Safety Toolkit

We've looked at some of the ways tech-related violence occurs, how it violates your rights and what strategies you can use to protect yourself. Here we recommend tried and tested tools for keeping your computer and mobile phone as secure as possible.

Most of the tools are free and/or open-source software (known as FLOSS). This software is usually much safer than closed, or proprietary, software created by Microsoft or Apple because it has been independently verified to ensure that it complies with the highest security standards. For that reason, we recommend Android and PC over Apple, though many of the tools we list can be used with either.

Note that some of the tools we recommend come with caveats. Not all recommended tools are perfect, but they are the best available options.

Security-in-a-box

The links will take you to Security-in-a-box, a collaborative project devoted to digital security and privacy. There you can download software and access hands-on guides that teach you how to install and use these tools. With each chapter, be sure to read “1.1 Things you should know about this tool before you start”.

Security-in-a-box is available in 16 languages. We link to the English, but click on the drop-down box in the upper right of their webpage for other languages. Kudos to Tactical Technology Collective and Front Line Defenders for such a great kit.

What do I need to do to...

Keep hackers away from my internet connection
What do I need to know?

Choose a strong password for your Wi-Fi connection. When your Wi-Fi is set up, make sure the connection is WPA2. WEP is child's play to hackers.

On your computer

Choose a strong password for your computer. When using public Wi-Fi, your line of defence is your firewall.

On your mobile

Choose a strong password for your mobile.

Keep my device secure
What do I need to know?

Most computers come with a firewall already installed. This gives you control over downloads and lets you check software updates, preventing hacking. Make sure the firewall is activated.

On your computer

We recommend Comodo. Comodo will help to protect your computer from attacks and allow you to easily manage programme requests when online.

On your mobile

We suggest you take a look at the options offered here.

Protect against viruses
What do I need to know?

Anti-virus programmes are important and relatively simple ways to secure your PC, as viruses can be deliberately sent to corrupt your system and files.

On your computer

We recommend Avast. With Avast, you can find and remove viruses and prevent new viruses. Be sure to update it regularly.

On your mobile

We suggest you take a look at the options offered here.

Connect to the internet securely from home
What do I need to know?

Wireless internet connections send a signal through the air for tens of metres and any computer within range with a wireless card can pull the signal from the air and access information exchanged through the internet or in your computer.

On your computer

Use a cable to connect to your modem instead of Wi-Fi.

If you use Wi-Fi, make sure your router and computer are as secure as possible.

Choose a strong password for your connection.

On your mobile
Connect to the internet securely on public Wi-Fi
What do I need to know?
As much as possible, avoid using public wireless hotspots. Although they are often “free”, the provider may be tracking your information and your devices are vulnerable to hacking. If you have to connect to a public or untrusted network (e.g. hotel or coffee shop), use a virtual private network (VPN) for your computer or mobile. VPN encrypts your connection so that hackers cannot monitor your internet use and capture your passwords. Find out more about using public hotspots.
On your computer

We recommend Firefox

Use the Firefox browser and install Firefox's free add-on, HTTPS-Everywhere, to force the browser to use encryption whenever possible.

Only log in or send personal information to websites that begin with https.

When you’ve finished using an account, log out.

Keep your browser and security software up to date. If your browser says you are about to visit an insecure site, leave unless you are sure.

On your mobile

Control when and how your mobile connects to the internet. Think about changing the phone settings so that it doesn’t automatically connect to nearby Wi-Fi as you move through the city.

Protect against spying: malware
What do I need to know?

Malware and spyware are used to track, record and watch what you do online. Good software “immunises” your computer against these attacks and removes any that are already present.

On your computer

We recommend Spybot.

Additional tools for particularly stubborn wares are also available on the Spybot page. 

Further protection:
SuperAntiSpybot
Malwarebytes Anti-Malware

On your mobile

We suggest you take a look at the options offered here.

Protect against spying: webpages
What do I need to know?

The overwhelming majority of malware and spyware infections originate from web pages. It is critical that you always consider whether it's safe to click on a URL, especially if it was sent to you by email. It is advisable never to click on a link in an email unless you trust the sender.

On your computer

If you think the link is legitimate, check it. Type the URL into a page scanner such as:
Online Link Scan
VirusTotal
PhishTank

On your mobile

We suggest you take a look at the options offered here.

Keep my passwords and passphrases safe
What do I need to know?

It can be tedious, but good password practice is essential for keeping your devices and data secure.

You can install software to generate strong (“unbreakable”) passwords and save all passwords in one convenient, secure database.

Use separate databases for each piece of technology and a different master password for each.

On your computer

We recommend KeePass.

You can put KeePass on a USB stick and carry it with you when you need to access your information from other devices.

KeePass doesn't require any prior configuration or specific installation instructions.

On your mobile

We recommend KeePassDroid.

KeePassDroid does not require any prior configuration or specific installation instructions. It's ready to go when you are.

Use KeePassDroid's Random Generator for a super-strong password.

Keep my data for my eyes only (encrypt files)
What do I need to know?

If someone hacks into your laptop or gets their hands on your phone despite your precautions, the next line of defence is encryption.

Use software that will routinely back up and encrypt your files. Only you, the person with the password, can read them.

On your computer

We recommend Cobian.

Cobian backs up and encrypts every time.

On your mobile

We recommend using Android Privacy Guard to encrypt files before transferring them to a computer for encryption as soon as possible.

APG lets you encrypt and decrypt single files or emails, but there are limitations with encryption apps for smartphones.

Ensure that any encryption app you choose uses the 256-bit Advanced Encryption Standard (AES).

Delete my recent internet usage history
What do I need to know?

Limit the ways malicious parties can monitor your work habits and preferences or infect your system.

To do this, permanently delete your browser history, cookies and other temporary files created during your work session.

On your computer

We recommend CCleaner.

CCleaner removes your online history and also cleans your computer system, a handy added bonus.

On your mobile

We suggest you take a look at the options offered here.

Delete files and leave no trace at all
What do I need to know?

Beware that when you delete files on your computer, even if you use CCleaner, they could still be recovered by a techie.

To permanently delete unwanted files from your computer, you will need special software.

On your computer

We recommend Eraser.

Install Eraser to permanently delete sensitive data from your computer. You can select files or folders to erase, and it writes over the data.

Eraser can also delete any copies of files that exist on your computer without your knowledge.

On your mobile

We suggest you take a look at the options offered here.

Make my email secure
What do I need to know?

If you want to be sure that no one else can read your mail, avoid Windows Outlook or free email services like Gmail.

Thunderbird with Enigmail and GPG allows you to read and compose messages after disconnecting from the internet and to use public key encryption to keep your email private.

On your computer

We recommend Mozilla Thunderbird with Enigmail and GPG.
Thunderbird lets you download email messages and manage them offline. Enigmail and GPG provide access to authentication, digital signing and encryption.

On your mobile
Have extra-secure email
What do I need to know?

If you have serious concerns about your ability to keep your email private, Riseup is a social organisation that provides ultra-secure email and webmail for activists and others. Unless you personally know two Riseup members, you will have to wait several weeks for an account.

On your computer

Visit the Riseup site to find out more.

On your mobile
Surf the web without anyone following me
What do I need to know?

Avoid Microsoft's Internet Explorer, as it is very vulnerable. Instead, use Firefox, Chrome or Opera browsers.

Read more about how to browse the web anonymously.

On your computer

We recommend Firefox with the HTTPS-Everywhere add-on.

The add-on will allow Firefox to encrypt your interaction with major websites.

On your mobile

We recommend Firefox for Android.

Surf the web completely anonymously
What do I need to know?

You can disguise your identity and browsing by using Tor.

Servers in the Tor network do not know your location or the sites you are visiting.

WARNING: What you do online will be slowed significantly.

On your computer

We recommend the Tor Browser Bundle.

This includes:
Tor software
A modified version of Firefox
NoScript
HTTPS-Everywhere.

On your mobile

We recommend Orbot.

Orbot allows your mobile to access Tor.

Keep my online conversations private
What do I need to know?

Many social networking sites offer chat options. This is one of the most insecure ways to communicate online.

Skype is supposedly encrypted, but since it is proprietary software, we cannot confirm whether or not that is really the case.

On your computer

We recommend Jitsi as a safer alternative to Skype.

WARNING! Jitsi uses Java, which is vulnerable to sypware. The additional security of Jitsi is still important, but use Java with care.

Another option is Cryptocat, which is used by some activists and journalists, although it has a history of vulnerabilities.

On your mobile

We recommend TextSecure.

This will encrypt SMS messages as they are sent or while they reside on your phone.

WARNING! Both you and the person you are talking to should be using the same encrypted service.


Smartphone specifics

Mobile phones are like mini-computers, so it's important to protect your mobile data and communications in a similar way to your computer.

Four tips for better smartphone privacy and security

  1. Password-protect your phone and use encryption.
    If someone gets their hands on your phone, you can prevent them from reading its stored data by putting a strong password on the phone and encrypting its contents. Apple iPhones offer this by default after you set a passcode. For Android, you must manually turn on encryption in the settings.
  2. Choose encrypted apps for calls and texting.
    Phone calls and text messages are easily tracked or intercepted. Use encrypted conversation apps like Android's TextSecure or Apple's FaceTime and iMessage. Educate your family, friends and associates, as anyone you are talking to needs to use the same encrypted service for you both to be covered.
  3. Always update your Android or iOS system.
    Hackers and spies take advantage of newly discovered loopholes and backdoors, so always update your mobile's operating system. This is where Apple carries an advantage, as it pushes iOS updates directly to users. Google updates Android frequently, but updates sometimes take time to become available to users. Google's Nexus phones are the most easily updated Android models.
  4. Use a second phone for maximum security.
    Phones are designed to be locatable, and many apps are designed to share data even when you don't realise it. More apps on your phone equals more risk. If you are concerned about your privacy, keep one phone for fun stuff and another for essential communication only.