Articles of note

There have been a number of instructive pieces on security:

Two Passwords are Always Better Than One, Jessy Irwin: November, 2017.

Many security professionals and trainers have rightly pointed out the flaws in SMS based two-factor authentication, or 2FA, for short. In this article the author makes a strong case as to why security trainers should help people understand the importance of 2FA and how speaking poorly about SMS based 2FA might only serve to confuse the people we are trying to help.

Comic: How to Protect Yourself Against Spearphishing, Joyce Rice and Micah Lee: November 19 2017. When you receive an email suggesting you log into a specific website, most of the time you may not pay close attention to the link. But a phishing website is designed to look like a legitimate, trusted website, while it belongs to an attacker who wants to trick you into sharing your credentials. If you log into their phony website, they will use your very real credentials to log into the legitimate website, masquerading as you. Spearphishing is an even more specific type of attack, targeting a specific individual by finding more information about them before sending a targeted email or message. This beautifully illustrated explainer shares both an example and how to protect yourself against phishing generally.

The Best VPN Service for 2019: Reviews by Wirecutter, Yael Grauer: August 19, 2019. Writing for tech and consumer goods review site Wirecutter, Yael applies their rigorous, practical selection method to VPNs. Expect this to get regular updates, as with most of their tech product reviews. What’s a VPN, you ask? Yael writes, “Using a VPN can stop your computer or mobile device from revealing your IP address to websites, services, and the rest of the Internet when you connect.”

So What The Hell is Doxxing?, Decca Muldowney : November 4, 2017.

This article looks into what “dropping documents” is and how it effects people. It looks into some of the methods used by doxxers & how to protect your information from them. Pro tip: The article includes links to opt-out forms to remove or hide information on data broker sites.

Privacy Recipe: creating an online persona Sometimes it is near impossible to use a service without providing some information or signing up. The best solution to that is of course creating a new person who can sign up for you keeping your identity and data safe. This guide explains how. pro tip: Great if you need a virtual phone number or are learning the more advanced opsec.

Simple Opt-Out This is exactly as advertised, a simple web site that list some services with terms you might not have known about and a simple way to opt out of that agreement. Many people never really read the “terms of usage” and many services allow opt out later. pro tip: Some services let you opt out of the most privacy violating terms and still use the service with little to no change. Its never too late to OPT OUT.

You too can hop in with Anonymous Tapir and Anonymous Sloth.

Big Ass Data Broker Opt-Out List: Yael Grauer, October 16, 2019. A list of approaches for removing data from data brokers — companies that sell bulk access to consumers’ personal data. The removal methods vary widely, so the list categorizes each of the approaches for removing data from each respective data broker portal.

How to Use Signal Without Giving Out Your Phone Number, Micah Lee: September, 2017.

One of the downsides of Signal is that you have to give out your phone number to anyone you want to talk to, which may not be ideal if you are working with strangers, people you don’t trust, or if you are using your phone number for two-factor authentication. This guide will show you how to use Signal with an alternate phone number, allowing you to preserve the privacy of your real phone number. Pro tip: While reading up, consider checking out two other resources on the same topic here and here.

DIY Feminist Cybersecurity, Noah Kelley: 2017.

This is a useful guide because if you skip all the way down to the lilac colored “Find the right tools for your security needs” section, there are three flavors of security levels: “Casual,” “Friends and family,” and “Advanced.” Each is a good roundup for different risk levels/threat models. It’s also available in Spanish.

Surveillance Self Defense for Journalists, The Intercept: January, 2017.

As an adversarial journalism outfit, The Intercept has arguably the best infosec/opsec skills of any U.S. newsroom. They know that journalists don’t have time to read a long post. This is a fast read that asks reporters to categorize digital safety knowledge (beginner, intermediate, advanced) and gives a prescriptive list of things to do for each level.

Journalists in Distress: Securing Your Digital Life, Canadian Journalists for Freedom of Expression: January 2017.

This page provides a matrix to give basic education on a variety of topics facing reporters. Also available in Arabic and Français.

Security Basics, Olivia Martin: January, 2017. Digital Security can be overwhelming often people have one simple question, “Where do I begin?” In this post Olivia walks through 11 important things anyone can do right now. Its a great read for beginners and pros too.

A First Look at Digital Security, by Floriana & Sage Cheng: Updated March 2019.

The authors have a lightweight approach to threat modeling and use of beautifully drawn cartoons to get the point across. They share threat models that others can adopt or apply to their own.

Getting Started With Digital Security, Dia Kayyali: November 16, 2016.

Pro tip: There are many “getting started” type guides but this one is from the point of view of an activist. It goes over an example of a threat model an activist faces, offering specific and culturally relevant guidance. The article is great for anyone working with people who document or record abuse. It’s also a nice segway into the WITNESS library of related materials, which are translated into 15 languages.

Surveillance Self-Defense Against the Trump Administration, Micah Lee: November, 2016.

In this post Micah begins with basic recommendations like encrypting your phone then lays out a very secure workflow highly technical movement building organizations and groups. This includes a tor hidden service (potentially with stealth auth). It is highly technical.

Cybersecurity for the People: How to Keep Your Chats Truly Private with Signal, Micah Lee, May 2017.

In this post, Micah Lee demonstrates how to set up and use Signal for private messaging, video, and voice chat. To maximize Signal’s security, he also describes how to lock down your mobile device, verifying the security of your conversations, as well as how to use the desktop app. Pro tip: For related articles on this topic, see this article from the Freedom of the Press Foundation, and the Electronic Frontier Foundation (iOS, Android).

Encrypting Your Laptop Like You Mean It, Micah Lee: April, 2015.

Pro tip: The cornerstone of digital safety is hardware encryption/full disk encryption of the devices we use the most, our laptops and phones. Here Micah walks through the options starting with what is already there.

Securing Your Digital Life Like a Normal Person, Martin Shelton: Regularly updated.

The article answers the question, “What can I, Normal Person, do to improve my security?” Covering how to be safer when browsing the web, how to encrypt all the things, how to secure web logins, and more.