Surveillance is out there and may be (probably is) increasing. While completely locking down your data is probably impossible, practicing smart operational security (op-sec) can do a lot to protect your identity and your data online and in-person.
Here are tips to keep yourself and your data safer in an era of increasing privacy threats:
Op-Sec Disclaimers:
- Disclaimer: we aren’t experts in op sec; no digital communication is fully secure
- Legality: we aren’t attorneys. We can’t give legal advice, and no other healthcare providers can, either. You are responsible for understanding the risks to you in your location.
How People Most Commonly Get Caught
- From community knowledge in activist circles, the ways people are most commonly “caught” or informed upon is by friends and family.
- If you’re not completely sure that the person you’re talking to is down with whatever it is you’re talking about or doing, be very careful.
- Test the waters with safer subjects until you know more.
- Don’t share details that aren’t necessary.
- Don’t share details where they can be easily captured, recorded, or tracked back to you.
The Basics of Op-Sec
- Don’t divulge anything you don’t have to.
- Don’t talk to cops.
- What To Do When Encountering Questions From Law Enforcement (ACLU)
- 10 Rules For Dealing with Police (video from Flex Your Rights)
- Don’t post about it online.
- Untie your name and location from your online presence.
- You may have to give up history and create new accounts.
- If you have accounts using your name, make them private.
- Don’t use a recognizable image of your face for your profile icon.
- If you’re not on a secure and trusted network, use a VPN.
- Turn off location services for images, videos, browsers, apps, and posts.
- Regularly clear your cookies and search history.
- Going to a protest? Don’t take your phone. At the very least, turn off facial and fingerprint recognition.
- Practice strong passwords.
- Make them long, random, and unique to each account.
- Consider using passphrases.
- Use a password manager so you don’t have to remember them all!
- Use multi-factoral logins. Turn on that two-factor authentication (2FA)!
- Store important documents and data offline in an encrypted hard drive.
- Cloud storage isn’t secure!
Op-Sec For Email, Texting, and Video Conferencing Apps
What you’re looking for:
- encryption when information comes in and goes out.
- data encrypted in storage
- platform policies that minimize cookies, the information that is stored on you, and how the company plans to react to requests for your data.
Good Op-Sec Options:
For email:
ProtonMail
Free accounts available!
File storage, a password manager, and a VPN are available in the free ProtonMail account.
For texting and phone calls:
Signal
Encrypted, can hide your phone number.
Can set messages to disappearing.
For video conferencing:
Jitsi
Open source, free, and secure video conferencing platform.
Why Not Google?
Most of us have at least one Google account (Gmail, Google Drive, etc.) If you have an Android phone, you almost certainly do.
Google isn’t the worst option—it does encrypt files in transit and in storage. It also sets files to private by default (you have to turn on file-sharing,) and provides two-factor authentication.
But, Google is cloud-based, and if that cloud is breached, all of your information is at risk. Google also is in control of the encryption and your files, not you. Storing data on hard drives is a more secure option. Google is also in the United States, so data is subject to subpoena. Read more from Proton on Google’s security.
What About Socials?
When Uploading To Socials:
- Turn off location and identity meta-data on images and videos and in your browser and your apps.
- Remove meta-data from images.
- Option: you can send images through Signal, which will strip the metadata from the image. Then download these images from Signal and post the stripped one.
- Be geo-location smart.
- Don’t post pictures of your house or other identifiable locations where you spend time regularly to strangers. (Hint: no street signs!)
- If you’re posting about being in a location, do it after you’ve left.
- Only post about going to a protest or participating in a direct action if you want that information to be public knowledge and trackable (and potentially used to identify you.)
- Use a VPN. What’s a VPN?
- Check out CounterSocial for a social networking platform that values privacy and information security.
Further Reading, Resources, and Helpful Tools
More information on keeping your information safe and secure.
- Digital Defense Fund
- Electronic Frontier Foundation
- Safety, Security, and Digital Preparedness for a Second Trump Administration
- Proton Privacy Guides
- Movement Technology post-US Election: report back
- National Lawyers Guild Know Your Rights
Prior Articles By Us
- 6/5 Five Ways To Protect Your Privacy Online
- Protecting Your Health Information Records: Recommendations for QueerDoc Patients and Beyond
- Protecting Your Identity: The Critical Importance of Legal Transition Amid Current Political Challenges – Fall 2024
- February 2024: What’s a Shield State, and How Do I Get One?
- Washington State is Safe(r) With Shield Laws
Stay Checked-In With Us
(Get news via email every month or so!)