Oh Shit! What Now?The Oh Shit! What now? Collective plans study groups,

discussions, and workshops aimed at equipping folks with

radical skills to share with others.

For more information, visit our website:

http://ohshitwhatnow.org/

📷: Computer Board with Key

Flickr / Blue Coat Photos, CC SA license

Take Back Your Online Privacy

Basic online security tips for activists and

everyday humans

Why Security Matters

The internet is not free -- you are the product

Marginalized people are targets online

You have a right to privacy

You have a right to be online safely

If everyone is secure, spies must work harder

Threat Modeling

When Conducting an Assessment, There are Five Main Questions you Should

Ask Yourself:

1. What do you want to protect?

2. Who do you want to protect it from?

3. How likely is it that you will need to protect it?

4. How bad are the consequences if you fail?

5. How much trouble are you willing to go through in order to try to prevent those?

See "Surveillance Self Defense" (ssd.eff.org) for more

Current Events: Broadband Privacy Vote

Obama-era proposal, never had a chance to go into effect

Your online activity is already being sold

ISPs do have special access to your data

'Use a VPN' -- but which one? How?

Be more aware of what you do online, & where

Current Events: Vault 7 & Other Leaks

They've always been able to spy on us

Vault 7 is a sign that encryption & security work

Think about what you invite into your home

Think about where you meet, what you carry

Don't be immobilized with fear

Encryption: Lock It Down

Encrypt your devices!

iOS is encrypted if locked

Android: Look in Settings > Security

Always lock / turn it off

Use a long password (at least 8 characters)

Don't give up access if you can help it

Encryption: Lock It Down 2

MacOS: Use FileVault (Google It)

Windows: Look under System > about “Device Description”

Linux: Enabled during installation

Use a password

Turn it off or lock it

Keep computers up to date

Don't give up access if you can help it

Use Signal & Other Secure Apps

Signal is Snowden Recommended

Hide Signal messages on your lock screen

Verify that you’re talking to the right person

via phone

via text

In person

Archive and delete messages

Be careful who you let into your closed systems.

P@$$w0rd$ (Don't Use This)

Use a password vault and secure passwords

Use a passphrase when you must remember it

Use 2 Factor Wherever You Can

Save your 2FA Backup Codes

Your recovery email must be secure

Being More Secure & Private Online

Use HTTPS Everywhere

Don't Sign Into Your Browser (Or Be Aware Of What You Give Up)

Beware of scams & phishing

Use secure search like Duck, Duck, Go

Tor Browser as needed

Think about what you store in the cloud (& encrypt)

Don't use public Wi-Fi (without VPN & encryption)

Beware of untrusted USB devices & ports

Secure Your Home Network

Always change default password

Do not use ISP supplied equipment as your router if you can help it

Use ethernet (wired) connection whenever possible

Use WPA2 wireless encryption, never use WPA1 or WEP,

Never, ever, leave your home wireless network unsecured!

Setting up device whitelisting for wireless devices can solve some of the vulnerabilities with wireless encryption standards

If your router supports it, set up a guest network

On Using a VPN

Free VPNs sell your shit

Not total anonymity, just 1 more layer

How you pay for VPN might matter

What to look for:

Foreign jurisdiction

No tracking / logs

Anonymous payment?

Easy to use app?

Support all your devices?

Vetted by security experts

Some VPN Recommendations

NordVPN (nordvpn.com), $5.75-$11.95/month

BlackVPN (blackvpn.com), about $10/month

Cryptostorm (cryptostorm.is), about $6/month, anonymous payment

VPNArea (vpnarea.com), from $4.92/month

Mullvad (mullvad.net), €5/month, could be forced to share data?

VryVPN (www.goldenfrog.com/vyprvpn), $5-$10/month, easy but less secure

Basic Protest Tips

Phones can be tracked even when off

It only takes one loose link in the chain

Use Burner phones

Leave it at home, or turn it off before you arrive?

Designated check-in time with friend

Do not consent to search of phone

Don't use fingerprint lock!

You are not required to provide your password to a police officer

Some final ideas

Don't panic, don't give up

Implement security a step at a time

Go low tech when you can

Rediscover old methods

Use social misdirection

Use multiple, disposable identities

Oh Shit! What Now?

is Growing Resistance

Class schedule, resources, and calendar at

http://ohshitwhatnow.org

Feedback, class ideas, or other suggestions?

ohshit@ohshitwhatnow.org

Copyleft 2017 by Oh Shit! What Now? Austin.

PUBLIC DOMAIN. NO RIGHTS RESERVED.