Website: https://infosecforactivists.org/
PDF: https://infosecforactivists.org/Infosec_for_Activists.pdf
Introduction America has a strong tradition of activism, dating back to slave revolts and indigenous uprisings even before the founding of the United States. Today, activism in the US remains critical. Street protests are an essential tool that activists use to raise awareness and push for institutional change. That being said, challenging existing power structures carries an element of risk - exposure can lead to harassment, arrest, or doxxing.
The part about Google location tracking is out of date. They specifically moved that functionality on device because of all the warrants they were getting, and it never really had anything to do with Google maps. Either way, if you are using a cell phone there’s a dozen other ways to track you.
The biggest point they miss in terms of encrypted messaging is only secure in transit. If there is a compromised device in your chat group then it might as well not matter, so opsec always comes first. An anonymous user agent is therefore arguably just as important as encrypted transport. Signal is a tough sell because it requires a phone number. I would argue that email+PGP is a better option but requires a lot more technical overhead. Always keep that identity firewall in place. There is nothing more secure than meeting in person, but be skeptical of anyone who is very interested in connecting your face to a user name.
Finally, don’t discount the value of patterns of life. If you are doing something you don’t want people to know about, make sure your phone is where it usually is that time of day. I think a lot of internet pop security types get this wrong by focusing so much on privacy for shit nobody cares about. Having a normal looking digital fingerprint is a powerful tool if you know how to leverage it properly.
The part about Google location tracking is out of date. They specifically moved that functionality on device because of all the warrants they were getting, and it never really had anything to do with Google maps. Either way, if you are using a cell phone there’s a dozen other ways to track you.
The biggest point they miss in terms of encrypted messaging is only secure in transit. If there is a compromised device in your chat group then it might as well not matter, so opsec always comes first. An anonymous user agent is therefore arguably just as important as encrypted transport. Signal is a tough sell because it requires a phone number. I would argue that email+PGP is a better option but requires a lot more technical overhead. Always keep that identity firewall in place. There is nothing more secure than meeting in person, but be skeptical of anyone who is very interested in connecting your face to a user name.
Finally, don’t discount the value of patterns of life. If you are doing something you don’t want people to know about, make sure your phone is where it usually is that time of day. I think a lot of internet pop security types get this wrong by focusing so much on privacy for shit nobody cares about. Having a normal looking digital fingerprint is a powerful tool if you know how to leverage it properly.