how to communicate privately and securely
With more internet platforms and mobile apps collecting information on our every move and thought, privacy is becoming harder and harder to achieve. Our strong belief is that privacy is a human right, not a luxury.
Wickr properly encrypts your communications — only you have the keys and a new key is generated for each new message. For additional layers of security, our users are anonymous to us, we have no knowledge of who they communicate with and how often, metadata is cleared from all attachments including photos. All deleted files on users’ phones or computer are shredded by Wickr so they cannot be recovered. No other app does this and makes it so simple that anyone can use it.
No security is 100% perfect, but using Wickr with these privacy and security tips puts you ahead of most.
- Only send secrets to people you trust
- If possible, talk in code
- Share an unimportant secret or video conversation the first time messaging a new contact to verify identity
- For any personal communication — whether text or intimate photos and videos — use Wickr or apps that you trust cannot see or keep your data. Set the destruction time to minimal.
- Think twice about including your face in intimate photos you might want to send. You can use Wickr’s photo editing tools and stickers to protect your face or identifiable features like tattoos for safer sexting.
- When posting or consuming information on social media, assume that the information about you will stay online forever and will not belong to you.
- Try to avoid posting personal information about yourself whenever possible. Knowing your full name, birth date and your birth location can be enough to steal your identity or “social-engineer” you. Most websites don’t need your data and have no right to ask you for it.
- If you absolutely have to provide a website or an app with your personal information, give them a fake birth date, middle name, or birthplace. Create a misinformation campaign to throw off anyone collecting information on you.
- When not in use, turn off geo-location on your phone and on all social media platforms. Tagging your exact location in your Facebook or Instagram posts makes it easy for hackers, data collectors and stalkers to build a profile of your migration patterns and know your home address.
- If possible, do not accept online invitations to events or post information about your travels in real time.
Connecting to the Internet
- If you can avoid it, do not use public Wi-Fi. Use MiFi instead (a wireless router that acts as a mobile hotspot).
- When using public Wi-Fi always use VPN* (you can run Hotspot Shield or F-Secure Freedome VPN) and a proxy** like TOR Network. You can learn more about how TOR can help you anonymously surf the Web here:
* VPN services provide access to private networks which are secure but the anonymity depends on whether the VPN provider logs information that may or may not be able to be traced back to you.
**Proxies help to conceal your computer and allow you access to content that is not available outside of your IP address’ geographical location.
- Set a pin or passcode on your phone
- Cover front-facing cameras on phones, tablets, computers and TVs with masking tape. This will prevent you from being watched by hackers who can remotely turn on your camera.
- Plug headphone jacks on phones, tablets, computers and TVs to block them, when not in use. This will help to ensure that even if your phone or computer is hacked, your mic cannot be used to listen to you remotely.*
*Until recently headphone jacks could be used on both iOS and Android to block the mic. As of today, it only works on Android (We will continue our testing and will update our tips on this matter).
- Set the Wickr default self-destruct time to 1 minute for all your messages. This will help you take control over your conversations and data by deciding how long it should live on yours and the recipient’s devices.
- Set the Wickr auto lock feature to 1 minute so no one can open your Wickr app without knowing your password.
- Turn the Wickr shredder on so it runs in the background. Set the shredder’s level to “high” to prevent all deleted files from being recovered.
- Avoid public USB chargers as they can be used to access all information on your phone.
- Keep your phone with you at all times. A hardware level bug can be put on it. Do not trust a hotel safe, watch closely at airport security.
- Reset to factory settings on your phone often (memorize your lock down steps beforehand).
- Do not back up your phone to a computer or cloud (unless you are sure they are not compromised).
- If possible, change your phone often — use a prepaid phone bought on your travels
- If possible, buy a prepaid SIM card on GSM phones
- Do not run untrusted apps on your phone (you can use Lookout to detect any apps that have malware or exploit your trust).
- Check out the apps you are looking to download and their privacy rating at eff.org (“Who Has Your Back” Report).
- Unless absolutely necessary, refrain from giving an app permission to know your location, access your photos, contacts, mic, etc. If you need to use the apps that require various permissions, turn their access off when not in use.
Tips to Avoid Tracking When Not In Use
- Turn off Wi-Fi and Bluetooth. It is possible to exploit these features to access your device and obtain information about you like the list of Wi-Fi networks you ever connected to.
- To prevent mobile carriers or Google from tracking your every move, put your phone in airplane mode or take out the battery and place the phone in a faraday cage. Note that a faraday cage can block radio waves (GPS, Wi-Fi, Bluetooth, GPS), but cannot block human-generated sound like your voice.
- Keep your RFID credit cards, keys and IDs at home or in a special faraday wallet/bag. It will block the radio waves transmitted by the frequency identification chips built into objects like your metro card or driver’s license.
We are always updating these tips. Please let us know via Wickr at escapethenet or via email at email@example.com if you have any to add.