One-Sentence Security Tips: Remember These Sentences to Optimize Your Security Simply
We have a "shield" section in list-5 and a "technical defense" section in list-3 , the former for the sensitive and the latter for the general public. As well as several security-themed series, such as "Total Security", "Becoming Untraceable", "Protecting Yourself in a Hostile Environment", "Perfect Stealth" and more. These are all designed to help you build a defensive mindset. A good defense is the right defense, it won't be the hardest and shouldn't be the most expensive, it's the one that best suits your specific situation.
There are indeed some basic defensive steps that are used by almost everyone and should be implemented. This article will provide a brief summary of this, in the simplest possible sentences to describe your security habits worth considering.
Anonymize your online footprint
Whether you're attending a protest in person or working in a digital space (or both), it's important to hide your browsing habits, metadata, and search history . This data can be used as evidence right away, or even reveal the identities of you and your companions months or years later .
Even without a court order or direct government surveillance, your data history can be bought from a comprehensive service—both legal and illegal.
On the Internet, you can be tracked all the time . You are tracked wherever you go, whether it's your ISP, advertisers, cookies, or the website itself. This will be your IP address, roughly where in the world you are, where you have been on the internet, and generally what social media accounts you hold.
Even just the browser you use can tell someone who you are, according to what's known as browser fingerprinting . With a limited combination of hardware and software, you may have a unique "fingerprint" simply because a particular combination of your PC's settings is rare .
Personal privacy on the Internet has always been eroded from advertising and commerce, weak government protections, hacked databases, and products and services that leak your information (either through the deliberate sale of information or “accidental” leaks). However, the Internet has never really existed for anonymity. It takes effort to make your information anonymous.
1. During protests
A. About mobile phones/other smart devices
It is best to leave your own mobile phone at home;
Police can track mobile phones through cell towers - this can confirm your presence in a "sensitive location" or confirm your identity at a later date;
Messages can also be intercepted by " stingrays ", which impersonate cell towers;
If you use Android, leave it at home - it has a history of being hacked by the police ;
If you have an old /spare/ disposable phone , consider replacing it - even if you don't have a SIM card, as long as you can connect to WIFI and Bluetooth it's fine.
If you do have to take your phone with you, think about what you have stored on it and whether all of that could put you or the people you care about most at risk;
Delete contacts and information as needed.
Back up your data in case of data loss.
Set a complex lock screen password. Don't use face or fingerprint recognition , don't use words or easy-to-guess numbers.
Turn off notifications on the home screen - don't let anything show without unlocking your phone.
Set your phone to go to the lock screen extremely quickly.
Turn on airplane mode.
Make sure Airdrop is not turned on .
Revoke access and log out of the app remotely if your device is lost or confiscated by the police ;
Changing an account's password can sometimes force a logout.
Communicate using Signal , session, or other encrypted messaging systems. Note that the police can still monitor the metadata (about when you sent the message, how long the call was, etc.), but not the actual content of the encrypted message.
Turn off location services! This will not append GPS coordinates to photo metadata.
B. About taking pictures.
Photos can be very useful, however,
To take pictures without unlocking the phone;
Do not take pictures of people who may be identified;
If you capture a person in a photo, blur or mask their face;
After taking the photo, take a screenshot to remove the exif data.
Exif data stores information on the image, such as shutter speed, whether flash is used, date and time, and GPS information. This can be evidence - don't post the photo directly, but take a screenshot of the image so the metadata is overwritten.
After you take a screenshot of the photo, delete the original photo.
Do not label others without their express consent,
Also do not discuss any private plans in a publicly visible space.
C.About preventing oneself from being identified .
Wear a headscarf/mask, sunglasses, and cover any identifiable features, especially tattoos and scars, including visible moles.
Do not wear clothing with recognizable logos, or unique clothing. Stick to solid colors, or all black.
It's best not to buy anything, and use cash if you must. Credit card/digital payments are instantly traceable.
Bring plain clothes that you can change for after the protest is over, or if you have to leave the scene quickly.
If you can, ride a bike or walk, don't drive - a license plate reader can easily identify you.
2. On the Internet
If you're doing research or activities online and shouldn't be tracked down, here are some ways to cover yourself.
A. Use Firefox browser.
Firefox adds tracking blocking and other data protection features, especially stronger than Chrome.
Don't install any plugins you don't trust, but install plugins that help keep your data safe - like privacybadger , UblockOrigin .
Do not use any software without a privacy statement.
Don't use Dropbox. They are a very anti-privacy company. Use onionshare for file sharing.
Instead of using Google stuff, here are alternatives to Google services.
Use incognito mode. Honestly, this isn't really a solution, but will confuse some tracking.
B. One-time account .
Always make a new email for a new account without any information about you .
Use a fake name. This is legal and you should do so to avoid your information data being mined across services .
Turn off location sharing on your computer .
Never pay by credit/bank card, preferably cash.
Delete cookies and browsing history at your fingertips.
Turn off Javascript - this is a bummer, although really helpful.
Use the Tor browser . Tor makes your traffic semi-anonymous by routing it through nodes around the world. This is how you access the dark web, but you don't have to go to dark web sites, just use Tor for regular browsing.
There are other browsers/systems like Freenet and I2P.
Use a proxy or VPN (or both). A proxy hides your IP address, making it look like you're somewhere else, but doesn't encrypt your data. Suitable for low-risk tasks. A VPN also makes your IP appear to be coming from somewhere else, but is significantly more secure .
More -> Difference between VPN and proxy .
some proxies.
You need to make sure your VPN has been publicly audited.
Try Proxygambit , a simple anonymity device that allows you to access the internet from anywhere in the world without revealing your real location or IP.
Use an anonymous operating system - like Tails or ZeusGuard, or even Windows To Go. Assign a random DHCP address at startup.
IronKey may also consider:
Once you're all set, check for DNS leaks:
https://dnsleaktest.com/what-is-a-dns-leak.html
3. If you feel you have been targeted.
In this case you need to clean up your online presence in case of identity theft / hacking / harassment / threats / etc.
A. Self-examination
Search your old emails, flip through every email you can think of that you've ever used; check those emails to help you remember other sites you may have signed up with with an email address.
Then, delete your account from the forgotten/no longer used service.
Use each email account's search function to look for keywords like "Sign up," "Welcome," and more.
Recover and log into each service, erasing any content and information, as an account may be archived even in an ideally "protected" state.
Make a note of the username, password, service, and email address you have used; then delete the account.
If you can't find a place to delete the account, search for "delete account" + "<service name>". There may be times when it may be necessary to email support.
B. Check whether your information has been disclosed
Now that you have a list of usernames, emails, and services, see if these were part of a data breach anywhere.
Search for your own email and account name on Duckduckgo/Google/other search engines. Look for a database or Pastebin link that leaks your information. Note which usernames and passwords appear.
Be aware that many databases are not indexed by search engines, so you should use https://haveibeenpwned.com to check when and what of your information was made public.
If anything shows up, it will be the first priority to be changed or removed.
C. Delete your old information from Google
Even if you delete old accounts, there may be cached information about them.
Using the Google console, ask them to delete/update their search engine (unfortunately this usually takes several months) to remove these cached results. You must provide each link. it's here:
https://www.google.com/webmasters/tools/removals
D. Try not to let Google track you
Here you can go through each of Google's services. Close each of your accounts:
https://myaccount.google.com/activitycontrols
You can see (and erase) your activity history here: https://myactivity.google.com/myactivity
You can report content for legal removal here: https://support.google.com/legal/answer/3110420?visit_id=637092788967151292-3839576181&rd=1
E. For each service you are using, drill down to the core of privacy settings.
Possibilities vary from service to service - no account is completely secure, but be sure to change your settings whenever possible.
Facebook is especially bad, but if you want/need to use Facebook, it's advisable to make sure all your info is set to private so at least others can't access your photos and info.
F. Delete old emails
As above, after you've browsed through your old emails and found a service you've signed up for, you should delete those emails.
This is to avoid leaving personal information that could be used against you or embarrass you in the future (you can assume that anytime you will be hacked, your device will be snatched by the police or lost).
If you think you might still need these emails, at least make sure to change your security question and password.
G. The practice of basic security accounts
Change all your passwords regularly , at least a few times a year. Be aware that new data is leaked and sold every day.
Never use the same password, a similar password, or use personal information (birthday, license plate, house number, pet name, etc.) in the password.
There are programs that automatically run permutations and combinations of passwords. Of course, a password manager that works for you will be most convenient.
H. Periodically delete your old content
Delete tweets and old photos. If you are an individual target, this information may be centrally researched by malicious actors.
Be careful with anything you post about your circles and those around you. Even if you have strict security measures and habits yourself, your neighbors and friends may not have those measures - if a hacker knows they are your neighbor, they also know where you live.
Well, that's it. It's good for your basic security to remember these sentences, and if you're interested in any of them, you can click on the relevant link to see the details. ⭕️
Like my work? Don't forget to support and clap, let me know that you are with me on the road of creation. Keep this enthusiasm together!
- Author
- More