How to protect media directory or make it private

WP uploads images/media files onto a directory that is accessible to the public

No, wp does not do this. That directory does not have an index file and is even though the permissions are 755 no one should be able to see it. If so something is not right on the server.

Indexing was the problem? That is just for browsing an folder. If you know the deep link to any file there, anyone can access it freely until today. many plugins fail to prevent guests to leech files there.
As there is no simple plugin out there that I am aware of that handles this properly, I may need to do my own:
1. Seal of for web access thru file access limitations (chmod), so that web service cannot read
2. make .htaccess filter for folder to redirect any access to a new file handler php
3. that handler checks for configured authorisation level (role for simplicity, can be done more complex later)
4. When user is authenticated, has the role required, then STREAM the file with attachment disposition (label for filename taken from media title)
is that so hard to handle for WP?
Many do not realise all media are public til today! Even member access or advanced Access Manager can protect as far as I know.