HO KK =J O<=G@JA>JIO@ION P @ P U = ? ? = P ? E ? K O R @ B = K N Diomj_p^odji 1 Oa_qnepuej)])^ktwas developed by the Tactical Technology Collective and Front Line in collaboration with: ,) Cjrojkmjo`^otjpm^jhkpo`m Coordination, writing & editing Wojtek Bogusz Dmitri Vitaliev amjhh\gr\m`\i_c\^f`mn 9 Chris Walker Viruses 10 Additional writing Cormac McGuire Benji Pereira Spyware 12 English proofreading Caroline Kraabel Firewalls 13 & copy editing Benji Pereira Keeping your sofware up-to-date 15 Lead tester Rosemary Warner Design Lynne Stuart -)Cjrojkmjo`^otjpmdiajmh\odji Curriculum development Pamela Teitelbaum Dmitri Vitaliev amjhkctnd^\gocm`\on 21 Coordination of Louise Berthilson Assessing your risks 21 software localisation Alberto Escudero Pascual Protecting your information from Spanish team Translation Phol Edward Paucar Aguirre physical intruders 23 Editing Katitza Rodríguez Pereda Webmaster Angelin Venegas Ramírez Maintaining a healthy environment Localisation Diego Escalante Urrelo for your computer hardware 26 Proofreading Carlos Wertheman Creating your physical security policy 27 French Team Editing, translation & localisation Patrick Cadorette Translation & localisation Alexandre Guédon Proofreading Miriam Heap-Lalonde .)Cjroj^m`\o`\i_h\dio\di Editing Fabian Rodriguez n`^pm`k\nnrjm_n 33 Russian Team Selecting and maintaining secure passwords 33 Translation Emin Akhundov Translation Alexei Bebinov Remembering and recording secure passwords 35 Translation Alexander Lapidus Proofreading Ksenia Shiryaeva Editing, translation & localisation Sergei Smirnov /)Cjrojkmjo`^ooc`n`indodq`Ùg`n Arabic Team Editing, translation & localisation Ahmad Gharbeia jitjpm^jhkpo`m 43 Editing Manal Hassan Translation & localisation Khaled Hosny Encrypting your information 44 Translation Mahammad F Kalfat Hiding your sensitive information 46 Special Thanks to The Citizen Lab, Robert Guerra, Internews, RiseUp,The Tor Project & VaultletSoft Funder ee eee 0)Cjrojm`^jq`mamjhdiajmh\odjigjnn 53 Identifying and organising your information 54 Defning your backup strategy 56 Creating a digital backup 58 Recovering from accidental fle deletion 61 1)Cjroj_`nomjtn`indodq`diajmh\odji 67 Deleting information 68 Wiping information with secure deletion tooll 69 Tips on using secure deletion tools efectively 71 Tips on wiping the entire contents of a storage device 72 2) Cjrojf``ktjpmDio`mi`o ^jhhpid^\odjikmdq\o` 77 Securing your email 78 Tips on responding to suspected email surveillance 83 Securing other Internet communication tools 84 Advanced email security 85 3)Cjrojm`h\di\ijithjpn\i_ ]tk\nn^`injmncdkjioc`Dio`mi`o 93 Understanding Internet censorship 94 Understanding censorship circumvention 96 Anonymity networks and basic proxy servers 97 Specifc circumvention proxies 101 Bgjnn\mt 107 er r Diomj_p^odji Advocates are increasingly concerned about their digital security, and with good reason. While computers and the Internet can be extremely powerful tools for advocacy, they also expose groups (that may already be quite vulnerable) to new risks. As more advocates have begun to rely on digital technology to achieve their outreach, data-collection, information design, communication and mobilisation objectives, these risks have become greater. If you are an advocate who focuses on sensitive issues, or you work closely with such people, then you have probably experienced (or heard stories about) digital security and privacy threats. Computers and backup drives that were confscated, passwords that changed mysteri- ously, local websites that were hacked or overloaded by malicious Inter- net trafc, foreign websites that can no longer be accessed and emails that appear to have been forged, blocked, modifed or read by someone other than the intended recipient. Tese are true stories, and many of them are set in an environment that makes maters even worse, one in which computer operating systems are frequently out-of-date, sofware is ofen pirated and viruses run rampant. Tis toolkit provides explanations of, and solutions for, threats like these. It was created by a diverse team of experts who understand not only the conditions under which advocates work, but also the resource restrictions they face. While Security in-a-box is designed primarily to address the grow- ing needs of advocates in the global South, particularly human rights defenders, the sofware and strategies in this toolkit are relevant to digital security in general. It has something to ofer anyone who works with sensitive information. Tis may include vulnerable minorities and independent journalists or ‘whistle-blowers’, in addition to advocates working on a range of issues, from environmental justice to anti-corrup- tion campaigns. CJROJPN@OC@N@>PMDOTDI(<(=JSOJJGFDO Tis toolkit has three major components: j the How-to Booklet j the Hands-on Guide j a selection of freeware and Open Source sofware Tis How-to Booklet is designed to explain the issues that you must understand in order to safeguard your own digital security. It seeks to identify and describe the risks you face and help you make informed re - decisions about how best to reduce those risks. To this end, it answers order. Security is a process, and there is ofen litle point in trying to eight broad questions related to basic security, data protection and com- defend yourself against an advanced threat to your communication munication privacy. privacy, for example, if you have not yet ensured that your computer At the beginning of each chapter, you will fnd a background is free of viruses and other malware. In many cases, this would be like scenario populated by fctional characters who will reappear in brief locking your door afer a burglar is already in your home. Tis is not to conversations throughout the chapter in order to illustrate certain say that any one of these eight topics is more important than any other, points and answer common questions. You will also fnd a short list it is simply that the later chapters make certain assumptions about what showing what you can learn fom this chapter. It is a good idea to scan you already know and about the state of the computer on which you are through this list before you begin reading. As you work through a chap- about to install sofware. ter, you will encounter a number of technical terms that are highlighted Of course, there are many good reasons why you might want to in green and defned in the glossary at the end of the booklet. You will work through these chapters out of sequence. You might need advice also fnd references to the specifc sofware discussed in the toolkit’s on how to back up your important fles before you begin installing the Hands-on Guides. tools described in the frst Hands-on Guide. You might fnd yourself Tese Hands-on Guides are included, along with an electronic faced with an urgent privacy threat that justifes learning How to protect copy of the How-to Booklet, on the accompanying CD (or USB the sensitive fles on your computer, which is covered in Chapter 4, as memory stick, if you have a version of the toolkit that contains one). quickly as possible. Perhaps you are working from an Internet café, on Each guide explains how to use a particular freeware or Open Source a computer whose security is not your responsibility and from which sofware tool. Te Hands-on Guides highlight potential difculties, sug- you do not intend to access any sensitive information. If you want to use gest helpful tips and, most importantly, walk you through the process this computer to visit a website that is blocked in your country, there of confguring and using these tools securely. Tey include screenshots is nothing to prevent you from skipping ahead to Chapter 8: How to and step-by-step instructions for you to follow as you go along. remain anonymous and bypass censorship on the Internet. All of this sofware can be installed directly from the toolkit or Whatever path you take through the toolkit, we hope it answers downloaded free of charge from the Internet. In most cases, you can some of your questions, helps you understand some of your vulnerabili- install a tool simply by clicking on the appropriate link at the begin- ties and shows you where to look for solutions. ning of whichever guide explains that tool, then telling your browser to Open or Run the install program. If a Hands-on Guide provides special <=JPOOC@N@>PMDOTDI(<(=JSKMJE@>O installation instructions, you may have to save a fle to your Desktop, or Digital security and privacy threats are always unique to the work that some other location, in order to install that tool. Te Security in-a-box an advocate does and the environment in which that person operates. disc also includes a section called Portable Security, where you will fnd Furthermore, the collection of sofware that might help address those ‘portable’ versions of a few Security in-a-box tools. Tese versions are threats is constantly changing, and the tools themselves are frequently meant to be installed directly onto a USB memory stick so that you can updated. For these reasons, it is extremely difcult to create an ‘of- use them on any computer. the-shelf’ toolkit like Security in-a-box. Nothing stated in this toolkit Any single chapter or guide in this toolkit can be read individually, is absolute, and there is no replacement for a trusted, local expert who or formated in your browser for easy printing, or shared electronically. understands the environment you work in, is sympathetic to your cause However, you will get more out of Security in-a-box if you can follow and can help you identify the most up-to-date tools with which to the relevant links and references that are scatered throughout both the protect yourself. booklet and the sofware guides. Ideally, you will have this booklet in Nevertheless, we hope that Security in-a-box will give you an idea front of you while you work through the Hands-on Guides.