Computer Security For Activists & Everyone (Oct 2018)
Download as PPTX, PDFâą2 likesâą1,057 views
The document provides radical security tips for activists and the general public to navigate online surveillance and protect their personal information. It covers various aspects including threat modeling, current events impacting online security, and practical recommendations for securing phones, computers, and home networks. The text emphasizes the importance of privacy rights and the necessity of adopting safer online practices amidst increasing digital threats.
Computer Security For Activists & Everyone (Oct 2018)
- 1. Oh Shit! What Now? The Oh Shit! What now? Collective plans study groups, discussions, and workshops aimed at equipping folks with radical skills to share with others. For more information, visit our website: http://ohshitwhatnow.org/
- 2. đ·: Computer Board with Key Flickr / Blue Coat Photos, CC SA BY license
- 3. Computer Security For Everyone Basic online security tips for activists and everyday humans
- 4. Why Security Matters â The internet is not free -- you are the product â Marginalized people are targets online â You have a right to privacy â You have a right to be online safely â If everyone is secure, spies must work harder
- 5. đ·: They're watching us but are they watching you?
- 6. Threat Modeling When Conducting an Assessment, There are Five Main Questions you Should Ask Yourself: 1. What do you want to protect? 2. Who do you want to protect it from? 3. How likely is it that you will need to protect it? 4. How bad are the consequences if you fail? 5. How much trouble are you willing to go through in order to try to prevent those? See "Surveillance Self Defense" (ssd.eff.org) for more
- 7. Harm Reduction â We all live under mass surveillance but most of us aren't constantly under surveillance. â Most of us aren't going to give up phones, social media â We can take steps to be safer, and extra steps when necessary â I can't help you if you're Edward Snowden
- 8. Current Events: Facebook Hack â Facebook "single sign on" hijacked by unknown hackers â 50 million accounts were vulnerable â Single point of failure, huge target for hackers â Many problems from dependency on Facebook -- media, politics, privacy â Google also recently revealed to have a massive failure in Google+ network
- 9. Current Events: Feds Use Face Recog To Unlock Phone â In child porn case, Feds used "Face ID" to force suspect to unlock phone â Previous conflict over police use of touch/fingerprint ID â Regardless of court decisions, it's too easy for cops â Bottom Line: Don't use biometric conveniences
- 10. đ·: Meow meow purr.
- 11. Phones: Lock It Down â Most phones encrypted by default â Always lock / turn it off â Use a long, strong password (at least 7-8 characters) â Don't give up access if you can help it â Don't use biometric locks â Turn off voice assistants â Use a VPN
- 12. Use Signal & Other Secure Apps â Signal is Snowden Recommended â Alt: Wickr (OK) / Telegram (???) â Hide Signal messages on your lock screen â Verify that youâre talking to the right person â via phone â via text â In person â Archive and delete messages â Be careful who you let into your closed systems.
- 13. Phones: Stronger Steps â Turn off Bluetooth in "target rich" locations â Consider turning off WiFi or Cellular â Watch for Apple iOS WiFi in dock â Uninstall apps / Leave group chats as needed â Get a Faraday bag â Leave your phone at home â Get a burner / clamshell phone â Use Google Voice or BurnerApp.com for temp #s
- 14. Computers: Lock It Down 2 â MacOS: Use "FileVault" (Google It) â Windows: Turn on "Bitlocker" â Linux: Enabled during installation â Use a password â Turn it off or lock it â Keep computers up to date â Use a VPN â Don't give up access if you can help it
- 15. P@$$w0rd$ (Don't Use This) â Use a password vault (LastPass) and secure passwords â Use a passphrase when you must remember it â Use 2 Factor Wherever You Can â Save your 2FA Backup Codes â Your recovery email must be secure
- 16. đ·: Meow meow purr.
- 17. Being More Secure & Private Online â Use HTTPS Everywhere â Don't Sign Into Your Browser â Beware of scams & phishing â Use secure search like Duck, Duck, Go â Think about what you store in the cloud (& encrypt) â Don't use public Wi-Fi (without VPN & encryption) â Beware of untrusted USB devices & ports â Use a "USB Condom" for untrusted chargers
- 18. Computers: Further Steps â Wean yourself off Google â Use Protonmail â "GMX.com" another non-Google email option â Use Tor Browser as needed â Cover your webcam
- 19. Secure Your Home Network â Always change default password â Do not use ISP supplied equipment as your router if you can help it â Use ethernet (wired) connection whenever possible â Use WPA2 wireless encryption, never use WPA1 or WEP â Turn off WPS â Never, ever, leave your home wireless network unsecured! â Setting up device whitelisting for wireless devices can solve some of the vulnerabilities with wireless encryption standards â If your router supports it, set up a guest network
- 20. On Using a VPN â Free VPNs sell your shit â Not total anonymity, just 1 more layer â Protect your DNS as well (use Cloudflare DNS) â How you pay for VPN might matter â What to look for: â Foreign jurisdiction â No tracking / logs â Anonymous payment? â Easy to use app? â Support all your devices?
- 21. Some VPN Recommendations â NordVPN (nordvpn.com) â Mullvad (mullvad.net) â VyprVPN (www.goldenfrog.com/vyprvpn)
- 22. đ·: All Cats Are Beautiful
- 23. Basic Protest Tips â Phones can be tracked even when off â It only takes one loose link in the chain â Cover identifying marks â Use Burner phones, Leave it at home, or turn it off â Designated check-in time with friend â Do not consent to search of phone â Don't use fingerprint lock! â You are not required to provide your password to a police officer
- 24. Media Protest Tips â Don't help the cops, even indirectly â Blur faces â Ask permission â Don't film "criminal" acts â Backup data online â If you must stay online (media, copwatch, legal observer) get your own WiFi
- 25. Some final ideas â Don't panic, don't give up â Implement security a step at a time â Go low tech when you can â Rediscover old methods â Use social misdirection â Use multiple, disposable identities
- 26. Oh Shit! What Now? is Growing Resistance Class schedule, resources, and calendar at http://ohshitwhatnow.org Feedback, class ideas, or other suggestions? [email protected]
Editor's Notes
- #20: Whitelisting may be an advanced topic Guest network should be used for IoT and visitors
- #22: NordVPN - foreign jurisdiction, no tracking. Generally acknowledged as safe. https://nordvpn.com Billed monthly, 6 months, yearly. Ranges from $5.75/mo - $11.95/mo BlackVPN- foreign jurisdiction, no tracking. Generally acknowledged as safe. https://www.blackvpn.com About $10/month, billed in 1, 3, or 12 month increments. VPNarea - foreign jurisdiction, no tracking. Generally acknowledged as safe. cryptostorm - foreign jurisdiction, no tracking - can have anonymous payment method (good for activists). Generally acknowledged as safe. https://vpnarea.com/front/ $4.91/mo Mullvad- foreign jurisdiction, though could be requested by US govt for data (even though they say they don't track it), no tracking https://www.mullvad.net/ About $5/month (5 Euro/mo). vyprvpn - foreign jurisdiction (but local to austin company), does do some ip/timestamp tracking. Good for ease of use- has an app & can use on multiple devices. Great if you're just trying to combat general tracking & don't need airtight anonymity. https://www.goldenfrog.com/vyprvpn $5/mo if billed annually, otherwise $10/mo. Has two week free trial.