Digital Security

From Resistance Manual
(Redirected from Safety and Security)

This is the approved revision of this page, as well as being the most recent.
Jump to: navigation, search

How to Protect Yourself from Digital Surveillance[edit]

Be Careful About Location Sharing[edit]

  • Flickr: photos include data that can be used to identify and locate you. This is known as metadata, or Exchangeable Image File Format (EXIF).
  • Twitter or Instagram do not include metadata.
  • Twitter and Instagram ask you to share information on your location, so they can tag your tweets or posts with your current location. Since these are public platforms, anyone can then see where you are located. Instagram has information on how to disable your location here. Twitter has it here.
  • Becoming familiar with the privacy policies of the social media you use will help you know when they share or sell that information and with whom.

Use 2-Factor Authentication[edit]

2-factor authentication means that in addition using a username and password to log in, there is also a second form of security so that no one else can access your account. This might mean entering a code that gets sent to your cell phone, or using an additional app. Find out how to enable two-factor authentication:

Strengthen Your Passwords[edit]

Make sure your passwords are secure so that no one can guess them and hackers cannot crack them. A few rules to follow:

  • Make your passwords long, at least 12 characters. Consider using phrases that include numbers and a mix of lowercase/uppercase letters.
  • Avoid using easy to guess personally identifying data in your passwords, such as:
    • Birthdates or anniversaries
    • Names of family members or pets
    • Companies you have worked for
    • Cities you have visited or lived in
  • Avoid reusing passwords! Use a password manager such as LastPass or 1Password to help you track your passwords.These apps may even assist you in recommending a secure password.

Apps and Services that Provide Extra Security[edit]

Texting/Messaging[edit]

Texting is easily hacked and accessible to the government.

  • Signal has quickly grown into the tool of choice for many activists, journalists, and people who are part of a resistance. There are no known or public vulnerabilities with this app, which is available for iOS and Android—as far as anyone knows, it is totally secure. If you're a Chrome user, you can also use Signal Desktop.
  • Dust—an app for disappearing text messages and photos that are similar in some ways to Snapchat.

Email[edit]

Email is also relatively easy to hack, and the laws protecting e-mail privacy from government intrusion are relatively weak.

  • You can use an encrypted email service. Protonmail and Tutanota are two relatively easy-to-use providers of encrypted email. Both are hosted outside the US, so they are less likely to hand over your data on a government subpoena. Both services store your email in the encrypted form on their server, and you are the only one who has the password. This means that even if a court forces them to share emails, no one can read it unless they have the password as well.
    • Caveats: Protonmail and Tutanota are only useful if you are communicating with someone who is also using that service. You cannot send encrypted email from Protonmail to a Gmail user. More information on encrypted email services can be found in the guides below.
  • Mailvelope is a desktop app that provides email encryption.
  • If you simply want to avoid giving out your email address (e.g., when taking a Trump-sponsored poll!), you can get a free, temporary email address from Shark Lasers.

Web Browsing[edit]

Especially due to the recent law[1][2] that makes it legal for your internet service provider to sell your browsing data, you may be interested in ways to help protect your privacy.

  • Most security professionals recommend using the Tor browser, which routes your web traffic through multiple servers around the world. Tor has a pretty user-friendly web browser: Simply download the Tor Browser and launch it. It takes a few minutes, but when it is up and running, you can browse the web in relative anonymity and privacy.
    • There are mobile versions of Tor Browser. On iOS, there is VPN Browser and Tob. For Android, there is Orbot.
  • DuckDuckGo is an anonymous search engine—i.e., Google without the tracking. It does not work as well as Google, but it is much more secure.
  • You can also install apps like HTTPS Everywhere to make your browsing more secure and less trackable.
  • See Free Code Camp's guide to setting up a VPN and explanation of why this is important. A VPN (Virtual Private Network) is a service that increases Internet security by encrypting your browsing data and making it look as if your data is coming from somewhere else, so people trying to read your data won't be able to—and won't even know that it's your data. VPNs can also make it look like you're browsing from a different country, so they may allow you to access sites that the government has blocked.

Digital Security Guides[edit]

Online and Offline Harassment[edit]

Online harassment can also extend into the real world. Doxxing, where the private details of someone's life are exposed, is one type of attack. Some tools for reducing the risk of doxxing are:

Government Surveillance[edit]

The United States has a long history of surveilling political dissidents, from making lists of Communists during the Red Scare to monitoring civil rights activists in programs like CointelPro.[3] Because the laws around electronic privacy are underdeveloped and are now under threat, the government can potentially gain access to a lot of information without jumping through a lot of hoops.

Information Accessible to the Government (broadly)[edit]

  • The Foreign Intelligence Surveillance Act of 1978[4] describes procedures that the government must follow when conducting domestic surveillance. The Act describes the ways in which American spy agencies can get warrants to conduct surveillance on people in the US, including electronic surveillance, physical searches, telephone surveillance, and access to business records. The Foreign Intelligence Surveillance Court decides whether to approve or deny requests for surveillance. Between 1979, when the court was created, and 2013, 35,529 requests were submitted and only 12 were denied.
  • The USA Patriot Act, signed by George W. Bush in 2001 and partly reauthorized by Barack Obama in 2011, increased the Surveillance Court's reach. Previously, only conventional wiretaps (on phones) were allowed, but the Patriot Act made it legal to "tap" the Internet.

Information Accessible to the NSA[edit]

  • The PRISM program,[5] which began after the September 11, 2001, attacks, enables NSA analysts to access the information stored by Facebook, Google, Yahoo, MSN, Apple, Youtube, AOL, and Skype.[6] This list of the companies involved in the program is from 2013 (they were part of the Snowden leaks)—more companies may have been added since then.
  • The XKeyscore program,[7] also started after September 11, is a complex software system that enables NSA analysts to quickly access any of the NSA's data. According to The Guardian's Glenn Greenwald, even low-level NSA analysts can use the system to "listen to whatever emails they want, whatever telephone calls, browsing histories, Microsoft Word documents. And it's all done with no need to go to a court, with no need to even get supervisor approval on the part of the analyst."[8][9] Greenwald also said that the NSA's data bank allows its analysts to listen "to the calls or read the emails of everything that the NSA has stored, or look at the browsing histories or Google search terms that you've entered, and it also alerts them to any further activity that people connected to that email address or that IP address do in the future."[10]