My privacy – Your safety

A manual for activists to protect your privacy and security online

Table of contents

  1. Chapter 1: Introduction
  2. Overall context
  3. Safety vs Security
  4. The right to privacy and security
  5. Why online security and privacy are relevant for 2021 / Reflection on digital revolution post-pandemic
  6. Why we should pay attention to online security
  7. Chapter 2: Privacy Awareness
  8. “I have nothing to hide” argument and other excuses
  9. The risks of internet privacy
  10. When online surveillance and profiling exploit our democracy
  11. Chapter 3: Tips for online privacy and security
  12. Privacy tips
  13. Surveillance tips
  14. Chapter 4: Collection of resources for activists and organisations
  15. Good habits
  16. List of various resources, guides, tools
  17. Appendices
  18. Appendix 1 – A GDPR mini overview. Learn the law, use the law

Privacy tips

First of all, a good rule of thumb is to counter the perceptions you might have about your online security! For instance, Shift+Del does not delete your data; screen passwords are not a way to secure data; SSd drives do not guarantee deletion; forensics can retrieve deleted files; your finger is not secure enough; incognito mode in your browser does not make you anonymous; secure tools don’t necessarily make you safe.

Other general principles for your security include safeguarding your passwords, backupping and encrypting your data, using end to end encryption in your communications, being always aware of who has access to your data, periodically assessing the tools you use, and always being aware that your practices can cause more risks than the actual tools.

In general, it would be great if you could build a core of information security skills, always be aware of what your unknowns are, and have resources and contacts handy in case you needed help.

We are going to share in this section some suggestions and tips to make your experience on the Internet safer and more secure. For the sake of clarity and transparency, we also need to highlight the cons of using some tools, in terms of websites or specific funcion accessibility. For instance, using TOR with the maximum level of protection could hinder the possibility to see some videos or access some websites, and this could limit your online activities. It’s necessary to keep in mind that everyone needs to find their own balance navigating this matter.

Privacy tips

Self assessment tools to test your security levels

As a start, you could use this tool called “Trace my Shadow” to understand what kind of digital footprints you’re leaving behind you. In fact, everytime you use a digital device, you spread around some bits of information (geolocalization, online purchases, etc.) that, afterwards, are collected and create a picture of your habits and preferences. These datas are mostly used for commercial purposes (ever wondered where those annoying Instagram advertisements come from?).

You might feel a bit overwhelmed by now, but you have to know that there’s good news: there are some plug-ins and apps that could help you in preventing some of these issues. 

So, first things first. You can start this journey towards online safety by figuring out how your browser is doing at the moment. Cover Your Tracks will scan your browsers, giving you information on where you’re doing fine and in which parts your browser shows weaknesses. Moreover, to understand how your actions have been tracked, you could also download Lightbeam, which will show you how your traces are collected. 

Again, you should not feel scared, since there are some useful adjustments that can help you. For instance, you could download plugins such as Privacy Badger, uBlock Origin and no Script. What they do is exactly blocking trackers, so that your preferences and activities will not be shared anymore!

 

As we have understood by now, protecting our privacy online is extremely important, not just for us but for other members of our community as well.

In this chapter we will present some useful practical tips that you can implement in your daily online experience to make your digital life safer – they are easy little things accessible to everyone, you don’t need to have a Computer Science degree to see some results!

Layers of safe browsing

Web browsers can be breached in many different ways. For instance, operating systems can be breached and malware is reading/modifying the browser memory space in privilege mode; operating systems can have a malware running as a background process, which is reading/modifying the browser memory space in privileged mode; the main browser executable can be hacked; browser components may be hacked; browser plugins can be hacked; browser network communications could be intercepted outside the machine.

There are some recommended practices tricks to enhance your account security on your devices and strengthen the privacy settings. For instance, you can:

  • Change your phone settings to block unnecessary location tracking
  • Turn off what Google tracks including browsing/search history, location history, YouTube search/watch history and even voice recordings
  • Use Tor Browser for anonymous browsing and hiding yourself from surveillance
  • Use DuckDuckGo for private searches: for instance, it is good for watching Youtube videos directly in the browser, thus hiding yourself from tracking.

 

You can also audit your social media (and apps, and so on) by using the Data detox kit. It is a simple, accessible, and holistic resource available online and in printed formats giving you bite-sized tips to control your digital privacy, security, and well-being in ways that feel right to you. Available in 20 languages (and counting), the Data Detox Kit guides are full of interactive resources, downloadable PDFs, and most importantly concrete step-by-step instructions.

Terms of services and online consent

A Deloitte survey of 2,000 U.S. consumers in 2017 found that 91% of people consent to terms of service without reading them. For younger people, ages 18-34, that rate was even higher: 97% did so. This means that most of us needlessly put ourselves at risk by signing away all kinds of rights over what personal data an app or website collects, how they use it, with whom they share it and how long they keep it. We can all take steps to thwart 24/7 corporate surveillance and that starts with reading the small print and understanding what we are signing, without taking for granted that mainstream tools everybody uses are secure, and always minding if we are dealing with a third party service that has different terms of service (a legal document that protects the company and explains to consumers what the rules are when using the service).

Making examples of offline data collection and how they (can) interact with online data

The Internet of Things ecosystem is part of a data-driven economy as well. The emerging and growing infrastructure of the IoT allows data to be collected not only by people, but by a variety of machines and devices that monitor people and autonomously upload data to their parent organisations (that possibly share data with each other). There are a lot of IoT tools in our daily life and all of them are sucking data from our private lives: smartphones (geo-location, apps, Siri), smart home tools (TVs, vacuum cleaners, Alexa and its constant monitoring of the environment and of our daily activities), fitbits (health data), and so on. All these devices track us, collect personal and behavioural data about us and share it: they analyze our daily habits and draw conclusions about our life, our work, our wealth, our routines, our family situations.

A very useful tool in this realm is Terms of Services, didn’t read: a website and plugin that evaluates the privacy of the Privacy Terms of the websites you visit, rated from E (very poor) to A (excellent). As a plugin, it automatically shows the website you are currently using, if it has been evaluated already. Their claim is that “I have read and agree to the Terms” is the biggest lie on the web. Interestingly, between the websites that score the worst in their analysis, there are Facebook, Amazon, Youtube, Spotify, Apple and Pinterest.

Tracker blockers

It’s not just IoT devices potentially tracking us, it’s also regular websites! Most of them have a wide variety of trackers included that share user data with other companies. We are subject to a permanent kind of surveillance.

If you want to understand what kind of digital footprints you’re leaving behind you, you could use a tracking tool called Trace my Shadow. In fact, everytime you use a digital device, you spread around some bits of information (geolocalization, online purchases, etc.) that, afterwards, are collected and create a picture of your habits and preferences. These datas are mostly used for commercial purposes (ever wondered where those annoying Instagram advertisements come from?).

We also recommend starting this journey towards online safety by figuring out how your browser is doing at the moment. Cover Your Tracks (a digital footprint scanner website) will scan your browsers, giving you information on where you’re doing fine and in which parts your browser shows weaknesses. Moreover, to understand how your actions have been tracked, you could also download Lightbeam (a browser add-on), which will show you how your traces are collected. Other useful tools are Trackography, that allows you to find out who is tracking you when you are reading your favourite news online, and Panopticlick, that tests your browser to see how well you are protected from tracking and fingerprinting.

You might feel a bit overwhelmed by now, but you have to know that there’s good news and there are some useful adjustments that can help you. For instance, you could download plugins to add to your web browser to reduce or block trackers so that your preferences and activities will not be shared anymore:

  • HTTPS Everywhere: the https protocol reduces the amount of collected data by the websites you visit. This plugin enforces the use of this protocol on every web page you browse in whenever possible.
  • Privacy badger: it stops advertisers and other third-party trackers from secretly tracking where you go and what pages you look at on the web. If an advertiser seems to be tracking you across multiple websites without your permission, Privacy Badger automatically blocks that advertiser from loading any more content in your browser. To the advertiser, it’s like you suddenly disappeared.
  • Ublock Origin: a free and open-source, cross-platform browser extension for content-filtering, including ad-blocking.
  • NoScript: a JavaScript/Java/Flash blocker, providing extra protection to web browsers. 
  • Ghostery: a free and open-source tool that gives the user the power to block ads and stop trackers.

These tools will prevent you from being tracked and make your online browsing experience safer. Their mere existence, by the way, challenges the prejudice of “anonymity” that many people have when facing privacy matters online.

Removing yourself from online data brokers

(write)

Passwords and account security

You should periodically check if your email or phone has been involved in a data breach. At the same time, you should also check if you have been pwned. You can use https://haveibeenpwned.com/ on a regular basis to check any potential data breach and act accordingly.

Using a strong password that is difficult to crack is essential to keep your data safe. So, pay attention to these details:

  • Never leave an account with an empty password.
  • If possible, update important passwords every year.
  • Do not keep the password that the system gives you by default.
  • Run away from the obvious keys such as your name, date of birth, telephone number, address…
  • Common words or phrases are not a good idea.
  • Do not share the same password for different devices, emails or social networks.
  • Memorize your passwords! Leaving them in writing is not very safe.
  • When possible use 2FA, 2 factor identification. For example, an ATM requires you to have both your physical bank card and your four-digit pin to get cash. Google accounts and Yahoo! mail allow you to set up 2FA 
  • You may as well use a Password manager, to keep safe and protected (and never forget your multiple passwords. For example KeePassXC, 1Password, LastPass…)

Enthusiasts about data and privacy used to have events to meet and network like Cryptoparty, a global mouvement organising events and sharing knowledge on privacy; unfortunately, Cryptoparties are not active anymore in many countries, but there are certainly smaller events happening close to you where you can get social with people interested in these topics!