DigiActive.org

Quick Guide to Secure Communication

UPDATE: Version 5.0 is now available in .doc form (click here to download).

Patrick Meier, DigiActive’s director of applied research, has created a very thorough list of ways to stay safe and protect your data while taking part in digital activism in repressive countries. We have reproduced Patrick’s list of tactics and technologies below and we encourage you to read his original post on his blog iRevolution to learn more about his conceptual framing of these issues as well as to read the useful feedback in the comments section. For more in-depth information on digital security for activists, check out Tactical Tech’s Security in-a-box.

Since this is quite a long list, here is a table of contents. The list below (which continues after the jump) contains both tactics and technologies for keeping safe while using the following devices and applications:

• Mobile Phones
• Digital Cameras
• Computers/Laptops
• Flash Disks
• E-mail
• Browsers and Web Sites
• VoIP (online telephony)
• Blogs and Social Networking Sites
• File Sharing
• Cyber Cafes

Security Tactics

• Mobile Phones
  • Purchase your mobile phone far from where you live. Buy lower-end, simple phones that do not allow third-party applications to be installed. Higher-end ones with more functionalities carry more risk. Use cash to purchase your phone and SIM card. Avoid town centers and find small or second-hand shops as these are unlikely to have security cameras. Do not give your real details if asked; many shops do not ask for proof of ID.
  • Use multiple SIM cards and multiple phones and only use pay-as-you go options; they are more expensive but required for anonymity.
  • Remove the batteries from your phone if you do not want to be geo-located and keep the SIM card out of the phone when not in use and store in separate places.Use your phone while in a moving vehicle to reduces probability of geo-location.
  • Never say anything that may incriminate you in any way.
  • Use code.
  • Use Beeping instead of SMS whenever possible. Standard text messages are visible to the network operator, including location, phone and SIM card identifiers. According to this recent paper, the Chinese government has established 2,800 SMS surveillance centers around the country to monitor and censor text messages. The Chinese firm Venus Info Tech Ltd sells real-time content monitoring and filtering for SMS.
  • Use fake names for your address book and memorize the more important numbers. Frequently delete your text messages and call history and replace them with random text messages and calls. The data on your phone is only deleted if it is written over with new data. This means that deleted SMS and contact numbers can sometimes be retrieved (with a free tool like unDeleteSMS. Check your phone’s settings to see whether it can be set to not store sent texts messages and calls.
  • Eavesdropping in mobile phone conversations is technically complicated although entirely possible using commercially available technology. Do not take mobile phones with you to meetings as they can be turned into potential listening/tracking devices. Network operators can remotely activate a phone as a recording device regardless of whether someone is using the phone or whether the phen is even switched on. This functionality is available on US networks.
  • Network operators can also access messages or contact information stored on the SIM card. If surveillance takes place with the co-operation of the operator, little can be done to prevent the spying.
  • Mobile viruses tend to spread easily via Bluetooth so the latter should be turned off when not in use.
  • Using open Bluetooth on phones in group situations, e.g., to share pictures, etc., can be dangerous. At the same time, it is difficult to incriminate any one person and a good way to share information when the cell phone network and Internet are down.
  • Discard phones that have been tracked and burn them; it is not sufficient to simply destroy the SIM card and re-use the phone.

• Digital Cameras
  • Keep the number of sensitive pictures on your camera to a minimum.
  • Add plenty of random non-threatening pictures (not of individuals) and have these safe pictures locked so when you do a “delete all” these pictures stay on the card.
  • Keep the battery out of the camera when not in use so it can’t be turned on by others.
  • Practice taking pictures without having to look at the view screen.

• Computers/Laptops
  • Use passphrases for all your sensitive data.
  • Keep your most sensitive files on flash disks and find safe places to hide them.
  • Have a contingency plan to physically destroy or get rid of your computer at short notice.

• Flash disks
  • Purchase flash disks that don’t look like flash disks.
  • Keep flash disks hidden.

• Email communication
  • Use code.
  • Use passphrases instead of passwords and change them regularly. Use letters, numbers and other characters to make them “c0mpLeX!”. Do not use personal information and changer your passphrases each month. Do not use the same password for multiple sites.
  • Never use real names for email addresses and use multiple addresses.
  • Discard older email accounts on a regular basis and create new ones.
  • Know the security, safety and privacy policies of providers and monitor any chances (see terms of service tracker).

• Browsers and websites
  • Turn off java and other potentially malicious add-ons.
    
  • Learn IP addresses of visited websites so that history shows only numbers and not names.
  • When browsing on a public computer, delete your private data (search history, passwords, etc.) before you leave.
  • When signing up for an account where you will be publishing sensitive media, do not use your personal email address and don’t give personal information.
  • Don’t download any software from pop-ups, they may be malicious and attack your computer or record your actions online.
  • Do not be logged in to any sensitive site while having another site open.

• VoIP
  • Just because your talking online doesn’t mean you are not under surveillance.
  • As with a cell or landline, use code do not give salient details about your activities, and do not make incriminating statements.
  • Remember that your online activities can be surveilled using offline techniques. It doesn’t matter if you are using encrypted VOIP at a cyber cafe if the person next to you is an under-cover police officer.
  • When possible, do not make sensitive VOIP calls in a cyber cafe. It is simply too easy for someone to overhear you. If you must, use code that doesn’t stand out.

• Blogs and social networking sites
  • Know the laws in your country pertaining to liability, libel, etc.
  • When signing up for a blog account where you will be publishing sensitive content, do not use you personal email address or information.
  • In your blog posts and profile page, do not post pictures of yourself or your friends, do not use your real name, and do not give personal details that could help identify you (town, school, employer, etc.).
  • Blog platforms like wordpress allow uses to automatically publish a post on a designated date and time. Use this functionality to auto-publish on a different day when you are away from the computer.
  • On social networks, create one account for activism under a false but real-sounding name (so your account won’t be deleted) but don’t tell your friends about it. The last thing you want is a friend writing on your wall or tagging you in a photo and giving away your identity.
  • Even if you delete your account on a social networking site, your data will remain, so be very careful about taking part in political actions (i.e., joining sensitive groups) online.
  • Never join a sensitive group with your real account. Use your fake account to join activism groups. (The fake account should not be linked to your fake email).
  • Don’t use paid services. Your credit card can be linked back to you.

• File sharing
  • Use a shared Gmail account with a common passphrase and simply save emails instead of sending. Change passphrase monthly.
  • For sharing offline, do not label storage devices (CDs, flash drives) with the true content. If you burn a CD with an illegal video or piece of software on it, write an album label on it.
  • Don’t leave storage devices in places where they would be easily found if your office or home were searched (i.e., on a table, in a desk drawer).
  • Keep copies of your data on two flash drives and keep them hidden in separate locations.
  • When thinking of safe locations, consider who else has access. Heavily-traveled locations are less safe.
  • Don’t travel with sensitive data on you unless absolutely necessary. If you need to, make sure to hide it on your person or “camouflage” it (label a data CD as a pop music CD). See Sneakernet.

• Internet Cafes
  • Assume you are being watched.
  • Assume computers at cyber cafes are tracking key strokes and capturing screenshots.
  • Avoid cyber cafes without an easy exit and have a contingency plan if you need to leave rapidly.

Security Technologies

• Mobile phones
  • Use CryptoSMS, SMS 007 or Kryptext to text securely (this requires java-based phones).
  • Use Android Guardian as soon as it becomes available.
  • Access mobile versions of websites as they are usually not blocked. In addition, connecting to mobile websites provides for faster connections.

• Digital cameras
  • Use scrubbing software such as: JPEG stripper to remove the metadata (Exif data) from your pictures before you upload/email.
  • Have a safe Secure Digital Card (SD) that you can swap in. Preferably, use a mini SD card with a mini SD-SD converter. Then place the mini SD into a compatible phone for safekeeping.

• Computers/Laptops
  • Use an effective anti-virus program and ensure it updates itself online at least once a day: TMIS, McAfee, Symantec/Norton, AVG, Avira, NOD32, Kaspersky.
  • Do not use illegal, cracked, hacked, pwned, warez software.
  • Keep your software programs (operating systems, productivity suites, browsers) up-to-date with the latest software updates.
  • Use software to encrypt your hard drive: Bitlocker, TrueCrypt, PGP Whole Disk Encryption, Check Point, Dekart Private Disk.
  • Use a different file type to hide your sensitive files. For example, the .mov file extension will make a large file look like a movie.
  • Mac users can use Little Snitch to track all the data that goes into and out of your computer.
  • From a technical perspective, there’s no such thing as the delete function. Your deleted data is eventually written over with new data. There are two common ways to wipe sensitive data from your hard drive or storage device. You can wipe a single file or you can wipe all of the ‘unallocated’ space on the drive. Eraser is a free and open-source secure deletion tool that is extremely easy to use.

• Flash disks
  • StealthySurfer USB Flash Drive
  • The secure browsing Tor software can be installed on flash disk.
  • Using a USB watch calls less attention as do the USB ear rings and this credit card USB flash disk.

• Email communication
  • Use https when using Gmail.
  • Use encrypted email platforms such as Hushmail and RiseUp.

• Browsers and websites
  • Use Firefox and get certain plugins to follow website tracking such as ghostery and adblock, adart to remove ads/trackers.
  • User Tor software or Psiphon to browse privately and securely.
  • I shan’t list access points for secure browsers, Proxy servers and VPNs here. Please email me for a list.
  • Always use https in “Settings/General/Browser Connection.”

• VoIP
  • Use Skype but not TOM Skype (Chinese version). Note that Skype is not necessarily 100% secure since no one has access to the source code to verify.
  • Off The Record (OTR) is a good encryption plugin. For example, use Pidgin with OTR (you need to add the plug-in yourself).
  • Gizmo offer encryption for voice conversations, and then only if you are calling another VoIP user, as opposed to a mobile or landline telephone. However, because neither application is open-source, independent experts have been unable to test them fully and ensure that they are secure.
  • Adium is a free IM application for Macs with built-in OTR encryption that integrates most other IM applications.

• Blogs and social networking platforms
  • There are no safe social networks. The best way to be safe on a social network is fake account and a proxy server.
  • The anonymous blogging platform Invisiblog no longer exists, so the best bet now is WordPress + Proxy (preferably Tor) + anonymity of content.
  • Log out of facebook.com when not using the site.

• File sharing
  • Use Drop.io to create a private, secure media sharing site.
  • Use BasecampHQ with secure/SSL option to create more specific usernames and passwords for each user or remote site.

• Internet Cafe
  • Tor can be installed on flash disk and used at Internet cafe and also used from LiveCDs if flash drives are not allowed.

• Other potential tech
  • LiveScribe (see explanation here).
  • FreedomFone

image: amelungc/Flickr

The DigiActive Guide to Twitter for Activism

We are very excited to announce the release of The DigiActive Guide to Twitter for Activism.  Following the recent protests in Moldova, the value of Twitter as a tool for digital activism is more prominent than ever.  Yet in addition to bringing greater awareness to that tool, the hype surrounding Moldova revealed misunderstanding of the value of of Twitter for activism and, even though the realists responded strongly, there was not a stand-alone resource which clearly defined how Twitter could be used by activists.  We hope this guide will fill that void.

Click the cover image to download the guide (PDF format)

The guide provides a wealth of information on Twitter activism.  It  begins with an introduction to the platform (p. 5) and its terminology (p. 6) and then lays out five uses of Twitter for activists, each illustrated by a case study (p. 6-11).  The guide then presents a step-by-step strategy for using Twitter for political and social change (p. 12) along with a list of do’s and don’ts (p. 14) for campaigners.  The guide ends with additional resources for Twitterers, such as applications that help you use Twitter (p. 16), further reading (p. 20), and even alternatives to Twitter (p. 18).

The guide was written by Andreas Jungherr, a master’s candidate in political science at the University of Mainz in Germany, and was reviewed and improved by scholars, activists, and the DigiActive team, all for your reading enjoyment.  Please respond with your feedback in the comments section below.

A Note for Translators:  The guide is published under a Creative Commons Non-Commercial Attribution license and we welcome translation by individuals and organizations who will release their version under the same conditions. To receive a copy of the guide in an editable format, please e-mail Contact AT DigiActive DOT org.

Resource: Social Source Commons

Description: What tools are non-profit groups using out there in the field? What works? What tools would you recommend to others?  To get answers to all these seemingly tough questions check out the Social Source Commons.

It describes itself as “a place to share lists of software tools that you already use, gain knowledge and support, and discover new tools.  It’s a place to meet people with similar needs and interests and answer the question: what tools do they use?”

URL: http://socialsourcecommons.org

How it works: The idea, in hindsight, seems disarmingly simple. You get enough people (from this sector) to sign-up, and say what software tools they use or find useful.  When I check ‘My Toolboxes’, I find some 46 tools listed by me. Says Social Source Commons: “Your Personal Toolbox is for listing tools you use and recommend to others. The contents of your Personal Toolbox are used in calculating tool popularity and recommendations for the SSC Community.” What’s more, I find out who’s using the same tools as me.

For instance, CiviCRM (the Free Software/Open Source constituent relationship management system) is used by me and 51 others! CivicSpace, the Free/Open Source content-management system platform for grassroots organizing and civic activity, gets used by 19 of us.

Site features: On the site, there’s a list for new tools that are useful for non-profits — DonorWorks, DonorVision, DonorTrax, DonorTools, GeoGebra and other names we’ve probably never heard of.  There’s also a list of the most active tools — Donation Solution,  Donarius, Donation Tracker, Development Logic, DirectToCRM, and Donation Director. You can search through tags, build contacts and more.

You even can create additional Toolboxes to share lists of tools by category or by theme.  Such as “Tools I Use When I’m Travelling” or “Free Tools Everyone Should Know About”.

Creator: This is one of the current projects of the San Francisco-based Aspiration, and is supported by the Soros-funded Open Society Institute Information Program.

Aspiration defines its mission as being “to connect nonprofit organizations with software solutions that help them better carry out their work.”  It says, “We want nonprofit organizations to be able to find and use  the best software available, so that they maximize their effectiveness and impact and, in turn, change the world.”

Guide: Quick ‘n Easy Guide to Online Advocacy

Title: Quick ‘n Easy Guide to Online Advocacy

Author: Tactical Technology Collective

Published By: Collective Commons (2009)

What is it?: This guide offers ways to use social networking and web 2.0 tools to improve advocacy campaigns.  It aims to expose advocates to online services that are quick to use and easy to understand.

The guide provides descriptions of online services including social networking sites, image and video hosting services, and services that enhance an organizations web presence. The guide also offers advice on where and when to use these services.

Case studies, security concerns as well as the advantages and disadvantages of various web services are discussed, with the aim of improving advocates ability to conduct online advocacy campaigns.

It covers four main areas of internet services that may prove helpful:

• Informing and communicating
• Documenting and visualizing
• Mobilizing and coordinating
• Bypassing and accessing

Guide:”Blog for a Cause!” now in Chinese

We are excited to announce that Global Voices Advocacy’s “Blog for a Cause!”, the blog advocacy guide written by DigiActive co-founder Mary Joyce, is now available in Chinese. Thanks so much to the dedicated activists at Global Voices Advocacy who organized the translation. You can download the guide by clicking the image below:

The guide is also available for download in English, Spanish, French, and Arabic.

Book Review: Activists and Innovation

Book Title
Market Rebels: How Activists Make or Break Radical Innovation

[Hardcover Publish Date is 18 January 2009]

Author
Hayagreeva Rao

Subject
This book explores how innovations and new technologies are changing the way people mobilize  around a cause.  Rao offers several examples of how activists have gone against the mainstream and used various technologies and tools to their advantage.

He offers many examples of how this has occurred, but one of the most insightful conclusions he comes to is that some of the most successful examples are a combination of what Bob Sutton, who has worked closely with Rao, calls the “one-two punch of a “Hot Cause” and “Cool Solutions.”  He goes on to say:

A hot cause like deaths from tobacco or medical errors can be used as springboards to raise awareness, spark motivation, and ignite red-hot outrage.  And naming these as enemies is an important step in mobilizing a network or market. But creating the heat isn’t enough; the next step needs to be cool solutions.   This doesn’t just mean identifying technically feasible solutions, it also means finding ways to bind people together, to empower them to take steps that help solve the problem, and to create enduring commitment to implementing solutions.

Activists, or “market rebels,” are those who defy conventional communication channels and leverage existing digital technologies by introducing radical and innovative ways to use them.  Under this model, many of the examples highlighted on DigiActive indicate that the range of uses for these tools will broaden beyond what which they were originally “intended” for.

It sounds like a book that should be top on the reading list of anyone with a cause they feel strongly about who wants to utilize the technologies out there.

Guide: Cross-Posting for Advocacy

Title: Cross-posting for Advocacy: A Guide to Effective Social Media Integration

Author: Sami Ben Gharbia

Published by: Global Voices Advocacy (2008)

What is it?: A guide to how posting content on multiple platforms by using Twitter, Twitterfeed, and Facebook can help you promote your cause.

Download it!

Read more »

Guides: Facebook Activism Guide Now Available in Arabic!

We are very excited to announce that The Digiactive Introduction to Facebook Activism has been translated to Arabic thanks to the folks over at the Social Media Exchange. This marks the first of at least two translations of the guide; a Spanish version will be coming soon!

The guide provides an overview of Facebook’s tools from an activist’s perspective with three case studies from Egypt, Burma, and Morocco.

Many thanks go out to Reine Mattar for doing the translation, as well as Jessica Dheere, Moustafa Ghaddar, Pascale Moussawbah, Mohamad Najem, Naziha Baassiri, and Ghita Abi-Hanna.

The Social Media Exchange provides media training and consulting to civil society and nonprofit organizations in Lebanon and, soon, throughout the Middle East and North Africa. Their mission is to encourage Internet adoption and multimedia expression in the region as a means of self-empowerment and self-advocacy.

Table of Contents:

1. Introduction
2. Pros & Cons of Facebook Activism
3. Steps to Organizing an Activism Campaign on Facebook
4. Advice for Your Facebook Campaign
5. Great Facebook Campaigns from Around the World
6. End Notes

Guide: Introduction to Facebook Activism

We at DigiActive are very proud to announce our first guide: A DigiActive Introduction to Facebook Activism. The guide was written by our Lead Researcher, Dan Schultz. It’s a quick introduction on how to use Facebook in your activism campaign and includes real-life examples of Facebook activism campaigns from Egypt, Burma, and Morocco. You can download the guide by clicking on the image below:

You can see the table of contents after the jump: Read more »

Resource: What should YouTube do for activists?

Yesterday I had the pleasure of speaking with Ramya Raghavan, the new Nonprofits and Activism Manager at YouTube (see her intro video below). She is the head of the new Agent Change project for non-profits and activists.

Ramya is very dynamic and committed to making YouTube a better tool for activists. So, what do you think, how should YouTube being doing for activists? Let us know in the comments or e-mail her your thoughts at agentchange@youtube.com.