10 Easy Encryption Tips for Warding Off Hackers, US Government—and Russia

Rawpixel.com/Shutterstock.com

But adopting concrete cybersecurity habits is more involved than ticking off a quick checklist.

On a frigid Saturday, pink and yellow Post-It notes scrawled with concerns about cybersecurity covered a wall of Eyebeam, a nonprofit art and technology center in Brooklyn. “Identity theft + surveillance = paranoia, plz help,” read one note. “How much of a threat do alt-right hackers pose on social media?” read another. “If you know your device has previously been accessed by NYPD, what can you do?”

Fifty people had gathered at Eyebeam with their laptops and cellphones for a CryptoParty—basically a Tupperware party for learning encryption and web security. Founded in 2012 by Melbourne-based journalist Asher Wolf in response to increased internet surveillance in Australia, CryptoParty is a decentralized grassroots movement that offers free DIY workshops all over the world.

If you’re concerned about online privacy (which everyone on the internet probably should be), but don’t know where to start, “Crypto Angels”—as the cybersecurity experts who volunteer at CryptoParties are called—will teach you how to use encryption tools to protect your information from government surveillance, cybercriminals, data-mining corporations and other threats.

Because the keys to the U.S. surveillance state were handed over to a reality TV star who has spoken favorably about surveilling mosques and cracking down on free speech, interest in cybersecurity has surged, leading more people to seek out CryptoParties. Concerns are particularly high among groups who have been targeted in the past—including activists, journalists, people of color, immigrants, Muslims and the LGBTQ community—but no one is immune to security breaches. CryptoParty-goers in Brooklyn that night included an immigration lawyer who wanted to help her clients avoid being digitally monitored, a tech-support consultant for leftist nonprofits, and a Justice for Palestine activist concerned about being surveilled during protests in the Donald Trump era.

Adopting concrete cybersecurity habits is more involved than ticking off a quick checklist—install this app on your phone, install this plugin on your laptop, and boom, your information is encrypted!—and even for the tech-savvy, encryption is complicated and time-consuming with no one-size-fits-all solution. While it’s impossible to be completely safe online, you can always be safer. Here are 10 basic encryption lessons, courtesy of CryptoParty.

1. Consider using more secure alternatives than Google Docs. “If you value anonymity and privacy from corporations or the government, you might not want to host all your work on Google’s infrastructure,” said Jamila Khan of Palante Technology Cooperative, who’s researching alternatives to Google Docs for progressive nonprofit clients. “When you use Google products, you’re not the customer—you are the product.” Google watches everything you do using its services, keeps all your data and monetizes it through advertising. As for secure, private alternatives, Khan suggests word-processing platforms like Cryptpad or Riseup Pad; the latter is an Etherpad web service hosted by the activist network Riseup. These platforms offer real-time collaborative editing, but unlike Google Docs, they don’t collect your data. Riseup Pads are also automatically destroyed after 30 days of inactivity.

2. Don’t leave a digital breadcrumb trail. If you want to keep a piece of information private, don’t put it online unless you have to. This one seems like a no-brainer, but plenty of people are cavalier about the stuff they text, email, write in Google Docs and record digitally. The receiver of any communication you send can distribute those communications however they please. “People need to ask, ‘Should I be texting this or emailing it at all?’” said activist and poet Candace Williams, who led one of the CryptoParty workshops, and whose 70-Day Web Security Plan for Artists and Activists is a valuable resource.

3. Download a more secure messaging system. Boost your email security by using encryption programs like GPG or PGP (“Pretty Good Privacy”). Try out encrypted email and text messaging platforms, especially ones tailored to activists. The most popular encrypted messaging app is Signal, which Hillary Clinton’s U.S. presidential campaign used after repeated data breaches. (Downloads spiked post-U.S. election.) Webmail providers like May First/People LinkRiseup Mail and ProtonMail, offer secure email and communication tools, some specifically designed for activists.

4. Surf the web safely. For anonymous web browsing, download Tor. Use a search engine that doesn’t track you, like DuckDuckGo. The Tor browser protects your anonymity by bouncing your communications around a distributed network of Tor servers around the world, and encrypting that traffic so it can’t be traced back to your computer.

5. If you go to a protest, leave your phone at home. “When it comes to securing your phone at a protest, the threat model is tricky,” says activist Rose Regina, who taught a workshop on threat modeling at the CryptoParty. Depending on the nature of the protest, demonstrators’ phones might be surveilled by local police with stingray tracking devices, or even the FBI; as the Intercept first reported, U.S. federal agencies have regularly monitored the Black Lives Matter protest movement since Ferguson, even watching over events like a funk music parade. “If it’s a low-key climate march, you might not need to take extra steps,” Regina says. “But if you’re going to do a hardlock in front of construction equipment building a pipeline, the likelihood is pretty much 100 percent that you’ll get arrested and your phone will be taken.” In that case, think about leaving your phone at home. If you can’t bear to part with it, use Signal to communicate while at the protest, making sure your phone has a screen lock protected with a passcode. You should also disable fingerprint activation, which the police can ask you to use if they have a search warrant for your phone, and perhaps craft a signal-blocking cell phone pouch like the ones protesters used at the Republican National Convention.

6. Get serious about your passwords. Enable two-factor authentication on all online accounts. Change your passwords every few months—and make sure they’re strong, which means random and unique. As goes the tech-nerd motto, “The only secure password is one you can’t remember.” Store your passwords using tools like 1Password,  Dashlane, or LastPass, which will both securely store your passwords and generate random new ones for you.

7. Think about how you present yourself on social media. The information you’re providing about yourself on social media profiles could become a liability. In the event of a crackdown on free speech, your posts on Facebook, Twitter, Instagram and YouTube could become a form of self-incrimination, even if you haven’t committed a crime. In mid-November, for example, after a Rutgers University lecturer tweeted about flag-burning and other “incendiary” topics, the New York Police Department showed up at his door and forced him to undergo a psychiatric evaluation. NYPD’s persistent monitoring and targeting of people of color on social media platforms has been called the new stop-and-frisk, which warrants caution about even jokingly posting online about criminal activity.

8. Know your threat models. In cybersecurity land, “threat modeling” is the process of systematically analyzing the vulnerabilities of a given network or individual and identifying what measures should be taken to protect against probable threats. Whether you’re devising a threat model for securing your phone at a protest, your laptop when you don’t trust your roommate, or your online banking, ask yourself who you’re protecting yourself from, and how many layers of security you need.

9. Adopt encryption measures even if you don’t think you’re a likely target. Some people still assume that if they’re a law-abiding citizen, they have nothing to hide and therefore don’t need encryption. But history suggests that’s naive. (See: Snowden’s warning about the National Security Agency collecting your dick pics.) “A dream is to make being safe on the internet as automatic and normal as buckling your seatbelt in a car,” Candace Williams said. “The more people adopt privacy practices, the safer everyone is. It’s partly a future-proofing strategy.”

10. Don’t get paranoid, if you can help it. “Power, not paranoia,” goes one CryptoParty catchphrase. While countless books and how-to articles teach DIY encryption, attending a CryptoParty has the added benefit of connecting you to real live humans with similar concerns, which can allay paranoia. “If you Google how to protect yourself online, it can be like looking up symptoms on WebMD—you’re going to get nightmare scenarios,” Williams says. Alternatively, attending a CryptoParty is like visiting a doctor who offers individualized advice—and tells you not to freak out.

The beauty of the CryptoParty movement isn’t just the way it makes encryption more accessible: It also helps build activist communities and networks of resistance, encouraging average citizens to take their civil liberties into their own hands when they can’t trust people in power to protect those liberties for them.

For a list of dates and locations of upcoming CryptoParties around the world, head here.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.