Data Privacy for Activists

This past weekend, one of our great engineers, Greg Stromire hosted a workshop entitled“Data Privacy for Activists” here in Portland.  The twenty-five very curious audience members dug into topics like: password practices; easy VPN use; encrypted email; protecting your mobile device.  

With how relevant this workshop was in the current environment, we thought we would post the top take-aways that Greg presented so everyone could benefit from his presentation.

Here are some tips to protect your privacy while supporting your causes:

Logging In

  • Strong, unique passwords on everything (and don’t share)
    Passwords are an unfortunate necessity, so at least make them as strong as possible
  • Never provide passwords over email
    Big red flag for a phishing attack — phishing emails are common because they work.
  • 2-Factor auth goes a long way
    Check out twofactorauth.org for adding another highly-recommended layer of protection.
  • So does a password manager
    Great way to keep track of all your accounts, plus most have handy password generators.

Communicating

  • Use encrypted email — check out @EricMann’s Encrypted Email Guide
    End-to-end encryption protects the content while subject and metadata are in the clear. Still worth it!
  • Use encrypted Messaging and Voice
    Signal is pretty solid for messaging. The voice features are useful too, even if lacking in quality.
  • Remember to verify keys!
    Out-of-band (using a different communication channel) to ensure you’ve got the right person.

Devices

  • Always lock and know where your devices are.
    Think twice about asking that stranger in the coffee shop to watch your stuff.
  • Encrypt your devices -- @EricMann helps you protect your hard drive and your mobile device.
    This protects your data when your device is locked or off (mostly).
  • Encrypt sensitive files and folders — VeraCrypt is a good option.
    Default settings are usually good enough. Bonus: VeraCrypt can create a Hidden Volume.

Online

  • Get a VPN, but know its limits and privacy policies — also see VPN options from @EricMann
    Consider a VPN as mandatory for browsing on an open Wifi. Providers can vary widely so do your own research.
  •  Use anonymous browsing — Tor is available, but it has limitations as well.
    Relies on a networking effect. So the more users utilizing it, the more anonymous it is.
  • Get privacy-protecting browser extensions — HTTPS Everywhere, Privacy Badger, uBlock Origin
    These are great for safeguarding your everyday browsing.
  • Mind your metadata and “Cloud” accounts
    Time, date, location, etc. can still be tracked even when content is encrypted. And make sure your accounts aren’t syncing things they shouldn’t be.

Greg also provided top tips while taking direct action (i.e. marching, petitioning, etc.).  Check out the list HERE

If you’d like to see Greg’s entire presentation, his slides are below:

 

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.”
 — Edward Snowden