Protect your personal email! It's the key to your online life. If you use Gmail (best security option for many people but with the unfortunate privacy trade-off as exposure to Google), please enable two-factor WITH A SECURITY KEY. This is the best guide. https://techsolidarity.org/resources/security_key_gmail.htm …
-
-
Show this thread
-
You can also use a security key to protect your Facebook account! (You can use the same security key as second-factor to multiple accounts, and have a friend's security key be your backup—they can't enter your account without password so it works!)
Show this thread -
This is the hardest problem. No feasible way to download & open attachments on Microsoft OS and have that machine be safe. Windows has been and is a security nightmare. Forward/open all attachments in: an iPad or iPhone or a Chromebook. On Windows, only open them in Google Drive.
Show this thread -
Are you, like most journalists and activists, reaching out to people via Twitter DM? Your immediate move for (non-anonymous) conversation is: "Hey, can we move to Signal or WhatsApp"? Do not chatter on unencrypted Twitter DM. Twitter is too easy to hack, still no security key.
Show this thread -
Concerned with giving out your phone number? Get a second one. Here's a guide. You can get a second phone number on most phones via apps pretty easily for max $10 a month. Worth every penny. Also good to separate work/life.https://theintercept.com/2017/09/28/signal-tutorial-second-phone-number/ …
Show this thread -
When/if your Twitter account gets hacked, it's not your public tweets that pose a danger. Your DM conversation can be screenshotted and taken out of context for viral misinformation campaigns. DO NOT MAKE BAD JOKES ON DM. Do not chatter on Twitter DM until Twitter fixes security.
Show this thread -
Travel with a Chromebook. Chromebooks are hardest to hack by design, and easiest to wipe. You can literally wipe it with a shortcut key. Here's Google's help page (which sucks, as usual because Google can't invest in help pages
) but it will do. https://support.google.com/chromebook/answer/183084?hl=en …Show this thread -
Give your Chromebook its own Gmail account, not your usual one, and use everything else in incognito window while traveling. If your browser crashes or computer runs out of power, there is nothing there to recover, really.
Show this thread -
Anyone at risk: do not use an Android phone. You can literally cough in the direction of one to get access. Android security is a nightmare. On the other hand, iPhones and iPads are stellar, *stellar* security wise. Get the cheapest one you can afford (past 5s). Just do it.
Show this thread -
An iPhones and iOs devices, learn about backup options and think them through. A lot of things are backed up automatically, which means you can dowload them back if you lose the device, but also means Apple could provide access. Individual decision on each. Ponder it all.
Show this thread -
For example, I backup all my iOs photos to the cloud. I don't back up any chats. I lose a phone, I lose all my chats. I thought about this long and hard, and decided this was the best option for me. My pics are memories/places/people and nothing ever that would be a threat to me.
Show this thread -
Are you an org that does high-risk work? I mean, anything that touches politics? Threatens any organized group? Pisses of 4chan or a government? I'd GET OFF EMAIL AND SLACK (GET OFF BOTH!) and move all chater to Signal or WhatsApp on iOS devices: Ipads/phones with keyboards.
Show this thread -
Look, it's not just that you're doing nothing wrong. Your private life is private, your bad jokes make sense only to friends, and anything can be weaponized against you. (See
@samseder case). Don't chatter on email, slack or Twitter DM. Signal or WhatsApp on iOS is your best bet.Show this thread -
WhatsApp retains metadata (who talks with whom and when) but Facebook cannot access the content because it's end-to-end encrypted. Great option for people who aren't on Signal—many people are already on WhatsApp and sometimes you can't switch people.https://twitter.com/karmel80/status/943490216668614657 …
Show this thread -
There is no other option on the phone market for ordinary people. If you care about security and privacy, you have to be on an iOs device. Secure enclave plus a whole bunch of other structural and hardware settings compel this choice https://twitter.com/EvansRyan202/status/943490767154307072 …
This Tweet is unavailable.Show this thread -
Protect your phone (iPhone!) like a hawk, just like your personal email. Long, difficult passcode. For TouchID: in the US, you can be *compelled* by law to put your finger on your phone. You cannot be made to cough up your passcode. Consider your risks.https://www.theatlantic.com/technology/archive/2016/05/iphone-fingerprint-search-warrant/480861/ …
Show this thread -
After all of this: remember, any conversation is as secure as the weakest link. Most likely way something gets out is... the other end of the conversation, not some expensive hack. Always ponder the recipient/group (and the size of the group) when typing something online.
Show this thread -
I don't mean to make people paranoid! I make bad jokes on many platforms. :-D But it make sense to have a workable, reasonable security set-up hardware and software wise, and just exercise caution especially if you are a journalist/activist or anyone at risk of being targeted.
Show this thread -
If you like the convenience of TouchID (and your fingerprint is stored locally though I have concerns about normalizing biometrics as ID), at least remember this. You can quickly disable TouchID with five taps depending on your İphone make. Try it out.https://www.imore.com/how-quickly-disable-touch-id-when-you-need-extra-security …
Show this thread -
For truly high-risk work (investigating a powerful nation-state or a corporation), this is great advice. Get a second dedicated device. You can get a Chromebook for under $200. No excuse for newspaper/investigative work. Segmentation is the best security. https://twitter.com/43blah/status/943496408635764736 …
This Tweet is unavailable.Show this thread -
TouchID has it uses, for sure. Guards against shoulder-surfing. But has downsides, too. I don't tell people not to use it, but consider the issue (which is explained more upthread).https://twitter.com/bitmaker_me/status/943640165230166016 …
Show this thread -
People, take note. Phishing attempts to journalists are basically industrialized, best defense is two-factor authentication preferably with security key—if unavailable, code generators. https://twitter.com/josephfcox/status/944119363954765824?s=17 …
This Tweet is unavailable.Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
