Syllabus 4

Keeping your digital information safe protects you, defends your comrades, and helps keep your action plans on a need-to-know basis. Movements for change are often surveilled and having a strong digital defense is how you invoke your Fourth Amendment rights when it comes to your data.

You need two things to keep your information safe from prying eyes: security and privacy. Google is secure. They have thousands of IT professionals making sure that no one breaks into Google servers. But Google is not private. They can read, share, and capitalize on all the emails, documents and searches you have used Google for. Your home-brew server may seem private - after all its in your basement! - but it is very difficult to keep hackers out of a server. To make sure only those on a need-to-know basis have access to your information, you need both secure and private devices and apps to store and share your information. Services like Signal and Proton that offer end-to-end encryption guarantee your privacy by encrypting your information with a digital key that you control.

But a group's data is only as safe as its weakest link, so we need to pair choices of where to keep your information with good digital hygiene by all. Good digital hygiene includes simple things like using strong passwords, two-factor ID, making good decisions about whether to digitize information at all and consistent operational security practices for everyone joining your group. All the best tech will be undercut if hygiene is lax.

Download and start using Signal as your first-line means of communicating with you comrades, friends and family. Signal provides robust end-to-end encryption for instant messages as well as voice and video calls for dozens of people at a time, bringing privacy to all your conversations.

Next, make sure you are using strong (long and random) passwords and passcodes to protect your devices and accounts. If your password is "password" or appears in a password data breach, then your data is as good as public. Here are two mini-zines on how to help:

• https://beav.es/protect-data-handout-passwords

• https://beav.es/protect-data-handout-cell-phones

Digital security is a mindset. Which steps you decide to implement depend on your risk profile and the tradeoffs you’re willing to make. This resource can help you step back and see the big picture.

• https://ssd.eff.org/module/seven-steps-digital-security

Every protective step is a tradeoff: you could lock down your security by going off the grid, ceasing to talk to anyone, and throwing your phone in the ocean. But the reality is that collaboration is necessary for organizing, and you need usability in addition to security. Finding that balance - and figuring out what you want to protect and from whom - is called threat modeling. Here’s a guide to assessing your risks and help you decide what privacy-enhancing actions to take.

• https://ssd.eff.org/module/your-security-plan

When you access the internet, whether through a browser on a computer or an app on your phone, everything you do leaves traces of your online activities with many third parties: the websites you are visiting and your internet service provider (whether through WiFi or a cellphone data connection). The information held by these third parties can be subpoenaed and third parties can (and do) sell your data to law enforcement. You can protect your online activities through the following practices:

• Stop using Google Search, opt for a privacy-minded browser like Firefox, DuckDuckGo, or Brave. Install a tracker blocker.

• Don't browse the internet while logged into social media and Google accounts - use a separate browser for these activities.

• Use a VPN to protect your browsing behavior from your internet service provider and your location from the websites your visit. Learn what VPNs do (and don’t do) and how to choose one:

  • https://ssd.eff.org/module/choosing-vpn-thats-right-you

• For extra protection, access the internet through the Tor Browser. Some websites block the Tor Browser, so you may not be able to use it all the time, but it is good to turn to when you want extra stealth.

Hopefully you are already using Signal instead of SMS texting. And hopefully you are using Signal for communications that don't need long-term archiving, with disappearing messages enabled. Minimize your use of email, which tends to stick around for a long time.

Use Signal for all 1-on-1 messaging, voice and video as well as small-group (up to a dozen or more) conversations, voice, video and screen-sharing. Learn how to make the most of Signal's security features here:

• https://activistchecklist.org/signal/

Only use less private solutions (like Zoom) when needed or for public-facing meetings. You should treat large online group calls and webinars as public spaces. You never know who is lurking. If you do need to use Zoom, be sure to enable the end-to-end encryption option. Instructions on this are available here:

• https://support.zoom.com/hc/en/article?id=zm_kb&sysparm_article=KB0065408

If your data connection is poor, and Signal won't work, consider making a phone call rather than sending a text message. Phone calls don't leave the same content-rich data traces that text messages do. Have a back-up means of communicating with comrades so outages don't ruin your plans.

Stop using Google for everything! If you are a Google mail, calendar, docs, search user, then Google is a 1-stop shop for all your behavior and history and the company has a history of responding to data requests liberally. This tech postcard has options for everything that Google provides and all but the very-large-call capability that Zoom has:

• https://beav.es/private-technology-postcard

Proton, which has many of the features of Google, provides a hand guide on how to export your Google email, calendar and files out of Google and into Proton for an easy switch:

• https://proton.me/blog/how-to-de-google

You might have good reason to lighten your footprint on the social internet or make it harder to link work or personal to activist accounts. EFF has a guide to privacy considerations on social media.

• https://ssd.eff.org/module/protecting-yourself-social-networks

Unfortunately, in some lines of activism (particularly pro-Palestine protest), doxxing can be a risk. These anti-doxxing guides are useful to anyone wanting to opt out of data broker websites, harden your digital presence against online harassment, and assess which information is already out there.

• https://freedom.press/digisec/guides/preparing-for-online-harassment/

• Equality Labs Anti-Doxxing Guide

At the very least, we recommend use an automatic personal data scrubbing service such as DeleteMe or Mozilla Monitor. These services charge. Alternatively, one can manage this manually following these instructions:

• https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List

Community surveillance self-defense keeps us all safe. Are you a part of organizing group chats? Bringing your phone to a protest? Here’s a simple checklist to go through before you hit the streets:

• https://activistchecklist.org/protest/

Checklists covering the digital security dimensions of non-violent direct action, from safely scouting sites to setting up a burner phone:

• https://activistchecklist.org/organizing/

Rights to privacy are weaker at borders, but that doesn't mean you need to (completely) sacrifice your digital privacy. For guidance on protecting your data as you travel into the United States, see this guide:

• https://beav.es/digital-privacy-US-travel

Mapping applications maintain a lot of information about where you live, work and otherwise spend time. For maximum privacy, use a mapping app that stores maps locally on your phone, such as Organic Maps. For how to use Organic Maps see:

• https://activistchecklist.org/research/

Do you want to learn more?

• Defend Dissent: Digital Suppression and Cryptographic Defense of Social Movements is an introductory and free textbook that you can explore by topic. También disponible en Español.

• Explore Activist Checklist for more recommendations.