wiki:security

Version 12 (modified by Jamie McClelland, 4 years ago) (diff)

--

Digital communications security ideas activists should be thinking about

Everyone's situation is different! But there are common threads and we can learn from each other.

Basic Themes

Security isn't just one thing. You can think about your risks more clearly if you understand what kinds of concerns you have. Four major security themes that are worth thinking over are:

Privacy
Who can see my communications? Is it only the people I expect? What does privacy mean when sending the same message to many people? Who can breach the privacy? Am I protecting the privacy of my members or the people I'm working with?
Authenticity
When I receive messages, how do i know who they're from? Are they really from that person? When I communicate messages where my identity is important and relevant, how can the people I'm communicating with know that my messages are really from me?
Anonymity
When I want to communicate without divulging my identity (whistleblowing, etc), how can I be sure that my identity is protected?
Reliability/Access
Is the communications medium i'm using something I can rely on? Who controls the medium? Can it be shut down or interrupted? Will it be there when I need it urgently?

Discussing this themes with your fellow organizers and activists is an excellent first step toward building security. Keep in mind that improvements in one area (like privacy) may lead to a decrease in security in another area (like reliability/access).

One resource you may find helpful is a worksheet developed by the Progressive Technology Project. Try filling out both pages.

You may also be interested in Riseup's security tutorial.

Resources

Sending messages

One activity we engage in every single day is sending each other messages. Sending messages crosses all four themes, so picking the right method will depend on, for example, how you compare your need for privacy with your need for reliability.

Email

Email is the oldest and most universal form of exchanging messages.

  • OpenPGP is a method that allows you to encrypt your messages in a way that not even your Internet provider can decipher them. However, it is hard to setup and requires both you and the recipient are using it
  • Webmail vs a desktop or mobile client. Webmail is very convenient - if you have memorized your password, you can access it anywhere. However, it also means that all of your email is saved on the server, which could be subpoenaed. Alternatively, you can use a desktop or mobile client that downloads your email, removing it from the server. However, your phone or computer can be lost or subpoenaed. There is no right answer! But at MF/PL you can choose between webmail or a client based on your needs.

Other forms of instant messaging

  • All May First/People Link members can use jabber - which works on your computer and on your phone and supports end-to-end encryption.
  • Another popular, free and secure messaging applications is called Signal by Whisper Systems.

Web sites

Databases

Attachments (5)

Download all attachments as: .zip