Digital Security

BIG FAT DISCLAIMER: The steps listed here will definitely help discourage/mitigate government/corporate surveillance, but are in no way guaranteed to prevent it entirely. Do what is practical for you, but the only way to wholly avoid being spied on is to throw all your electronic devices into an incinerator. Find the balance between usability and security.

Resources

Readings

Social media

Get off Facebook / use it way less! No more phone numbers, addresses, check-ins. Facebook is a known collaborator and conspirator with the FBI.

Instead, share your email address and phone numbers with contacts, and use one of the many other online media platforms. (links TK)

If you still consider social media essential, consider open decentralized platforms such as GNUSocial (Twitter replacement) and Diaspora (Facebook replacement), but keep in mind these are only useful if other people you know use them as well.

Phone security

  1. Practice modern life with a turned-off GPS. Be aware that your location can still possibly be tracked even if your phone says it is disabled.
  2. Open source security apps for android: https://guardianproject.info/apps/
  3. Increasing security on your phone (tips for iOS and Android)

Messaging

  1. Signal: You have to do this with a group of friends, but if you all install Signal, then you all have encrypted comms on your phone. Signal currently works for texting and calling. For video messaging, there are a number of other options but they are less secure in general. (The voice calling portion of this app is closed source, and not guaranteed to be secure.)
  2. Whatsapp: Since supporting encryption since October 2016, whatsapp is now a reliable encrypted app. Whatsapp was purchased by Facebook. Use with caution!
  3. Wickr is another reliable encrypted messaging app. Please note though that Wickr has not allowed independent review nor is the security design properly documented. (See EFF chart)

For a solid overview of phone communication encryption and available apps, read this article on available apps and their tradeoffs and this article on phone passcodes.

Encrypt your phone if you haven’t already, and set a long unlock code/password (at least 6 characters, but the longer the better)

    1. Android
      1. If you are using Android, consider Cryptfs Password, an open source app to set independent screenlock and boot passwords
    2. iOS
      1. Consider not using Touch ID or similar – stick to a (strong) password

Web browsing

Choose Firefox over Chrome. Choose anything over gmail. Google is also a known collaborator with law enforcement. If you would rather not use Firefox, there are alternatives such as Opera or Vivaldi.

Learn about VPN for web anonymity, and see about installing it on your home internet.  (also yes TOR!) You can also use browsers that include VPN on your mobile device (like Tob for iOS).  Many VPN providers have a mobile app you can install for simplicity.

Tor a simple and secure way to protect your privacy while browsing the web – here’s a how to beginner’s guide for installing and getting started with Tor. (Please be aware: simply installing Tor might put you on the NSA watch list.)

Switch from Google to a search engine that doesn’t track your search history (e.g. DuckDuckGo)

Misc.

  1. Don’t write down your passwords if you think your physical security could be compromised.
  2. Any sort of communication that isn’t encrypted is inherently insecure and should be treated as such.  This includes email.
    1. Learn about GPG Encryption in the event you cannot convince everyone you know and love to switch off of gmail or other providers.
  3. Use two factor authentication for everything that has that option (e.g. email). Find out which sites offer two factor authentication.
  4. [Advanced] Switch to a free (as in freedom) operating system (e.g. Linux). Windows and OSX should generally be considered insecure.
    1. Specifically, Tails is a security minded Linux distribution that can be run off a flash drive on almost any computer for secure communication or browsing, and leaves no trace on the host computer. https://tails.boum.org/
  5. Use long, unique, passwords for every service. A password manager, such as the open source KeePass, can help you use strong passwords and not need to remember them for every service.
    1. Why Passwords have never been weaker, and crackers have never been stronger
  6. Use an email service provider that respects your privacy, such as the activist oriented Riseup
  7. Riseup has a number of tutorials on rivacy enhancing behaviors you can take to enhance security when you use their services.

Planning for a Trump Administration When You're Not A Straight Rich White Dude