I’m preparing to go to Mobile World Congress where one of my worries will be security and privacy. To that end I’ve hardened my Windows build and written it up below as a checklist of tasks that I urge you to look at and consider, especially if you’re connecting to unknown hotspots.
The checklist has evolved from work I did training journalists in Ukraine, work I’ve done here on Windows 8 tablet security and work I’ve done on Clean Computing with Chromebooks which, interestingly, would have a checklist just half as long as this. Points 1-7 don’t apply to a Chromebook. Unfortunately I’ll be needing video editing and gallery management tools in Barcelona so I can’t use a Chromebook as my main PC there.
The Lucky 13 Checklist for Better Windows PC Privacy and Security.
- If possible, use a PC with an encrypted disk. (Microsoft Bitlocker is available for free on some low-cost Windows devices and on all Windows ‘Pro’ installations. E.g. All Surface Pro devices.)
- Turn on SecureBoot in your BIOS if possible and (as a minimum) add a BIOS boot (or BIOS admin) password. Create a long 15+ character Windows password for all Windows accounts.
- Install Windows Updates and turn on update notifications. (You may not want automatic updates to download while on a hotspot.) You can also set your WiFi to be a ‘metered connection’ which will disable some network services from running. Set the WiFi to be a ‘public’ hotspot (don’t enable file sharing and discovery.)
- Check that Windows Firewall is on.
- Update anti-virus and run a full scan. Windows has a built-in service called Defender if you don’t have a third-party solution.
- Run CCleaner (also check and clean the auto-start-up list.) and Spybot.
- Create a non-admin account. Log out and log back in to the non-administrator account. For more privacy, don’t log in via a provider ‘cloud’ account (E.g. Microsoft, Google accounts) although some of these cloud accounts have some good security features. (login accounting, remote password change, two-stage passwords.
- Use up-to-date Chrome with HTTPS Everywhere, Privacy Badger extensions enabled, others disabled where possible. Don’t link Chrome to a Google account unless you trust Google. (Run an Incognito browser Window.)
- Hardwire your DNS to your ISP. If you trust Google, they have a good DNS service at 220.127.116.11 and 18.104.22.168. (Don’t use the DNS given by the hotspot)
- Use the Zenmate extension to tunnel and encrypt web traffic or buy a good VPN to tunnel all traffic. (I’m using HideIPVPN’s UK tunnel.)
- Use Startpage.com as search engine if you don’t want Google to store your searches / IP address. Startpage can also be used as a proxy.
- Avoid using cellular data if you don’t want to be location tracked. (Turn off A-GPS / location services on phone too.)
- Do not leave your PC unattended.
Again, if you’re using a Chromebook, points 1 – 7 don’t apply. Note that you can Power Wash a Chromebook in 60 seconds and use the Guest account to avoid Google tracking. (VPN and DNS work in guest mode.)
Due to time constraints I haven’t been able to link all the items to how-to articles but I’m sure you know how to use Google search to find the information. If not, please buy a Chromebook and start from point 8.
Update: Screen image hints added.
Your feedback is welcome and in the name of security and privacy I urge you to share this article.