Wednesday, August 12, 2020

Take care of your privacy before it's too late

There are different roles in pro-democracy movements. Some people are brave frontliners, others are organizers, nurses, etc. If you're reading this post in English, chances are that you're tech-savvy enough to follow the guidelines and recommendations listed below.

Ukraine's relatively quick Maidan scenario is very unlikely in Belarus, so be prepared that the pro-democracy movement can take many months or even years, thus you should take care of your privacy from the start. That will allow you to participate in the movement for a long time. The Internet connection is currently unreliable in your country, but keep in mind that it will eventually come back to normal. However, dictator's gang might find you in the future because of mistakes that you made today. Be mindful.

I've been closely following the HK pro-democracy movement for over a year and wrote a few articles about the Digital Resistance there, so I've decided to share with you some privacy and security tips from HK. You can also translate these tips into your language and distribute among other tech-savvy activists who don't speak English.

Disclaimer: I don’t call for any protests, and I condemn violence. The information in this post is strictly for educational purpose.

HK OpSec is very complex, but most regular activists are pretty safe with the following simple practices.

Phone

  • disable FaceID and FingerID (they can be used to unlock a phone without person's consent, even in the countries with strong privacy laws)
  • set up a SIM card PIN
  • set up a strong phone PIN
  • use Tor(Orbot) or at least a VPN for connection
  • disable GPS
  • turn on an airplane mode, when the Internet connection is not required
  • if it's possible, use a secondary phone when attending events (and turn it off after the event)

Note: secondary phones are usually used with the same strict safety measures as the primary phones, otherwise they will stand out because they are linked only between members of a group. Some HK activists use walkie-talkies instead of phones to communicate on the ground.

Apps

  • Chats: Signal, Telegram, Bridgefy, XMPP+OMEMO, Matrix
  • Emails: ProtonMail, Tutanota
  • Browsers: Tor Browser, Brave, Firefox (with privacy addons)
  • Search engine: DuckDuckGo
  • Payments: cash (when possible), otherwise Monero, Zcash, or Bitcoin, Ethereum with mixers (most cryptocurrencies provide a high level of privacy only if acquired on peer-to-peer marketplaces without ID)

Telegram

Telegram is the most popular messaging app among HK activists. However, keep in mind that Telegram is not the most privacy-oriented app because it requires a valid phone number to receive an activation code (as well as Signal). The reason for Telegram to be so popular is channels and group chats, which are essential during massive protests in HK. Additionally, anonymous surveys in group chats is a great way to anonymously vote right on the spot for different decisions such as whether activists should stay or disperse.

Here are some tips for those who use Telegram:

  • hide the app from the homepage
  • use a burner SIM-card to receive an activation code
  • hide the phone number
  • enable the 2FA
  • set a passcode
  • exchange usernames only when connecting with new people (not phone numbers)

Internet blackout

Bridgefy is a very useful app in case of the Internet blackout. However, Bridgefy requires a phone number for registration and it has temporary dropped encryption, so it’s only being used when there is no Internet connection.

If you're reading this message not from Reddit, where it was originally posted, then you can also check out a dedicated guide on how to bypass an Internet blackout from r/belarus (in Russian).

---

More advanced privacy and security tools and tips from Hong Kong activists can be found in this medium article and on this github page.

Stay safe.


No comments:

Post a Comment