Nine easy security tools

Signal

Developed by the non-profit Open Whisper Systems, Signal [6] encrypts voice and text messaging on Android and iOS phones (Figure 3). Signal Desktop, a Chrome app, is currently in beta, allowing users to take advantage of a laptop or workstation's larger screen and full-sized keyboard when using a linked phone.

Figure 3: Signal encrypts voice and text conversations through its centralized servers.

The phone apps are drop-in replacements for the default apps, installing seamlessly despite the warning issued by the phones. Conversations are carried by Open Whisper's servers, with the exchange of encryption keys done invisibly for the users. All participants in a conversation must have Signal installed for encryption to be possible, but if they do not, then Signal still works unencrypted.

Signal itself should be protected by a passphrase. You also have the option of setting an expiry date for each conversation and adding graphic and audio attachments to messages.

However Signal's use of centralized servers could be a potential security risk. There are also some proprietary components on the backend. You might prefer similar but decentralized solutions such as Ring [7].

umask

umask [8] is the standard command in Linux for setting the default permissions for a new directory or file. It sets the permissions for the owner, the owner's group, and other users, setting whether each can read, write, or execute a file.

By default, most distributions set umask laxly, giving users all these permissions, while the owner's group and others can read the file. By denying the group and others read permissions, you substantially limit an intruder's navigational abilities within your system. Read the man page for chmod to refresh your memory about other ways to use permissions.