PRIVACY TIPS

Privacy and security are often used interchangeably, but they mean slightly different things.

• Privacy is about your ability to have control over your own personal data, i.e. being aware of the data that is collected about you and being able to decide who can access it and how.

• Security is about protecting your data from unauthorized access.

For example, Gmail is a very secure system, in that it would be difficult for hackers to access your emails. But it is not private, bec0ause Google can see everything you send and may use that information for any number of purposes—from targeting you with ads, to handing your personal data over to the federal government.

You are only as private as your friends' privacy practices, and they are only as private as yours. In order for communications to be truly end-to-end encrypted (that is, no one but the sender and intended recipient can see them), all parties must be using the same platform. Make the switch to private platforms like Proton and Signal yourself, and then talk to your friends about doing the same.

The web browser you use to access the internet sees everything you do online. Browsers owned by large corporate entities, like Chrome, send all of the data they collect about you to the company, which sells your information to data brokers.

• Firefox for desktop (Firefox Focus for mobile phones) is generally considered one of the better browsers for privacy, with a good balance of built-in privacy features and user-friendliness. Brave is another good option.

• To make your online privacy even stronger, you can add extensions (extra bits of software you can install into the browser) like uBlock Origin, Ghostery, or Privacy Badger. They can block companies from spying on you online by blocking most ads, pop-ups, and trackers.

Tip: It may be tempting to install lots of privacy-focused extensions, but it's best practice to keep it limited. Each extension you add makes your browsing footprint more identifiable by trackers, so try out a few and then choose your favorite one instead of installing them all.

What about Incognito Mode? On any browser, Incognito Mode (also known as private browsing or InPrivate browsing) is not private. Incognito Mode prevents your activities online from being saved in the history of your browser, meaning someone else accessing your device would not be able to see anything you did while browsing in this mode. However, it does not prevent the browser or Internet Service Provider from seeing and collecting data on your activities.

Privacy is not all-or-nothing! Every small (or big!) step to protect your data makes a difference.

Much like your web browser, your search engine sees a lot of what you do online, and most will send that data back to their company to package up and sell to data brokers.

• There are a few great privacy-focused options available, like DuckDuckGo and Startpage. Set one of them as your default search engine on your preferred browser (Firefox is commonly recommended for privacy).

• Different search engines provide different results! You may want to try out a few to help you decide which you like best.

Take it slow: Adopting new technologies can require a change in your online habits, which take time, patience, and persistence to effectively develop. Focus on one change at a time.

Law enforcement has many tools to collect information about you both from the data on your phone and the data from your communications at a demonstration. These include devices that can impersonate cell phone towers to spy on you and that can perform facial recognition. There is also the risk of direct encounters with police or even the seizure of your device, especially in locations with a heavier law enforcement presence, such as ICE detention centers.

The easiest way to keep your data and communications safe is to simply leave your phone and other smart devices at home while demonstrating. Bring a wristwatch to tell the time (not a smartwatch), sort out logistics with others in advance, and if you’d like to document the event, use a cheap digital camera. If, however, you decide to bring your phone along, here are some ways you can better protect your privacy.

Note This is NOT legal advice; it is simply meant to help you guard the mobile device that you bring to a demonstration.

Before you leave

• Beef up your phone’s security. You can’t be forced to give up your password, but law enforcement can use your fingerprint or a facial scan to unlock your phone if the option is available to them.

  • Protect your phone with a strong password or passphrase.

  • Disable biometric features like Fingerprint Lock and Face ID.

  • Turn off voice activation like Siri and Google Assistant.

• Install Signal for more secure communications. Normal text messages and calls are vulnerable to surveillance or interception. To avoid this, use Signal to communicate at the demonstration. The app is free, available on both iOS and Android, and offers encryption for texts and calls.

  • Everyone you want to communicate with on Signal has to install Signal.

  • Use the disappearing messages feature at the demonstration.

• Sign out of any accounts you are logged into on your mobile device (email, Facebook, TikTok, etc.). If your phone is unlocked and stolen or seized, every app you were signed into can be accessed and expose your location, contacts, and other sensitive info.

At the demonstration

• Disconnect your phone. Reduce the chances that your phone connects to a rogue cell tower or Wi-Fi hot spot being used by law enforcement for surveillance.

  • Turn off your phone and keep it off as much as possible.

  • if you turn on your phone, enable airplane mode and turn off location services, as well as Wi-Fi, cellular data, and Bluetooth.

  • If you use your phone to take photos and videos, do so without unlocking your device.

•  Think before you post to reduce risk.

  • Avoid posting live updates if you have not disabled the location service.

  • Before you post photos or videos, make sure that if you show someone’s face, tattoos, or other identifying features that you have their consent.

What else can I do to prepare? Risks may vary depending on the demonstration and your own personal profile. Larger protests like the No Kings demonstrations may face less risk of antagonistic law enforcement presence compared to smaller ones. If you are a member of a more vulnerable population, or attending a smaller protest where law enforcement is anticipated to be unfriendly, you may want to consider taking extra precautions such as preparing for device seizure and knowing what to do in law enforcement encounters, such as an arrest.

Every app that you use on your computer, phone, or tablet requests certain permissions when you install it—for example, permissions to access your location or contacts. These are often more far-reaching than the app really requires for functionality, and allows the app to gather and sell any data it can find on your device, even data that has no relevance to the app itself.

• Before downloading an app, scroll down in the app store to App Privacy and check the data it collects by default and whether that makes sense for the specific app in question. It's risky to grant permissions like Camera, Microphone, Location, Contacts, and Storage (which includes any files on your device) unnecessarily.

  • Examples: A video conferencing app will need access to your Camera and Microphone. It shouldn't need access to your Location. A game app shouldn't need access to any of these sensitive settings, with the exception of something like Pokemon Go which would require Location.

  • Be aware that the permissions you grant do not just impact you—they impact your family and friends as well.  Any app with permissions to access your Contacts, for example, has the ability to scrape your friends' phone numbers and email, as well as information on your connection to them, and compile that with any data it already has on either of you.

• Foil the phone's efforts to track you. Disable the ad tracker that enables most third-party tracking on mobile devices and make it harder for advertisers and data brokers to track you and limit the amount of your personal information up for sale.

• Conduct an occasional audit of the apps on your phone. Restrict all permissions you can find to the bare minimum required for apps to function. Depending on which phone you have, the exact steps to check these settings will vary, as will the level of control you can have. But in general, here are the steps you can follow:

  • On iPhone, go to Settings/Privacy & Security. There you can check which apps are using Location Services and control the access permission each app has—for example, None, When Using, or Full Access. Then do the same thing service by service—Calendars, Contacts, Files & Folders, etc.

  • On Android, go to Settings/Security & Privacy. Under Privacy, your Privacy Dashboard can show you which apps have recently accessed permissions such as Location, Camera, and Microphone. Select a permission type and then select Manage permission to see a list of apps with access to that permission. For each app, you can select Allow all the time, Allow only while using the app, Ask every time, or Don't allow to determine what kind of access to grant.

Social media sites collect and aggregate TONS of data about you (and, in fact, they own your data!). That information can't necessarily be deleted, and anything you post may stay there forever. Your data can and probably is used for less-than-ideal purposes, including by ICE and the social network itself. Social media apps, Meta in particular, track you across most of your web activity even when you aren't on their sites. There's also the danger of fake profiles created by law enforcement and manipulation by the site’s algorithms to shape your view of the world and sway your emotions. emotions.

Follow the tips below to help you reduce your risk on social media.

• Do not share personal information. It can be used for nefarious purposes—including identity theft, financial fraud, or social engineering efforts to trick you or track your whereabouts.

• Give as few personal details as possible in your profile. That includes birthday, hometown, where you work, relationship status, and interests.

• Post with care. All posts—including photos and videos—leave a digital footprint. Be particularly cautious with public posts because anyone in the world can see them. Assume that everything you post will be published in a national newspaper.

  • Never share any identifying information like driver’s license or bank account numbers.

  • Avoid sharing details that could be used to track you, including photos or videos that show where you are or your daily routines.

  • Assume that whatever you post will be there forever. Once something is published online, it’s available to indefatigable search engines.

• Talk with your friends about what you and they share. Social media apps don’t just collect data on you, but also on your friends and family members. Be mindful of what you share that includes others, and make sure to get permission before posting photos or videos, or tagging others.

• Only accept friend requests from people you know personally and limit your followers. Social media is built on the idea that everyone is a potential friend, and cybercriminals can exploit this.

Control the privacy settings

Privacy settings help answer the question: “Who can see what?” There you may choose who can see your posts (“public,” “friends of friends,” “friends only,” etc.), contact information, location, and photos, as well as if people can find your profile in searches.

• Fine-tune the default privacy settings.

  • Look for privacy and security “checkups.” These plain-language guides can help you walk through the maze of privacy settings and set them so they’re right for you.

  • If you want to go it on your own, here are a few platform-specific guides:  acebook, Instagram, Snapchat, Tiktok,and  What’s App.

• Consider using social media in your browser, not the app. This helps prevent the site from gaining access to sensitive data on your phone like your location and your contacts or tracking you as you travel the web.

Lock down your accounts to protect your safety

You can find many of these settings under “Security” or “Safety.”

• Use strong passwords and turn on two-factor authentication. If you don’t know how to do this, look for the Privacy Tip of the Week next week on how to keep your passwords secure.

• Turn off features that track your location to ensure that the locations of your posts are not automatically tagged (geotagged).

Protecting your online accounts from unauthorized access is an important part of keeping your information secure. One of the best ways to keep your accounts safe is by using strong passwords—and, most importantly, a different one for each account.

• Password managers like Bitwarden, 1Password, and Proton Pass can help you keep your passwords safe, so that no one—not even you!—knows what they are. Password managers typically have auto-fill features, so you don't usually need to type your own login information yourself. Plus, many password managers can also randomly generate passwords or passphrases that have a higher level of security than ones you might come up with on your own.

  • What makes a password strong? The best passwords are long, aren't easily guessed, and include a variety of different character types like numbers, symbols, and both upper and lowercase letters.

  • What is a passphrase? A passphrase is a sequence of words (usually randomly generated) used as a password. Passphrases have the advantage of being longer than regular passwords, and generally easier for humans to understand. Both "1Kd$CYR*bqO%ow6" and "Fretful2-Donator-Baguette" are both very strong, but which would you rather have to type?

  • Once you've decided on a new password manager (or if you already have one), take some time to change your passwords, especially any that are weak or that you have re-used. Changing passwords regularly is an easy way to keep your accounts secure.

• For additional security, consider turning on multi-factor authentication (often referred to as MFA or 2FA) for any of your accounts that offer it. You can usually find this under the security settings, in the same place where you can change your password. This adds an extra layer of protection by requiring you to add more than one way to verify your identity. With MFA turned on, you will be prompted to enter a code that is texted to your phone or sent to your email before you can log in. It's a bit of an extra hassle, but it's much less of a hassle than dealing with a hacked account!

What about security questions? Security questions are a common method that websites use to verify your identity if you've forgotten your account password. These questions usually relate to some aspect of your personal life, like "What was the name of your first pet?" or "Which city were you born in?". While well-intentioned, these questions don't always do a good job of protecting your information, since answers can be easily guessable to those who know you, or searchable online.

But you don't have to answer these questions truthfully! Consider choosing a fictional character and answering the questions as if you were them. Or, you can generate random passwords or passphrases to answer security questions, and save them in your password manager so you don't have to remember them yourself. Most password managers have an option to write "notes"—kept separately from passwords—just for this purpose.

Proton Mail offers secure encrypted email services to keep your communications safe.

• • Use Proton's Easy Switch to move all of your existing email into your new Proton account, and set up mail forwarding so you don't miss any emails to your old email address.

  • A free Proton account will give you one secure email address and 1GB of storage. A paid account can give you access to more features (such as more storage) and their full suite of privacy-conscious tools—and will help keep this technology around for the future!

Normal text messages are easily intercepted by outside parties and law enforcement. Install the Signal app on your phone and computer to have secure end-to-end encrypted conversations with your friends.* End-to-end encryption means that no one else can read your messages except for you and your friend. Signal allows calling, too—for free!

• If you have an Android phone, you can use Signal's chat folders feature to keep your conversations organized.

• Signal is free, but consider donating to help keep this technology around for the future!

• What about WhatsApp? WhatsApp advertises itself as an end-to-end encrypted messaging platform. It is true that the message contents are encrypted, meaning that WhatsApp cannot read them. However, it does not encrypt information about who you are messaging, your device's IP address, location, phone number, or profile information (known as "metadata"—the data about your data). WhatsApp's parent company Meta is known to collect and sell this information. WhatsApp is more secure than regular texting, but Signal is a better choice overall.

Under construction

Your ISP, or Internet Service Provider (such as T-Mobile, Verizon, Xfinity, etc.), knows everything you do online. They sell that data to advertisers and share it with government and law enforcement with very little restriction. A Virtual Private Network, or VPN, hides your internet activity from your ISP, letting you keep your information private.

• Another important function of a VPN is masking your IP address, which is often location-specific. When online resources are blocked in a particular region (due to censorship or anti-privacy surveillance legislation disguised as child safety laws), VPNs can allow for internet users to retain access to important information that would otherwise be blocked.

• Since a VPN will see all of the data that your ISP normally does, it's important to choose one that you trust. Unfortunately, many websites that review VPNs are not reliable because they are often owned by the same company that owns a number of popular VPNs.

  • In choosing a VPN, it's best to find a "no logs" VPN, which doesn't collect any user data beyond what is necessary for the VPN to function. Regular external audits and open-source software can help to verify that a VPN is as secure as advertised. Two VPNs that have both undergone independent audits and have strong reputations for reliable security are Proton VPN and Mullvad VPN.

  • Note VPNs can make your internet run slower and may cause some websites to misbehave. Be prepared for a slightly less smooth internet experience when using a VPN.

I have nothing to hide! Why should I use a VPN? 

• Depending on your online privacy and security priorities (such as those you set using threat modeling), you may choose not to use a VPN, and that's okay. However, if you are especially active in politics and activism, or belong to an identity group that is frequently targeted for extra surveillance and/or violence, it's probably a good idea.

• If that doesn't apply to you, here are a few reasons you might consider using one anyway. And here's one more: VPNs are crucial tools used by journalists and investigators to protect their sources and themselves, but authoritarian governments often try to crack down on VPN use by making the claim that only hackers and criminals use them. Adopting VPN use for your own everyday internet usage pushes back on that narrative and normalizes VPNs, making it safer and easier for journalists to continue their very important work