Skip to content 
The Trump administration has ordered Immigration and Customs Enforcement agents to carry out sweeping raids, deporting thousands of immigrants, often without due process. It has targeted left-leaning foreign students and entire universities, canceling visas and threatening to withhold federal funding. United States Supreme Court appointments from the previous Trump administration have resulted in decisions that enabled roughly half of US states to severely restrict or ban abortions. And Trump’s threats of a further crackdown still hang over the country, including vows to jail journalists and his political foes.
To carry out these plans, the administration has tapped into, and may yet expand, the American government’s vast surveillance machinery. That means now is the time for anyone in an at-risk group and those who communicate with them—or even those who want to normalize privacy and create cover for more vulnerable people—to think about how they can upgrade their data security and surveillance resistance.
“Undocumented immigrants, Muslims, pregnant people, journalists, really anyone who doesn’t support him” need to reconsider their personal privacy safeguards, says Runa Sandvik, a former digital security staffer for The New York Times and the founder of the security firm Granitt, which focuses on protecting members of civil society. “Whatever platforms you’re on, whatever devices you have, you need to have a sense of what kind of data you’re generating and then use the controls available to limit who can see what you’re doing.”
Protection from surveillance comes in two forms: top-down legal and policy limits on data collection, and bottom-up technological protections in the hands of the targets of that surveillance. The US is now in an era where Trump allies control all three branches of government and tech companies appear to be ready to bend to their will—as evidenced by the Silicon Valley CEOs’ postelection race to congratulate the president-elect.
That may leave the technology you choose to use as a last line of defense, says Harlo Holmes, the director of digital security at the Freedom of the Press Foundation. “This is the last recourse of a lot of people in vulnerable positions,” says Holmes. “We’re just going to have to increase our efforts to make sure that people have the best tools in their hands and their pockets to maintain their privacy. And it’s going to matter more and more.”
To respond to that new reality, WIRED asked security and privacy experts for their advice for hardening personal privacy protections and resisting surveillance. Here are their recommendations.
Encrypted Communications
Securing your data starts with securing your communications, and securing your communications means using end-to-end encryption.
End-to-end encrypted messengers like Signal, WhatsApp, and Apple’s iMessage and FaceTime are all designed to encrypt your messages and phone calls such that no one can decrypt and access your conversations other than the recipient—not even the company that offers the service. That’s very different from traditional calls and texts, which are subject to law enforcement interception and data requests to your phone carrier.
Digital services like Facebook Messenger, Telegram, or X may say their direct messages offer “encryption,” but in the default setting that almost everyone uses, they only encrypt information in transit to the server that runs the service. On that server, the information is then decrypted and accessible to the company that controls that server, or any government agency that demands they share that data—like the Nebraska police who demanded Facebook hand over chats about a 17-year-old’s illegal abortion in 2022, then brought criminal charges against her and her mother.
Among actual end-to-end encrypted messengers, Signal is broadly recommended as offering the best privacy protections. Importantly, Signal doesn’t collect or store metadata about who is calling or texting whom, information that can often be nearly as sensitive as the content of conversations. That’s a crucial safeguard given that Trump has said in his recent campaigning, for instance, that he will hunt down and prosecute government staffers leaking information to journalists—and his previous administration seized the phone and email records of reporters at The New York Times and CNN. With Signal, there are no records to seize. “Metadata matters,” says Holmes.
Just as important is that Signal offers flexible settings for “disappearing messages” that self-delete on every device used in a conversation after a chosen time, in as little as five seconds. Be sure to turn this feature on to prevent messages from being read in the event that your phone is seized—or the phone of the person on the other side of the conversation. Signal also doesn’t back up communication logs to iCloud or other cloud services, so there’s less risk that a participant in the conversation will accidentally leak everyone’s messages to a server where they can be accessed. “If it’s up to me, I will choose Signal, because I know that there is less that you can do on your end to potentially put our communications at risk,” says Granitt’s Sandvik.
Encrypted Devices
Just as important as encrypting your conversations is strongly encrypting your devices themselves.
On modern iOS and Android smartphones, that’s relatively easy. They’re designed to use full disk encryption by default: All the data is encrypted when they’re locked. That means setting a six-digit passcode is enough to make cracking the device a serious challenge, given that both Android and iOS limit the number of times someone can guess a passcode before the device is wiped as a security measure. Still, the Freedom of the Press Foundation’s Holmes recommends setting a longer alphanumeric password or passphrase on your phone to make it harder still to break into. (On an iPhone, go to “Settings,” “FaceID & Passcode,” “Change Passcode,” “Passcode Options,” re-enter your passcode and then choose “Custom Alphanumeric Code.“ On Android, the path to change the setting varies by device.)
Entering a 34-character passphrase every time you want to unlock your phone is, admittedly, a nightmare. So Holmes recommends also using the biometric features built into smartphones like Apple’s FaceID. That does present the risk that someone who grabs your phone will exploit this feature: You can tell a police officer or FBI agent you forgot your iPhone’s passcode, like indicted New York mayor Eric Adams did, but you can’t remove your face. You can, however, temporarily disable biometric unlocking features with a long press on an Android phone’s power button or by holding the side button and one volume button on an iPhone, so that the next unlock requires the passcode.
“Let’s say you’re protesting, or if you’re going through a border crossing,” says Holmes. “There’s always that gesture that clears your biometrics.” She recommends practicing that trick before going into a setting where you might need to use it.
Encrypting a laptop requires slightly more effort. On a MacBook, enable Apple’s built-in FileVault’s full disk encryption in your computer’s privacy and security settings. On Windows, use the built-in Bitlocker encryption setting if you have a Windows Pro license. If you have a Home license, install and enable an encryption tool called Veracrypt.
For both smartphones and laptops, keep in mind that cracking a device’s encryption is far more difficult when it’s been powered off, which prevents the cryptographic keys that unlock the device from lingering in memory. So it’s always a good idea—for security’s sake—to switch off your computer and phone when they’re not in use or you’re entering a situation where they might be seized.
Cloud Storage
Whether it’s extra storage for all of your photos and videos or merely your contacts and messages syncing between your phone and your tablet, you’re almost inevitably using cloud services to back up and sync your information. When your data lives on the hard drive of your computer or smartphone, it’s stored “locally” and you control it. Before the rise of the internet, this local, decentralized storage model was the norm. Companies had their data on their own servers, and regular people had their data on their home computers. Today, though, you can save your data—from documents to phone backups—in your own little corner of the cloud and let tech giants like Amazon, Google, Microsoft, and Apple manage the storage infrastructure for you. Web services, whether they are social networks or your go-to cooking app, similarly store your account data in the cloud so you can access your favorite recipes and all of your annotations from any device with an internet connection.
Cloud storage has huge advantages—you never run out of hard drive space, and your data won’t be lost forever when an ill-fated Diet Coke spills on your laptop. The trade-off, though, is that storing data in the cloud adds a third party to the mix. Cloud companies that hold and manage your data can almost always access it, which means they can be compelled to hand it over to governments. US law enforcement gathered evidence about now-convicted former Trump campaign chair Paul Manaforte in part by accessing unencrypted iCloud backups of his WhatsApp chat histories. And in 2020, the FBI got access to a protester’s iCloud account from Apple—including photos, videos, and screenshots—over accusations that he lit police cars on fire in Seattle.
In recent years, more companies have begun offering end-to-end encrypted data backups and storage schemes for their cloud services so customers can use cloud infrastructure without worrying that the provider can access their data—and potentially give it away. Apple’s iCloud backups and backups for Meta’s chat apps, Facebook Messenger, Instagram Chat, and WhatsApp, can all be encrypted now. But to benefit from the protection you need to make sure that you actually have the feature turned on. And from there you have to set up mechanisms to preserve your access to the data and be able to recover your account if you’re ever locked out, since end-to-end encryption schemes mean that you no longer have the convenience of the cloud provider managing access.
In general, privacy advocates agree that the simplest way to ensure that data doesn’t fall into the wrong hands is to keep it out of the cloud in the first place. Each time you use a different device or digital account, think for a second about whether your data is stored on your device or in the cloud. And if you realize it’s the latter, consider whether you trust the service provider to store that data for you.
For example, as Holmes puts it, “Take a moment to make sure that the things that you are deliberately syncing to your iCloud are the things that you wouldn’t mind someone having access to.”
If you really need to store private data in the cloud, you can use a tool like Veracrypt to encrypt the information before uploading it. But the easiest and safest option is to keep anything particularly sensitive or revealing out of the cloud.
Online Anonymity
Your communications and the data on your devices are far from the only sensitive digital records you’re constantly creating. You’re also leaving behind a trail of breadcrumbs on the paths you take around the internet—paths that are all too visible to your internet service provider and the websites you visit, and which can be highly revealing to anyone building a profile of you and your behavior.
“For me, I always say it’s important to remember you’re not ‘going to’ a website,” says Matt Mitchell, founder of CryptoHarlem, a security and privacy training and advocacy nonprofit. “You’re opening a door, and just like if you open your door, people can see you, and they can see behind you.”
The strongest tool available to obscure your trail online is the Tor Browser. That browser for desktops and laptops, or the mobile equivalent called Orbot, both offered by the nonprofit Tor Project, triple-encrypt your web-browsing data and bounce your connection to the sites you visit through a series of proxy computers. Each of those proxy machines can only decrypt one of those three layers of encryption so that none of the machines can determine the full path of your connection or tie the internet protocol address that would reveal your identity and location to the sites you’re visiting. Your IP address is also hidden from the website itself.
Tor’s encrypted triple-proxy system can, however, be slow, and some websites are configured to block connections from the Tor network or force users to fill out annoying captchas. So the Freedom of the Press Foundation’s Holmes suggests users try the private browsing feature in the Brave browser, which uses a stripped-down version of Tor’s anonymous routing by default. Apple also offers a feature called iCloud Private Relay, which uses a two-hop proxy system rather than Tor’s three-hop system to obscure your web browsing, which may well be faster and more convenient, but it requires a paid monthly subscription to the company’s iCloud+ services.
In addition to using a privacy-focused browser, one of the most practical tools for the majority of users is a virtual private network or VPN—essentially a service that offers a one-hop version of Tor’s privacy protections. Many commercial VPNs do log users’ browsing and respond to law enforcement requests for that data, however, so choosing a VPN with strong privacy guarantees for its users can be a challenge. Holmes suggests referring to the Freedom of the Press Foundation’s VPN guide.
For those who can’t or don’t want to use Tor-based tools, a carefully chosen VPN remains a powerful form of protection. “Having a VPN in your pocket that doesn’t do any logging at all of your activity and also provides robust controls is the next best thing,” Harlo Holmes says.
Location Data
One of the most difficult—and crucial—types of personal information to get a handle on is your location data. Any entity that can track your location or obtain records of where you’ve gone can gain a full picture of where you live and work, who you know and care about, which businesses and medical services you use, and even what you believe in or the causes you support.
Protecting information about your movements is critical to your own privacy and security under expanding government surveillance and is significant in protecting the privacy of those you associate with.
Danacea Vo, founder of Cyberlixir, a cybersecurity provider for nonprofits and vulnerable communities, says that societal changes like the loss of federal abortion protections in the United States, are a reality check about the shifting digital privacy landscape and “help people realize how important it is to hide their location data,
