Cybersecurity for ‘real people’: useful resources

Portrait of Home Secretary Amber Rudd with the words, Cybersecurity for 'real people'

Thank you to everyone who joined us on Monday evening at BOM for our cybersecurity for ‘real people’ workshop. It was clear from the sizeable turnout and lively discussion that plenty of real people in Birmingham do care about online security, contrary to what the Home Secretary Amber Rudd might like to believe. Special thanks also go to Mari (@bouncinglime on Twitter), who stepped in at short notice and shared with us her experience of using Tor.

Thanks go to Leo, who led the session. Leo felt that the Home Secretary’s comments about ‘real people’ not being interested in cybersecurity is both incorrect and dangerous. Instead of talking down the importance of cybersecurity for real people, the Home Secretary should be supporting a cybersecurity for the all the people!

Good digital security limits legally dubious mass surveillance

Leo’s talk focused on how applying good digital security practices can help reduce your exposure to the effects of mass government surveillance (exposed in 2013 by the Snowden revelations), which violates our human rights and has been found to have  ‘chilling effects’ on freedom of expression.

cybersecurity for 'real-people' presentation slide
Cybersecurity for ‘real people’ presentation slide (PDF)

For example, using Signal, the open source end-to-end encrypted messaging app, makes it virtually impossible for anyone other than the sender and receiver to read the content of a message. As such, this presents a serious obstacle to governments (and corporations) analysing our private communications at population scale.

Similarly, the Tor browser allows users to browse the internet anonymously by encrypting internet traffic and bounces it around the world through a series of hops on the Tor network before connecting to a website.

Tor punches a hole in the Snooper Charter’s legally dubious requirement for internet service providers to keep a record of everybody’s internet browsing history for 12 months, which Liberty is currently challenging in the High Court.

Virtual private networks (VPNs) are another tool for protecting your privacy when online. When using a VPN, your internet traffic is encrypted and routed through your VPN provider. VPNs help protect your security and privacy when using ‘free’ public WiFi.

Instead of a detailed log of every website you’ve sitted, all that your internet service provider can see is that you’ve connected to a VPN. Unlike Internet Service Providers which are now required to store your browsing history for 12 months, many VPNs promise to keep minimal service logs.

When browsing the web with a VPN, the sites you visit see the VPN’s internet protocol address and not the one tied to your home broadband account, making it harder for organisations and individuals to identify and track you online.

For more information on how VPNs work and what they do and don’t protect you from check out the following resources:

Big Brother Watch – VPN Fact Sheet (PDF).

EFF Surveillance Self-Defense – Choosing the VPN That’s Rights For You

Advice for people at greater risk when they go online

As well as frustrating mass surveillance, Leo also explained how good digital security practices protect activists and other groups of people who face additional risks when they go online.

For example, in March 2017, allegations emerged suggesting that the Metropolitan Police in London had used hackers in India to access protestors’ emails. Threats are not limited to activists. Women, people of colour and LGBTQ people are often subjected to “doxing” attacks in which people’s private or identifiable information is published online. To get an idea of how the threats people can face online, check out The Intercept’s recent story, How Right-Wing Extremists Stalk, Dox, and Harass Their Enemies.

Good digital security can help protect people from these kinds of attacks. For example, using unique, strong passwords for online accounts (made easier to remember with a secure password manager) makes it harder for adversaries to access personal information.

Applying two factor authentication adds an extra layer of protection to online accounts. Even if somebody got hold of your password, they would still need to obtain a second unique code, which is usually sent to your phone via a text message or generated by an authenticator app, in order to access your account.

Don’t forget the basics

ORG Birmingham local organiser Francis (@francisclarke on Twitter) supplemented Leo’s talk by discussing the basics of digital security.

These are the things everyone should be doing to protect themselves, whether or not they’re engaged in activism or belong to a group which faces heightened threats online.

Here are some of the tips we shared:

  • Encrypt and password protect ALL your devices.
  • Say yes to software updates.
  • Use a secure password manager.
  •  Apply two-factor authentication to your online accounts.
  • Use websites with HTTPS (look for the padlock) wherever possible.
  • Review your social media privacy settings.
  • Use Signal (or failing that, WhatsApp) to message friends and family securely

For more detailed information on how to do these things, check out our blog post from 2016, 7 top tips for protecting your online privacy and security

More useful cybersecurity resources

We covered a lot of ground at the workshop, more than can be easily summarised in a single blog post. If our workshop and this post has made you want to take action to improve your digital security, there are lots of useful resources online that will help you do just that. Here are a few of our favourites.

EFF – Surveillance Self-Defense – Tips, Tools and How-tos for Safer Online Communications

Hackblossom – A DIY Guide to Feminist Cybersecurity

Open Rights Group Birmingham – 7 top tips for protecting your online privacy and security

Big Brother Watch –  VPN Fact Sheet (PDF)

The Intercept – Battle of the Secure Messaging Apps: How Signal Beats WhatsApp

The Intercept – How to Use Signal Without Giving Out Your Phone Number

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s