Privacy & Security
Privacy is a somewhat nebulous concept. To make it more concrete, we propose three fundamental aspects of privacy: secrecy, the ability to express oneself selectively; anonymity, the ability to act without revealing your identity; and autonomy, freedom from interference by those watching you. In the digital realm, privacy and security go hand in hand, since security is often necessary to enforce one’s privacy.
There are no absolutes in privacy or security. We hope to make you safer, and the more people who adopt safer digital privacy practices, the safer we all are. Encourage others who organize in their communities to take privacy seriously and to see it as a fundamental part of their organizing.
While technologies such as encryption can play an important role in protecting individuals and communities, digital safety begins with using devices and software that you control. That means using free/libre software:
“Free software” means software that respects users’ freedom and community. Roughly, it means that the users have the freedom to run, copy, distribute, study, change and improve the software. Thus, “free software” is a matter of liberty, not price. To understand the concept, you should think of “free” as in “free speech,” not as in “free beer”. We sometimes call it “libre software,” borrowing the French or Spanish word for “free” as in freedom, to show we do not mean the software is gratis.
Before you go about trying to implement security and privacy measures, you need to understand what you’re protecting against. This is where threat modeling, also known as risk assessment, comes in.
- Identify assets: What is it that you want to protect?
- Identify adversaries: Who might interfere?
- Identify their capabilities: What kind of resources do your adversaries have at their disposal?
- Identify risk: How likely is a threat? How bad are the consequences?
Consider whether your threat model includes mass surveillance programs, such as the NSA’s PRISM and Upstream programs, corporate surveillance, such as Google’s data mining for targeted advertising, targeted surveillance by law enforcement, doxxing, or something else. Most of the technologies and advice listed here can reduce the effectiveness of passive, mass surveillance by government and businesses. Please note that if you are the target of active surveillance, you should consult a lawyer instead of reading this guide.
Windows, macOS, iOS, and Android are all proprietary, meaning they obey their developers first, and only obey the user secondarily. All four have known privacy flaws. GNU/Linux, on the other hand, is free software.
All phones have proprietary components, which combined with their always-connected nature and portability makes them inherently insecure. As such, your phone should never be trusted with highly sensitive information involved in browsing, communication, or anything else.
Here are some ways you can mitigate privacy risks in your day-to-day use of a phone:
- Enable full-disk encryption (on by default in iOS, may need to be enabled in settings in Android).
- Use a strong passcode to lock your device (there is no limit to length). Do not rely on methods of authentication that do not require your cooperation, such as the fingerprint reader or facial recognition.
- Set the device to lock, requiring the passcode, immediately.
- Avoid all sensitive browsing on the device.
- Understand the risks of so-called cloud services (especially for making backups of your messages or photos).
- Never plug your device into an untrusted USB port.
- If you must browse on phone, use Firefox for Android and Firefox Focus for iOS (Focus has stronger privacy features than regular Firefox for iOS).
- Set your device to self-destruct after a certain number of failed attempts to unlock.
- Make sure notifications don’t leak sensitive information when the phone is locked.
- Set your browser not to retain browsing history.
- If you don’t want your location tracked, leave your phone at home.
- If you are concerned about being recorded, keep all phones out of listening range.
All in all, consider what information will be exposed if your phone is confiscated or otherwise compromised. (For more, see our “Text, Voice, and Video” section below.)
Many of these tips are elaborated upon in Freedom of the Press Foundation’s training guide:
Full-disk (or full-volume) encryption can protect the contents of your device from being inspected by someone who has taken physical control of your device. On GNU/Linux we recommend dm-crypt with LUKS, Windows includes BitLocker, and macOS includes FileVault. Full-disk encryption is only fully effective when your device is powered off. Make sure to set a strong login password as well.
You may also want to individually encrypt files or encrypt external storage devices. VeraCrypt is a popular free-software tool for doing just that.
- Use strong (long and random) passwords. Strong passwords take more resources for an adversary to guess.
- Never reuse passwords between accounts. Unique passwords limit the impact if and when they are exposed.
- Change your passwords periodically. Limit the time frame in which a compromised account can be exploited.
If you have one or more passwords that you must remember or type frequently, use Diceware, a technique for creating strong, easy-to-remember passwords by rolling dice.
Take advantage of two-factor authentication (2FA) whenever it’s available. Download FreeOTP (Apple App Store, Google Play Store). 2FA can be inconvenient because it relies on you having your phone. Make sure to back up your phone regularly so as not to lose access to your accounts.
Advertisers aggressively track your activities online through cookies, browser fingerprinting, and other tracking techniques. Furthermore, if you use a proprietary browser such as Chrome, Internet Explorer, Edge, Safari, or Opera, it is likely compromising your privacy in other ways. We recommend GNU IceCat, Firefox, or Iridium (based on Chromium). We also recommend Firefox Focus if you use a Web browser on iOS.
Browser extensions are small programs that extend the functionality of your browser, including enhanced privacy features. Browser extensions are somewhat standardized, so an extension that works in Firefox might also work in Chromium, for example. For GNU IceCat/Firefox we recommend installing CanvasBlocker, Decentraleyes, HTTPS Everywhere, Cookie AutoDelete, and uBlock Origin.
Use a privacy-respecting search engine. When performing sensitive searches, consider taking steps to enhance your anonymity by, for example, using the Tor Browser.
Searx is a privacy-respecting search aggregator. The source code is free, and you can run your own instance of the service if you want.
Internet service providers (ISPs) abuse their position as your gateway to the Internet by keeping track of websites you visit and even inspecting the contents of files you download in order to serve copyright violation notices. Some ISPs, including Verizon and Xfinity, have been caught in the act of performing man-in-the-middle (MITM) attacks on their customers by intercepting customers’ traffic and injecting their own advertising into Web pages. Using public wi-fi puts you at further risk, since anyone on the network can snoop on your Internet traffic, which has both important privacy and security implications.
A virtual private network (VPN) allows you to make a single secure connection that relays your Internet traffic for you. This protects you from someone snooping on your local network, from your ISP, and hinders the websites you visit from determining your geographical location. Note, however, that using a VPN creates a single point of failure since you are now trusting the VPN provider with all of your Internet traffic. Depending on your threat model, using a VPN may or may not be a good idea.
Online VPN reviews and top-10 lists are almost always stealth advertising paid for by the VPN providers themselves. Avoid gratis VPN services at all costs. The lower the price, generally, the lower the quality.
Email is inherently problematic when it comes to privacy because of its very design. While you can take steps to conceal the contents of your email messages, email exposes information about sender and recipient. Email is still useful and, of course, unavoidable. There’s nothing wrong with using it as long as you keep in mind what information it does and doesn’t expose.
Email is an exceedingly common vector for social engineering attacks, whereby an attacker impersonates a trustworthy entity, such as a bank or someone you know, in order to elicit sensitive information from you. This is often done by including a link to a decoy login page designed to steal your login credentials or a link to a site hosting malware that attacks your browser. Furthermore, malware is commonly attached to an email disguised as a legitimate document.
Because phishing is a cheap and easy method of attack, it is a popular method employed against activists. It is important to avoid following links or opening email attachments that you were not expecting. Even professional security researchers can fall for phishing attacks. Stay vigilant, and whenever you receive an email with a link or attachment that you were not expecting—even if it appears to be from someone you know—check with the sender via another channel before opening it to make sure it is legitimate.
Text, Voice, and Video
SMS text messaging does not offer privacy, and mainstream methods of voice and video communication are known to be surveilled as well, including normal phone calls and software like Skype. iMessage and FaceTime are popular among macOS/iOS users, but both are proprietary.
Secure Messaging Apps
Check out Conversations/ChatSecure and Element and try one out. Also be aware of Signal and Wire but understand that they are walled gardens, only allowing you to communicate with others using the same service and same software.
- Make sure to compare key fingerprints/safety numbers with your contacts so you can be sure you’re talking to who you think you are.
- If you need to use a chat client on your phone, make sure to hide notifications on the lock screen, which can leak sensitive information.
- And finally, always remember to take advantage of disappearing messages on these chat clients.
No solution is perfect. Consider the pros and cons of each one in relation to your threat model. For example, if you want to prioritize anonymity, Signal would be a poor choice since it uses your phone number as an identifier.
Voice and Video
Most of the chat clients we listed above also support secure voice and video calls. For video/voice conferences, we recommend Jitsi Meet.
Ditch Google Drive in your organizing. Instead of trusting a data-mining company with your data:
- Use Cryptpad for secret/anonymous collaborative document authoring and editing, as well as polling and scheduling. (Warning: You must rely on everyone in group to keep password secret and cannot revoke access to the document without losing data and content.)
- Use Etherpad as a privacy-respecting real-time collaborative word processor.
- If you have the resources and technical know-how, consider using Nextcloud for hosted file storage, contact management, and collaboration.
Using these platforms on Tor can add an extra layer anonymity.
There is nothing inherently wrong with social media, however popular centralized social media sites such as Facebook and Twitter are dangerous because they subject their users to broad and unhindered surveillance. Their users are not their customers. Their customers are advertisers, and their users’ information and attention are the commodity they sell. The more they are able to learn about you, the higher the price at which they can sell you to the advertisers. Furthermore, oppressive governments get access to their abundance of data—with or without the companies’ cooperation or knowledge—which they use to quash dissent.
- Abstain from centralized social media sites, such as Facebook, Twitter, and others, who profit from surveilling you. There are various alternatives that don’t abuse you, some of which are listed below.
- Don’t upload pictures of people without first obtaining their explicit consent. You cede control of any and all materials such as photos and videos when you upload them to a website like Facebook. Even if you do not “tag” the subject(s) of the photo, they can likely be identified by automated facial recognition. Photos and videos usually have metadata embedded in them that specifies the time and location at which the images were captured, as well.
- Don’t tell Facebook where you’re going. If you want to tell your friends where you are or what you’re doing, consider telling them through some other channel. Likewise, don’t RSVP to events. If the organizers need to know that you’re coming to an event, you can contact them through another channel.
- Take advantage of browser extensions that block malicious trackers from social media sites that follow you around the Web in order to surveill your reading.
- Don’t install proprietary apps on your computer or phone, which serve to extend their surveillance reach beyond the browser.
Sometimes you can enhance your privacy just by changing your habits. Here are some suggestions:
- Normalize privacy in your day-to-day life and share this ethos.
- Avoid centralized social media sites like Facebook.
- Prioritize in-person communication, especially for sensitive topics.
- Leave your phone at home powered on when you do not want to be tracked and/or recorded.
- Compartmentalize: Use different identities for different activities.
- Cover cameras on all your devices when not in use.
- Avoid always-on microphones in appliances such as TVs and smart speakers.
- Only use devices you trust.
- Always log out of accounts as soon as you are done.
- Do not log into accounts on devices you do not control.
- Take advantage of vanishing messages.
- Pay with cash or a privacy-respecting cryptocurrency instead of a credit or debit card.
- Pay for your transit cards with cash to avoid linking your movements to your identity.
Know Your Rights
Dealing with law enforcement can be stressful and confusing. The Electronic Frontier Foundation has a good resource on your digital rights in the U.S. Here are some highlights:
- The Fourth Amendment provides protection of your electronic devices from unreasonable government searches and seizures. When the police have your device, you can lawfully say that you do not consent to a search. But if you consent to a search, police don’t need a warrant.
- If you are arrested, police may only search the contents of your phone under limited circumstances. Otherwise, police need a warrant signed by a judge to search the contents of your electronic devices.
- However, they can search your device without a warrant claiming that they suspected that important or incriminating evidence was about to be destroyed.
- You are generally not required to divulge your passwords or encryption keys, because of your Fifth-Amendment rights.
- Police can search your computer or portable devices at the border without a warrant and can charge you with a crime if you deny them access. Consider your status when crossing the border.
Private Software Alternatives
Here is a curated list of privacy-respecting alternatives to popular software:
Please keep in mind that the state of the art is always changing. Make sure to do your own research and keep up to date. This guide was last reviewed on 2021-08-07.
- 2021-08-07: Removed link to privacytools.io (The website recommends non-free software, which is counter to our recommendation policies.)
- 2021-08-07: Removed recommendation of uMatrix extension (The extension was discontinued and its functionality has largely become redundant with uBlock Origin.)
- 2021-08-07: Removed recommendation of Privacy Badger extension (The extension's functionality has become redundant with uBlock Origin.)
- 2021-08-07: Riot Matrix client replaced by Element (Riot was renamed to Element.)