Messaging! VPN! Two-Factor Authentication! Online Privacy!
“What-the-what?” you say. Or perhaps you say “Yeah, yeah, my bytes are locked down.”
No matter if you’re an online security newbie or a privacy expert, regular security reviews can help keep you, your friends, your communities–and your doctors!–safer. Especially if you or someone you care about gets reproductive or gender care (or attends protests, or is thinking about attending a protest, or says the word “gay…”) especially in ban states or high-risk-of-bans states.
We don’t claim to be op-sec or info-sec authorities, but we know some people who are, so here are five strategies you can use to keep your private healthcare data private.
Make It Hard
- To Get Into Your Stuff
- To Read Your Text Messages
- To Figure Out Who You Are
- To Figure Out Where You Are
- To Collect and Sell Your Data
Making It Hard to Get Into Your Accounts
Step number one is doing what you can to make sure that you or people you trust a lot are the only ones who can get into your accounts.
On Your Phone
♥ Use a 5-digit PIN or a passcode, not a biometric like a fingerprint or face scan (or use both.)
♥ Never willingly give your phone to a law enforcement officer.
♥ If there’s a chance you’ll be arrested (big protest?) don’t bring your phone with you.
Why?
Law enforcement does not have access to your thoughts. They cannot compel you to unlock your phone using a passcode. The law is still evolving regarding whether or not your fingerprints or facial scans are constitutionally protected. Also, if they have your phone, they don’t necessarily need a warrant to find out what is on/in it. NOTE: check your state laws!
Further reading:
Can the Police Force You to Unlock Your Phone?
Warrant Served on US Suspect Forcing Him To Unlock Phone With Biometric Lock
Online
♥ Have Complex Passwords and Keep Them Protected
There are multiple tools and strategies to help keep your passwords safe:
- Use a password manager.
- A password manager remembers your passwords so you don’t have to. You just need to remember one password to the vault/manager.
- Use complex passwords or pass phrases.
- The longer the password and the more randomness it contains, the harder it is to crack.
- Pass phrases can be more secure than passwords. A pass phrase is a string of random words, often with numbers or punctuation interspersed.
- The longer the password and the more randomness it contains, the harder it is to crack.
- Don’t save your passwords in plaintext online.
- The “never write your passwords down!” rule might not actually apply. If you have one list, and one list only, it may be easier to keep it physically secure.
- If you do have The One List, make sure that list is secure.
- A text file can be subpoenaed.
- An encrypted file has more legal protections.
- Maybe what works for you is a pen and paper file in a safe space.
Further Reading:
Yes, You Need a Password Manager
Make it Hard to Read Your Messages
Say it ain’t so! Text is not secure.
SMS (short messaging service) and MMS (multimedia messaging service) are not encrypted. Your cellphone company can read your texts, and other people can intercept your texts and read them, too.
♥ If you’re talking about sensitive issues, use a secure messaging platform.
Signal is pretty darn cool. WhatsApp is another choice, but neither are 100% secure. For both, using predictive text may have some vulnerabilities that could expose your messages. WhatsApp had a big leak in 2022. Both of these tools use end-to-end encryption.
♥End-to-end encryption means that the data is encrypted on your device and stays encrypted until it reaches the recipient’s device. Your cell company can’t read it, the makers of the app can’t read it, your ISP can’t read it, and hackers can’t read it.
Bonus tools on good encrypted messaging apps include disappearing messages (poof!) and refusal to even look at unencrypted messages. Read those elsewhere!
♥Hot Tip: messages sent inside a secure platform like an electronic healthcare chart should be secure from outside eyes. But, they may be able to be subpoenaed.
♥Bonus Hot Tip: if your end of the conversation is secure but the other end isn’t, your conversation isn’t secure. Get your friends on board!
Further reading:
ProtonMail: What is data privacy and the Proton Mail blog.
Make It Hard to Figure Out Who You Are
Online information is incredibly interconnected, and there are a lot of tools which help people connect individual bits of data to other bits. If you are concerned about keeping your identity private, here are some tips for email, social media, and images:
♥Use secure email, such as protonmail for social accounts. Use a different alias for each service – it one gets hacked, you know which one it is.
♥Don’t use your real name as your handle.
♥Don’t use a photo of *you* for your icon.
♥Ask your friends to not post images of you.
♥Lock down your accounts: use a strong password, and turn on 2-factor authentication.
♥Don’t download that social app to your phone! If you do use the app rather than a browser window, turn off as many permissions as you can. Turn off as many permissions as you can for as many apps as you can.
♥When you do log in to those social accounts, do it in an incognito window.
♥Be careful about accepting friend requests. Do you know them? Do your friends know them?
♥Search yourself – find out how much information is out there about you. Once you know what is out there, you can start managing all that information.
Hot tip: If having an online presence that identifies you is potentially dangerous, consider a service such as DeleteMe to scrub your online data.
Further Reading:
How-to: Enable Two-factor Authentication
Protecting Yourself on Social Networks
Make It Hard To Figure Out Where You Are
We can think of several scenarios in which where you are/were physically can make you a target, or be used as evidence against you or the people you were with. How do you manage keeping that information more private?
♥Turn off location information on your phone. When combined with other methods, it gets harder to identify where you’ve been.
♥Block, block, block when an app or webpage asks to use your location. No thank you.
♥Use a VPN. What’s a VPN?
VPN stands for Virtual Private Network. These handy tools disguise where your data is coming from and make it harder to locate you by using your IP address (an IP address is like your street address for electronic data.)
Read up on what VPNs are, how they work, and how to pick one at Choosing The VPN That’s Right for You.
♥If you’re going to a protest (or other highly scrutinized event,) leave your phone at home. If you can’t leave your phone at home, turn off location services, or better yet, put your phone on airplane mode. If you need a phone at the event and need location services, consider getting a burner phone that does not share data with any other devices that you own or use.
Make It Hard To Collect And Sell Your Data
Most of us love a cookie. But the electronic ones can track you, identify you, and, when collected and stored, reveal very personal data to strangers.
♥Say no to all unessential cookies.
- In your browser settings, reject all those unessential cookies!
- When websites ask, turn off all unessential cookies, and save that preference!
- Clear your cookies regularly (yes, you’ll be using that password manager more!)
This is what QueerDoc’s cookie consent manager looks like:
Click on in to “Cookies” (it takes you to our cookie policy.)
On this page you can read about how we use cookies on our website, request that your information is never sold or shared, and opt-out of unessential cookies. We also include a quick explanation of how to delete cookies on your browser and what your personal data rights with us are.
Further reading:
What is Fingerprinting?
Digital fingerprinting is the process where a remote site or service gathers little bits of information about a user’s machine, and puts those pieces together to form a unique picture, or “fingerprint,” of the user’s device. The two main forms are browser fingerprinting, where this information is delivered through the browser when a user visits remote sites, and device fingerprinting, when the information is delivered through apps a user has installed on their device.
Electronic Frontier Foundation – Surveillance Self-Defense – What is Fingerprinting?
Putting It All Together
This a lot of information, and it can be overwhelming.
We’ve linked to the Electronic Frontier Foundation multiple times in this post. They’re experts, and have several resources for further reading. They also have handy guides to help you determine what your digital safety and privacy needs may be and how best you can implement the right tools to keep you safer.
Check out their:
The Proton blog is also a great place to read up on online privacy.
Stay Checked In With QueerDoc!