headingnorther

Educational materials from your friendly neighborhood anti-fascist

14 September 2020

Digital Security Transcript

Digital Security Transcript:

layout: post title: ‘Digital Security For Portlanders Transcript’ tags: transcript —

Cover Page:

TITLE: Digital Security For Portlanders Volume Three

FRIENDLY NEIGHBORHOOD ANTIFACIST (FNAF): Finally, a legitimate excuse to Google yourself!

Learn to manage your overwhelming internet dread!

Contains homework (there may be a test)

Page Two:

[ID: there are six small panels on the top half of the page and one larger panel at the bottom of the page, the first panel only contains a word balloon.]

FNAF: “If I know anything about you, it’s that you’re the kind of person who”

[ID: the second panel contains both a smoke detector and a carbon monoxide detector]

FNAF: “checks you CO and smoke detector batteries biannually”

[ID: panel three shows a backpack hanging on a hook with both side pockets filled, a smoke detector on the wall and a jug of water next to the backpack.]

FNAF: “Regularly tops off your emergency kit”

[ID: panel four shows the same water jug sitting on top of a stripped surface, next to the jug is a book titled the Great Emu War. On top of the book there is a can of emu spray.]

FNAF: “Understands the threat of emus”

[ID: panel five zooms out to show the jug, the book, the emu spray and the back pack all sitting on top of a striped towel.]

FNAF: “Always knows where your towel is”

[ID: panel six shows FNAF wearing black bloc, goggles and a fishing hat, tiny text reads “no eyebrows here”]

FNAF: “And would wear only the tightest bloc”

[ID: large panel shows FNAF taking a selfie in black bloc, goggles, a fishing hat, and a large knit sweater. Behind them is a desk with labeled technology including a smart speaker, a router labeled “your ISP”, a laptop labeled “your web browser and search engine” and two rewards cards.]

FNAF: “But are you equivalently prepared electronically? I’m your friendly neighborhood anti-facist, and I’d like to check in with you about your digital security.”

Even a smart fridge could be leaking your data.

Page Two:

[ID: the page is set up like a computer screen, the top of the page has a bar that says “activities” and “terminal,” a window fills the rest of the screen, the window has three circles in the upper right hand corner like a linux and is labeled “fnaf@home” the text is stylized to look as though it’s within a terminal]

(When Alice and Bob wish to talk to each other very badly, they turn to)

TITLE Encryption

Encryption matters when you’re sending data that has the potential to be inspected by uninvited third parties. It works by making this data look like gobbledygook to those without the decryption key. Encryption is everywhere– from your bank account to your interaction with nearly every website you visit (1). (Terms like ‘military grade encryption’ don’t mean much– modern encryption standards are ‘military grade’)

Communication: for messaging and email you want END TO END ENCRYPTION where your messages are encrypted both on their way from your phone to whoever you’re talking to, and also encrypted from the app you’re messaging on, so the app’s servers can’t see them. That way even if your messaging service is subpoenaed or hacked there’s nothing to see. (2)

Passwords: the best encryption is worth nothing if you don’t have a strong password (3). You knew it was coming– it’s time to actually change all your passwords. EVERY password you use should be long, unique and random. If you can’t remember all your passwords, you should get a password manager. DON”T reuse passwords. –INSERT–

Page three:

[ID: this page is also set up to look like a computer screen, the bar at the top has a volume symbol, a battery icon and a power symbol in the top right. Along the right side of the screen is a dock containing the icons for the apps signal, proton mail, firefox, tor, ???? and files. There are two open windows, the top window is a signal chat, the left side of the signal chat box shows the contacts with whom FNAF has been chatting recently. Their names are: Black box, Mackerel Thwappers, Mom, Emus inc. your sensible fiend, and you. FNAF is currently chatting with you, the right side of the chat shows five messages from FNAF.]

FNAF: “Consider Signal for messages- it’s open source, end-to-end encrypted, has disappearing messages and is user friendly (4).

FNAF:Some email services scan client’s emails to serve target ads- ProtonMail is an encrypted exception.

FNAF: Remember that if you’re not paying, you’re not the customer-you’re the product.

FNAF:When browsing the web, search engines like Google and browsers like Chrome collect your data. Try a search engine like DuckDuckGo or a browser like Firefox that gather less of the user’s info.

FNAF:But if you really care about web anonymity, you should suffer the speed cut and use Tor.”

[ID: a notification at the top of the screen labeled with an exclamation point] “The best encryption isn’t worth a thing if you trust the wrong person”]

FNAF “the services mentioned here have been useful to me, but you should always do your own research to see what’s right for you.”

[ID: the rest of the screen is filled with a second window. This window is an incognito web browser with a search bar at the top and a black icon with a white bandit mask, the following text is displayed in the window]

Common Misconceptions: Going incognito does not erase your digital tracks. Not all disappearing messages are secure. VPNs are useful for concealing your activity from your ISP only when you trust your VPN provider (5, 6).

Page Four

TITLE: Have you heard about metadata?

[ID: the word ‘metadata’ in the title is formatted to look like a captcha image.]

Your personal data- the contents of your texts and calls, your photos and emails are protected and require a warrant to search. It’s hard, if not impossible, to see this data without physical access to your device. Your metadata is not so well protected. Metadata is everything except for the content of your data– it’s the data about your data. This includes timestamps, subject lines, geolocation, who you call, the websites you visit (7). Much of this information is stored by your ISP and could be accessed without your knowledge. Legal precedent concerning metadata remains uncertain. Different police departments and courts have different standards. Photos include the time they’re taken and the location they’re taken at, which is visible to anyone with the image. One easy way to remove this metadata is to send the image to yourself through signal (8). You know Google Docs saves your edit history, but did you know Word does too? Next time consider a PDF.

[ID: the left side of the page shows an example of one person’s metadata trail for one night.]

Calls: Domino’s (outgoing), time: 2 AM, location: home

Webistes: youshouldhavebeenpreparingforemus.gov, time: 2:30 AM, location: home

Text logs: [ID: shows texts all sent to the contact ‘your sensible friend’ the actual content of the messages is redacted but the time stamps are visible.] times: 2:34 AM, 2:39 AM, 2:43 AM, 2:43 AM, 2:43 AM, location: home.

Credit Card Transactions: two times throw net thirty nine dollars and ninety eight cents, visa, time 2:50 AM

Page Five:

TITLE So you brought your phone to a protest (9)

[ID: page is set up like a diagram of a smartphone, the middle of the page shows an iphone and different steps point to different parts of the phone]

Step 1 Reconsider: Try a brief digital detox, or acquire a phone without your personal information that you only run on at protests

Step 2 So you’ll bring a phone: Assume it will be confiscated. Remove any sensitive data from it (messages, images, etc)

Step 3. Turn off biometrics: unlock your phone with a long, random pin– not your face (cops can’t legally search your phone without a warrant [ID: step three is pointing to the thumbprint button on the phone]

Step 4: At the protest: keep your phone in airplane mode and/or a signal blocking pouch. Use an encrypted messaging app like signal. [ID: the text in step 4 is written on the phone’s screen as if the information was appearing as a notification.]

Step 5 Think carefully before you film: Are you documenting or protesting? If you film, do it while your phone is locked. [ID: step 5 is pointing to the forward facing camera on the phone.]

Step 6 Heading home: if you’ll need a map, download it beforehand and navigate with your phone still in airplane mode (GPS is receive-only) [ID: step 6 is pointing to the navigation icon on the phone screen.]

You may encounter: (10) Cheap devices that mimic WiFi networks and intercept all activity on them- always be suspicious of open networks and never connect at protests. Stingrays mimic cell phone towers and collect any outgoitg data from your phone-tests, calls, location, searches… They’re usually operated in vehicles. Dirtboxes, a similar device with a wider range, mounted on an aircraft. To protect against this, use airplane mode.

Page Six:

TITLE: DOXXING

[ID: This page has seven panels, most of the panels contain FNAF in their hate, goggles and big knit sweater holding a cup of tea and talking to the reader.]

FNAF: “Doxxing is when a pernicious person publishes your personal particulars publicly.

FNAF: “This information can include your phone number, your address, embarrassing photos, past action, and more. Doxxing is a different kind of threat than surveillance so you need to take different steps to prevent it (11, 12).”

FNAF: “Protesters are more likely to be doxxed if they have a public, political social media account, or are arrested.”

FNAF: “Protect yourself by deleting old accounts you no longer use, and avoiding posting your face or tattoos.” siiip

FNAF: “You should also consider pulling your information down from the internet white pages– the hundreds of pages that host peoples’ names, addresses, phone numbers and more.”

FNAF: “this is engineered to be a painful, arduous process.” *[ID: this panel shows a recaptcha with nine blurry images and the direction to select the images containing emus]

FNAF: “consider getting together with a friend and making a day of it.”

Workbook for doing so in citations (13)

Page Seven:

[ID: most of the page contains stylized text, the left hand side has an old style thermometer with text on it, the text is vertical]

THERMOMETER TEXT never touched this ‘internet’; under the radar; tweet went viral; activist/journalist; a criticized celeb.

MAIN TEXT It would be a full-time job to protect your everything from everyone; prioritized by conducting a THREAT ASSESSMENT. The Electronic Frontier Foundation (EFF) suggests asking (14): What do I want to protect? (messages, locations, passwords) Who do I want to protect it from? (people, organizations, the government) How bad are the consequences if I fail? (humiliation, arrest, assault) How likely is it that I’ll need to protect it? (do you have a public presence? Been a victim of a breach?) How much hassle am I willing to go through? (having a secret phone number is a lot of work, for example)

For more information, check out the EFF’s digital security guide for activists in the citations (15).

WORD BUBBLE: “I’ve never done anything illegal– why should I care about internet security?”

You could still be targeted by malicious actors. If you’re secure, then the people around you– your friends, neighbors, contacts– will be more secure, too. Security shouldn’t be a precaution– view it as a right.

Page Eight:

TITLE: Activity Section

FNAF: “You should do this today!”

Digital Security Action Items:

Get a password manager and change all your passwords to secure, randomly generated ones. (consider dashlane, 1Password, or LastPass).

Check your emails at haveibeenpwned.com to see what data breaches you’ve been involved in and prioritize changing those passwords.

Sign up for services with a different email from the one you sue for essential accounts (bank, etc)

Turn on two factor authentication everywhere (and use an authenticator app or yubikey rather than your phone number.)

Lock Your credit (only unlock for credit checks) (For instructions, look at the FTC site in citations (16))

[ID: after the list of action items above there is a blank line where you could fill in another action you want to take]

FNAF: “Thanks for reading and see you next time!”

Citations:

  1. “What Should I Know About Encryption?” Surveillance Self-Defense. Electronic Frontier Foundation, March 7, 2019.
  2. “Communicating with Others.” Surveillance Self-Defense. Electronic Frontier Foundation, June 9, 2020.
  3. “Keeping Your Data Safe.” Surveillance Self-Defense. Electronic Frontier Foundation, November 12, 2019.
  4. “Attending a Protest.” Surveillance Self-Defense. Electronic Frontier Foundation, April 1, 2019.
  5. Scott, Tom. This Video Is Sponsored By ███ VPN, 2019.
  6. “Choosing the VPN That’s Right for You.” Surveillance Self-Defense. Electronic Frontier Foundation, April 2, 2019.
  7. “Why Metadata Matters.” Surveillance Self-Defense, April 2, 2019.
  8. “Why Metadata Matters.” Surveillance Self-Defense.
  9. “Attending a Protest.” Surveillance Self-Defense.
  10. Quintin, Cooper. “A Quick and Dirty Guide to Cell Phone Surveillance at Protests.” Electronic Frontier Foundation, June 25, 2020.
  11. “Doxcare.” CrimethInc., August 26, 2020.
  12. “A Guide to Doxxing Yourself on the Internet.” The New York Times. Accessed September 10, 2020.
  13. Bazzell, Michael. Extreme Privacy What It Takes to Disappear. Intel Techniques. 2.5 ed., 2020.
  14. “Your Security Plan.” Surveillance Self-Defense. Electronic Frontier Foundation, April 1, 2019.
  15. “Activist or Protester?” Surveillance Self-Defense. Electronic Frontier Foundation, April 1, 2019.
  16. “Credit Freeze FAQs.” Federal Trade Commission Consumer Information, September 24, 2019.

Further Reading

The EFF’s website is an amazing resource with a lot of information we didn’t have room to get into. Check out their Surveillance Self Defence Guide [ssd.eff.org] (ssd.eff.org) , maybe read an article about securely deleting your data.

If you’d like to know more about doxxing and its aftermath, read the CrimthInc “Doxcare” article

If you like podcasts, check out Reply All episodes 130: the Snapchat Thief and 97: What Kind of Idiot Gets Fished

Back Cover

Print your own from zines.headingnorhter.com !

Instagram: @headingnorther Twitter: @headingnorther

Question? Compliments? Corrections? headingnorhter@protonmail.com

September 14th 2020

From southeastern and headingnorther

tags: