most bad guys, but Apple technically has access if someone forces them to look.
This doesn't apply to the iCloud Keychain. Keychain syncing uses even more complex encryption (at the device level) to swap encrypted entries between devices. Items are encrypted specifically for each device, and only pass through Apple servers briefly. As with many iCloud services, adding a new device triggers a notification and approval request on all other devices.
Keychain recovery is more complex since Apple needs to keep an entire copy of your Keychain. By default it's strongly encrypted using special hardware appliances tied to your passcode. Apple even destroys the smart cards needed to manage the hardware so no one can sneak into them later. But your best bet is to use the "cryptographically random security code" advanced option when you set it up. Apple doesn't have this, and you need to enter it on all devices, since now all the crypto happens on your hardware. Even the NSA can't break it without compromising your device.
Turn on privacy options
Apple also offers a grab-bag of other privacy options across OS X and iOS:
- Switch your browser to DuckDuckGo for searches in Safari since they don't track your habits. (If you use Chrome, you also need to turn off a ton of Google tracking).
- Siri and Spotlight Suggestions keep a minimal amount of information, tied to temporary IDs (not your Apple ID). Apple does store some of this data to enable features, but you can turn both services off if you want, and turning them back on creates an entirely new ID. Personally, I see this as a low privacy risk for nearly everyone, but it's a personal decision.
- Apple tries to hide your iOS device's unique network address to reduce tracking your location when you walk around (yes, shopping malls and others do this). But turn WiFi off out of the house if you are worried, especially if your phone provider, like AT&T, has a deal with Apple so your device always connects to their hotspots.
- Limit ad tracking on iOS under Settings > Privacy > Advertising. Even if you don't do that Apple uses a special "Advertising Identifier" inside apps that isn't tied to your name, but is still tracked.
- Even Private Browsing mode can't stop all Internet tracking since advertisers and others can still track your Internet address or use much more nefarious tracking techniques. Most ISPs and phone companies track all your browsing as a matter of course. If that's a concern, consider an anonymization service like the free Tor when browsing on your Mac.
- Both iOS and OS X allow granular control of what personal data (including locations) apps can access. Don't blindly approve all requests. Most apps still work fine without access to all your contacts or other information.
- Apple does track all purchases in iTunes and the App Store, like any digital retailer.
I've barely scratched the surface of how to protect your privacy online, but this covers most of what I do personally, and why I tend to stick to the Apple ecosystem.
Are there any other privacy techniques you like?