No matter what our level of activism is, we should all be securing our data online to protect ourselves and friends from cops and other fascists who might wish to cause us harm. As well as, stopping gross companies like google from selling your data.
Why is it important? Let me tell you about a friend who thought they could play a prank on some climate criminals. They thought hard about cyber security and decided it would be OK to set up a fake gmail account and send it from there personal laptop at their workplace. The cops easily tracked their workplace IP address and personal laptop connected to it. They were charged with fraud.
There are many steps my friend could have taken to avoid this stress, like using a Tail on a public computer (that does not require you to register), using Tor and a private (one time use) email address that isn’t connected to any of your other accounts, in a space with no cameras, far from your regular locations. I will explain further what these are.
With police cracking down on activists around the world and British citizens being arrested for just being on a zoom call talking about a road blockade. It is important that we are all more conscious of our digital foot prints in cyberspace.
I am not very good with computers or knowing how they work so this article will try to pull together a lot of resources for your convenience. If you have more information please leave in in the comment for the community.
How and what data is collected
It is well known by now that as soon as you go online you are the product. Not only the information you publish but every link you click and swirl of your mouse (think of the “I am not a robot” captures). This is some (but probably not all) of the information collected.
Tracking – Refers to the process of monitoring and recording online activities, including website visited, search queries and interactions with online advertisements. This data is collected by various entities such as advertisers, governments, social media platforms and data brokers to create user profiles and deliver targeted advertising
Fingerprinting – Refers to the practices of collecting and analyzing unique characteristics of a user’s device or browser to create a digital fingerprint. It can then be used to track and identify individuals across different websites and online activities, even if they try to remain anonymous or clear their cookies. It is a method employed by advertisers and data collectors to monitor users online behavior without their explicit consent.
Metadata – is the information about the message, without the contents. It may contain the number the message was sent from and too, the time, date and location and app used. Even if the content of the message is encrypted the metadata is harder to encrypt and is readily available to cops. This data can be used to create a template of your routine and favorite places. It can also be used along with other sources to give a picture of your networks, people you frequently talk to and share spaces with. Any deviation outside these norms looks suspicious. For More
What to do
***Disclaimer*** even if you do all of these things this is no assurance that your information will be fully private. These are simply some steps towards making your information harder to get.
Social media
NO social media is safe or ethically sound, but many of us have accepted it as a necessary evil for staying connected in this
This can be painful in selfie culture where images of ourselves are often used for validation and self confidence, but images can be used to google search you or be edited without your permission
- Change your name – Your should not use your real name on any social media accounts
- Don’t post your real location
- Delete all personal information, address, place and date of birth, phone number, first cats, family connections, relationship status, name of your first cat, ect.
- Delete all photos of your face and un-tag yourself from others profiles (or request they delete the image).
- Check all your privacy setting are set to private and prevent people from searching you.
Other online information
Google yourself, you will be surprised at what information pops up. I found that my private email and phone number had been published by a political party which i had previously volunteered for. I emailed them to ask for it to be removed immediately.
Go through a delete all information, or request for it to be deleted by the host.
(Speaking of public information, depending on your country you may also request to have your name removed from the electoral role.)
Smart Phones
Quick checklist for making your phone more secure
✅ go through your privacy settings
✅ set secure passphrase or password – change regularly
✅ change browser and default search engine
✅ look through app permissions – does your calculator need to access your contacts and camera etc
✅ App security – turn off search history on Google apps (if can’t switch to alternatives)
✅ Get an anonymous prepaid sim card (this is difficult in some EU countries where they require a passport or ID, but Balkan countries don’t if you have friends that travel) Consider how you top up your phone. If it is connected to your credit card it is not anonymous
✅ Consider changing your operating system to GrapheneOS (Best) or LinageOS to remove the need for google or apple accounts. Uses Aroura app-store. Enables encryption
✅ Use F-doid to download opensource apps. Requires additional email address and login
✅ Install a third party keyboard on your phone. Google and Apple key boards remember everything that you type
✅ Location data – if you don’t want people to know where you are leave your phone at home or turn it off and take battery out. Turning off location services still means you can be tracked by cell tower. The jury is still out on if turning your phone on flight mode prevents this. Your phone location can also be traced by your IP address. Turn on your VPN.
✅ When using burner phones, smart phones are more secure than simple phone.
✅ Going to a phones out meeting. Leave your phone at home. If a group of phones that are monitored all turn off at the same location in can alert police to that location.
More information
Mobile Phone security for activists and agitators – Harkan geijer (Zine)
Turn off your Phone – And other basic digital security strategies. August 2023 (Zine)
Email and Clouds
Only emails between two encrypted servers using PGP or S/MINE are encrypted, but it is to easy to make a mistake and send an email without an encryption code. Generally it is best to keep any private organizing out of emails.
Systemli.org – email and cloud (email them to increase storage space) – needs an invite key Use PGP encryption for you emails
riseup.net – needs an invite key
Proton mail – has made bold claims about its security which, although trusted by many activists, are simply not true.
mailbox.org – have not researched
Aliasing – Simple login, anonymous address
10minutemail.net – temporary email addresses – use for online shopping or any other company that wants to collect your data for no purpose other than to track you and sell your data, i.e. all of them.
cryptpad.fr – collaborative suite (alternative to google docs) can be encrypted and password protected
Passwords
- Use Passphrases instead of passwords
- Never use same passphrase twice
- Get a passphrase manager like BitWarden or Keepass XC to computer generate passwords – use a one time email to create an account (make sure to memorise your email and passphrase for this and know you can access on multiple devices)
- Use muilti-factor-authentication
Browsers
Tor – is the most private and anonymous there is and can be downloaded for free. It routes your traffic over their volunteer network to anonymize it. Tor also uses Onions to provide layers of protection for both users and publishers privacy. IMPORTANT Don’t use Tor and a VPN at the same time unless you know what you are doing.
Tor can be used of phones but is less secure than Desktop Version. Download Orbot from F-droid to route all of your internet traffic through Tor, although some websites and apps may not work this way.
Brave – Select “aggressive” under trackers & ads blocking
Firefox – Select strict enhanced protection tracking, Unblock Origin is a good ad blocker
Search engines
Duckduckgo – most private
Ecosia – you help plant trees apparently – not private
Startpage – get google search results in a more private way
Use front ends like Piped to access common websites like YouTube
VPNs
Changes your IP address (where your internet access appears to be coming from) and encrypts your internet traffic so that your service provider can’t see it. You can also use it to access websites that are only available in different countries. Or pretend you are in Turkey when buying flights because apparently they are cheaper there.
When choosing a VPN check to make sure that they are not storing and selling your data. Consider purchasing a VPN as a group using a VISA gift card because they often cover multiple devices.
Alternative operating systems
Tails – Is like a having your personal computer on a USB stick. You can plug it into a public computer and open your operating system (Linux) before the regular computer operating system starts. Depending on the size of your USB you can have all your personal files and regular programs on it. Tails are encrypted and can be easily destroyed if necessary. It is all together cheaper, easier, smaller and much more secure than a private laptop. More information tails.boum.org
Linux – More secure alternative to Apple and Windows
Messaging apps
Signal – End to end encrypted messaging app, meaning the company does not receive any of your messages that it can give to cops. The new security function enabling you to hide your phone number and use a username instead has solved many of the criticisms of the App and made it safer to use group chats with unknown members. Make sure you used the dispersing messages option, update the security setting in app, and delete the app before arrest. For more info blog.privacyguides.org/2022/07/07signal-configeration-and-hardening
Telegram – There are many perks to telegram such as the ability to create private message boards where people cannot see the identity of the poster. However, the encryption type is such that the company can access your information and messages. They were tested in the European courts recently when they refused to hand over this data to the police in a drug trafficking case. Suffice to say you should not trust a company that has any data on you which the police can take.
Element – can only be downloaded from 3rd party app store. Some trust it more than signal because it uses email addresses for login instead of phone numbers. The app has a few bugs and is not very convenient to use.
Matrix, Molly & Molly-FOSS – also mentioned
Encrypt your hardware
“Encryption is a complicated math equation that turns your data from useful information into scrambled information…” Turn off your phone (2023)
Modem phones are encrypted only when your phone is turned off, not when your phone is asleep. If you are about to be arrested turn your phone off.
VeraCrypt – To encrypt computers and external storage – for Mac and Windows
LUKS – for Linux
AI
It is unknown yet the extent of the havoc that AI will rote on society however the safest bet for now is to do every thing possible to avoid feeding the AI data base any information
Resources
Find your local cybersecurity collective – there are many groups out there who are dedicated to helping their communities to be safer online
privacyguides.org – A privacy and security resource to protect yourself online
techlore.tech/goincognito – detailed privacy guide
coveryourtracks.eff.org – test your browser to see how well you are protected from tracking and fingerprinting
haveibeenpwnd.com – check if your email or phone’s data has been breached
justdeleteme.xyz – a directory of links to delete your account from web services
alternativeto.net – Find free and open source software alternatives
opencollective.com – transparent money management for collectives
Surveillance Countermeasures – Book