What are the basic steps you need to undertake to be more secure in the digital world?
The Tactical Technology Collective, an organisation dedicated to the use of information in activism, offers useful guides on secure alternatives for standard software for browsing, searching the web, writing emails and chatting. It has also compiled a great collection of tools and tactics for more digital security. “It is important that you understand how you are communicating and inform yourself on secure alternatives,” says Anne Roth, researcher for the Tactical Technology Collective.
Following the interview with Anne Roth in our previous post, here are her essential tips on how journalists can stay secure online and when they are using smartphones and tablets.
1. Always use a secure internet connection
This rule is especially important when you’re filling out forms on the web: https:// (not http://) should be displayed in your browser bar.
2. Make your browsing experience more secure
Use different pseudonyms and different browsers with different add-ons for different services. The add-ons recommended by the Tactical Technology Collective can be found in the ShadowTracers Kit. Always secure your WiFi router at home and in the office.
3. Know what you are downloading
Malware can be either contained in files which you download from the website or in browser scripts. So firstly check the files you are going to download with a virus scanner. Never open files directly in your browser. Better to first download the file, then check it with a virus scanner, then open it. Secondly, make sure you install the add-on NoScript for your Firefox browser. This add-on prevents scripts, which are important for the display of certain contents in your browser from transporting malware.
4. Adjust your browser settings
Go to “Settings” and tell your browser to save no cookies from third-party service providers.Cookies are small text files which are saved on your device and help identify you when you are visiting the same page again. Cookies can be helpful when you need to log in, so it’s not necessarily recommended to deactivate them completely. If you use the Firefox browser, you can adjust browser settings so that you are asked each time when a cookie is going to be installed. That significantly reduces the overall number of cookies.
5. Don’t let your search be tracked
6. Use special cloud services
There are many cloud services like Dropbox out there, but you can’t expect total security from them. Alternatively, you can host your own cloud with the software by OwnCloud. Always encrypt the data on your device before sending them into the cloud. However, that still means your metadata (file name, place and time of the upload) is visible.
7. Use complex passwords
Also, never use the same password for different services. You can resort to a password manager like KeePass for Windows or KeePassX for Mac.
8. Encrypt your hard drive
You can do it with standard software on your computer. That will help you secure your data should your device be lost or stolen. Don’t forget to regularly backup your data.
9. Secure your communication
It’s not a secret any more that Skype, Google, Facebook and other US companies are cooperating with the secret services. So think if you really need to use voice or video chat, especially in case of important conversations.
Use different email addresses for different purposes. It is recommended to use an email client like Thunderbird with an add-on Enigmail instead of a webmail. Here’s how you install it. If you do use webmail, make sure the data is being transferred per secure protocol SSL. Try to avoid using Facebook or Twitter messaging services, traditional email is still more secure.
10. Secure your mobile devices
Users should use a tablet or a laptop with open source – or free – software rather than a smartphone to secure your communication. To avoid tracking of any kind, UMTS, GPS and geolocation features should be deactivated.
Have a look at this introduction on secure use of smartphones and check the Guardian project which offers security apps for mobile devices.
11. Prevent interception of phone calls
There’re encrypted mobile phones out there with a respective price tag. There’re apps likeRedPhone, OStel or Jitsi which encrypt your phone calls. Internet telephony is also a good option, which allows you to avoid using phone lines and mobile phone networks.
12. Don’t let others locate your mobile phone
To avoid the identification of your mobile phone location, deactivate the GPS function. But you can avoid being located completely only if you deactivate the phone and take out the sim card -your phone automatically checks in at mobile towers to be able to make calls.