Digital security is a form of self-defense. In recent years, state-sponsored data interception and monitoring has become legalized, normalized, and expanded at an unprecedented rate. At the same time, responses from socially-conscious software developers, hackers, and technology collectives have been stunning. There has never before been such a wide, varied, and effective selection of digital security tools. The capacity for communities in resistance to organize across long distances, obscure their identities, and encrypt their communications is a vital and growing field of radical practice. If you are worried about the state accessing your data or monitoring your communications, here are a few tips to build a secure combination of systems for day-to-day use. For more in-depth information, visit The Electronic Frontier Foundation’s Surveillance Self Defense Guide (ssd.eff.org).
GENERAL TIPS
Change your password: We’ve all heard this one before, but it’s an absolute “must do.” Each of the security tips that follow relies on a secure set of passwords. Using a Strong Random Password generator (strongpasswordgenerator.com) along with an encrypted password storage vault such as KeePass (keepass.info) can help you keep multiple passwords accessible with a single login.
Make ‘em work for it: While no combination of digital practices are absolutely safe, we should aim to layer and combine security services to the point where eavesdropping and interception become incredibly difficult for our adversaries. Never assume you are totally safe. Consider changing habits, locations, systems, tools, pseudonyms, and passwords often.
Using Facebook means handing over your community’s most sensitive data directly to law enforcement.
Know the law: Learning about The 4th Amendment of the Constitution as well as warrants and subpoenas is instrumental in developing a flexible, practical framework for digital security.
DESKTOP AND LAPTOP
Securing a desktop or laptop system is the first step towards establishing safer digital practices. Desktop systems, much like your mobile phone, are vulnerable to eavesdropping and are often targeted in warranted seizures. Encrypting your hard drive, obscuring your internet browsing, and learning to use GPG email services can protect your data and communications.
ANONYMOUS BROWSING
Those wishing to browse the internet securely and anonymously will want to use some version of a proxy network, such as Tor (torproject.org). Tor takes outgoing and incoming internet traffic from your computer and routes it to thousands of other anonymous users, bouncing it through multiple secure nodes before sending it along to its destination. Downloading Tor allows the Tor service to run on your computer, though you still need to download a Tor-compatible browser to reach the web. The Tor Browser is a great choice for simple, anonymous browsing.
ENCRYPTED EMAIL
The GNU Privacy Guard (GPG) (gnupg.org) utilizes one of the most powerful and elegant cryptographic systems ever invented, securing email communications against surveillance and eavesdropping. Setting up GPG often involves combining a mail application like Thunderbird (mozilla. org/en-US/thunderbird) with a GPG plugin such as Enigmail (enigmail.net). You can follow straightforward guides, like those found in Tactical Tech’s Digital Security in a Box (securityinabox.org) to set up GPG.
DISK ENCRYPTION
Desktop and laptop systems can be secured against unwanted access by encrypting the contents of your hard drive and securely erasing data. This ensures that a computer system that has been seized with a warrant or stolen from you cannot be easily accessed. VeraCrypt (veracrypt.codeplex.com) is an open source disk encryption tool for Mac and PC that allows you to encrypt full hard disks, individual folders, or USB sticks. In addition, know that securely erasing your files can be as important as securely storing them. On a regular operating system, files that are “erased” or placed in the recycling bin can easily be recovered by law enforcement. Use a tool such as Eraser (eraser.heidi.ie) for Windows or Permanent Eraser for Mac (edenwaith. com) to make sure that sensitive files are actually wiped from your system.
CELL PHONE
Securing your cell phone involves the same layered approach as your other digital systems. Warrants and subpoenas are often served to telecommunications companies, and almost all phone companies will comply with these record requests without informing the customer. Furthermore, police warrants commonly list mobile phones as potential evidence to be collected. To prevent your phone data from falling into the wrong hands, considering using the following tools to secure your phone, encrypt your communications, and protect your data.
MOBILE TEXT AND CALL
Open Whisper Systems’ Signal (whispersystems.org) is a popular iOS and Android end-to-end encryption application for securing text and call data. Signal works by feeding the user’s messages and calls through an encryption algorithm, sending the encrypted data across the phone network, and then de-encrypting it on the recipient’s phone. Those monitoring the communication network will only be able to see the encrypted data. Messages sent and received can also be permanently deleted from Signal’s record. Like GPG, Signal only works when both the sender and the receiver are using the application.
MOBILE BROWSING
For secure browsing with an Android phone, Guardian Project’s Orfox (guardianproject.info) browser routes your phone’s web traffic through the Tor network, making it exceptionally difficult to track your visits and searches. iOS users can pay 99 cents to download the iPhone and iPad-compatible Onion Browser app (available on iTunes).
PHONE ENCRYPTION
One of the best ways to control access to your phone and its data is to lock and encrypt your device. Luckily, both Android and iOS provide system encryption that can be turned on with simple settings. Phones will need a screen passcode active in order to turn on encryption, which can be reached through your phone’s Security or Privacy settings. Encrypting the data on your phone will prevent an attacker or the police from gaining access to your texts, photos, videos, and stored data.
LOCATION SERVICES AND PERSONAL DATA
Your phone stores and tracks an incredible amount of data about your day-to-day activities, locations, and social networks. Tactical Tech’s Me and My Shadow project (myshadow. org) is a great tool for understanding and visualizing the hundreds of digital traces that your electronic systems store about you. Turning off location services on your phone can protect you from some forms of tracking, but it is still possible to record your location using phone company records, surreptitious data collection, and cell tower triangulation. You can use Burner Phones to maintain your ability to make and receive calls and texts while not using your primary phone. A burner phone is a pre-paid or pay-as-you- go disposable phone that can be purchased at most independent mobile phone shops. Purchase these phones with cash to avoid being identified through credit card records.