With everything going on lately, I thought this might be a good time to brush up on some digital privacy tips. Whether you’re organizing in the streets or hustling bootleg mixtapes online, I’d encourage everyone to stay safe and be proactive about protecting your own and others digital privacy.
To be clear, I’m not a privacy or legal expert. I just want everyone be aware of some basic steps available to protect sensitive information and stay safe online. I’d also suggest you cross-reference my suggestions, since I’m just some dude on the internet.
0. Encrypt all the things.
When it comes to security, you’ll likely see the word “encryption” a lot. In short, encryption stores data in an unreadable format. This makes it much harder for third-parties to access that encrypted data. You can (and should!) encrypt messages, photos, and any other data on your devices. Wherever possible, you should encrypt your data and communications.
You can read more about encryption and find device-specific instructions in DuckDuckGo’s recently published guide to encrypting your devices.
1. Use Signal instead of texts or DMs.
Messages that you send over plain SMS text messages or social media are not encrypted. If you say something via text or social media, whether it be a post or private DM, treat it as if it were public. That goes for any online service or social network.
Instead of using SMS texts or DMs on social media, you can use Signal. Signal is a free and open source messaging app that allows you to communicate securely. Apps for iOS, Android, and most operating systems are available on the Signal site. You can set it as your default messaging app on your phone to replace the default text messaging app.
As an added bonus, Signal recently introduced a set of blur tools. This new feature can automatically detect and blur faces in your photos. As the author of that blog post notes, 2020 seems like a good year to cover your face.
You should encourage those you communicate with to use Signal as well, to ensure both sides are secure. If it’s not end-to-end encrypted, treat it as if it were public record.
2. Use ProtonMail instead of Gmail.
Most email providers do not encrypt your messages either. Instead of using Gmail, Yahoo, or another common email provider, you can use ProtonMail. ProtonMail is open source and offers several plans, including a free plan. All ProtonMail emails are encrypted by default and provide many security features out-of-the-box.
ProtonMail’s servers are located in Switzerland. As such, all user data is protected by strict Swiss privacy laws. Beyond that, the interface is simple and easy-to-use. There are ProtonMail apps for Android and iOS, so you can take it with you on the go.
3. Encrypt your phone.
Your phone is often your biggest liability, since it will usually be on your person. As the title of this post suggests, I’d first encourage you to use a burner. But I realize that may not always be possible. Either way, you’ll want to make sure your phone is encrypted.
Both Android and iOS have built-in features to automatically encrypt your device. This prevents anyone else from easily accessing information on your phone. When your phone is encrypted, even if someone has physical access to it, they will be unable to access information stored on it so long as it stays locked.
DuckDuckGo has step-by-step instructions to encrypt your phone here:
4. Use a passcode.
Of course, none of this matters if someone can simply unlock your phone. And it’s worth noting that Law Enforcement can force you to unlock your phone if you use biometrics – like a fingerprint or Face ID. Instead of using Face ID or a fingerprint to unlock your phone, use a passcode or passphrase. Law Enforcement cannot force you to reveal a password or passcode.
A strong passcode should be at least six digits long and shouldn’t contain easy-to-guess numbers, like your birthday or birth year. If your phone is encrypted and locked with a strong passcode, you can greatly reduce the liability that a mobile device poses.
In addition to the technical-side, it’s also important to familiarize yourself with the legal-side. You can read the Electronic Frontier Foundation’s guide to learn more about your rights when it comes to digital devices.
5. Remove Exif data from photos.
When you take a picture on your phone, metadata is saved within the image file itself. This is called Exif data and often includes the exact time, GPS location, and additional information about your photo and your device.
Before you share photos, remove the Exif data that contains this sensitive information. You can use an app like Scrambled Exif to do so on Android, which is free in the Play store and via F-Droid, or the Exif Metadata app on the iOS App Store:
If this Exif data is not removed, it can easily be used to determine exactly when and where a photo was taken. To err on the side of caution, always remove the Exif data from photos before sharing them.
6. Enable lockdown mode.
Android offers a “lockdown” mode. This mode allows you to quickly disable fingerprint sensors, face scanners, and voice recognition. It will also prevent incoming notifications from being displayed on your lock screen. You will then only be able to unlock your phone using your passcode or passphrase.
If you suspect you might get hemmed up, turn your phone completely off or enable “lockdown” mode right away. If your phone is encrypted and locked down with a strong pin or password, your data will not be easily accessible.
I’m not aware of a feature on iOS that offers exact parity to Android’s lockdown mode. But you can update your iOS settings in advance to replicate the features of lockdown mode. You can also hit the power button five times on an iPhone to disable biometrics, like fingerprint or Face ID.
7. Download the ACLU App.
The ACLU offers a free Mobile Justice app for Android and iOS. This app allows you to record and report interactions with Law Enforcement. All footage and reports submitted through this app will be sent immediately to your local ACLU affiliate.
The Android version of the app even provides the option to automatically lock your phone when you start recording. There are state-specific apps which you can find and learn more about on the ACLU’s website.
8. Use a VPN.
Finally, you should use a VPN. A VPN encrypts your internet traffic and sends it through a secure tunnel. You can think of it like a blackout envelope for your digital traffic. This helps to keep confidential information like logins and passwords safe.
There are quite a few VPN providers out there. Most of the time I would shy away from free VPNs as a rule; if a product is free, you’re the product. With that said, ProtonVPN is made by the same people that make ProtonMail and they do off a free VPN plan.
ProtonVPN has apps for all major desktop and mobile operating systems. It’s easy-to-use and you can set it up to automatically secure all traffic on your device. The ProtonVPN app also allows you to tunnel traffic through different regions or countries.
Bonus: Is that Netflix show blocked in your region? If so, you might be able to get around that region-block with a VPN.
Hopefully you’ll never need to worry about any of the above. But if you do, it’s better to err on the side of caution and be proactive in managing your own digital privacy. This list is far from exhaustive. But I hope it at least helps provide some information about the basics.
If you have questions, suggestions, or feedback let me know!