Strategy #3: Personal digital security

Fun fact about me: I’ve worked in movement/nonprofit/open source tech for many years, which is a direct pipeline to digital security/infosec awareness. And gee but I’m getting a lot of questions right now about digital security based on my white hat hacker past. Here’s some guidance if you’re considering improving on your digital security.

ASSESS YOUR RISK

Digital security is useful for everybody to avoid corporations having literally all your personal data and general scams/hacking, but certain people have more risk. Are you someone who’s part of, connected to, or acting in support of groups of people most imminently being threatened? At the moment that is: Latinx immigrant communities, transgender people, and people interested in getting abortions. If so, you may want to consider more strong security practices and quicker implementation. 

ASSESS YOUR STANCE

Are you on offense [doing activism you’d prefer the government can’t easily trace] or defense [expecting to be doxxed or harassed online by individuals], or both?

CONSIDER YOUR ACTIONS

  • Are you storing sensitive personal data on anyone in a system [like Google Drive, or email] that could be accessed
  • Are you using alternatives to corporate cloud storage where possible
  • Are you securing all your systems with 2FA and strong, unique passwords
  • Do you trust your mobile phone company
  • Social media: do you have anything online you’d like removed?

THINGS TO CONSIDER DOING:

This is a summary reference. Lots! more resources and smart groups’ guides below.

DEFENSE FROM DOXXINGOFFENSE AGAINST GOVT/CORP SURVEILLANCE
* Consider manually opting out of data brokers / use DeleteMe or Privacy Duck to get ahead of cleaning up data that’s online + check if you’ve been part of any personal data breaches at Haveibeenpwned.com* Encrypt your communications, eg use Signal or other encrypted texting
* Use 2FA and strong passwords [and a password manager  like 1Pass or LastPass to keep track of all these unique, strong passwords]* Mask location, eg use a VPN and keep your location off + don’t bring your regular phone to a protest or action ffs
Lock down social media – here’s the NYT guide to to lock down and clean up your social media*Use digital tools that won’t share your content with the gov’t, like https://proton.me/ 
Consider a credit freeze [here’s how, it is free] so even if there is a breach of your PII no one can take out a credit card or mortgage in your name.* Encrypt your computer and don’t log into accounts with important data on unknown networks [use a VPN]

WHY THIS MATTERS – AND WHY IT’S HARD

The EFF says it best, “security is a process, not a purchase.” If you want to be more digitally secure, start somewhere. Build the muscle, tooling, and habits over time. 

Of course it’s easier to just store your credit card on IG, Apple Pay, and Amazon. Of course it’s easier to use gmail. Of course it’s easier to leave location on and login to any old wifi and accidentally setup PayPal credit cards and Klarna and of course credit card minimums are set low. Of course government services web pages are crappy. Of course the narratives about how happy we’ll be when we’re married, skinny, and own the newest car are loud af.

All of these are part of designed systems that increase our vulnerability: to surveillance, individualistic consumer behavior over collective action, debt servitude, resource scarcity, and fear of ostracism and being alone. Doing things differently, in service of your autonomy and YOUR life – the one you actually want – takes more thought and work. I don’t teach people money because I love systems, I teach it because I HIGHLY dislike them, and want us to be as free as possible while we’re all mucking around here. Taking the action you need to take is extra, but you are worth extra thought and work. 

RESOURCES

  • LONGER + SMART: Equality Labs, Anti-Doxxing Guide for Activists Facing Attacks updated Dec 2024.