school and living at home with his conservative family. He has recently started exploring his sexuality online and in person and thinks he might be gay. He is bullied by his brother and his brother’s tech-savvy friends. What risks does Jean-Pierre face? browser history, fb privacy settings, breaking into fb or email, physical phone security, fear of being outed, fake grindr profile, being pranked, check network traffic, forums/porn access disk encryption, ublock origin, privacy badger, VPNs or Tor, good passwords
worker. They also go to graduate school part- time. They use mobile apps for communicating with clients. They’ve been harassed by cops on multiple occasions but never arrested or charged. Many of their family, friends, and classmates do not know they are a sex worker. They recently had a bad breakup with someone who is very vindictive. What risks does Alex face? phone number to legal name lookup, malicious disclosure to school, grants revoked because of additional income, separating banking info, risks of using the same device for multiple personas, crossing borders, being tracked via gps using Tor for work, Signal (or WhatsApp, not Telegram), disk encryption (bitlocker or filevault), good passwords (&change them!), review logged in devices in gmail and facebook
a large Youtube, Twitter, Instagram following. She also works at a Big Name Corp where she is not out. Recently, trolls have begun harassing her online, making all kinds of horrible threats that she is not sure are credible. What risks does Marina face? bank account info linked to google account, threat of transphobia generally, shitty dynamics at work, linking pseudonym (?) to real life, trolls finding where she works,getting doxxed, accounts getting hacked, physical risk after being doxxed, doxxing leading to toxic work situations, ads if using work computer, culture of putting all your info into the world, and not being able to revoke it later, real name policies, how social media companies deal with harrassment google yourself! (identity management), wayback machine, ad blocker, good passwords, exif removal from photos (gps), separate your identity chains (e.g. which email is your backup for your twitter), if she owns a domain, whois protection
works with at-risk youth, who may be undocumented, drug users, or in abusive family situations. She is worried about receiving compromising information from them. What risks does Marina face?
breaking into fb or email ✴physical phone security ✴fear of being outed ✴fake grindr profiles (brother & friends, gangs, even cops in places where being gay is illegal) ✴being pranked ✴brother & friends (or parents) check network traffic ✴discovery of forums/porn access
to school ✴grants revoked because of additional income ✴separating banking info ✴risks of using the same device for multiple personas ✴crossing borders ✴location-tracking (GPS, etc)
of transphobia generally ✴shitty dynamics at work ✴is she using a pseudonym? risk of linking pseudonym to real life ✴ trolls finding where she works ✴getting doxxed (address published online) ✴accounts getting hacked ✴physical risk after being doxxed ✴doxxing leading to toxic work situations ✴targetted ads if using work computer ✴culture of putting all your info into the world, and not being able to revoke it later ✴real name policies (e.g. FB) ✴how social media companies deal with harrassment
accounts ✴ make it long — words can be easier than symbols, especially on mobile ✴ make it random (no 1337 substitutions of your favourite book — if you think it’s a clever strategy, it probably isn’t!) ✴ try a generator: random.org, https://passphrases.peerio.com, Diceware ✴ password managers: keepassX (free), 1password () ✴ two-factor authentication where available (e.g. google/gmail)
— howto, filevault for mac — howto) ✴phone disk encryption (default on latest ios, has to be set up on android) ✴(auto-)locking phone and computer ✴adblocker (e.g. ublock) & privacy badger to protect against malware and unwanted ads ✴https everywhere to prevent some traffic sniffing (domain can still be seen, and some sites don’t have HTTP) ✴anonymize connection to prevent traffic sniffing ✴Tor (free, trusted, but slow for video) ✴VPNs (you have to put your faith in it, but fast. There are many, look with those that don’t keep logs of your activity. e.g. tunnelbear, PIA)
ads), maybe separate computer with always-on Tor connection (but not a burner phone because that is HARD and not that useful) ✴Signal (or WhatsApp, not Telegram) for communicating with clients ✴disk encryption ✴phone disk encryption, locking phone when crossing borders ✴good passwords (& change them if worried ex might have them!) ✴review logged in devices in gmail and facebook
yourself — name, old usernames, other identifying data ✴ use the wayback machine to find sites you thought didn’t exist anymore ✴ if she owns a domain, make sure the registrar has whois anonymization (otherwise your address is easy to look up) ✴ adblocker to prevent unwanted ads on work computer ✴ antivirus/ being careful with attachments ✴ good passwords (esp. for sensitive accounts) ✴ remove exif from photos (gps coordinates — guide) ✴ separate identities (don’t link work email to youtube) ✴ don’t use the same email as password reset backup for all your accounts! (single point of failure)
digital public square: https:// hygiene.digitalpublicsquare.com/ (especially the Identity section!) ✴ EFF, Surveillance Self Defense https://ssd.eff.org/ ✴ Tactical Tech, Security in a Box https://securityinabox.org/en ✴ Freedom of the Press Foundation, Encryption Works https://github.com/ freedomofpress/encryption-works/blob/master/encryption_works.md ✴ Tactical Tech, Gender and Security https://gendersec.tacticaltech.org/ wiki/index.php/Main_Page
flohdot
isaoshimizu
yuki_ink
hiyanger
stajima
shigashiyama
ken5scal
tubone24
blueb
4su_para
kenjikondobai
kakehashi
smt7174
paulrobertlloyd
smashingmag
afnizarnur
tammyeverts
sstephenson
irinanazarova
eileencodes
mongodb
mojombo
dougneiner
philnash
caitiem20
