A simple resource to help journalists, protesters, activists, citizens of authoritarian regimes, and those in warzones protect themselves and their communities when using technology.
March 14, 2022
As originally posted by Reclaim the Net.
Use a strong passkey
Your devices serve as a gateway to your apps, accounts, and data so it’s essential that you protect them with a strong passkey.
At the bare minimum, use a random alphanumeric code that has no association with any of your personal information.
Turn OFF fingerprint and face unlock
If you login to your device with a fingerprint or face scan, it’s easy for someone to force you to unlock the device.
On an Android, open “Settings,” select “Screen lock,” and choose “Password.”
On an iPhone, open “Settings,” select “Touch ID & Passcode” or “Face ID & Passcode,” and turn it off.
Use a passcode instead.
Use two-factor authentication
2FA boosts the security of your online accounts by requiring an additional authentication token alongside your username and passkey.
The token is generated by an authenticator app or a hardware key.
If your passkeys are stolen or leaked, others won’t be able to use them to access your online accounts because they don’t have the additional authentication method.
See which of your online accounts support 2FA and learn how to set it up for each account by using 2FA Directory.
Be vigilant about phishing attempts
Attackers can use email and messaging tools to steal login details or infect your device with malware.
Avoid clicking links or downloading files from email.
Never login to a site or app from an email link, even if it looks like it’s from someone or a company you trust.
Never send sensitive information such as login info over ANY communication channel.
Delete unused apps and data
Devices often get filled with potentially revealing information in the form of screenshots, notes, files, and apps that we no longer use.
Review your photos, notes, files, and apps regularly and delete any that are no longer necessary.
Take photos without unlocking your device
Taking photos or videos without unlocking your device is more secure and it also helps you document events faster.
To access the camera on a locked Android phone, you’ll first need to open “Settings” > “Advanced features” > “Side key,” enable “Double press,” and select “Quick launch camera.” After you’ve enabled the quick launch camera, you can double tap the power button while your phone is locked to open the camera.
To access the camera on a locked iPhone, wake your phone and swipe left to open the camera.
Scrub photo metadata
Photo metadata can contain sensitive information such as the type of device your photo was taken with, the date and time the photo was taken, and the location where the photo was taken.
To remove this metadata before sending a photo or posting it online:
1. Take a screenshot and share the screenshot instead of the original photo
2. Send yourself a copy of the photo via the end-to-end encrypted messaging app Signal (which automatically strips metadata when sending images) and share the copy of the photo downloaded from Signal
Disable location services
Your phone’s location services share detailed information about your precise location with any apps that have been granted access to this data.
Android phones track your location in two ways – via your device’s location services and via Google “Web & App Activity.”
To toggle location services on an Android phone, swipe down from the top of the screen and tap “Location.”
To toggle Google “Web & App Activity,” open “Settings” > “Google” > “Manage your Google Account” > “Data & Permissions” > “Web & Activity.”
To toggle location services on an iPhone, open “Settings” > “Privacy” and tap the “Location Services” toggle.
Consider airplane mode
Airplane mode disables your device’s cellular radio, Wi-Fi, and Bluetooth and prevents your location from being tracked via these networks.
However, it also prevents you from connecting to the internet and receiving calls – so you may need to download offline copies of any data you need and let your contacts know that you’ll be unavailable before enabling airplane mode.
To toggle airplane mode on an Android phone, swipe down from the top of your home screen and tap “Airplane mode.”
To toggle airplane mode on an iPhone that uses FaceID, swipe down from the top right of the screen and tap the airplane icon.
To toggle airplane mode on an iPhone that uses TouchID, swipe up from the bottom of the screen and tap the airplane icon.
Check for a compromised device
If your device is frequently restarting on its own, crashing, failing to update, or showing camera activity indicators when the camera isn’t in use, it could be compromised with malware.
Look through your apps and delete any that are suspicious or that you don’t need any more.
If your phone still has performance issues after removing these apps, consider performing a factory reset. Factory resets erase all the data from your phone so you should back up your phone regularly to minimize potential data loss from factory resets.
To factory reset an Android phone, tap “Settings” > “System” > “Reset options” > “Erase all data (factory reset)” > “Erase all data,” enter your phone’s passkey if prompted, and select “Erase all data.”
To factory reset an iPhone, tap “Settings” > “General” > “Transfer or Reset iPhone” > “Erase All Content and Settings,” enter your phone’s passkey if prompted, and select “Erase iPhone.”
Choosing service providers
There’s always a risk of a service provider tracking you or a private network participant acting maliciously. Additionally, a service provider’s location can potentially subject them to pressure from governments and law enforcement and make them subject to laws or agreements that allow your data to be shared without your knowledge or consent.
When choosing a service provider, consider how their location could impact your privacy and consider factors such as whether they use open-source code, whether they have the support of people that have fought for privacy, and whether they have a history of pushing back against privacy overreach from governments and law enforcement.
All of our recommendations are dependent on using a service provider that sticks to their privacy claims and doesn’t hand over your personal data.
If the internet, apps, or websites are being geo-blocked based on your Internet Protocol (IP) address, you can circumvent this censorship by using a Virtual Private Network (VPN) or The Onion Router (Tor) Browser.
To circumvent geo-blocks with a VPN, download and open a VPN, connect to a server in a region that’s not subject to the geo-block, and start browsing.
To circumvent geo-blocks with Tor Browser, download Tor Browser and try opening the website. If it still doesn’t load, check to see if the site has an onion address (a website-like service that’s only accessible through the Tor network). If it does, open the onion address in Tor Browser.
Using a VPN and Tor together is discouraged so only use one of these tools per session.
Create anonymous accounts
If your main online accounts are banned by a platform, the censor will likely use the personal information that’s associated with these accounts (your name, IP address, data fingerprints) in an attempt to prevent you from creating new accounts. Creating accounts anonymously or pseudonymously prevents the censor from using this information to ban you.
To create accounts anonymously or pseudonymously, sign up for and use these accounts with either a VPN (which masks your IP address) and Brave browser (which prevents online fingerprinting) or Tor Browser (which masks your IP address and prevents online fingerprinting).
You can sign up for some private email accounts without handing over personal information and then use these accounts to sign up for other online services that don’t require personal information.
Use alternative platforms
If a topic is being censored by the tech giants, check out conversations about the topic on free speech friendly platforms such as Gab, Minds, Odysee, and Rumble. These alternative platforms allow a wider range of speech than Big Tech platforms and will often contain posts that have been removed by the tech giants.
Save copies of the data you need offline
If you’re relying on the internet to access essential information, consider saving offline copies so that the information is still available to you during internet disruptions or shutdowns.
Save offline copies of anything you need to your phone and then back them up periodically to another device such as a computer, hard drive, SD card, or USB drive – preferably encrypted.
Use end-to-end encrypted messenger Signal
Signal protects all of your calls and messages with end-to-end encryption which ensures that they can’t be surveilled by third parties. It also collects minimal user data and end-to-end encrypts most of the data that it collects.
After you’ve downloaded the app, you can use its in-app “Invite Your Friends” feature to invite your contacts to use Signal.
To maximize your privacy, stick to text and voice communication when possible. If you do use video chats, chat in a quiet place with a plain background so that you don’t inadvertently reveal your location or compromise the privacy of others.
Use the offline messenger Briar
Briar is a peer-to-peer encrypted messaging app that lets you keep in touch with your contacts on Android when you don’t have access to the internet.
After you’ve downloaded Briar, you can use its in-app “Add Contact at a Distance” feature to invite contacts to use Briar.
Prevent IP address tracking
Your internet service provider (ISP), the websites that you visit, and the apps that you use can use your IP address to track your approximate location and web activity.
You can limit this IP address tracking by masking your real IP address with a VPN or Orbot (which routes your device’s web traffic through the Tor network).
To mask your IP address with a VPN, download and open a VPN, connect to any of its servers, and start browsing.
To mask your IP address with Orbot, download and open it and toggle “VPN Mode” on. Always leave the region as “Global (Auto)” because choosing a specific region may compromise your anonymity.
Prevent online tracking with the Brave browser
The Brave browser protects some of your privacy when you browse the internet by blocking ads, cross-site trackers, cookies, and fingerprinting (profiling you based on your browser settings and device details). Simply download it and start browsing to enjoy these additional protections.
You’ll still need a VPN to hide your IP address though.
Use alternative payment methods
When you make purchases with your main credit or debit card, all of your purchases are tracked by the card provider and linked to your real identity. If you want to make your purchases more private, consider purchasing with cash, using pre-paid cards or gift cards that are purchased with cash, and using cryptocurrency (crypto) that’s purchased peer-to-peer or from a decentralized exchange.
Note that while these alternative payment methods have fewer ties to your real identity, they may track your payments in other ways (e.g. most cryptos use public blockchains and gift cards or pre-paid cards could have unique identifiers).
Dress for privacy
Your clothes, your face, and other identifying features (such as tattoos or unconventional hairstyles) can potentially compromise your privacy in areas where surveillance and/or facial recognition technology is being deployed or people are taking photos or videos that will be posted online.
To minimize these risks, wear plain, full length clothes in any areas where you’re likely to be monitored and consider wearing a hat, scarf, gloves, mask, glasses, or goggles to hide any identifying features.
Be mindful of what you share
The people, places, and other items (addresses, license plates, sign posts etc) in the photos or videos that you post online or share with others can potentially reveal your location, your associates, and other information that you’d prefer to stay private. Text updates have similar privacy risks if you’re not mindful of what you write.
To protect your privacy, review your posts and messages for potentially revealing information before posting or sending and remove or redact anything that could put the privacy of you or others at risk.
Dealing with phone confiscation or theft
If your phone is confiscated, consult with an attorney and review your legal options. You may have recourse to get it back and you may be able to remotely revoke access to the phone and its apps. You may also be able to remotely change the passkey to apps on your phone. However, make sure you get legal advice before taking any of these actions because you could be charged with destruction of evidence or obstruction of justice.
If your phone is stolen, you can protect it or find it by remotely tracking it, locking it, or wiping it.
Be aware that remote access protects your on-device data but requires you to give up some location data privacy by connecting to a third party Find My service that tracks your phone’s location.
To connect an Android phone to Google’s “Find My Device” service, open “Settings” > “Security” > “Find My Device” and toggle it on.
To connect an iPhone to Apple’s “Find My” service, open “Settings” > “Apple ID” > “Find My” and toggle it on.
To remotely track, lock, or wipe a device that’s connected to a Find My service, sign in to Apple or Google’s Find My website on another device. The device will be displayed on a map alongside options to lock or wipe it.
Find the original post here: