Privacy & Security
Privacy is a somewhat nebulous concept. To make it more concrete, we propose three fundamental facets of privacy: confidentiality, the ability to express oneself selectively; anonymity, the ability to act without revealing your identity; and autonomy, freedom from interference.
Computer security, on the other hand, deals with preventing unauthorized access to computer systems, such as by employing passwords or encryption. In the digital realm, privacy and security go hand in hand, since taking security measures is often necessary to enforce one’s privacy.
There are no absolutes in privacy or security. You can take steps to be safer, and the more people who adopt sensible digital privacy practices, the safer we all are. Encourage others who organize in their communities to take privacy seriously and to see it as a fundamental part of their organizing.
Self-Determination & Software
While technologies such as encryption can play an important role in protecting individuals and communities, digital safety begins with using devices and software that you control. That means using free/libre software:
“Free software” means software that respects users’ freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer”. We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
Non-free or proprietary software that doesn’t grant you these fundamental freedoms unjustly tips the balance of power into the hands of the software’s makers.
Threat Modeling
Before you go about trying to implement security and privacy measures, you need to understand what you’re protecting against. This is where threat modeling, a systematic procedure for assessing risk, comes in.
- Identify assets: What is it that you want to protect?
- Identify adversaries: Who might interfere?
- Identify their capabilities: What kind of resources do your adversaries have at their disposal?
- Identify risk: How likely is a threat? How bad are the consequences?
The strength of threat modeling is breaking down the highly complex problem of digital privacy into smaller, more manageable pieces that can be addressed individually. You might devise threat models to include mass surveillance programs, such as the NSA’s PRISM and Upstream programs, corporate surveillance, such as Google’s data mining for targeted advertising, targeted surveillance by law enforcement, doxxing, or something else.
Most of the technologies and advice listed here can reduce the effectiveness of passive, mass surveillance by government and businesses. If you have reason to believe you are the target of active surveillance, or are the victim of an unjust search or seizure of your electronic device, you should probably consult legal counsel instead of reading this guide.
Operating Systems
Your operating system manages your device’s resources and has privileged access to the other software you run. Windows, macOS, iOS, and Android (with Google Play Services) are all proprietary, meaning they obey their developers first, and only obey the user secondarily. All four have known privacy flaws. GNU/Linux, on the other hand, is free software. Be aware, however, that not all varieties of GNU/Linux respect your freedom and privacy equally.
Mobile Phones
All mobile phones have proprietary components, which combined with their always-connected nature and portability makes them inherently insecure. As such, your phone should not be trusted with highly sensitive information involved in browsing, communication, or anything else.
Here are some ways you can mitigate privacy risks in your day-to-day use of a mobile phone:
- Enable full-disk encryption (on by default in iOS, must be enabled in settings in Android depending on the version).
- Use a strong passcode to lock your device (there is no limit to length). Do not rely on methods of authentication that do not require your cooperation, such as the fingerprint reader or facial recognition.
- Set your device to lock after a short delay, immediately requiring the passcode to unlock again.
- Set your device to self-destruct (erase the disk-encryption key) after a certain number of failed attempts to unlock.
- Make sure notifications don’t leak sensitive information when the phone is locked.
- Avoid all sensitive browsing on the device.
- If you must browse on phone, use Firefox for Android and Firefox Focus for iOS (Focus has stronger privacy features than regular Firefox for iOS).
- Minimize the amount of browsing, chat, and call history stored on the device: set your browser not to retain browsing history and configure disappearing messages in chat apps.
- When you don’t want your location tracked, leave your phone at home.
- If you are concerned about a sensitive conversation being recorded, keep all phones out of listening range.
- Avoid backing up your device to so-called cloud services (especially for making backups of your messages or photos).
- Never plug your device into an untrusted USB port.
All in all, consider what information will be exposed if your phone is confiscated or otherwise compromised. (For more, see our “Text, Voice, and Video” section below.)
Many of these tips are elaborated upon in Freedom of the Press Foundation’s training guide:
- Mobile Security Prevention Tips
- Rapid Responses For Compromised Phones
- What To Do If Your Phone Is Seized By The Police
Full-Disk/Volume Encryption
Full-disk (or full-volume) encryption can protect the contents of your device from being inspected by someone who has taken physical control of your device. On GNU/Linux we recommend dm-crypt with LUKS, Windows includes BitLocker, and macOS includes FileVault. Full-disk encryption is only fully effective when your device is powered off. Make sure to set a strong decryption passphrase as well.
You may also want to individually encrypt files or encrypt external storage devices. VeraCrypt is a popular free-software tool for doing just that.
Passwords
Managing passwords is a reality of computer use, and doing so effectively can have a profound positive impact on protecting your privacy online and offline:
- Use strong (long and random) passwords. Strong passwords take more resources for an adversary to guess.
- Never reuse passwords between accounts. Unique passwords limit the impact if and when they are exposed through a security breach.
- Change your passwords periodically. Limit the time frame in which a compromised account can be exploited.
Password Managers
Generate strong, unique passwords and keep track of them using a password manager, such as KeePassXC. Not only are password managers good for security, they are also incredibly convenient.
Diceware
For those passwords that you must remember or type frequently, use Diceware, a technique for creating strong, easy-to-remember passwords by rolling dice.
Two-Factor Authentication
Take advantage of TOTP-based two-factor authentication (2FA) whenever it’s available. You can download a free-software TOTP authenticator app such as FreeOTP (Apple App Store, Google Play Store).
Web Browsing
Advertisers aggressively track your activities online through cookies, browser fingerprinting, and other tracking techniques. Furthermore, if you use a proprietary browser such as Chrome, Edge, Safari, or Opera, it is likely compromising your privacy in other ways. We recommend Tor Browser, GNU IceCat, LibreWolf (based on Firefox), or Iridium (based on Chromium).
Browser Extensions
Browser extensions are small programs that extend the functionality of your browser, including enhanced privacy features. Browser extensions are somewhat standardized, so an extension that works in Firefox might also work in Chromium, for example. For GNU IceCat/LibreWolf we recommend installing CanvasBlocker, Cookie AutoDelete, and uBlock Origin.
Search Engines
Use a privacy-respecting search engine. When performing sensitive searches, consider taking steps to enhance your anonymity by, for example, using the Tor Browser.
DuckDuckGo is popular and is fairly user-friendly. It is based in the US, and has a good privacy policy.
StartPage has a strong privacy policy that claims not to log searches in a way that can be connected to you. It’s based in the Netherlands.
Searx is a privacy-respecting search aggregator. The source code is free, and you can run your own instance of the service if you want.
VPNs
Major Internet service providers (ISPs) abuse their position as your gateway to the Internet by keeping track of websites you visit and even inspecting the contents of files you download in order to serve copyright violation notices. Some ISPs, including Verizon and Xfinity, have been caught in the act of performing man-in-the-middle (MITM) attacks on their customers by intercepting customers’ traffic and injecting their own advertising into Web pages. Using public wi-fi puts you at further risk, since anyone on the network can snoop on your Internet traffic, which has both important privacy and security implications.
A virtual private network (VPN) allows you to make a single secure connection that relays your Internet traffic for you. This protects you from someone snooping on your local network, from your ISP, and hinders the websites you visit from determining your geographical location. Note, however, that using a VPN creates a single point of failure since you are now trusting the VPN provider with all of your Internet traffic. Depending on your threat model and the VPN provider, using a VPN could be useless or even counter-productive.
Online VPN reviews and top-10 lists are almost always stealth advertising paid for by the VPN providers themselves. Avoid gratis VPN services at all costs. The lower the price, generally, the lower the quality.
Email is inherently problematic when it comes to privacy because of its very design. While you can take steps to conceal the contents of your email messages, email exposes information about sender and recipient. Email is still useful and, of course, unavoidable. There’s nothing wrong with using it as long as you keep in mind what information it does and doesn’t expose.
For community groups, we recommend using Tutanota or ProtonMail as your email provider and listserv, since they offer automatic end-to-end encryption of in-network messages.
Phishing
Email is an exceedingly common vector for social engineering attacks, whereby an attacker impersonates a trustworthy entity, such as a bank or someone you know, in order to elicit sensitive information from you. This is often done by including a link to a decoy login page designed to steal your login credentials or a link to a site hosting malware that attacks your browser. Furthermore, malware is commonly attached to an email disguised as a legitimate document.
Because phishing is a cheap and easy method of attack, it is a popular method employed against activists. It is important to avoid following links or opening email attachments that you were not expecting. Even professional security researchers can fall for phishing attacks. Stay vigilant, and whenever you receive an email with a link or attachment that you were not expecting—even if it appears to be from someone you know—check with the sender via another channel before opening it to make sure it is legitimate.
Text, Voice, & Video
SMS text messaging does not offer privacy against telecoms and their business partners, and mainstream methods of voice and video communication are known to be surveilled as well, including standard phone calls and software lacking end-to-end encryption like Skype. iMessage and FaceTime are popular among macOS/iOS users, but both are proprietary.
Secure Messaging Apps
Check out Conversations/ChatSecure and Element and try one out. Also be aware of Signal and Wire but understand that they are walled gardens, only allowing you to communicate with others using the same service and same software.
- Make sure to compare key fingerprints/safety numbers with your contacts so you can be sure you’re talking to who you think you are.
- If you need to use a chat client on your phone, make sure to limit notifications on the lock screen, which can leak sensitive information.
- And finally, take advantage of disappearing (limited-time) messages in these chat clients.
No solution is perfect. Consider the pros and cons of each one in relation to your threat model. For example, if you want to prioritize anonymity, Signal would be a poor choice since it requires the use of your phone number as an identifier.
Voice and Video
Most of the chat clients listed above also support secure voice and video calls. For video/voice conferences, we recommend Jitsi Meet.
Collaboration
Ditch Google Drive in your organizing. Instead of trusting a data-mining company with your data:
- Use Cryptpad for secret/anonymous collaborative document authoring and editing, as well as polling and scheduling. (Warning: You must rely on everyone in group to keep password secret and cannot revoke access to the document without losing data and content.)
- Use Etherpad as a privacy-respecting real-time collaborative word processor.
- If you have the resources and technical know-how, consider using Nextcloud for hosted file storage, contact management, and collaboration.
Using these platforms through Tor Browser can help preserve your anonymity when used correctly.
Social Media
There is nothing inherently wrong with social media, however popular centralized social media such as Facebook and Twitter are dangerous because they subject their users to broad and unhindered surveillance. The more they are able to learn about you, the higher the price at which they can sell your attention to advertisers. Furthermore, oppressive governments get access to their abundance of data—with or without the companies’ cooperation or knowledge—which they use to quash dissent.
- Abstain from centralized social media sites, such as Facebook, Twitter, and others, who profit from surveilling you. There are various alternatives that don’t abuse you, some of which are listed below.
- Don’t upload pictures of people without first obtaining their explicit consent. You cede control of any and all materials such as photos and videos when you upload them to a website like Facebook. Even if you do not “tag” the subject(s) of the photo, they can likely be identified by automated facial recognition. Photos and videos usually have metadata embedded in them that specifies the time and location at which the images were captured, as well.
- Don’t tell Facebook where you’re going. If you want to tell your friends where you are or what you’re doing, consider telling them through some other channel. Likewise, don’t RSVP to events through these platforms. If the organizers need to know that you’re coming to an event, you can contact them through another channel.
- Take advantage of browser extensions that block malicious trackers from social media sites that follow you around the Web in order to surveill your reading.
- Don’t install proprietary apps on your computer or phone, which serve to extend their surveillance reach beyond the browser.
- Diaspora*: a decentralized social network
- GNU Social: a federated micro-blogging platform
- Mastodon: a federated micro-blogging platform
- Libre.fm: online music-discovery service
Forming Habits
Privacy is ultimately a social and political problem, not one that can be solved by technological measures alone. Here are some suggestions to help you normalize privacy in your day-to-day life and to share this ethos:
- Prioritize in-person communication, especially for sensitive topics.
- Compartmentalize: Use different identities/accounts for different activities.
- Leave your phone at home (powered on) when you don’t anticipate needing it or when participating in potentially sensitive activities.
- Cover cameras on all your devices when not in use.
- Avoid always-on microphones in appliances such as TVs and so-called smart speakers.
- Do not log into accounts on devices you do not control.
- Always log out of accounts as soon as you are done.
- Pay with cash or a privacy-respecting cryptocurrency instead of a credit or debit card.
- Pay for your transit cards with cash to avoid linking your movements to your identity.
Know Your Rights
Dealing with law enforcement can be stressful and confusing. The Electronic Frontier Foundation has a good resource on your digital rights in the U.S. Here are some highlights:
- The Fourth Amendment provides protection of your electronic devices from unreasonable government searches and seizures. When the police have your device, you can lawfully say that you do not consent to a search. But if you consent to a search, police don’t need a warrant.
- If you are arrested, police may only search the contents of your phone under limited circumstances. Otherwise, police need a warrant signed by a judge to search the contents of your electronic devices.
- However, they can search your device without a warrant claiming that they suspected that important or incriminating evidence was about to be destroyed.
- You are generally not required to divulge your passwords or encryption keys, because of your Fifth-Amendment rights.
- Police can search your computer or portable devices at the border without a warrant and can charge you with a crime if you deny them access. Consider your status when crossing the border.
Software Alternatives
PRISM Break maintains a curated list of privacy-respecting alternatives to popular software:
The Free Software Directory represents a large listing of free software, which may be useful for finding alternatives to proprietary programs, but does not discriminate based on any privacy-specific criteria:
Keep in mind that the state of the art is always changing. Make sure to supplement this advice with your own research and to reevaluate your practices periodically.