File Vault & Public WiFi

[PGB1]

I apologize if the answer is here on this trusted user group, but I could not find it. I hope you don't mind my asking.
I ordered a M4 MacBook Air and it automatically encrypts the hard drive. It also offers File Vault. It has been many years since I've had a new computer, so security items have changed dramatically and I get confused easily.

My question is if the default encryption plus File Vault will protect the existing document files on the computer from being accessed by a bad guy while I am on public WiFi. I will turn on firewalls that the computer offers.
If you think it is wise, I will also subscribe to iCloud+ and turn on Private Relay.

I read an excellent post here with very helpful information about why a VPN isn't necessary, so I will skip that.

If the above aren't sufficient, my other option is to use Encrypted Sparse Bundles for the folders containing documents having things like Social Security numbers, income tax returns, medical data & other personal items. That's what do on my current 2007 MacBook Pro, but it is cumbersome especially if I wreck a document and have to restore from Time Machine. (The entire bundle has to be restored instead of a single file.)

Thanks For Your Advice!
Paul

 

[ferrarr]

Well, actually, if you are using public wi-fi, that is the time to use a VPN. Mostly, it is not needed for your home wi-fi network. In public, people with the technology and expertise do try to access other peoples data. I don't take my MBP out much, but I do use a VPN on my iPhone when using public networks. Even at a library or at Dr appointments, if I use their wi-fi, I use a VPN.

 

[MacInWin]

I apologize if the answer is here on this trusted user group, but I could not find it. I hope you don't mind my asking.
I ordered a M4 MacBook Air and it automatically encrypts the hard drive. It also offers File Vault. It has been many years since I've had a new computer, so security items have changed dramatically and I get confused easily.

My question is if the default encryption plus File Vault will protect the existing document files on the computer from being accessed by a bad guy while I am on public WiFi. I will turn on firewalls that the computer offers.
If you think it is wise, I will also subscribe to iCloud+ and turn on Private Relay.

I read an excellent post here with very helpful information about why a VPN isn't necessary, so I will skip that.

If the above aren't sufficient, my other option is to use Encrypted Sparse Bundles for the folders containing documents having things like Social Security numbers, income tax returns, medical data & other personal items. That's what do on my current 2007 MacBook Pro, but it is cumbersome especially if I wreck a document and have to restore from Time Machine. (The entire bundle has to be restored instead of a single file.)

Thanks For Your Advice!
Paul

I would agree with Bob that using a VPN when in a public WiFi hotspot is useful. There will be some who will say that as long as you are using your browser to go to a secure website (one with https in the address), that the connection is encrypted end-to-end and no VPN is needed. That is true. However, I note that several of my banking connections are now via the institutions own app, rather than a browser, and I have no idea how secure that app may be, so I use VPN whenever I'm using those apps. Yes, I'm paranoid about that, but I think it's important.

As for FileVault, that's a different situation. Yes, by default, the data on your internal storage is encrypted. It is also compressed, but the system handles that in the background so you don't notice it at all. What turning on FV does is to encrypt the key used to decrypt the drive data. In the Intel systems, without the T2 security chip, encrypting the drive was a slow process to complete, and it did impact overall performance. However, on the new Mx Macs and the Macs with T2 chip, that encryption is done in the hardware and is very, very fast. In fact, it's practically unnoticeable in action. It adds another layer of data in case your system gets stolen or broken into. And TM has changed how it works so that encrypted backups can be partially restored, so that issue was solved. With the storage now tightly coupled to the CPU removing the storage is hugely impractical, except for the new Mac Mini, which has removable storage again. What FV does best is to force the bad guys who might steal your machine for the data to have to have both your login data and the FV key to be able to read the storage outside of the machine. If the bad guy has your machine and your login/password, then the data is not secure because they can log in with that information as if they were you.

I have FV turned ON in my MBP (see my profile). It costs nothing in terms of performance and just give me a bit extra coverage. I don't use VPN or Firewall when in my own network, which has a secure password that is hard to crack, but I do turn on VPN for apps that connect to my financial institutions, and I do use Firewall when I travel outside my home network to any public WiFi service.

 

[PGB1]

Thank You Bob & Jake for the helpful information that you supplied.
After reading what Jake wrote, I certainly will use File Vault. (It did slow things terribly on my Intel based Mac.)
Subscribing to a good VPN also sounds like it is a wise move. I've no intention of using public wifi for banking, but who knows when an emergency will arise while out of town.

Thanks Again!
Paul

 

[IWT]

Well, actually, if you are using public wi-fi, that is the time to use a VPN. Mostly, it is not needed for your home wi-fi network. In public, people with the technology and expertise do try to access other peoples data. I don't take my MBP out much, but I do use a VPN on my iPhone when using public networks. Even at a library or at Dr appointments, if I use their wi-fi, I use a VPN.

I agree, Bob; but there are those, admittedly well qualified, who would disdain the use of VPNs.

I would agree with them in one particular area: it does slow down the whole process - from a little to a lot.

Ian

 

[Randy B. Singer]

Subscribing to a good VPN also sounds like it is a wise move. I've no intention of using public wifi for banking, but who knows when an emergency will arise while out of town.

I'm one of those folks who will tell you that using a VPN because you are afraid of being hacked while using Wi-FI, even while banking, is a waste of money. Modern technology has made using a VPN an anacronism. See:

If your concern is having your communications intercepted by hackers (e.g. when using public networks, such as in a café), VPN's are more or less an anachronism that have been made superfluous by current technology:

Are VPN’s Worth it? (From the New York Times)
https://www.nytimes.com/2021/10/06/technology/personaltech/are-vpns-worth-it.html

The Washington Post Says There's 'No Real Reason' to Use a VPN
https://yro.slashdot.org/story/23/0...-post-says-theres-no-real-reason-to-use-a-vpn
https://www.washingtonpost.com/technology/2023/02/17/dont-use-a-vpn/

Why VPNs are a WASTE of Your Money (usually…)
https://www.youtube.com/watch?v=9_b8Z2kAFyY
Follow up:
https://www.youtube.com/watch?v=gxpX_mubz2A

 

[PGB1]

Thanks Ian & Randy for more information to consider.

From reading all of this, VPN sounds like a "maybe helps, maybe not".

Perhaps a safer plan, if I must use banking in public, is to get a data plan for the phone and use cellular data. For non-critical web surfing (maps, finding grocery store, etc.), watch for HTTPS. Does that sound safe?

 

[Randy B. Singer]

For non-critical web surfing (maps, finding grocery store, etc.), watch for HTTPS. Does that sound safe?

Https is encrypted from end to end. Not even the FBI should be able to decode your data even if they intercept it. Just about every Web site uses https at this point. You are completely safe, no need for any other precautions.

Note that you never hear of any Mac users legitimately being hacked. (By legitimately, I mean that I discount the paranoid folks who are having a problem with their Mac and so they automatically assume that they have been hacked, with no evidence to support that.) Even on this forum of over a quarter million users.

VPN's are still useful in some very limited situations. A VPN is useful if you want to access content that is restricted to only a certain geographical area (e.g. if you live in China and want to view Western news sites). It's useful if you are in a totalitarian country and you are concerned about your government eavesdropping on you. Finally, a VPN is useful if you are doing illegal things on the Internet (like downloading pirated videos or music) and don't want to be traced and caught, especially by your own ISP (your ISP nominally knows what sites you visit, but not what you do there). But I doubt that many users fall in any of those categories.

Read the articles that I cited. VPN's are an anacronism, there only to enrich those who provde them. In fact, in many cases these days, VPN providers are more of a security threat than what you might be getting a VPN for. Lately a lot of VPN providers have been purchased by bad actors who are associated with selling your private data.

 

[MacInWin]

Randy, one other use case: I travel to the UK frequently. For some unknown reason, one of my financial institutions seems to not know about the UK, as it blocks me from logging in. I use VPN to make it appear that I am in the US, when I am in UK. No totalitarianism, no illegal things, just satisfying an overly restrictive situation on a financial website. I've contacted them many times, and they are unapologetic about the restriction, so the only thing I can do is VPN. (Yep, it's a niche, but it is also a real PITA.)

 

[Randy B. Singer]

Randy, one other use case: I travel to the UK frequently. For some unknown reason, one of my financial institutions seems to not know about the UK, as it blocks me from logging in.

As I said: "A VPN is useful if you want to access content that is restricted to only a certain geographical area..."

 

[PGB1]

For some unknown reason, one of my financial institutions seems to not know about the UK, as it blocks me from logging in.

Oddly, I had that happen on my phone with my bank when I was a few miles from my home in the U.S., but in Ontario. (On a known, safe wifi) Crossed one mile back to Detroit & the bank was happy. I do appreciate their caution with my account, however.

 

[PGB1]

As I said: "A VPN is useful if you want to access content that is restricted to only a certain geographical area..."

It seems to be handy both ways, too!
Some few years ago, many of the people with whom I used to work that lived in some restrictive non-U.S. countries would use a VPN to watch sports and movies on their phones while bored at the hotel. The mechanics of how they did that, I don't know.

Later on, they started buying American pay-as-you-go SIM cards for the phones.