I posted briefly about this in another thread but I wanted to start a fresh thread.
A team of four direct action organizers spent the last many months researching and building a site dedicated to making digital security easier to get started with.
Our audience is: politically engaged folks who know they should probably do something around digital security but never make the time because it feels confusing or overwhelming.
We intentionally are opting for the checklist approach over the threat modeling approach because we’re trying to be a “getting started” resource - and aiming to educate people as they go.
Our threat model is:
US folks who are politically engaged and concerned about government repression because of their activism/organizing.
We specifically started with an eye toward people taking higher risk actions like arrestable direct actions. But the guide applies beyond that.
We relied heavily on privacy guide’s recommendations and forum discussions while choosing our recommendations.
Seeking feedback on:
the recommendations
Anything that’s missing that is a high priority that you think should be on there
Anything that could be done to make this easier to use and more accessible.
Since you all are already in the small set of folks who are interested in privacy, you’re not the target audience. (We’re doing user testing with those folks!) But I would appreciate constructive ideas since I know folks here have a lot of expertise.
Since one of the Freedom Defined requirements is that a free cultural work must not restrict any particular kind of use, even commercial use, the NC license is not considered a free culture license.
On the other hand, privacyguides.orgis freely licensed content, and I would encourage anyone using our content to familiarize themselves with our license, specifically Section 3(b) “ShareAlike”. If they aren’t able to abide by our content license then it wouldn’t be appropriate to copy our resources
Your contributions to adaptations of BY-SA 4.0 materials may only be licensed under:
BY-SA 4.0, or a later version of the BY-SA license.
Ported versions of the BY-SA license (if any), version 4.0 or later
A license designated as a “BY-SA Compatible License” as defined in BY-SA 4.0.
Free Art License: The Free Art license 1.3 was declared a “BY-SA–Compatible License” for version 4.0 on 21 October 2014. See the full analysis and comparison for more information.
GPLv3: The GNU General Public License version 3 was declared a “BY-SA–Compatible License” for version 4.0 on 8 October 2015. Note that compatibility with the GPLv3 is one-way only, which means you may license your contributions to adaptations of BY-SA 4.0 materials under GPLv3, but you may not license your contributions to adaptations of GPLv3 projects under BY-SA 4.0. Other special considerations apply. See the full analysis and comparison for more information.
Great ! Nice to see you here sharing the website and seeking feedback.
Did you consider recommending Mullvad Browser and Bitwarden ?
Disable GPS location tracking until home. (Airplane mode is not enough!)
Can you explain the reasoning ? I would recommend enabling airplane mode (APM) as often as possible, while shutting the phone off or not bringing it to a protest if the threat model is higher and if this is an option. Keep in mind that GPS is receive-only so depending on what apps you grant location actress and what OS you are using, this might be a non-issue, afaik
You may also remind people that there is a feature in Signal to blur parts of pictures, which is great.
Don’t you want to recommend a calendar ? PG recommends Tuta and Proton (but there may be good local options too). Keep in mind that Mailbox’s calendar and contacts are NOT encrypted -_- , while they are with Proton and Tuta. And a notes app ! Imagine if people are writing sensitive stuff in Evernote or apple notes without ADP…
While I am at it, you definitely want to recommend advanced data protection in iPhones
I would recommend using using cash for purchases. I would also mention SMSpool.net so people know to do if they are asked a phone number online.
Since you recommend Pixel phones, for high threat models, you definitely want to install GrapheneOS. It greatly enhances privacy and security. Against exploits used by the police for instance.
I love the checklist, great work !
PS: advise people against installing too much extensions in their browsers.
For an activist, you might be looking at state-backed malware being used against you. It’s pretty well accepted by security researchers that Chromium-based browsers are the most secure, so I would avoid telling them to use Firefox and recommend any mainstream chromium browser (Chrome, Edge, Brave), with the exception of Tor browser of course, and only in Safest mode. On iOS, all browsers are required to use WebKit so it’s best just to stick with Safari.
You can install the iPhone or Android Brave app as well.
I wouldn’t tell people to use Privacy Badger, or any Extensions for that matter. Adblockers are mainly useful if your threat model is adtech surveillance capitalism, for this threat model you want maximum security which means no browser extensions, they’re added attack surface.
Organic Maps (iPhone or Android) is a less user friendly than Apple Maps, but has much strong privacy. You can operate it entirely offline, which is especially helpful for activists. That said, it doesn’t have live traffic data or public transit routes, which makes it hard to use as your main option. We wish there a better everyday option for Android phones.
Apple and Google maps can actually be used offline as well. What makes Google maps bad is that by default they actually keep a location history tied to your Google account.
Use Signal for texts and calls, especially your activism and political conversations
Shouldn’t Briar be recommended for it’s support for communication between local wifi or better yet nearby Bluetooth range? This helps alot during activism, and if not for local network and/or Bluetooth then over the internet using Tor works which is cool.
There’s also SimpleX, since it’s Architecture is designed to be decentralized and have no user identifier (though it does reveal your IP so in most cases I would recommend a trusted VPN or better yet Tor and using SOCKS5 connection.
Free option: If you need a free option, Proton VPN is a good option. See our note below about concerns about the Proton CEO and why we still offer Proton options.
What Note? clicking on the link doesn’t work and
I swear if it’s because of the accidental political statement I will kneecap you too. (That’s right I’ve seen this before only to inform of them of the good apology Andy made.)
And there I thought just 2 recommendations are good but not enough since Proton wasn’t added. Until then.
Apple Maps is recommended here but not Google Maps and I would tell people to avoid Gmaps obviously. We don’t know how much we can trust them anymore. (Wrapped in a WebView and no account and less usage sure but other than that yeah)
Use a password manager with strong passwords
I’m surprised Bitwarden isn’t listed here.
Avoid using email for secure communications (but use Proton Mail if you need to)
More importantly, Why Is Tuta not recommended here? It used a better encryption than the standard PGP proton uses and it’s also quantum proof among other advantages.
I’ve been quite interested in taking a digital approach to positive direct action that perhaps isn’t as romantic and cathartic as physical protesting, but I believe can be every bit as effective and much safer for everyone in the modern police and surveillance state. I am heavily inspired by the Survival Programs started by Dr. Huey Newton to make sure kids weren’t going hungry.
Direct action can have many goals, to name a few I pulled from a Google search:
influence public opinion
draw attention to and share information about a perceived injustice
gain a wide audience for the cause
push public policy or legislation forward
learn more about an issue
connect with others who feel passionate about the issue
provide inspiration and a sense of being part of a larger movement
demand change
I am a US Iraq war veteran and as someone who actively engaged wartime conflict, from trading fire to peaceful detaining Iraq citizens. Deescalation is difficult when a lot of people and weapons are around and lives are on the line. My experiences in war has led me to realize that I don’t trust in states, and violence is never the answer ergo anarcho-pacificsm must be the only way we approach demand for change. Violence and death only deepens hatred and fear, which then serves as rationale for more security through higher authority of the state and less freedoms of individuals.
The black panthers also participated in a lot of physical protest, but this was before the internet, and I believe the best way forward is to meet anonymously online to coordinate care for people where the state lacks until the state is no longer essential to the people. Eventually if enough people believe they don’t need the state to support themselves and their loved ones, it ceases to exist. No unilateral overthrow, just peaceful winning of hearts and minds through feeding, educating, and provoding mental and medical health services as protest.
Over time these communities may even be able to build economies of their own through open movements, but all if this said, I would love to chat with you all to share these options of digital protest and start practicing these with the help of the PG community to trial systems like Peergos which would enable anonymity, web of trust, and usage of webapps like wikis to organize and share information on how to protest via positive action by using the platform and following a few other steps to ensure anonymity.
Recommending only using Signal sometimes risks leaking sensitive metadata and encourages a poor overall security posture. If you are serious about security, you should be conducting all communications, no matter how innocuous, via secure channels.
Use privacy-focused. browser for everyday browsing (instead of Chrome)
For an activist, Tor is the only sensible option to prevent tracking and be anonymous. As others have said, recommending Firefox is ill-advised. Using Brave with the V8 Optimiser disabled and chrome://flags#strict-origin-isolation would be a sensible recommendation. As would a properly configured Microsoft Edge with, among other things, Super Duper Secure Mode enabled.
Use Organic Maps or Apple Maps for navigation
While Google has recently started to make it harder for police to request location data, they have a terrible record on privacy and shouldn’t be trusted.
This is very misleading. Google is in the process of making it impossible for them to comply with geofence warrants by storing the Timeline encrypted on users’ devices.
Turn off location tracking for most apps
This is a fine recommendation, but it won’t get an activist very far since the state can simply obtain their location (with history) from their cellular carrier. You mention this in the protest checklist which is good.
Enable two-factor authentication
You should not recommend storing 2FA codes in the same password manager. While this can be acceptable for an average user, it is still far from best practice and is unacceptable for an activist.
100%, and highly dependant on whether the “activism” could be treated as “a US national threat”,if yes it would be different story, which is definitely out of my knowledge and experience.
Seeking opinion from NGOs is a very good advice.
Havent check the site yet, I have a feeling it would be a long read following a lenthy feedback.
Something that hasn’t been discussed here just occurred to me to ask if radio communications protocols via IoT devices can be done in a safe way as an alternative to the second/burner phone.
My feelings are this protocol is quite limited by the bandwidth to ensure perfectly secure communications but there is the really nice tradeoff of not having to have a second phone with all the temptations of doing bad security and privacy practices, also they are quite cheap and disposable.
That said, it’s heavily reliant on a lot of plain text protocols and requires the user to do a lot of your own privacy management manually.
In addition to other feedback expressed here, you should implement a section for disposable burner phone recommendations. Most of the digital security advice here could be easily implemented on someone’s main device…which is not exactly good opsec for protests.
Any budget-oriented Pixel or iPhone should work (i.e. Pixel 8A or the iPhone SE). In the future, consider implementing the upcoming iPhone 16e or a Pixel 9A w/Graphene OS once they release.
Edit: I strongly advise GOS for any direct action-related purposes. However, I am familiar with a lot of real-world activists and they may not be willing to migrate over to Android
Ah, to be an Activist who doesn’t get caught by a Chekist? I like the name
I think the guide is quite solid already. Once you’ve finished the initial guide, maybe it would be nice to also add some recommendations and comments for the more repressive legal situation in other (non-US) countries, where for example it might not be legally possible to buy a burner phone or you can be imprisoned if you don’t give out your password or biometrics.
And that is fascinating! I didn’t know about that technicality in the Creative Commons ecosystem! Makes sense, though! We picked our license a little more quickly than I would’ve liked. So I appreciate the invitation to do it more thoughtfully. I’ll check with our team before making a change, but our values definitely align with the Share Alike clause, so I imagine we’ll make that change.
@jonah - I’ll DM you with some follow up technicality questions.