Following best security practices can be a little annoying sometimes, but so is locking up your house when you leave, and it’s just as important! This is especially true for vulnerable populations who are involved in controversial activism. Follow these recommendations to keep your information and your identity safe and anonymous online.
- Keep your Operating Systems and all apps updated at all times. Updates frequently contain fixes for known security vulnerabilities that hackers can exploit.
- Use a Password Manager like LastPass or 1Password and long passphrases.
- Always use Two-Factor Authentication (2FA) for EVERY account that supports it!
- Secure your devices. Set your devices to automatically lock the screens when not in use and set a strong password to unlock.
- Never reuse passwords or share passwords between two or more accounts.
- Check all of your email addresses with haveibeenpwned.com and change passwords for any compromised accounts immediately.
- Always use HTTPS. Install the HTTPS Everywhere browser extension.
- Delete any stale apps and accounts.
- Create sock (alternate or throwaway) accounts for discussing sensitive topics in order to protect your main. Do not follow, like, or interact between your accounts.
- Think carefully before using your real name and/or face anywhere, always.
- Keep social media accounts private. Limit publicly available information and who can see your posts.
- Check your privacy settings in every app and account and lock them down.
- For full privacy, use a VPN (Virtual Private Network), especially if you are concerned about government or IP monitoring or revealing your personal IP address.
- Use Protonmail, Telegram, Signal, Jitsi Meet for truly private communication.
- Do NOT use Instagram, Facebook, or WhatsApp for sensitive communication. These platforms use end-to-end encryption, but they are monitored by Facebook.
- Do not trust Google, Discord, Twitter, Tumblr, WordPress.com, Reddit, Zoom, etc. Eventual censorship of anything too controversial is likely.
- Limit ANY personally identifying info in your posts. Seemingly innocuous details about you can lead a hacker to a breakthrough.