Ensuring that information is accessible to you whenever you need it and not accessible to anyone seeking to exploit it helps to keep us effective and safe.
Privacy is not a concept that can be universally applied. It is subjective and personal. People have differing needs and vulnerabilities. A piece of information about someone may seem utterly unimportant to you but may feel deeply personal and private to someone else.information about you and your work may be used to target and exploit other people, not just you.
In the search for appropriate tools for securing your information it is easy to overlook that the single greatest vulnerability we have is people. Either by accident or on purpose, people’s behaviour can lead to important information being obtained by those who shouldn’t have it.
There are organisations doing excellent work in this space but a conversation within the progressive sector in Australia about:
- how much information they gather and hold on members and supporters,
- how vulnerable it is or could be, and
- what practices we could encourage in volunteers and organisers to protect privacy,
is LONG overdue.
The good folk of Do gooder have suggested some overdue discussion in the Australian progressive movement about surveillance and responsibility.
“The hard work begins now. Start questioning the tools, platforms and processes your organisation uses. Discover and share alternatives.”
David Gravina – “Surveillance Capitalism” (2018)
The Obama campaign in 2012 has long been held up as the template organising model, but laid the groundwork for big data. They pioneered some of the work that has been since used for arguably illegal and dodgy activity.
Digital Privacy – First steps
Security Culture is simply a set of practices to minimise the risk of your organisation or group being listened to or derailed by negative influence. It is explained here in simple terms by the Ruckus Society in their Security Culture manual.
A secure browser that protects your privacy is a critical tool for staying safe online.
THIS SECURITY PLANNER – is an excellent toolkit that helps step you through various aspects of your online life
DEFEND OUR MOVEMENTS – digital self-defence knowledge base is an awesome, up to date and comprehensive resource
SURVEILLANCE SELF DEFENCE – excellent resource by the Electronic Frontier Federation
PRIVACY TOOLS – also gives a lot of helpful resources and explains the international five eyes and fourteen eyes agreements that allow countries to circumvent laws on spying on their own citizens. Yes, it is a real thing.
Rather than the adage “if you have nothing to hide, you have nothing to fear” … this writer refers to a more appropriate analogy. Simply, if you bother locking your doors at night, you should bother to use encryption. And these steps are recommended for everyone – data security is not just useful for activists. Digital security works in a herd immunity kind of way; as our habits evolve and improve, we become collectively more resistant to scams.
Digital Privacy Guides
- The Ultimate Guide to Securing Your Digital Life (2021)
- 5 Quick and Easy Ways to Encrypt Your Life Safely in Less than an Hour (2022)
Tips for Good Security Practice
- Use a password manager. They make life so much easier as well. Find the right password manager for you. Download our complete introduction below to learn about secure passwords, passphrases, passcodes and passkeys. They’re all different things!
- Set up Two Factor Authentication (2FA) to keep your online accounts safe. It is easy, learn how here.
- Have a (good) PIN on your devices, not 1234 or your birthday or pets name. If you insist on using biometric logins like a fingerprint or face ID, deactivate it before you go to any protest or action.
- Set your devices to update automatically – More than 90% of all software updates are security updates to address a vulnerability. If you can’t set your device to do it automatically, download and install them ASAP.
- Facebook – want to still use it but minimise risk? Check out our Facebook risk management guide.
- Use Signal or Wire instead of WhatsApp, Google chat, Facebook messenger…
- Use secure alternatives to Google or Microsoft, and don’t link your other emails to these services
- Skiff offers end-to-end encrypted email, calendar, documents, and files that give you the power to communicate freely
- ProtonMail is an increasingly popular encrypted email service or you can use other basic email services and lists such as rise up
- Sync and NordLocker are online encrypted cloud storage services that you can share folders and work in
- Vimeo is an alternative to youtube, or you can view youtube videos without signing in using a ‘repeater’, just type ‘nsfw’ before youtube in the address, eg https://nsfwyoutube.com/watch?v=BW8Aleq2Hn0
- Duck Duck Go is a privacy focused search engine that also allows you to use thousands of other search tools without being so easily tracked. It only takes a moment to make it your default search engine.
- Use a Virtual Private Network. It stops the government from being able to track your data as easily.
- Check out EFF’s guide to Choosing the VPN that’s right for you.
- Techradar recommends the best VPN service.
- Encrypt your device.
- On business and pro versions of Windows you can use bitlocker which is very easy.
- Veracrypt can be used on Windows home editions, though it is not super user friendly. A service like NordLocker can encrypt your files locally and back them up to the cloud.
- Apple has an option for this by default in their computers, phones and tablets, as do modern Android devices.
- Use the 3-2-1 data backup plan, a simple way to protect your data from physical damage or loss
- (3) make, keep and look after at least 3 copies of your information. You have your original, plus two extra copies of everything of value.
- (2) store that information on at least 2 different types of media, like an external USB hard drive and your computer, so you still have access to it if something breaks.
- (1) store at least 1 of the copies of that information somewhere else, not in the same physical location as the other two.
It’s easiest to use one of the several cloud data services that offer the option to do this and look after the encryption for you. Most of the others can store data you encrypt before uploading.
You may also wonder…
What is metadata? Basically, it is a data set that gives you information about other data. Simple right? Lots of agencies in Australia have applied for “warrantless metadata” access. That is, information about what sites you have visited, which can provide quite a detailed map about you. In 2022 reports came to light of this being abused. The true silliness is best explained by cartoon – thanks to First Dog on the Moon.
Are people spying on me through my phone and microphone? It can feel like it when ads seem creepily targeted, but advertisers don’t need to go to the trouble or expense of constantly listening to you to target you with frightening precision. They don’t need to record the conversation you had with your new partner about what they might like for their birthday to show you an ad for the perfect gift. They already know the birthday is coming up. They already know you went to the same restaurant or shop at the same time. They already know what you’ve been searching for online and what your partner has been searching for. They already know what you’ve bought recently, and what your partner has bought recently… have a look at the settings on your device and see what information you’re giving away.
It is technically possible for your phone to listen to you, but it depends how interesting you are to surveillance agencies, not advertisers! You also give away access to phone and microphone in lots of applications. Facebook has a patent for this technology as well. And also, creepily your dishwasher or fridge could also spy on you in future. AWESOME!
Download our complete introduction and links to digital privacy tools here
Want Even More Digital Privacy Resources?
- Our friends at Action Skills have put together an excellent resource for digital security which means we don’t have to!
- Digital Rights Watch also have great resources
- EFA also work on these issues in Australia
- Threat modelling for campaigners – Greenpeace & additional links