BIG FAT DISCLAIMER: The steps listed here will definitely help discourage/mitigate government/corporate surveillance, but are in no way guaranteed to prevent it entirely. Do what is practical for you, but the only way to wholly avoid being spied on is to throw all your electronic devices into an incinerator. Find the balance between usability and security.
Resources
- Things to Know About Web Security Before Trump’s Inauguration: A Harm Reductionist Guide
- Security Culture for Activists (The Ruckus Society)
- Privacy Enhancing Technology (list)
- A 70-Day Web Security Action Plan for Artists and Activists Under Siege (Candace Williams)
- Surveillance self defence (Electronic Frontier Foundation)
- Understand your threats, and then choose the tools you need to circumvent them. A great resource to help with this: PRISM Break
- A DIY Guide to Feminist Cybersecurity
- How to encrypt your entire life in less than an hour (Free Code Camp)
- Security In A Box (Tactical Technology Collective/Frontline Defenders)
- Crash Override Network & C.O.A.C.H. : Crash Override’s Automated Cybersecurity Helper will help walk you through locking down your online identity step-by-step. (Sponsored by Feminist Frequency)
- Governments are outlawing privacy. Here’s how you can stop them. (Free Code Camp)
Readings
- FBI Confirms Contracts with AT&T, Verizon and MCI (Wired)
- How the CIA made Google (Nafeez Ahmed)
- I just can’t stand by and watch Mark Zuckerberg destroy the Internet (Free Code Camp)
Social media
Get off Facebook / use it way less! No more phone numbers, addresses, check-ins. Facebook is a known collaborator and conspirator with the FBI.
Instead, share your email address and phone numbers with contacts, and use one of the many other online media platforms. (links TK)
If you still consider social media essential, consider open decentralized platforms such as GNUSocial (Twitter replacement) and Diaspora (Facebook replacement), but keep in mind these are only useful if other people you know use them as well.
Phone security
- Practice modern life with a turned-off GPS. Be aware that your location can still possibly be tracked even if your phone says it is disabled.
- Open source security apps for android: https://guardianproject.info/apps/
- Increasing security on your phone (tips for iOS and Android)
Messaging
- Signal: You have to do this with a group of friends, but if you all install Signal, then you all have encrypted comms on your phone. Signal currently works for texting and calling. For video messaging, there are a number of other options but they are less secure in general. (The voice calling portion of this app is closed source, and not guaranteed to be secure.)
- Whatsapp: Since supporting encryption since October 2016, whatsapp is now a reliable encrypted app. Whatsapp was purchased by Facebook. Use with caution!
- Wickr is another reliable encrypted messaging app. Please note though that Wickr has not allowed independent review nor is the security design properly documented. (See EFF chart)
For a solid overview of phone communication encryption and available apps, read this article on available apps and their tradeoffs and this article on phone passcodes.
Encrypt your phone if you haven’t already, and set a long unlock code/password (at least 6 characters, but the longer the better)
- Android
- If you are using Android, consider Cryptfs Password, an open source app to set independent screenlock and boot passwords
- iOS
- Consider not using Touch ID or similar – stick to a (strong) password
Web browsing
Choose Firefox over Chrome. Choose anything over gmail. Google is also a known collaborator with law enforcement. If you would rather not use Firefox, there are alternatives such as Opera or Vivaldi.
Learn about VPN for web anonymity, and see about installing it on your home internet. (also yes TOR!) You can also use browsers that include VPN on your mobile device (like Tob for iOS). Many VPN providers have a mobile app you can install for simplicity.
Tor a simple and secure way to protect your privacy while browsing the web – here’s a how to beginner’s guide for installing and getting started with Tor. (Please be aware: simply installing Tor might put you on the NSA watch list.)
Switch from Google to a search engine that doesn’t track your search history (e.g. DuckDuckGo)
Misc.
- Don’t write down your passwords if you think your physical security could be compromised.
- Any sort of communication that isn’t encrypted is inherently insecure and should be treated as such. This includes email.
- Learn about GPG Encryption in the event you cannot convince everyone you know and love to switch off of gmail or other providers.
- Use two factor authentication for everything that has that option (e.g. email). Find out which sites offer two factor authentication.
- [Advanced] Switch to a free (as in freedom) operating system (e.g. Linux). Windows and OSX should generally be considered insecure.
- Specifically, Tails is a security minded Linux distribution that can be run off a flash drive on almost any computer for secure communication or browsing, and leaves no trace on the host computer. https://tails.boum.org/
- Use long, unique, passwords for every service. A password manager, such as the open source KeePass, can help you use strong passwords and not need to remember them for every service.
- Use an email service provider that respects your privacy, such as the activist oriented Riseup
- Riseup has a number of tutorials on rivacy enhancing behaviors you can take to enhance security when you use their services.