Digital communications security ideas activists should be thinking about
Everyone's situation is different! But there are common threads and we can learn from each other.
Security isn't just one thing. You can think about your risks more clearly if you understand what kinds of concerns you have. Four major security themes that are worth thinking over are:
- Who can see my communications? Is it only the people I expect? What does privacy mean when sending the same message to many people? Who can breach the privacy?
- When I receive messages, how do i know who they're from? Are they really from that person? When I communicate messages where my identity is important and relevant, how can the people I'm communicating with know that my messages are really from me?
- When I want to communicate without divulging my identity (whistleblowing, etc), how can I be sure that my identity is protected?
- Is the communications medium i'm using something I can rely on? Who controls the medium? Can it be shut down or interrupted? Will it be there when I need it urgently?
Jumping off points
- E-mail security suggestions from riseup.net
- Web browsing security suggestions from Indymedia UK
- Is the machine you are using secure? Do you have a Trusted Physical Console?
- Learn about (and use!) OpenPGP for e-mail. A good way to start is with enigmail, an OpenPGP plugin for the Thunderbird e-mail program.
- If you use webmail (gmail, etc) and you want to use OpenPGP, look at FireGPG, an OpenPGP plugin for the Firefox Web browser.