When Secrets Aren't Safe in Your Computer... Tips for Activists and Journalists

Submitted by SadInAmerica on Tue, 11/15/2011 - 4:45pm.


In response to this New York Times article I created a comprehensive list of tips for Journalists who are dealing with secretive and sensitive data and also for the normal user who prefers anonymity and security. ~ Fred

There are important data that could compromise a journalist's safety. It's fairly important to keep it safe from the wrong hands, such as corrupt government agencies, brutal police agencies, evil corporations and perhaps even hackers.

I will discuss on how to keep your computer safe, how to avoid being monitored and tracked over the internet, keeping your data safe in the case your computer gets lost, stolen or confiscated, which procedures to take when in danger situations.

This list starts with the simplest and easy methods and follows up to the more advanced methods.

Always Use HTTPS:// when browsing...

  • If possible always prefer using https:// over just http:// specially for web-email and Google search.
  • Use Google search in https mode: https://google.com

  • Enable HTTPS mode to 'always' on on Twitter, Facebook, Gmail.
  • Try to use HTTPS always when visiting sites such as Twitter, Gmail, Yahoo Mail, Hotmail, Gacebook, Google Search.
  • Facebook/Twitter HTTPS Always.

  • Gmail HTTPS always.
  • https://www.eff.org/https-everywhere.

    Protect your computer with a login and password...

    Always make sure you have a long password for login to your computer.

    Regularly Change your password...

    Change your passwords every few months and use longer passwords.

    You could use LastPass to store/manager your passwords, Lastpass database is encrypted and only YOU can decrypt it. Lastpass cannot view your password.
    Check how long it takes to decrypt your password here.

    Encrypt your computer data...

    Drive encryption is very important because without encryption, the data on your computer can be accessed by removing the hard drive and plugging it in another computer, even if you have a login password on your computer.

    Encrypt USB pen drives and External Hard Drives...

    We usually forget that USB pen drives and other external drives are filled with important data and easy prey.

    They are easy to be lost or stolen, so its important to have then secured and encrypted.

    External drives can be encrypted using Truecrypt, a tool for mac/linux/windows.

    There are other tools for encryption, but Truecrypt is by far the best and most universal application, see www.truecrypt.org.

    Encrypted Emails...

    There are few ways to encrypt emails, but the best and most powerful way is to do it with PGP.
    From Wikipedia:

    Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991.

    PGP encryption can be achieved with many software available for Mac/Windows/Linux/Android.

    PGP can easily be enabled in Thunderbird and OS X Mail.app.

    Use Tor to anonymize your internet traffic...

    TOR is a highly recommended application. It's a must if you use internet Public Wifi spots, coffee shops Wifi, and even home Wifi.

    A description from Tor website:

    Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory.

    It was originally developed with the U.S. Navy in mind, for the primary purpose of protecting government communications.

    Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists and many others.

    Reasons to use TOR:

    - Tor encrypts the transmitted data, your government cannot tap your internet connection.

    - Tor prevents anyone from learning your location or browsing habits.

    - Tor is for web browsers, instant messaging clients, remote logins, and more.

    - Tor protect the user privacy from unscrupulous marketers and identity thieves.

    - Tor is free and open source for Windows, Mac, Linux/Unix, and Android.

    More about TOR: https://www.torproject.org/about/overview.html.en.

    People who use Tor: https://www.torproject.org/about/torusers.html.en.

    Tor on Android...

    Orbot is an application that allows mobile phone users to access the web, instant messaging and email without being monitored or blocked by their mobile internet service provider. Orbot brings the features and functionality of Tor (read more below) to the Android mobile operating system.

    Orbot (packaging Tor is currently available in the Android Market and from the Tor Project website.

    Use a VPN...

    With an encrypted VPN, such as open VPN, your data transmissions won't be monitored or tapped by anyone on the line. The police does tap internet communications with the aid of ISP providers.

    VPN also helps you browse safely on Public Wifi spots, coffee shops Wifi, office Wifi and even your home trusted Wifi. With a VPN in another country you may also skip websites censoring by government.

    There are many VPN providers, varying from $1 to $10/month, and even some free ones http://techpp.com/2009/07/09/top-5-free-vpn-clients/.

    If privacy from VPN services is not enough, you can get a private VPN for just $10/month using a private server.

    OpenVPN works on Windows, Mac, Linux, iPhone* and Android.

    When Things Go Wrong!...

    When things go wrong, for example, you lost your phone, your phone or laptop was seized by corrupt police or government agencies, it was stolen, or you were forced to give up your phone and laptop.

    Use Remote Wipe and Panic Button apps...

    A 'panic button' application will permanently erase your phone data with one click, so that the bad guys won't be able to get the data from your phone. You must be able to have physical access to your phone before it is taken and the panic app must be installed on your phone first and configured.

    You can configure the app to wipe all phone data or just some parts of it. Some Apps will allow you to do it with one touch. So be careful setting up those apps, backup your phone data first.

    "Panic button" apps are available for many different kind of phones.

    Nowadays, police are searching for people's phones without a warrant, so be prepared. With this tool you can wipe your phone when it's in danger.

    • "In The Clear" for Android/Nokia/Symbian/Blackberry: InTheClear is a suite of mobile applications designed to keep users safer in difficult situations by using their phone's built-in tools.

      At its core are two main features: Emergency SMS and Data Wipe. At installation, InTheClear walks a new user through the process of configuring each of these features.

      The user can then activate either Emergency SMS or Data Wipe individually, on an ad-hoc basis. In addition, they can simultaneously activate *both* Emergency SMS and Data Wipe via Panic!, a simple, one-touch feature of InTheClear.

    • www.redpanicbutton.com Android/iPhone.

    • Many Apps for android in the Market.

    Visit safermobile.org for more info on Safe Mobile Technologies.

    Remote Wipe for popular Mobile models...

    Android, iphone and blackberry phones provide remote wipe mechanisms to remotely delete your phone entirely.

    There are many methods to do so, such as Send an SMS with a secret code to your phone, call your phone and press a number, or do it via the internet (might not be possible if you are arrested).

    Android: Many Apps on market
    I personally like SeekDroid as it allows you to wipe your phone with an SMS, via website, tracks your phone location, sounds an alarm, changes lock code, full wipe, partial wipe, among other useful features.

    Also for android: Prey: Track down your lost or stolen phone or tablet. Open source, cross-platform anti-theft tracker. Prey lets you keep track of *all* your devices easily on one place.

    Blackberry: For blackberry you can use "Blackberry Protect" which requires Blackberry Data plan. It allows to track your phone GPS location, remotely wipe the phone, remotely sound alarm and Lock. It requires web internet access.

    iPhone: iPhone 4/4S users can enjoy the free Find My Phone, it allows you to remotely locate and wipe a phone, same features as Blackberry Protect. If you have an older iphone such as 3GS, or you don't want to use Apple's 'Find my phone', you can use Lookout app.

    Lookout provides some better features than Apple's app.

    Remember, DO NOT rely on these methods to wipe your phone. Your phone must have internet connection or data services enabled in order to do so.

    I like the Android App the most because even without internet connection, you just have to send an SMS to your phone and it will self Wipe. It's the most viable solution to most scenarios, but still will fail if the SIM card is removed of phone is put into Airplane mode.

    So it quite much depends on which situation, if you still have your phone in your hands, wipe with a Panic Button app, if your phone has been taken you will either need internet access or be able to send an SMS to your phone.


    Remote locate and Wipe Laptop...

    Laptops Mac/Linux/Ubuntu/Windows/Android: Prey lets you keep track of your phone or laptop at all times, and will help you find it if it ever gets lost or stolen.

    It's a lightweight, open source software, and free for anyone to use. Prey works in all operating systems (well, at least all popular ones) and each one of them has its own installer and configurer.

    Mac: Find my Mac was recently launched by Apple after iCloud was released. It allows Locating your mac, remote locking, remote wiping, playing a sound, and showing a message. Walkthrough from 9to5mac.com.

    Final Notes...

    Many of the methods described above may or may not work for every problem. Do not rely completely on just one method, but try to use all if possible.

    I personally recommend to use all methods available for you. In some countries TOR or VPN are not allowed, for example Pakistan and China.


    Fred - October 27, 2011 - Mathaba

    Recommended Links and Resources:























    Tag this page!
    Submitted by SadInAmerica on Tue, 11/15/2011 - 4:45pm.