Click here to load reader
Upload
kit-oconnell
View
572
Download
0
Embed Size (px)
Citation preview
Oh Shit! What Now?The Oh Shit! What now? Collective plans study groups,
discussions, and workshops aimed at equipping folks with
radical skills to share with others.
For more information, visit our website:
http://ohshitwhatnow.org/
📷: Computer Board with Key
Flickr / Blue Coat Photos, CC SA license
Take Back Your Online Privacy
Basic online security tips for activists and
everyday humans
Why Security Matters
The internet is not free -- you are the product
Marginalized people are targets online
You have a right to privacy
You have a right to be online safely
If everyone is secure, spies must work harder
Threat Modeling
When Conducting an Assessment, There are Five Main Questions you Should
Ask Yourself:
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it that you will need to protect it?
4. How bad are the consequences if you fail?
5. How much trouble are you willing to go through in order to try to prevent those?
See "Surveillance Self Defense" (ssd.eff.org) for more
Current Events: Broadband Privacy Vote
Obama-era proposal, never had a chance to go into effect
Your online activity is already being sold
ISPs do have special access to your data
'Use a VPN' -- but which one? How?
Be more aware of what you do online, & where
Current Events: Vault 7 & Other Leaks
They've always been able to spy on us
Vault 7 is a sign that encryption & security work
Think about what you invite into your home
Think about where you meet, what you carry
Don't be immobilized with fear
Encryption: Lock It Down
Encrypt your devices!
iOS is encrypted if locked
Android: Look in Settings > Security
Always lock / turn it off
Use a long password (at least 8 characters)
Don't give up access if you can help it
Encryption: Lock It Down 2
MacOS: Use FileVault (Google It)
Windows: Look under System > about “Device Description”
Linux: Enabled during installation
Use a password
Turn it off or lock it
Keep computers up to date
Don't give up access if you can help it
Use Signal & Other Secure Apps
Signal is Snowden Recommended
Hide Signal messages on your lock screen
Verify that you’re talking to the right person
via phone
via text
In person
Archive and delete messages
Be careful who you let into your closed systems.
P@$$w0rd$ (Don't Use This)
Use a password vault and secure passwords
Use a passphrase when you must remember it
Use 2 Factor Wherever You Can
Save your 2FA Backup Codes
Your recovery email must be secure
Being More Secure & Private Online
Use HTTPS Everywhere
Don't Sign Into Your Browser (Or Be Aware Of What You Give Up)
Beware of scams & phishing
Use secure search like Duck, Duck, Go
Tor Browser as needed
Think about what you store in the cloud (& encrypt)
Don't use public Wi-Fi (without VPN & encryption)
Beware of untrusted USB devices & ports
Secure Your Home Network
Always change default password
Do not use ISP supplied equipment as your router if you can help it
Use ethernet (wired) connection whenever possible
Use WPA2 wireless encryption, never use WPA1 or WEP,
Never, ever, leave your home wireless network unsecured!
Setting up device whitelisting for wireless devices can solve some of the vulnerabilities with wireless encryption standards
If your router supports it, set up a guest network
On Using a VPN
Free VPNs sell your shit
Not total anonymity, just 1 more layer
How you pay for VPN might matter
What to look for:
Foreign jurisdiction
No tracking / logs
Anonymous payment?
Easy to use app?
Support all your devices?
Vetted by security experts
Some VPN Recommendations
NordVPN (nordvpn.com), $5.75-$11.95/month
BlackVPN (blackvpn.com), about $10/month
Cryptostorm (cryptostorm.is), about $6/month, anonymous payment
VPNArea (vpnarea.com), from $4.92/month
Mullvad (mullvad.net), €5/month, could be forced to share data?
VryVPN (www.goldenfrog.com/vyprvpn), $5-$10/month, easy but less secure
Basic Protest Tips
Phones can be tracked even when off
It only takes one loose link in the chain
Use Burner phones
Leave it at home, or turn it off before you arrive?
Designated check-in time with friend
Do not consent to search of phone
Don't use fingerprint lock!
You are not required to provide your password to a police officer
Some final ideas
Don't panic, don't give up
Implement security a step at a time
Go low tech when you can
Rediscover old methods
Use social misdirection
Use multiple, disposable identities
Oh Shit! What Now?
is Growing Resistance
Class schedule, resources, and calendar at
http://ohshitwhatnow.org
Feedback, class ideas, or other suggestions?
Copyleft 2017 by Oh Shit! What Now? Austin.
PUBLIC DOMAIN. NO RIGHTS RESERVED.