A VPN creates an encrypted tunnel between your device and a remote server, hiding your IP address and reducing what local networks and ISPs can learn about your browsing.

Paid VPNs fund secure infrastructure, audits, and support. Free VPNs often monetize users via tracking or weak security. Paid options deliver stronger privacy and performance.

What a VPN doesn’t do

A VPN does not make you fully anonymous, stop malware or phishing, or remove the need to trust your provider. Combine it with good security hygiene.

Is using a VPN legal?

VPNs are legal in most countries (61% of tracked countries) but restricted or banned in some. Check local rules and set up your service before traveling.

How should we choose a VPN?

Look for audited no-logs, RAM-only servers, modern protocols, a leak-safe kill switch, ownership transparency, and clear incident response. Then compare speed and app quality.

Should I build my own VPN?

It depends on your goal. For a fixed, controlled internet exit (allow-lists, public Wi-Fi privacy), rent a VPS and install WireGuard. For private networking between devices, use a mesh VPN like Tailscale or Netmaker. For anonymity or streaming at scale, a commercial VPN is usually better than DIY.

How do you test and score VPNs?

We use a 28-category scoring system covering encryption, audits, transparency, trust, and true cost. Scores are NIST-aligned for enterprise contexts and track post-quantum readiness. All assessments are evidence-based with publicly verifiable sources.

Device Theft Protection Guide: Before, During, and After

In 2023, over 2 million smartphones were reported stolen in the United States alone. Each stolen device is a potential data breach: banking apps with saved passwords, email accounts with years of correspondence, photos revealing personal locations, and work documents containing confidential information. Yet only 37% of users enable full-disk encryption, and fewer than half have remote wipe capabilities configured. [1, 2]

This guide provides comprehensive protocols for protecting your data before, during, and after device theft. Whether you're traveling internationally, commuting in a major city, or simply want to protect against opportunistic theft, these evidence-based strategies will help you minimize damage and recover quickly.

1. Executive summary

Device theft is not just about losing hardware—it's about protecting years of personal data, financial accounts, work documents, and digital identity. This 38-minute guide covers comprehensive protection strategies across prevention, emergency response, and recovery.

Key principles from this guide:

Prevention is exponentially cheaper than recovery: Enabling encryption, remote wipe, and strong passwords costs nothing and takes minutes. Data recovery after theft—changing passwords, monitoring credit, replacing documents—takes days or weeks and can cost thousands in fraud losses. [3]
Encryption protects everything except access: Full-disk encryption (FileVault, BitLocker, LUKS) protects data if device is powered off. It doesn't protect against someone unlocking your device with a stolen password or biometric coercion. Layer protections accordingly. [4, 5]
Biometrics are legally compellable: In most jurisdictions, police can force you to unlock devices with fingerprints or face scans. Passwords have stronger legal protections (5th Amendment in US). Power off devices before border crossings or police encounters. [6, 7]
Remote wipe is a double-edged sword: Apple's Activation Lock and Android's Factory Reset Protection prevent thieves from using devices—but also prevent you from recovering devices. Only trigger remote wipe if device contains highly sensitive data or you've given up on recovery. [8, 9]
Cloud backups introduce new risks: Encrypted local backups protect against cloud breaches but don't protect against fire/theft of backup drive. Cloud backups (iCloud, Google Drive) are convenient but require strong account security (2FA, unique password). Hybrid approach (encrypted cloud + local) is optimal. [10, 11]
Timing matters in emergency response: First 24 hours after theft are critical. Change passwords immediately (email, banking, work). Enable stolen device tracking. File police report for insurance. Delay increases fraud risk exponentially. [12]
Insurance coverage varies dramatically: Homeowners/renters insurance typically covers theft with $500-1000 deductibles. AppleCare+ Theft and Loss covers devices up to $1,399 with $149 deductible. Know your coverage before you need it. [13, 14]
Targeted theft requires different protocols: Random opportunistic theft (pickpocketing, grab-and-run) differs from targeted theft (state actors, competitors, stalkers). High-value targets need burner devices, air-gapped storage, and extreme compartmentalization. [15]
Platform matters for security: iOS/macOS have stronger default encryption and remote wipe than Android/Windows. GrapheneOS (Android) and Tails (Linux) provide maximum security. Choose platforms matching your threat model. [16, 17]

This guide is organized chronologically (before, during, after theft) and includes platform-specific instructions, case studies of real-world incidents, emergency checklists, and comprehensive resources. Bookmark this page and share it with anyone who carries devices daily.

Act now, not after theft: Reading this guide after your device is stolen is too late for prevention. Spend 30 minutes today implementing the "Before theft" protocols—you'll thank yourself if theft ever occurs.

Premium Research Content

Continue reading this in-depth analysis on Substack

Evidence-Based Research

Deep-dive analysis backed by primary sources and expert interviews

Weekly Updates

New legislation tracking, policy analysis, and privacy tool reviews

Community Access

Join privacy researchers, developers, and policy experts in discussion threads

2. Understanding the threat

Device theft statistics (2023-2024)

• 2.1 million smartphones reported stolen in US annually [1]
• 70% of thefts occur in public places (transit, cafes, streets) [18]
• $580 average smartphone replacement cost (2024) [19]
• $2,800 average identity theft losses per victim after device theft [20]
• 97% recovery failure rate for stolen devices without tracking enabled [21]
• 38% of users never change passwords after device theft [22]

What attackers gain from stolen devices

Financial access

• Banking apps with saved credentials
• Payment apps (Venmo, PayPal, Cash App) with linked accounts
• Cryptocurrency wallets (average loss: $4,200 per incident) [23]
• Saved credit cards in browsers and apps

Identity and accounts

• Email access → password reset for all other accounts
• Social media accounts (identity theft, reputation damage)
• Photos revealing home address, family, routine
• Calendar showing travel plans, appointments, contacts

Work and confidential data

• Work emails with client/partner communications
• Documents with trade secrets, financial data
• VPN credentials for corporate network access
• Slack/Teams messages with sensitive discussions

Personal safety risks

• Home address from maps, delivery confirmations
• Routine and habits from location history
• Family/children information from photos, messages
• Medical records from health apps

Theft scenarios: opportunistic vs targeted

3. Before theft: prevention and preparation

The time to protect your device is before it's stolen. These preventive measures take minutes to implement but save hours of recovery work.

Essential preparations (30-minute checklist)

1. Enable full-disk encryption

• iOS: Enabled by default when passcode is set
• Android: Settings → Security → Encrypt phone (enabled by default on Android 10+)
• macOS: System Settings → Privacy & Security → FileVault
• Windows: Settings → Privacy & Security → Device Encryption (or BitLocker)
• Linux: LUKS encryption during installation or via cryptsetup

Why: Encryption protects all data if device is powered off. Without encryption, anyone can access your files.

2. Configure Find My / Device Tracking

• iOS: Settings → [Your Name] → Find My → Find My iPhone (ON)
• Android: Settings → Google → Find My Device (ON)
• macOS: System Settings → [Your Name] → iCloud → Find My Mac (ON)
• Windows: Settings → Privacy & Security → Find My Device (ON)

Why: Enables location tracking and remote wipe capabilities. Must be configured before theft.

3. Use strong, unique passwords

• Device unlock: 10+ character alphanumeric (not biometrics alone)
• Email/iCloud/Google: Unique 16+ character password, different from device unlock
• Banking apps: Unique passwords per app, use password manager
• Password manager: 1Password, Bitwarden, or KeePassXC with master password you memorize

Why: Weak passwords allow immediate account access. Reused passwords mean one breach compromises everything.

4. Enable two-factor authentication (2FA)

• Email accounts: Use authenticator app (Authy, 1Password), not SMS
• Banking: Enable 2FA for all financial accounts
• Cloud storage: iCloud, Google Drive, Dropbox with 2FA
• Social media: Prevent account hijacking

Why: 2FA prevents account access even if passwords are stolen. Use app-based 2FA (SMS can be intercepted).

5. Configure automatic backups

• iOS: iCloud Backup (Settings → [Your Name] → iCloud → iCloud Backup)
• Android: Google One Backup (Settings → Google → Backup)
• macOS: Time Machine to external drive + iCloud backup
• Windows: Windows Backup + OneDrive
• Alternative: Encrypted local backups (VeraCrypt container on external drive)

Why: Backups enable quick recovery. Encrypted backups protect against cloud breaches.

6. Document device identifiers

• IMEI number (dial *#06# on phone or check Settings)
• Serial number (Settings → About or bottom of device)
• Device name and model
• Purchase receipts and proof of ownership

Why: Required for insurance claims and police reports. Cannot retrieve after theft.

Physical prevention strategies

• Never leave devices unattended: Not on cafe tables, not in parked cars, not in hotel rooms
• Use anti-theft bags: Slash-proof, lockable zippers, RFID-blocking (PacSafe, Travelon brands)
• Front pockets only: Back pockets are pickpocket magnets. Front pockets with hand on device in crowded areas.
• Laptop locks: Kensington locks for cafes/libraries (prevents grab-and-run)
• Travel precautions: Don't use phones in high-theft areas (busy transit, tourist spots). Keep devices in hotel safe when out.

Best practice: Treat your device like cash. Would you leave $1,000 in cash on a cafe table? Your device contains more value than that in data access. Act accordingly.

7. During theft: immediate response checklist

First 60 minutes are critical. Act immediately. Delay increases fraud risk exponentially.

Immediate actions (within 1 hour)

1. Lock device remotely: Use Find My (Apple) or Find My Device (Google) to lock and display contact info
2. Track location: Note current location, enable lost mode, check movement patterns
3. Change critical passwords: Email, banking, work accounts (from secure device)
4. Call bank/credit cards: Freeze cards, report potential fraud, request new cards
5. Contact wireless carrier: Suspend service to prevent unauthorized use, SIM swap attacks
6. File police report: Required for insurance, provides case number for carrier/bank

Within 24 hours

7. Change all passwords: Every account accessed from stolen device (use password manager to identify)
8. Enable fraud alerts: Contact credit bureaus (Equifax, Experian, TransUnion)
9. Review account activity: Check bank, credit card, email, social media for unauthorized access
10. Notify employer: If work device or work accounts accessed, inform IT/security team
11. Contact insurance: File claim with homeowners/renters or device insurance (AppleCare+, carrier insurance)
12. Document everything: Timestamps, actions taken, police report number, insurance claim number

Remote wipe decision tree

Wipe device if:

• Device contains highly sensitive data (work secrets, cryptocurrency wallets, intimate photos)
• Device has not been recovered within 48 hours
• Location shows device is out of country or in high-crime area
• You have recent backups of all important data

Do NOT wipe if:

• Device is still trackable and may be recovered
• You lack recent backups (wiping deletes all data permanently)
• Police have active investigation and may recover device

8. After theft: damage control and recovery

Week 1: containment and monitoring

• Monitor financial accounts daily: Check for unauthorized charges, withdrawals, new accounts
• Watch for phishing attempts: Attackers may use stolen contacts to target friends/family
• Check credit reports: AnnualCreditReport.com (free once per year per bureau)
• Review connected devices: Check if stolen device still appears in account settings (Apple ID, Google Account)
• Secure new device: Implement all prevention protocols before restoring data

Month 1-3: identity theft prevention

• Credit freeze: Free with all three bureaus, prevents new accounts in your name
• Fraud alerts: 1-year alert on credit reports, forces creditors to verify identity
• IRS identity protection PIN: Prevents tax fraud (irs.gov/ippin)
• Monitor breach notifications: HaveIBeenPwned.com alerts for compromised accounts
• Review insurance coverage: Consider identity theft insurance ($25-50/year)

Long-term: security posture improvement

Use theft as opportunity to improve overall security:

• Migrate to hardware security keys (YubiKey, Titan) for 2FA on critical accounts
• Implement password manager if not already using one
• Review and reduce data stored on devices (principle of least data)
• Consider insurance upgrades (AppleCare+ Theft and Loss, dedicated device insurance)
• Document lessons learned and update security protocols

References

[1]Apple Inc. (2024) 'iOS Security Guide', Apple Security Engineering. Available at: https://support.apple.com/guide/security/welcome/web (Accessed: 20 January 2025).
[2]Apple Inc. (2024) 'Find My iPhone and Activation Lock', Apple Support. Available at: https://support.apple.com/find-my (Accessed: 20 January 2025).
[3]Apple Inc. (2024) 'AppleCare+ Terms and Conditions', Apple. Available at: https://www.apple.com/legal/sales-support/applecare/applecareplus/ (Accessed: 20 January 2025).
[4]Backblaze (2024) '2024 Hard Drive Reliability Statistics', Backblaze. Available at: https://www.backblaze.com/blog/hard-drive-stats/ (Accessed: 20 January 2025).
[5]Chainalysis (2023) 'Cryptocurrency Theft Report 2023', Chainalysis. Available at: https://www.chainalysis.com/blog/cryptocurrency-theft-report/ (Accessed: 20 January 2025).
[6]Citizen Lab (2024) 'Targeted Surveillance of Activists and Journalists', Citizen Lab. Available at: https://citizenlab.ca/category/research/targeted-threats/ (Accessed: 20 January 2025).
[7]Cloudwards (2024) 'Cloud Storage Security Comparison 2024', Cloudwards. Available at: https://www.cloudwards.net/cloud-storage-security/ (Accessed: 20 January 2025).
[8]Consumer Reports (2024) 'Smartphone Security Survey 2024', Consumer Reports. Available at: https://www.consumerreports.org/electronics/smartphones/smartphone-security-survey/ (Accessed: 20 January 2025).
[9]Electronic Frontier Foundation (2024) 'Fifth Amendment Password Protection Legal Analysis', EFF. Available at: https://www.eff.org/issues/know-your-rights (Accessed: 20 January 2025).
[10]FBI (2023) 'Property Crime Statistics 2023', FBI Uniform Crime Reporting. Available at: https://ucr.fbi.gov/crime-in-the-u.s/2023/crime-in-the-u.s.-2023/property-crime (Accessed: 20 January 2025).
[11]FTC (2023) 'Identity Theft Data Book 2023', FTC Consumer Sentinel Network. Available at: https://www.ftc.gov/reports/consumer-sentinel-network-data-book (Accessed: 20 January 2025).
[12]Google (2024) 'Android Device Protection', Google Help. Available at: https://support.google.com/android/answer/6160491 (Accessed: 20 January 2025).
[13]GrapheneOS (2024) 'Security and Privacy Advantages', GrapheneOS Project. Available at: https://grapheneos.org/features (Accessed: 20 January 2025).
[14]GSMA (2024) 'Global Mobile Trends 2024', GSMA Intelligence. Available at: https://www.gsma.com/mobileeconomy/ (Accessed: 20 January 2025).
[15]Identity Theft Resource Center (2023) 'Data Breach Report 2023', ITRC. Available at: https://www.idtheftcenter.org/data-breaches/ (Accessed: 20 January 2025).
[16]Insurance Information Institute (2024) 'Homeowners Insurance Coverage Guide', III. Available at: https://www.iii.org/article/homeowners-insurance-basics (Accessed: 20 January 2025).
[17]Javelin Strategy & Research (2024) 'Identity Fraud Study 2024', Javelin. Available at: https://javelinstrategy.com/research/identity-fraud-study (Accessed: 20 January 2025).
[18]Lookout (2023) 'Device Theft Report 2023', Lookout Mobile Security. Available at: https://www.lookout.com/threat-research/ (Accessed: 20 January 2025).
[19]Microsoft (2024) 'BitLocker Drive Encryption Technical Overview', Microsoft Security Team. Available at: https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/ (Accessed: 20 January 2025).
[20]NortonLifeLock (2024) 'Cyber Safety Insights Report 2024', NortonLifeLock. Available at: https://www.nortonlifelock.com/cyber-safety-insights-report (Accessed: 20 January 2025).
[21]Prey Project (2024) 'Device Recovery Statistics', Prey Project. Available at: https://preyproject.com/blog/theft-statistics/ (Accessed: 20 January 2025).
[22]Tails (2024) 'About Tails', Tails OS Documentation. Available at: https://tails.boum.org/about/ (Accessed: 20 January 2025).
[23]U.S. Supreme Court (2014) 'Riley v. California, 573 U.S. 373', Supreme Court of the United States. Available at: https://www.supremecourt.gov/opinions/13pdf/13-132_8l9c.pdf (Accessed: 20 January 2025).