Get Red Pepper's email newsletter. Enter your email address to receive our latest articles, updates and news.

×

Digital security for activists

Lee Knox gives his top ten tips on how to keep your data from prying eyes

April 1, 2014
5 min read

Activist security used to consist of ensuring mobile phones were in several pieces before meetings began. But in a world of constant digital surveillance, activists have had to up their game – here are ten simple steps to keep your digital info private.

1. Ditch Google search

Search the web with startpage.com or duckduckgo.com.

2. Be harder to track online

Browse the web with Firefox. Firefox is developed openly and its security is checked independently. The add-on Adblock Plus is good at removing adverts and gives you three powerful tools once installed. To be more secure and prevent Facebook and advertisers following you from one website to another, turn all three on: Malware Blocking, Remove Social Media Buttons and Disable Tracking. The add-on HTTPS Everywhere will hinder eavesdropping by turning on encryption where websites offer it.

3. Blog securely

If you want a free activist blog or WordPress website, try network23.org or noblogs.org, which won’t record your user or visitor details.

4. Have strong passwords for different sites

Try a password similar to yours on howsecureismypassword.net – many can be guessed in under a second. The best passwords are over 20 characters long, with a mixture of lower and upper case letters, numerals and special characters – for example, ‘NoamChomsky,marrymein2014!’

If your password for the Manufacturing Consent Appreciation Society website is discovered, you don’t want it to be the same as you use for online banking. So you could change part of it according to the website – an obvious example would be to use the first letter of the website (though bear in mind that anything that’s obvious to you is likely to be obvious to others too).

A more detailed guide is available from Mozilla here. You can save and view your various passwords securely using Keepass.

5. Email securely

Riseup.net and aktivix.org offer free, secure email addresses for activists. They’re funded by our donations – so be generous. Thunderbird is a free, secure alternative to Outlook for sending and receiving emails.

Riseup and Aktivix can’t afford to let users save as many emails online as surveillance-funded corporate webmail services, so you may need to save older emails on your computer and make your own backups. You might also want to keep a less obviously security-focused email address for your family and boss.

6. Use a less public email list

If you use email lists, instead of Google Groups (which can even publish emails online if you don’t get the settings right) most activists use lists.riseup.net or aktivix.org.

7. Browse anonymously

The world-famous Tor is immensely powerful, letting you be anonymous online. But you need to spend time reading how to use it effectively – it helps you be anonymous but not necessarily private, so you need to be careful with personal details such as your name and personal accounts you log in to.

Tails lets you use Tor without leaving any trace on the computer you’re using.

Techtoolsforactivism.org explains the privacy benefits of internet cafes and public wifi.

8. Use Linux

If you have the time to learn how to use an alternative to Windows and Apple, Linux is the most secure, totally free and virus-proof choice for a new computer, or to start again with on an old computer. This is because, like Firefox, it is developed openly and its security is checked independently.

Ubuntu Desktop 14 will be released in April 2014 and Linux Mint 17 will follow, with Ubuntu’s unfortunate sponsored Amazon searches removed. When you install it, you simply tick a box to encrypt your full disk: a vital way to protect your data. For Windows and Mac users, cryptoparty.in has a guide to encrypting your full disk using TrueCrypt.

9. Get an ‘action mobile’

Mobiles and privacy don’t mix. Basically, leave it at home. Use cash to buy an ‘action phone’ to take anywhere arrestable. You can read more at activistsecurity.org.

A PIN code and full-disk encryption for Android smartphones are the bare minima. Smartphone guides are available at prism-break.org and securityinabox.org.

10. Read on

Don’t worry if it gets confusing. Come along to a local ‘cryptoparty’ to meet scarily enthusiastic geeks who’ll be delighted to help you out. And read on:

tacticaltech.org
securityinabox.org
activistsecurity.org
techtoolsforactivism.org
flossmanuals.net/basic-internet-security
prism-break.org
cryptoparty.in