This is a guide to basic digital privacy awareness and actions that you can take to keep yourself and others safe. For a quick, action focused guide go here.
For an in-depth overview of security and privacy check out privacyguides.org in English or Spanish
While this highlights risks, the purpose of this isn’t to increase fear or anxiety, but to provide knowledge and practices that we can all take to minimize inherent risks of being online. Think of this as the digital version of wearing your seat belts, having fire alarms, or using life jackets.
It’s easy to fall under the belief that we are safe on this island, that what happens in “America” won’t really hit us, but it already has. Many friends, neighbors and loved ones are already living in fear. Non-profits on the island are already scrambling to publicly erase mention of DEI or LGBTA+ programs as their funding is in real jeopardy. Teachers and administrators of our schools rethinking policy and programs to not lose funding. Medical professionals are wondering what they will be able to say about bird flu when it hits us. This is only the beginning.
This is important. As more national anti-privacy laws get passed (or existing ones completely ignored) everyone is at increased risk. Searches or messages that were previously safe will become less so. Benign words like ‘inclusion’ or ‘diversity’ will be made increasingly risky. While people have been able to search for information online (i.e. where to acquire abortion pills; how to transfer money anonymously; research immigration law; where protests might be held; etc.), and not expect repercussions; this is already becoming less true in some states, and likely to be less true in any state in the future.
Many are high risk for surveillance, like non-profit workers, teachers, medical professionals, immigrants, LGBTQA+, natives, community organizers, anyone with brown skin, jews, leftists, scientists, and anyone related to or close to the above.
Introduction
Our lives are surrounded by data and surveillance. Companies like Google, Microsoft, Facebook, TikTok, Amazon, Twitter, etc., collect vast amounts of data on us, track us beyond their products, compile that data, and sell that data to other companies and governments. Services we assume we can count on for privacy peer into our most private lives in ways that can be hard to comprehend. This is legal and culturally accepted – we have been co-opted into a surveillance state much vaster than anything George Orwell could have imagined in 1984.
It is nearly impossible in this modern age to not have some of our personal data get harvested and stored by third parties. Purchasing things online, booking hotels/flights, simply using a credit/ATM card, visiting a website, using a phone or tablet, or engaging in social media, will result in data being stored about you and your activities.
This lack of privacy in the best of times is a cause for great concern. But we are not in the best of times, and so the lack of privacy becomes more ominous and can be used against us, hampering our ability to live safe and fulfilling lives within our communities.
Surveillance isn’t what it used to be. It’s no longer cops sitting in cars outside a building in an unmarked car, or authorities targeting a specific person based on a crime. Companies, governments, and bad actors are able to combine and look across vast sources of data to find targets based on whatever criteria they choose. Sometimes they have that data legally, others illegally, but once your data is within these large databases, it’s irrelevant.
We are at a time of increasing fascism that’s happening at an incredibly rapid pace. The world’s richest man and his cronies have been given access by our billionaire president to set up shop in the government with access to everyone’s most private governmental data. Their goals are to keep power, enrich themselves and those loyal to them. They will run a timeless fascist playbook of demonizing others while growing and holding their power, whatever the cost. Right now, they’re moving as fast as they can, in many directions at once, to shock us into submission, so that it is difficult to resist, put up defenses, and counter their moves.
It’s important to remember that fascists derive most of their power from that which is willingly given by a pliant populace, and when it comes to our information, we have already served it up upon a platter for decades and said “please, take our information.”
The good news is that we can adopt technology and practices that can take back some of the power into our own hands. If we take some simple steps, then when they increase their focus to our immediate community (and they will), our must vulnerable community members will be safer, and our whole community more resilient in the face of adversity.
Knowledge is Power
Learning the basics of privacy and security can go a long way to understanding the extent of the problem, as well as how to mitigate it. Here are some basics:
- Nearly everything you do is tracked. Your purchases, internet searches, web pages you have visited, games or app used, images or other data you have downloaded, likes, dislikes, relationship status, etc., is all recorded and stored. Vast troves of data exist about you that is collected by nearly every website and online service you use, places that you visit, and businesses you shop at. This information is already being tracked, stored, packaged up, and sold to whoever will pay for it simply because it’s profitable.
- Nearly everything you use is insecure to some degree. Your email with Google, Microsoft, and most email providers is not safe. These companies search through your emails to gather information and refine ability to custom tailor ads or media to deliver to you. Texting is as secure as skywriting. Zoom can record and listen in on all calls. WhatsApp, Messenger, Instagram DMs, all store an excessive amounts of data, with Meta being able to read your Messenger and Instagram DMs. TikTok records facial and hand gestures to measure your engagement to content. These companies may say they won’t do those things (or that if they do, that the data will be only used for specific purposes), but they will.
- There are practices and tools that can keep you and others somewhat safer. With some simple steps, you and other people can use technology with better practices that can help keep you and others safer. This will never remove all risks, but can go a long way to restrict what data others are able to see, record, and store about you.
- Now is the time to take action. The sooner we take individual action and help onboard others the less risk we hold in the future. The more individuals and organizations internalize safer practices now, the better it will be when the pressure and stakes are raised.
Basic Practices and Tools
Install and use Signal for communication. Signal is text/video/call service run by a non-profit. It’s encrypted in such a way that the company doesn’t know what you’re sending and so they can’t share information they don’t have.
Keep your systems up to date. When operating systems or apps are released, there are inevitably bugs in the software. Some of these bugs create holes that bad actors can use to exploit these vulnerabilities. Some of the easiest to exploit vulnerabilities in your computer and phone have already been fixed, but you should make sure you update so you have those new fixes. Anytime there is an update for your phone or computer, make it a priority to install.
Turn off biometric unlocking. The ability for someone to use your face or finger print to access all of your information is one of the biggest vulnerabilities! FaceID may be convenient, but it allows anyone with access to your device and face to have full access to your information. In addition, if you use these features, this biometric data is then stored and tied to you.
Use strong passcodes: Come up with strong passcodes (at least six digits that have no relation to anything in your life) and turn on the feature to erase your device after 10 failed attempts.
Passwords: Ideally use a password manager. LessPass is free, secure and works anywhere.
Your master password should be at least 16 characters long. (Password length is important: Even though this password uses plain words “Johnny loves to drink fresh water”, it would take 37,000 times more time to crack this password, than a smaller, random character password, like this one ‘D21(2j%li74s’; simply because the first password is 25 characters long and the second is only 12 characters long.)
Download and use private browsers. We are tracked everywhere, but we can mitigate that by using private browsers with ad blocking enabled, such as Vivaldi, Mullvad, DuckDuckGo, Librewolf, Brave, or Tor Browser.
Use private search engines. DuckDuckGo, Kagi, and Startpage are search engines that don’t save and track your data; thus, this data cannot be used against you.
Download and use a VPN. VPNs hide where your computer is from the sites you’re visiting and make it difficult for your internet traffic history to be known. Some countries, like in the EU, have stronger privacy protection. As a VPN spoofs your location in the world, webpages will be forced to follow stricter laws as you visit them. Mullvad and NordVPN are good choices.
Sign up for a secure email. Unless you are using a secure, private email service; assume that any email communication you do is the same as skywriting. Google, Microsoft, and other big corporate email provides can and will look in your email, and besides using and selling that information, they will also share said information with authorities. Transition away from those services. Tuta has a free option with limited storage and features.
Get off the cloud. If it’s on the corporate cloud it can searched, mined, and be used against you or others. Don’t store anything sensitive on the corporate cloud (DropBox, Google Drive, iCloud, etc). Be especially mindful of identifying information on others in the Cloud.
Use OpenSource applications like LibreOffice or CryptPad.fr as your office productivity suite instead of Microsoft Office or Google Docs. Keep copies of important or sensitive documents locally, transferring to others via thumb drive, Signal, or secure email.
General Privacy Guidelines
First and foremost, don’t assume there is an easy software solution to privacy. Most privacy is about education, awareness, and practices. So be mindful of your understanding and habits as you are of what you’re using.
Be mindful of yourself. This world is already full of scams. Fake links, emails from African “princes”, robocalls trying to get your information. Heighten your awareness and assume that any email, text, or phone call that you can’t verify the person is has a high chance for being a scam or a trap. A person can get scammed from their savings because a person claiming to represent his bank can contact them and get credentials. Note that the police can legally lie to you, but it’s illegal to lie to them. Know your rights with authorities, and do not cooperate, unnecessarily.
Security is only as strong as the weakest link. If you have the most security hardened setup and are sharing documents with someone, but the person you are sharing them with then shares or forwards to other people via text or non-secure email, then it’s essentially as if you sent those documents out in the open. Also, don’t place high-risk people in higher risk situations if you don’t have to.
Social Media is not your friend. Posting publicly to any social network; however well meaning, means you and loved ones are at a heightened risk. Corporate social networks like Facebook, Instagram, X/Twitter, and Bluesky will happily hand over information to authorities. Connect in community. Share in small groups. Delete your accounts and your data.
The Spy in your pocket. Your phone is tracked on how it is connecting to cell towers, regardless of your privacy settings. The connection of your phone to multiple towers (or wifi networks) can give someone with the right access (phone provider, plan provider, law enforcement) your location to a high degree of accuracy. In addition, your microphone and camera can be utilized remotely to listen and watch. These capabilities exist even when your phone is powered off.
In addition to the above, games and apps that you install on your phone or tablet, often have advanced data collection and can collect your personal information, as well as call history and contacts. App companies frequently do this to supplement their income by harvesting and selling your data.
Vehicles. Modern vehicles are connected to the internet. License plate scanners exist and are used in metropolitan areas and ferry terminals to build up vast data on motor vehicle operator behavior. This data can be used in conjunction with your cellular data to build maps of movement and where you have been and who you might have met.
Patterns and Metadata. All of the above data collected about you gets combined to create massive searchable data sets across many different areas. This data can and will be mined and extracted by companies to find specific individual profiles to be targeted. There are large public companies whose expertise is working with authoritarian regimes who take huge datasets to identify targets among civilian populations; their stock has gone up and their executives are excited about what this administration means in terms of their profit potential.
Normalize being disconnected. Keep your phone off for parts of the day. Leave it at home. Have meetings away from any electronics. Normalizing patterns of disconnection means if you need to be away from devices, it’s not new behavior. It’s also good for your mental health to take break from computers.
Conclusion
It’s easy to assume privacy doesn’t matter because you’re not doing anything illegal and feel you have nothing to hide, but we’re living in a time where that’s increasingly irrelevant — expressed values and suspicion under broad, sweeping state repression makes many a target in these times. By working with others to understand and implement best practices around privacy, we can better protect ourselves and each other.