Things to Know About Web Security Before Trump’s Inauguration: A Harm Reductionist Guide
EDITS: wow, this got way more attention than I ever anticipated. There are definitely steps ad guides to take you even further — figuring out what to do with data, encrypting your email w PGP, etc. but this is for my friends who I love so much and are overwhelmed/new to all of this. The most important thing to keep in mind is that NOTHING IS SECURE — your task is remember that and do everything within your power to make things hard for people to see your private information.
Starting in January 2017, the person who was endorsed by the KKK, is a enthusiastic racist and misogynist, emboldened white fascist every- listen, you know the rest. Let’s not talk about it. Anyway, Trump is about to have jurisdiction over the CIA, the FBI, the IRS, the NSA, and also drones.
While this changes little for many people who are already doing this organizing work and know how to use these tools*, this is a *harm reduction* guide and checklist for people who are freaked.
People on Twitter keep saying that this is going to lead to a resurgence of an anti-fascist popular movement. I’m skeptical, and I’ll take it — but if that’s the case it also means more people need to take more precautions, not just to protect ourselves, but each other.
Emails — ha ha ha, just think of all the wacky jokes about this one, huh. Gmail IS secure — it’s just whether or not you trust the admins to not share your info. That is a whole nother story of law and security that you should look up. Getting a RiseUp account might seem like a plan but consider that every email you send might as well set your address as email@example.com
Passwords — Let’s be honest with ourselves, sometimes this stuff seems cool — I’m Rami Malek ooh I encrypted an email, Signal’s got a weird little chime. No judgement.
All of that is for NOTHING if you don’t have a secure/unique password for your accounts. Here’s a random password generator: http://passwordsgenerator.net/ Memorize it. Same with 2-step verification which is super easy to use: https://www.turnon2fa.com/ Also update your your ad blockers, your anti-virus software — this stuff matters as much as the other stuff, if not more!
Smart Phones — keep your phone with you at all times in public, OR if you’re going somewhere you do not want to be tracked, leave it at home!! Use a passcode to unlock rather than a pattern or fingerprint. Turn your geolocation off. Don’t store things on your phone, transfer somewhere safer asap (more on that later). Make sure bluetooth and wifi are off unless you are using them.
VPNs — A VPN is a tunnel between your computer and a VPN server. Set one up for your phone and your computer. here’s a good overview: http://lifehacker.com/5940565/why-you-should-start-using-a-vpn-and-how-to-choose-the-best-one-for-your-needs
A list of other free and open source more secure tools: https://securityinabox.org/en/glossary#FOSS
Low information diet — Law enforcement monitors activists and organizers. They also monitors people of color, particularly Muslim people, regardless of their politics. The less law enforcement knows the better, and frankly there is no 100% secure safe way of communicating. In your organizing, think: “does this person really need to know this information?” “can I really only share this with this person online?’ ‘how can I double bag the security of the information I’m sharing?’ This applies not only to obviously confidential information, but also things like names, places you spend time, bad jokes, etc.
Social Engineering — No one wants more paranoia and distrust in organizing spaces, EL OH EL. But also, what we think of when we think of “hacking” tends to be “social engineering”, people aren’t typing frantically Rami Malek style, they’re hanging around the people and spaces they want access to, building their trust, guessing their backup security questions, and making friends. Don’t keep your computer in your unlocked car. You know who has a lot of resources for that kind of work?
Bug Your Friends — You downloaded Tor, got a VPN, only message on Signal, encrypt your email and send the key to your friend via messenger pigeon. They open your email on Starbucks wifi, copy and paste the contents to their Yahoo mail drafts folder, then post the info to a FB thread. If you’re going to do it, annoy your friends about it too.
Other Resources: I’m a n00b around most of this shit. These are some of the most thorough guides I know of:
Using P Much Everything More Securely https://securityinabox.org/en/guide/mobile-phones this one is the best one.
So You’ve Been Doxxed — Bc white fascists are going to be emboldened. https://crashoverridenetwork.tumblr.com/post/114270394687/so-youve-been-doxed-a-guide-to-best-practices
Ruckus Security Culture for Activists — http://ruckus.org/downloads/RuckusSecurityCultureForActivists.pdf
EFF — Lots of this information changes regularly, and the most thoughtful powerful protectors are: https://www.eff.org/
They also produce Privacy Badger and HTTPs Everywhere, which makes your web browsing more secure https://www.eff.org/https-everywhere chrome-extension://pkehgijcmpdhfbdbbnkijodmdjhbjlgp/skin/firstRun.html#slideshow
If you think you’ve been hacked — https://securityinabox.org/en/guide/secure-communication#500
Again: nothing is 100% secure. Just don’t make it easy.
That’s it. Remember that time he said “cyber” over and over again? Yeah, that’s it that’s the only joke I got. Be safe.
** If you are like well actually about any of this info get in touch with me and I’ll change it.