A 70-Day Web Security Action Plan for Artists and Activists Under Siege

  • Changing workflows is hard and takes practice. Go at your own pace and be easy on yourself.
  • COINTELPRO (and similar programs) didn’t just “happen”. It’s been happening and will ramp up.
  • Government and non-governmental bodies already have you on their radar: They know you disagree with some element of the status quo and that you’re a person under siege (black, POC, Muslim, queer, a person with physical or intellectual disabilities, a recent immigrant, indigenous, etc).
  • Many of your private communications are sitting on the email accounts and devices of your friends and family.
  • Surveillance capitalism is dangerous. We don’t know the implications of how tech companies extract value from their customers’ data. Most people don’t understand what corporations like Facebook and Google know about them, how the data is used/bought/traded/aggregated/sold/deployed, and if corporations have already handed over information to government groups. Lack of transparency + colonialism/capitalism + technological supremacy = STRANGER DANGER.


The first steps
  • Buy a Starbucks gift card with the cash.
  • Use the gift card to purchase 1 month to 1 year of VPN access on https://www.privateinternetaccess.com (or a comparable service of your choosing. Ask around or read online reviews. Make sure the service doesn’t keep logs of your activity). Keep in mind: It’s better to purchase VPN with a credit/debit card than to purchase none at all. Furthermore, this is just a small layer and it’s still possible to figure out which VPN service you’re using.
  • Download and start to use Tor as your primary browser. Be sure to follow the instructions and security warnings here: https://www.torproject.org/download/download-easy.html.en#warning
  • Since it’s impossible to follow all of the warnings and there are limitations to Tor, it’s a good idea to also use a VPN. If you don’t use a VPN, using Tor + Chrome/Firefox with the HTTPS Everywhere extension is a good start.
  • Download Signal on your phone and encourage all folks you communicate with privately to use it as well. Use it instead of iMessage, SMS, WhatsApp, Facebook Message, etc. You can also make calls. The desktop version can be used in lieu of Skype, Slack, etc.
  • Enable 2 Factor Authentication on all email, financial, etc services.
  • Do an info security audit — Begin to brainstorm how you use social media, email, mobile devices, and cloud storage. How do you use these services? Which communications need to be moved to secure channels? Are sensitive documents saved in the cloud? Can you quit Facebook, Twitter, Google, and Amazon altogether?
  • Choose strong and distinct passphrases. The Intercept has a handy guide here: https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/
  • @AllBetzAreOff recommends using non-cloud-based password manager to generate and secure your passwords. More info here: https://securityinabox.org/en/guide/keepassx/windows
  • It’s important to turn on software auto-updates so you’re protected from known software vulnerabilities. (Thanks to Dan Sullivan, Ph.D. for this advice! Check out his excellent comment for more information.)
  • Encrypt your mobile devices. iPhones are automatically encrypted but many use access codes that are inadequate. Reset your code to a long, random string of numbers (make sure you write this down while you’re committing it to memory). Android users can enable encryption in the Settings app.
  • Encrypt your computer using BitLocker (Windows) or FileVault (Mac).


  • If you have (or want) a website, database, or app, join an encrypted hosting service like MayFirst.
  • Purchase a physical safe (like the SentrySafe SFW123DSB) for your important documents, hard drives/USB keys, and artwork. You can split this cost with folks who live nearby. If your artwork is larger than a common household safe, and you’re interested in chatting, ping me. We need to brainstorm how to help artists under siege keep their art safe from destruction. Research the safe to make sure electronics won’t oxidize or buy Silica Gel Dehumidifier Desiccant packets/special sleeves.
  • Purchase a hard drive that can store your digital files. Encrypt it. In the future, consider purchasing multiple drives and keeping your most valuable information in multiple places. If you bought a safe, keep your hard drive there. You should also prepare for a time when Internet access or your information stored online is completely unavailable to you.
  • Audit your cloud storage. Where are you files stored? What kind of information is stored? Where’s the most sensitive information?
  • Begin to break your dependence on cloud storage (when possible): iPhoto, Google Photos, Google Drive, DropBox, etc. Structure your filesystems in ways that are easy to navigate without Google’s search capabilities.
  • See if you can minimize your use of Chrome/Firefox/Safari/etc by the end of the month. Dennis Cahillane ツ says:
  • If you’d like, choose an activist email provider you’ll use instead of Gmail (or a service like ProtonMail). You’ll also need to loop in your friends and family. Jamie McClelland, Co-Founder of MayFirst/PeopleLink says:


Known next steps and questions

  • How can organizers use PGP to avoid infiltration? (I have 9 Keybase invites. Ping me if you’d like one)
  • What tools do folks under siege need to build to get away from using Google, Twitter, Facebook, Amazon, and other services?
  • Should our banking habits change (credit cards, online banking, cryptocurrency, etc)?

Communities and organizations

Mr. Rogers once said that when he was a little boy and a national tragedy happened, his mom told him “Look for helpers. There are always helpers.” Within 6 hours of posting this, kind security experts contacted me and wanted to help you be safer on the web. Once you’ve secured your oxygen mask, I hope you’ll do the same for your family, friends, and collaborators. Here are communities you can join:





Middle school educator by day. Poet by night (and subway ride). @teacherc on Twitter.

Love podcasts or audiobooks? Learn on the go with our new app.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Candace Williams

Candace Williams

Middle school educator by day. Poet by night (and subway ride). @teacherc on Twitter.

More from Medium


Garrett Scott’s War with the White Man’s Union of Grimes County: The Conclusion

Fargo Brings Us Back For Another Season of Blood And Snow

Madam Speaker: A Behind-the-Scenes Look at the U.S. Speaker of the House