Better to adopt good practices now than regret it later. Here is a non exhaustive list of simple things you can do to protect yourself. You can also dowload a free copy of our ‘Basic Security for A Digital Age’ zine for more tips and advice!
Use a private DNS server
DNS is an essential service similar to a phone book which tells your device how to access resources (i.e. a website) on another computer (a web server) by just using a convenient name (such as netpol.org). By default, phones and broadband routers will use the provider’s DNS server which can log DNS requests made by your account. Changing to a different, privacy focused DNS server like Control D or Quad9 can improve your security and provide other benefits such as ad blocking and malware protection.
Practice good digital hygiene
The amount of data stored on a modern device is vast. Do you really need all of it? Delete old messages, photos, documents, web browsing history, anything that could have evidential value. It’s hard to deny you have a connection to a certain organisation when you have all their photos and reports stored on your hard drive.
Make sure your software is up to date
Make sure your operating system and applications are all up-to-date. Unpatched software can be exploited to run malicious code on your device which can leave you compromised. Only ever run software you have downloaded from the official source (e.g. where you would expect to find it). If a random website insists that you need to update your browser or operating system, or otherwise download a piece of software, be very sceptical. Use the proper update mechanisms, like Windows Update and the updater built into your web browser.Use private browsing
When doing sensitive web browsing, it doesn’t hurt to use private browsing (“incognito”) mode, but be sure to understand its limitations [link to FAQ site].
Use strong passwords and password managers
Do not write down your passwords anywhere on- or offline, instead make them random enough (lower and upper case characters, spaces, special characters…) to remember but not so random that you won’t forget them. Don’t reuse passwords on online services. When creating a password, practice typing it out several times in order to cement it in your mind and build muscle memory. For your online services, if you use a password manager such as Proton Pass you only need to remember one strong password, and the password manager will manage the rest. Check with Have I Been Pwned to see if your e-mail address has been involved in any data breaches, and if so, change the passwords associated with those accounts.
Be aware of your surroundings
If you are in a particularly sensitive place, for example in a police station or on a protest (not that we recommend taking your phone on protests [link to article]) be careful about who is around you and which cameras can see you. It has been known for the police to access the PIN numbers of people’s phones simply by looking over their shoulder or from CCTV. Refusing to provide a password to a police officer is not a crime: they must make a court application before you are legally compelled to supply any access codes.
Ditch the unnecessary gadgets and apps
Every additional device and every piece of software means more data stores and more avenues for someone to gain a foothold into your digital life. Keep it simple and don’t use more hardware and software than you need. Doorbell cameras and smart watches record your activities, habits and routines, and police investigative work often involves acquiring their valuable data. A voice assistant (Siri, Gemini etc.) can disclose data without the device being unlocked. Browser extensions can harvest your browsing data.
Use temporary e-mail addresses for signups
If you just need an e-mail address to for the purposes of creating a website login, use 10 Minute Mail or Shitmail.
Don’t be the weak link
Poor security culture can not only mean you get clobbered, but also others in your networks. You don’t want to be the person responsible for others’ misfortune, so tighten up for everyone’s sake.
Soften the blow of equipment seizures
Getting raided or otherwise getting your equipment taken can be a difficult experience, but you can get back on your feet faster by making sure you keep a back up of your important data. Preferably, this is offline and offsite (for example, an encrypted external hard drive kept at a local friend’s house). If you have a spare phone or laptop, these can be kept offsite as well to get you back online as quickly as possible. Be sure to read Netpol’s factsheet for more information on your rights if you get raided.
Leave a Reply