Overview and understanding threats
Below are some suggestions for protecting yourself online. They are general - so may or may not apply to you or your organization.
The first step in any plan to protect yourself on the Internet is to talk with your friends, colleagues and allies about what realistic threats face you and your organization.
For example, women working on all issues are more likely than men to receive threats of physical violence accompanied with the publication of personal information (such as home address, name of kids etc.).
Activists working against police brutality may be focused on tactics common to local police departments - such as the use of sting-ray devices that impersonate cell phone towers to intercept and spy on communications.
Activists in the BDS (Boycott, Divestment, and Sanctions) movement may be focused on keeping personal communications and networking information private to avoid providing grounds for a subpoena for a grand jury investigation.
Having a clear idea of the threats facing you will help you decide which steps should be taken.
The second step is to make a plan. Security is an on-going task. Some of the steps below you have may already taken. Be prepared to re-consider what additional steps you need take on a regular basis.
What: Signal is a cell phone app for Android and iPhones that provides end-to-end encryption of text messages.
Why: Signal can replace your standard text message app. It will automatically detect when you are sending to another user on Signal and will send an encrypted message. If the user you are sending to is not on Signal, it will send a normal text message.
Additional Information: Although it is nearly impossible for anyone to access the content of your messages, it is possible to reveal the "meta" data - in other words, who you are communicating with and when.
Full Disk Encryption
What: Encrypting your disk means scrambling the contents of your computer in a way that can only be de-crypted with a password.
Why: Just because you have to login to your computer or phone does not mean the data on your computer is safe. It is possible to remove the hard drive and copy everything. That means: all the email messages you have downloaded, any passwords you have saved in your browser (if you are not using a master password - particularly a problem with cell phones), any files, including ones saved on file sharing services like Nextcloud or Drop Box, etc.
What: A password manager provides a secure place to store a different, long password for every site that you visit.
Why: If you use the same password for every site and that site is compromised, then attackers can use your password to access your information on other sites. This happens regularly. Also, if your passwords are easy to remember, you are more likely to have our accounts compromised. This is one of the most common ways people's personal information is compromised.
- Organizations: If you need to share your passwords with other staff people, then using KeePassX is the way to go. There is one master password shared by staff and with that password you can lookup the other passwords in use. This option also works for individuals. In both cases, you will need to access the password database every time you need a password. Typically, the password database is shared via a network share or via Nextcloud or another file sharing service.
- Individuals: Although KeePassX is a perfectly good tool for individuals, you can also use simpler and more light weight approaches. For example, if you enable a master password in Firefox and your disk is encrypted, you can let Firefox remember your passwords in the browser. You may want to install password generator plugin so you can generate a new and secure password for each site. If you use multiple devices and they are all running Firefox, then you can sync your passwords between devices. Mozilla (the maker of Firefox) stores this data encrypted so not even they can figure out your passwords.
What: Nextcloud is a file, calendar and contacts sharing service. Like Drop Box, it allows you to share a folder on your computer or your phone that is synchronized with anyone you want. Like Google Docs, it allows you to edit your documents via the web. And, it provides an alternative to backing up your phone contacts and calendar items to Google or Apple.
Why: Google, Drop Box and other corporate providers are corporate, centralized services whose primary concern is profit. They are vulnerable to legal requests for turning over data, and can terminate your account at any time. Nextcloud is free software, designed to be federated (many different Nextcloud sites can share with each other) and can be run by people you know and trust. Additionally, all Android and iPhones, by default, copy all of your contacts and calendar items to Google and Apple servers.
Note:Recently we had recommended ownCloud. So, why did we change to Nextcloud? In short, the ownCloud project had a split. The main technology lead left ownCloud, formed Nextcloud, and took most of the technical staff with him. And, Nextcloud chose to more fully embrace the free software license by releasing all code as free software, rather than the ownCloud model which kept some proprietary code for the enterprise version. Based on the practical and political benefits of Nextcloud, we have chosen to follow their fork. Most importantly, however, this Nextcloud provides vastly improved abilities to edit documents and spreadsheets via a browser.
How: If you are a May First/People Link member, no more steps are needed. Simply go to: https://share.mayfirst.org/ and get started. Additional documentation is available on the May First/People Link support page. If you are not a May First/People Link member, or you want to install your own version of the software, visit the Nextcloud web site for more information on how to install it or to lookup other providers.
What: PowerBase is a web-based database designed for organizers, based on the free and open source software CiviCRM, that collects all of your data together in one place.
Why: As organizers we have a responsibility to protect the data we collect, especially if we are organizing in communities that are increasingly vulnerable to state violence, like immigrants and people of color. Is our data safe in corporate databases like NationBuilder, whose CEO celebrates Donald Trump's use of the service? PowerBase is hosted by PTP and May First/People Link with a history of fighting government subpoenas and not just supporting, but actively participating in our movements.