feature image via Newsweek.
I know I said last week I wasn’t gonna do it. Too many people have already done it, and they’ve all done it really well. But it is important for this community, some members of it more than others, to protect their digital information in the time of Voldemort. So here I am writing about it: you have to take measures to protect your information, especially if you’re organizing to resist the white nationalist administration. Even if you’ve felt cybersecurity fatigue—and I know I have—you’ve got until January to remedy it. Why, you ask? Just take a quick gander at Violet Blue’s piece on how Trump feels about cyber security. Here’s an excerpt:
As we know, everything with Trump has to do with his likes and dislikes. And he likes surveillance, as evidenced in his personal phone-spying practices, and he likes the NSA’s spying. In fact, Trump is an outspoken supporter of government surveillance, and in his words, the NSA “should be given as much leeway as possible.”
He told The Daily Signal, “I support legislation which allows the NSA to hold the bulk metadata. For oversight, I propose that a court, which is available any time on any day, is created to issue individual rulings on when this metadata can be accessed.”
Mr. Trump didn’t like Apple refusing to unlock the San Bernardino shooter’s iPhone for the FBI this past year, and his reaction to the case is instructive. When it was brought to his attention, Trump said Apple should be forced to allow the FBI access to the phone’s contents. “I think it’s disgraceful that Apple is not helping on that. I think security first, and I feel — I always felt security first,” he said. “Apple should absolutely — we should force them to do it,” he said.
While Blue deals mostly with how national and international cyber security policy will be affected (very, very negatively), her excellent essay also makes it clear that the American people are about to be surveilled like never before. But Trump has already made it clear how hard we’re going to be surveilled. He’s setting up a registry for chrissakes, and using Japanese internment camps as a precedent. I MEAN COME ON.
So I’m here to present you, a community whose members are likely to be specifically targeted by an administration that wants to register us, deport us and believes electroshock will turn us straight, with some excellent resources and some good first steps.
Access Now’s Recommendations for Activists
Let’s start with this infographic from Access Now:
This infographic is targeted toward activists but has useful information for all (though let’s be real, I’ve seen all of y’all get active during this time).
Privacy Badger and HTTPS Everywhere
You’ll notice that two of these links are from something called eff.org. That’s the Electronic Frontier Foundation, an organization going to bat for your rights in a digital world. Privacy Badger blocks ads and trackers and you can get it for Chrome, Firefox and Opera. HTTPS Everywhere encrypts your communications with sites around the web and is available for the same browsers as Privacy Badger. Donating to the EFF is a pretty good idea as well—and you have the option to make that donation recurring, which is good for sustaining organizations likely to be drained by Trump’s policies.
Signal and Slack
I mentioned Signal last week, but if you want to chat about anything you wouldn’t want Voldemort to hear, do it on Signal. Signal is a secure messaging service for iOS and Android. It’s free. It’s encrypted. No reason not to. What’s not on this graphic is Slack. Did you know that Slack is encrypted*? I didn’t either. Our very own Cee Webster pointed this out to me. While Slack was created with work in mind, your “team” can be anyone you like. So go forth and jam, Straddlers. Or should I say, go forth and organize.
*this has been edited! I originally wrote “end-to-end” which is not what I meant! That is what happens when I write without the proper amount of tea by my side.
Me and My Shadow
The last link on this graphic links to something called Me and My Shadow. It’s a beautifully designed website that teaches you exactly how digital traces tell a story about you online. I haven’t gone through it all yet, but plan to over tea this weekend. Join me on that? I think we could all learn something about it.
A DIY Guide to Feminist Cybersecurity
We’ve recommended A DIY Guide to Feminist Cybersecurity before, and I’m here to do it again. Created by Noah Kelley of HACK*BLOSSOM, this DIY guide helps you make decisions that are right for you so you can exist safely online. This guide is meant to be comprehensive, so it’s long and probably deserves a read over tea. What I absolutely LOVE about it, though, is that you don’t need to wait until you’re an expert to get started—there’s a handy cheat sheet section that lets you make decisions quickly and flesh out your knowledge later. Considering the time crunch we’re all under (me included) to get our house in order, it might be best to start there.
The Smart Girl’s Guide to Privacy by Violet Blue
Hey, remember that excellent article we started this post with? Well Violet Blue, author of said article, also wrote this book about privacy online. It costs ten dollars on Kindle and you can get a sample to try it out. What I like best about it is it not only teaches you about privacy and technology, it teaches you strategic thinking. And it does it all in plain English. It assumes a female reader, but this book will be useful for anyone in our community who wants to protect themselves from a white nationalist administration, but also from those empowered by it to do harm online and in physical spaces.
Things To Know About Web Security Before Trump’s Inauguration: A Harm Reductionist Guide
H, the author of this guide, is super real about all this. One of the reasons I like their guide is that they think hardware too—they remind you that your phone is locatable. And Cee confirmed that one as well—”Turning your GPS off does not change that They can triangulate your location via the cell towers—they’ve been doing that since the early 1990s. Or late 80s even!” So if you don’t want your location known, favor a cheap, pre-paid phone. They also write this excellent point about bugging your friends:
You downloaded Tor, got a VPN, only message on Signal, encrypt your email and send the key to your friend via messenger pigeon. They open your email on Starbucks wifi, copy and paste the contents to their Yahoo mail drafts folder, then post the info to a FB thread. If you’re going to do it, annoy your friends about it too.
Security In A Box
One of the things both Cee and H recommended is Security in a Box. It’s another explainer, so get prepped to settle in for some reading on this one too. I really like the examples given by the fictional scripts, featuring Claudia and Pablo, who have some information they’d like to keep private. It helps contextualize the information and explain why it’s important.
Protonmail
We’ve written about Protonmail before. It’s encrypted email. You can even send emails that disappear after a set amount of time. I still don’t think it’s usable on the daily without some of the features I rely on for my work, but it’s CERTAINLY perfect for those who need to send emails that you wouldn’t want Voldemort to read. They have a free account and a couple paid options.
Crash Override Network
If you get doxxed by any of Voldemort’s followers, Zoë Quinn has got your back with Crash Override Network. If you’re experiencing online abuse, email them. Their services are free and confidential because they’re awesome. Highly recommend.
This Is Important. We’re Doing It Too
Y’all, I might be your Geekery Editor, but I’m also a chaos muppet. Sometimes I suffer from security fatigue too, and sometimes I’m just a whirlwind of a person and I leave out steps. It’s who I am. So I’m committing to do this to my own technology as well, before Voldemort officially ascends to power. And I’m going to try my very best to provide you with more information on your own digital security. You may also have noticed a change in Autostraddle over the past week. Here’s Cee with more about that:
“This week I switched the website over to SSL only. You may have noticed the https in the URL or the lock icon, or you may have noticed a few buggy pages during the week. I’m currently working on getting all our external stuff to load over https (including our ads, which is why you might not see any today). SSL is important for stuff like credit card data (which we had in place already for those pages), but also to limit eavesdropping of any data as it goes from your computer to our server. Metaphors are kinda silly for this, but helpful for some—it’s like instead of the page being delivered as a postcard that anyone can read in transit, it’s now sent in an envelope.”
If we all do our part to keep our information safe, we might be able to reduce harm in the coming four years. So what are you doing about your InfoSec?
great roundup! can’t wait to dig into some of this stuff
This was super helpful information, thank you Ally! I’ve made sure my phone is encrypted, and have installed Privacy Badger and HTTPS Everywhere on my browser, so I’m already feeling a lot better!
Also, I installed an extension a while ago that changed “Donald Trump” to “Voldemort” wherever it appears, so now I have no idea when people are actually calling him Voldemort, but it makes the front page of this website hilarious, especially when this article actually DID have a picture of Voldemort haha. Thanks guys. <3
I had to put his name in my mouth at a conference this morning and I almost cried on stage. Ugh. I couldn’t bear to type it the other day when I wrote this.
Ok I have this problem too and what helped me was an article about Hillary in Vox, how she dominated the debates by getting under his skin, things like calling him Donald in part because he doesn’t like it. Like a teacher addressing a misbehaving schoolboy named Donald. Which frankly reminds me of what Harry and Dumbledore talked about by using Tom Riddle/ Voldemort’s name, to treat him as ordinary instead of a fear-inducing figure. I still can’t look at pics of his face, but it’s helping me with the names.
Thank you very much for the tech security roundup too, and the info about Cee’s improving the AS website security.
I love the idea of calling him Tom Riddle, yes. All of the evil, none of the ego-stroking.
I find it a bit odd to call Donald of the Tiny Fingers “Voldemort”. I’m from Florida, and we’ve been calling Rick Scott “Voldemort”. IMO, Rick actually looks the part.
This is really helpful! I feel like I need a friend to walk through this stuff with in person, it’s so easy to get overwhelmed looking at screens — but I installed signal and HTTPS Everywhere, to start
You should have an infosec party! Where you and friends make a list and do it all together! But of course don’t tell them your passwords. :0)
This is so great and important!
And it might sound like a total rookie question, but what internet security/antivirus program gives me the best protection for my buck?
Kaspersky? McAfee?Antivir?
Or is all of this for naught?
I love these security posts. You gays have done an excellent job of making this information both comprehensive and digestible.
If I try to do research for this stuff on my own, I usually end up drowning in jargon, and feeling like I never really knew what I was looking for in the first place.
Thanks for this post. I’m going to have a good read through it. cyber security is something I’ve always been meaning to take more seriously but I think now is a very good time to start.
Slack does *not* have end-to-end encryption, and it’s important to understand that. The company can read your messages and can be forced to hand them over to the government if they get a subpoena.
Yes, you are correct. Slack says they encrypt data in transit and at rest, but not end-to-end as the chat data does live on their servers.
https://slack.com/security-practices
cee, have I ever told you how much I love your tie?
Lordie Lou with a cherry on top, this is what I get when I write without a sufficient amount of tea by my side. It’s been edited with a note!
Hey Ali, thanks for this roundup! I use Polymail now because of you. Speaking of e-mail, you should do a roundup sometime of good e-mail practices for the major commercial services like Google, Yahoo, etc. etc. (basically anything people usually get forced into using for work or school). I don’t think a lot of people know what it means when the government says things like, “we collect the metadata”, etc. etc.
Awesome. Before I was way too trusting of my computer and the Internet. I was like Nothing can hurt me!
But lately I’ve been feeling The Fear
So thanks!
Hiiii so you were saying above that you wrote about the Signal encrypted messaging app previously but I couldn’t find that info.
My question is: Signal only allows you to securely message people who have also installed the Signal app? Is there another secure msging app that doesn’t have this requirement? (i.e. encrypts out-going messages but not incoming, I guess?)
Nope, any encrypted messaging app you might use requires both users to have the same app. Generally speaking, when you encrypt a message for someone using a secure messaging app, you do it with their unique “public key,” and they decrypt the message on the other side with the matching “private key.” Both keys are generated by whatever app you’re using.
I see you are well-versed in digital technologies. Then maybe you can help me unlock ChatGPT? I do not know why my access was restricted and what can help me with this. Thank you very much for your answers!
In today’s world, it is necessary to constantly be aware of the latest technologies. Currently, I am increasingly encountering the problem of unblocking ChatGPT using a VPN. I advise you to read this article at https://clearvpn.com/blog/how-to-unblock-chatgpt/ . It provides step-by-step instructions on how to bypass restrictions and access ChatGPT from anywhere. Don’t let obstacles limit your online capabilities.