Also available as a PDF |
-
1. Understand Risk Assessment
- The first step in trying to defend yourself against digital surveillance and censorship is to understand the concept of risk assessment. Risk assessment is the process of deciding what threats you face, how likely and serious they are, and how to prioritize the steps you can take to protect yourself. EFF’s section on risk assessment in Surveillance Self-Defense can help you with this assessment.1
-
2. Beware of Malware
Malware is a catch-all term for computer viruses, worms, trojan horses, keystroke loggers, spyware, rootkits and any other kind of software that makes a computer spy on you or act against your interests.
If a government is able to install malware on the computer you are using, then it doesn’t matter what other steps you take: your files and communications will be subject to surveillance.
If you have your own computer, you need to be sure to install security updates and run anti-virus or rootkit scanning software. You also need to understand that these measures only offer limited protection. For one guide to anti-virus and firewall software, see the Tactical Technology Collective’s “Security in a Box” guide.
It is important to note that if you are using a shared computer, such as a computer at an Internet cafe or a library, the risk of surveillance by malware may be greater. If you need to use a public computer for sensitive communications, you should use a bootable USB device or CD (such as Incognito) to mitigate the risks posed by malware.
You can use a bootable USB or CD for the most sensitive things you do with your own computer, too.
-
3. Choose the Least-Risky Communications Channels
You should be careful in choosing the channels through which you communicate with other individuals and activists.
- Talking in person is usually the safest way to speak (unless others are watching you, or your location is bugged).
- Understand the risk associated with phone calls. Most governments are able to record who calls whom, and when, all of the time. Currently, most governments outside the US/EU have a more limited, albeit unknown ability to record and listen to the phone calls themselves. For instance, it is believed that they will be able to tap phones, but only a limited number (perhaps a few thousand) at any given moment. You should always assume that a call to or from a phone belonging to an activist, or regularly used for activism, may be bugged.
- Avoid SMS text messages. These pass unencrypted through major telecommunication providers and are easy for a government to harvest and analyze on a massive scale.
- Protect Internet communications by using encryption2 and by choosing (preferably offshore) service providers that are trustworthy and unlikely to cooperate with your government.
Here are two channels which are easy to use and which offer some protection:
- Use the OTR instant messaging plugin. This is easy if you and the people you communicate with can install the Pidgin or Adium X instant messaging programs on your computers. Details on how to do this are available here. Disable logging to ensure that if your computer is seized, your communications aren’t on it.
- Use a webmail provider that supports https encryption. Services like RiseUp.net3 Make sure every that time you send or receive an email, the pages uses https — otherwise, your messages could be intercepted. place a premium on their users’ privacy. Gmail now supports encryption by default, but consider whether you can trust Google not to hand your communications to your government.
There are many other ways to arrange for secure communications, although many require more technical expertise. See SSD for further detail with respect to securing email.
- Encrypted Voice-over-IP is possible, but many VoIP services do not support it. Two exceptions are ZPhone and Skype. Unencrypted VOIP is very easy to tap, including most telephone cabinets at Internet cafes.
The level of security afforded by the popular commercial VoIP service Skype is unknown. We believe that countries with sophisticated intelligence services will find ways to defeat Skype’s security, while less sophisticated intelligence services may be confounded by it.
China is known to have produced its own trojan-infected version of Skype. It is also known that there are weaknesses in Skype’s security architecture.4 You should assume that the intelligence services of countries like the U.S., Israel, Russia, or Cuba could defeat Skype’s encryption. But as far as is known, most less developed countries are unlikely to be able to decrypt Skype’s communications in the near future.
Be the first to comment on "6 Ideas For Those Needing Defensive Technology to Protect Free Speech from Authoritarian Regimes and 4 Ways the Rest of Us Can Help"