Hacker
Professional
- Messages
- 1,044
- Reaction score
- 834
- Points
- 113
You are right: they are. Please keep in mind that while many of the items on this list are convenient for any digitally knowledgeable citizen, this list is - indeed - intended for whistleblowers, journalists, dissident citizens living in repressive countries, and the strongest privacy advocates.
First, it's worth reminding yourself why this guide is 100% necessary:
There are those among us whose desire for free and uncontrolled communication leads to arrest, or imprisonment.
There are those among us who are imprisoned simply for speaking out against their government.
Hundreds of journalists who try to share important information with the public have recently been jailed. Or outright killed. Life and death are at stake, the stakes are very, very high.
Getting ready:
To begin with, we need to understand that a truly secure communications device requires not only certain hardware and software, but also specific guidelines as to when, when, and where users should try to use that device.
This means that you need to change yourself. A simple system change won't work here.
It takes discipline, focus and determination. Just know: you need to use and handle your secure communication device in a very different way than you would with a regular mobile phone.
Let's say we want to assume that our enemy has the time, intelligence and money he needs to get what he wants from our phone.
Our goal is to make this mission impossible or as difficult as possible. To do this, we need to understand how the psychology and methods of the enemy work, and only then understand what we need to defend against.
For example, using the Signal app is not enough.
Yes, Signal uses a very secure technology called end-to-end encryption (or E2EE) to protect all user communications from prying eyes. And yes, E2EE is so secure that even if Signal wants to spy on users on its own platform, it won't be able to.
In the meantime, hackers who really want to target you, instead of brute force, will look for ways to bypass this blocking. And one of the easiest ways to bypass Signal protection is to try to compromise your entire mobile phone or computer.
This is called "endpoint capture".
When an attacker uses malware to control or monitor your endpoint, they can see your messages as they are entered, before they are encrypted. This is not very good.
Therefore, for those who are in a difficult situation and want to get the most secure communication, I would advise the following basic rules in order to better prepare for the battle with an invisible and dangerous enemy.
Basic Rules
Buy a second smartphone as a secure communication device.
If you're on a tight budget, buy a used phone.
Apple sells refurbished iPhones, for example. Use your main smartphone for all the usual things like social media, email, online shopping, and texting, no one has canceled it.
Use only the second smartphone for business communication, nothing more. Make sure your second device is an iOS device.
While some of you will say something about anonymity, I will say that Apple's iOS is much safer than Windows or Android.
Install only the base OS and secure messaging applications on your "secure iPhone".
Completely destroy any new or used iPhones you purchased before installing iOS - iOS 9 and later only - and your security apps.
Never install email, social media, transportation apps, online shopping or banking apps, or make any connections to iCloud.
NOTHING BUT IOS AND SECURITY APPS.
Set a long, complex passcode on your iPhone.
Disable TouchID and FaceID. NEVER let your biometrics unlock your device: this is a gift for your foes.
Yes, this is inconvenient for you, but you can tolerate it for your own safety.
Disconnect your iPhone from geolocation.
Disable the Noticeable Locations setting on your iPhone.
Buy and use a phone security screen. This will reduce the ability of other people to see what is happening on your screen.
Privacy screens exist for iPhone X, iPhone 6/7/8, iPhone 5 and earlier.
Make sure your home network is secure. Most home routers are manufactured by several companies. Find the make and model of your router - they are usually printed somewhere on the side or bottom of the device. Then visit the website that supports the router you purchased.
Change the default password on your router to something long, unique, and memorable just for you.
Update your router's software, also known as firmware.
Disable remote access to your router
For a wireless connection, use the WPA2 AES encryption option. When it becomes available on your router, use WPA3, even stronger encryption.
Change your wireless network name (also called “SSID”) to NOT include your name, address, or other sensitive information.
Hide your wireless network from broadcasts.
Disable all Wifi Protected Setup (WPS) and Universal Plug and Play (UPNP) features on your router.
Turn off your router when you go to bed or leave the house.
Create two wireless networks in your home: a primary network that only you can access and use, and a second network, a guest network, that only your friends or family can access.
Make sure your home is free of all tracking devices. First, throw all Amazon Alexa or Google Home devices out the door.
Alexa devices can record and send audio files without your permission, but Google devices.
Further, if you have reason to believe that you are being monitored or intercepted, purchase an available program to find and fix such things.
These handheld devices can be used to search your home, hotel room, car, or anywhere else to find hidden cameras, microphones, or other bugs that use radio frequencies.
Use your secure phone only at home.
Now that you have a stronger and more secure home network, only use your secure iPhone there.
If you need to use your phone in public, be careful. In situations like this, know who can see your screen or hear your voice.
Don't use Siri, you can communicate only through text, no voice or video chats.
Find and use a reliable and secure VPN. If you live in hard mode, you might even need it to download some of the apps I recommend, let alone use them.
Use Signal for secure messaging. It is the industry leader in E2EE messaging. Your messages can only be read by you and your interlocutor.
Download the iOS app, it's free. And remember: never use the Signal app on your computer.
Your task is to have one and only one device from which you send messages!
For secure email use ProtonMail. It is one of the leaders in the field of encrypted mailboxes. ProtonMail messages sent between two users can be read by them and by no one else.
Download the iOS app. During dialogues, always insist that the interlocutor communicate with you only through such mailboxes.
Turn off all lock screen notifications.
There is no point in letting someone walking by your phone accidentally see notifications popping up on your lock screen from a secret informant, for example.
Caveats
I caution, as always, that all security and privacy is based on best research and best practices.
Nothing is 100 percent safe. That being said, I think this list of guidelines is easy to understand and follow for most people. At least for now.
Just remember: technology changes over time, which means our approach to security must change as well.
First, it's worth reminding yourself why this guide is 100% necessary:
There are those among us whose desire for free and uncontrolled communication leads to arrest, or imprisonment.
There are those among us who are imprisoned simply for speaking out against their government.
Hundreds of journalists who try to share important information with the public have recently been jailed. Or outright killed. Life and death are at stake, the stakes are very, very high.
Getting ready:
To begin with, we need to understand that a truly secure communications device requires not only certain hardware and software, but also specific guidelines as to when, when, and where users should try to use that device.
This means that you need to change yourself. A simple system change won't work here.
It takes discipline, focus and determination. Just know: you need to use and handle your secure communication device in a very different way than you would with a regular mobile phone.
Let's say we want to assume that our enemy has the time, intelligence and money he needs to get what he wants from our phone.
Our goal is to make this mission impossible or as difficult as possible. To do this, we need to understand how the psychology and methods of the enemy work, and only then understand what we need to defend against.
For example, using the Signal app is not enough.
Yes, Signal uses a very secure technology called end-to-end encryption (or E2EE) to protect all user communications from prying eyes. And yes, E2EE is so secure that even if Signal wants to spy on users on its own platform, it won't be able to.
In the meantime, hackers who really want to target you, instead of brute force, will look for ways to bypass this blocking. And one of the easiest ways to bypass Signal protection is to try to compromise your entire mobile phone or computer.
This is called "endpoint capture".
When an attacker uses malware to control or monitor your endpoint, they can see your messages as they are entered, before they are encrypted. This is not very good.
Therefore, for those who are in a difficult situation and want to get the most secure communication, I would advise the following basic rules in order to better prepare for the battle with an invisible and dangerous enemy.
Basic Rules
Buy a second smartphone as a secure communication device.
If you're on a tight budget, buy a used phone.
Apple sells refurbished iPhones, for example. Use your main smartphone for all the usual things like social media, email, online shopping, and texting, no one has canceled it.
Use only the second smartphone for business communication, nothing more. Make sure your second device is an iOS device.
While some of you will say something about anonymity, I will say that Apple's iOS is much safer than Windows or Android.
Install only the base OS and secure messaging applications on your "secure iPhone".
Completely destroy any new or used iPhones you purchased before installing iOS - iOS 9 and later only - and your security apps.
Never install email, social media, transportation apps, online shopping or banking apps, or make any connections to iCloud.
NOTHING BUT IOS AND SECURITY APPS.
Set a long, complex passcode on your iPhone.
Disable TouchID and FaceID. NEVER let your biometrics unlock your device: this is a gift for your foes.
Yes, this is inconvenient for you, but you can tolerate it for your own safety.
Disconnect your iPhone from geolocation.
Disable the Noticeable Locations setting on your iPhone.
Buy and use a phone security screen. This will reduce the ability of other people to see what is happening on your screen.
Privacy screens exist for iPhone X, iPhone 6/7/8, iPhone 5 and earlier.
Make sure your home network is secure. Most home routers are manufactured by several companies. Find the make and model of your router - they are usually printed somewhere on the side or bottom of the device. Then visit the website that supports the router you purchased.
Change the default password on your router to something long, unique, and memorable just for you.
Update your router's software, also known as firmware.
Disable remote access to your router
For a wireless connection, use the WPA2 AES encryption option. When it becomes available on your router, use WPA3, even stronger encryption.
Change your wireless network name (also called “SSID”) to NOT include your name, address, or other sensitive information.
Hide your wireless network from broadcasts.
Disable all Wifi Protected Setup (WPS) and Universal Plug and Play (UPNP) features on your router.
Turn off your router when you go to bed or leave the house.
Create two wireless networks in your home: a primary network that only you can access and use, and a second network, a guest network, that only your friends or family can access.
Make sure your home is free of all tracking devices. First, throw all Amazon Alexa or Google Home devices out the door.
Alexa devices can record and send audio files without your permission, but Google devices.
Further, if you have reason to believe that you are being monitored or intercepted, purchase an available program to find and fix such things.
These handheld devices can be used to search your home, hotel room, car, or anywhere else to find hidden cameras, microphones, or other bugs that use radio frequencies.
Use your secure phone only at home.
Now that you have a stronger and more secure home network, only use your secure iPhone there.
If you need to use your phone in public, be careful. In situations like this, know who can see your screen or hear your voice.
Don't use Siri, you can communicate only through text, no voice or video chats.
Find and use a reliable and secure VPN. If you live in hard mode, you might even need it to download some of the apps I recommend, let alone use them.
Use Signal for secure messaging. It is the industry leader in E2EE messaging. Your messages can only be read by you and your interlocutor.
Download the iOS app, it's free. And remember: never use the Signal app on your computer.
Your task is to have one and only one device from which you send messages!
For secure email use ProtonMail. It is one of the leaders in the field of encrypted mailboxes. ProtonMail messages sent between two users can be read by them and by no one else.
Download the iOS app. During dialogues, always insist that the interlocutor communicate with you only through such mailboxes.
Turn off all lock screen notifications.
There is no point in letting someone walking by your phone accidentally see notifications popping up on your lock screen from a secret informant, for example.
Caveats
I caution, as always, that all security and privacy is based on best research and best practices.
Nothing is 100 percent safe. That being said, I think this list of guidelines is easy to understand and follow for most people. At least for now.
Just remember: technology changes over time, which means our approach to security must change as well.
