Security culture: A Lausan x Black Coyote Collective webinar

Best practices for cyber hygiene and keeping communications secure

Graphic: spf.pdf for Lausan.

Lausan’s work would not be possible without cyber technologies that allow us to stay connected across the globe. However, the same technologies also expose us to increased surveillance by state authorities. Our members have had their phones searched and have been intimidated by the police at border crossings and at protests. During this pandemic as our organizing work migrates further into digital spaces, it is more important than ever to develop good cyberhygiene and keep our communications secure.

Earlier this year, we hosted a cybersecurity workshop in collaboration with LA-based community defense group Black Coyote Collective, whose member Lydia Savage gave a presentation on good security practices. Here’s what we learned:

1. Your phone is always listening

Unless your device has a hardware kill switch or removable batteries, even when it appears to be turned off it can still be listening and transmitting data. If you’re discussing something sensitive, place all phones near a white noise machine (e.g. air purifier, fan, speaker) and turn it up to maximum volume in order to mask the sound of conversation. You can also place your device in a faraday bag, which blocks all signals, but some devices may still record audio locally to be uploaded as soon as it’s reconnected to the network. 

2. Don’t use your phones to take photos at protests

The EXIF data in photos taken on your smartphones contain time and location information. If you do take photos, be sure to scrub all EXIF data before sharing them. If others are in the photos, get their consent before uploading. 

3. Avoid iMessage or unsecured SMS

Text messages are stored at telecoms forever and could be subpoenaed by state or federal authorities. Don’t store anything on your phone. Clear text history, browsing history, email history, contacts, etc. If you must store contacts, then use an encrypted app to do so. Since activists have been subjected to phone searches, any information authorities obtain from your phone can be used against you later or to target others.

4. Use strong passwords

But be wary of password managers that are not open source since many of them are owned by data harvesting companies. 

5. Use Web 3.0 browsers such as Brave

Web 3.0 browsers such as Brave offer better privacy and security while using the internet.  

6. When in public, be aware of your surroundings

“Shoulder surfing” refers to how someone might watch what’s happening on your device screen over your shoulder in public. To prevent this, park your laptop with your back to the wall whenever possible. Public Wi-Fi isn’t secure since anyone using the network can see what’s happening on it. Avoid using public Wi-Fi or, when necessary, use a Virtual Private Network (VPN). VPNs encrypt your internet connection and obscure your IP address. Software VPNs are programs you install on your device while hardware VPNs are standalone devices (either a router or plug-in) that run all VPN/firewall functions in themselves. Hardware VPNs are recommended, as it is much more difficult to tamper with hardware.

7. Wipe your devices when crossing borders

When crossing borders, it’s recommended to wipe your devices first and temporarily delete all social media accounts, or if possible, use a burner phone instead. Some activists also use dummy social media accounts to avoid suspicion. Tails OS is an encrypted operating system in a USB thumb drive. When traveling, use an old laptop that you are fine with potentially being confiscated or needing to be tossed. Boot the computer from USB using Tails OS. This way, if your laptop gets lost or confiscated, you’ll still have your data on a secure encrypted thumb drive.

As activists, we each have a responsibility to learn about emergent technologies and ways they may impact our safety—not only for ourselves but for our friends and allies. You can find the full notes from Lydia’s presentation here.