Digital Security
Digital Security
Section titled “Digital Security”Digital security protects you, your volunteers, and the communities you serve. These practices should become habits.
Phone Security Checklist
Section titled “Phone Security Checklist”Essential Settings
Section titled “Essential Settings”- Enable lock screen password - Use a strong PIN or password (not pattern)
- Turn off Face ID / fingerprint recognition - Biometrics can be compelled; PINs have more legal protection
- Turn off location services - Except when specifically needed
- Disable lock screen notifications - Messages shouldn’t be visible without unlocking
- Enable auto-lock - Short timeout (1-2 minutes)
- Encrypt your phone - Usually default on modern phones, verify in settings
Before Going to a Response
Section titled “Before Going to a Response”- Clear enough storage for video recording
- Charge phone fully
- Bring a backup battery if possible
- Consider bringing a second phone (burner) if available
- Know how to quickly lock your phone
Password Practices
Section titled “Password Practices”Strong Passwords
Section titled “Strong Passwords”- Use unique passwords for every account
- Minimum 12 characters
- Mix of letters, numbers, symbols
- Consider passphrases: “Correct-Horse-Battery-Staple”
Password Managers
Section titled “Password Managers”Use a password manager like:
- Bitwarden (free, open source)
- 1Password
- KeePassXC (local, open source)
Never store passwords in:
- Plain text documents
- Notes apps
- Email drafts
- Browser “save password” (unless using a secure browser manager)
Two-Factor Authentication (2FA)
Section titled “Two-Factor Authentication (2FA)”Enable 2FA on all accounts, especially:
- Signal
- Social media
- Cloud storage
Prefer authenticator apps over SMS when possible.
Communication Security
Section titled “Communication Security”Use Signal for Everything Sensitive
Section titled “Use Signal for Everything Sensitive”- End-to-end encrypted
- Disappearing messages option
- Usernames instead of phone numbers
Avoid for Sensitive Communication
Section titled “Avoid for Sensitive Communication”- Regular SMS/text
- Facebook Messenger
- Instagram DMs
- Email (unless encrypted)
- Phone calls (unless necessary)
In Signal Groups
Section titled “In Signal Groups”- Set disappearing messages (1 week recommended)
- Don’t share group invite links publicly
- Vet members before adding
- Remove members who leave the network
During Incidents
Section titled “During Incidents”Recording Safety
Section titled “Recording Safety”- Phone metadata can reveal your identity and location
- Consider turning off location tagging in camera settings
- Be aware that livestreaming reveals your location
If Your Phone Is Seized
Section titled “If Your Phone Is Seized”- Do NOT unlock it
- Say “I do not consent to a search”
- Request to speak with a lawyer
- Your lock screen PIN/password is legally protected (biometrics may not be)
Evidence Preservation
Section titled “Evidence Preservation”- Save original files without editing
- Note original filenames
- Share via Signal, not regular channels
- Back up to secure location
Social Media Caution
Section titled “Social Media Caution”Before Posting
Section titled “Before Posting”- Does this identify anyone who shouldn’t be identified?
- Does this reveal location or timing that could endanger people?
- Could this be used against the network?
- Did I get consent from people in the image/video?
Account Security
Section titled “Account Security”- Use strong, unique passwords
- Enable 2FA
- Review privacy settings regularly
- Be cautious about friend/follow requests from unknowns
Metadata
Section titled “Metadata”- Photos contain EXIF data (location, time, device)
- Strip metadata before posting if possible
- Use tools like ExifTool or phone settings
Device Security
Section titled “Device Security”Keep Updated
Section titled “Keep Updated”- Operating system updates
- App updates
- Security patches
Don’t delay security updates—they fix vulnerabilities.
App Permissions
Section titled “App Permissions”Review and limit:
- Location access (only when using)
- Microphone access
- Camera access
- Contact access
Avoid Risky Apps
Section titled “Avoid Risky Apps”- Apps from unknown sources
- Apps requesting excessive permissions
- Apps known for data collection
Physical Security
Section titled “Physical Security”If Detained
Section titled “If Detained”- Know your rights
- Don’t unlock your phone
- Ask for a lawyer
- Give phone to a trusted person if possible before arrest
Device Seizure
Section titled “Device Seizure”If you anticipate seizure:
- Use strong encryption
- Enable remote wipe capability
- Know how to quickly lock/wipe if needed
- Have backup plans for communication
Recommended Tools
Section titled “Recommended Tools”Secure Communication
Section titled “Secure Communication”- Signal - Messaging
- ProtonMail - Email
- Tor Browser - Anonymous browsing
Security Tools
Section titled “Security Tools”- Bitwarden - Password manager
- Authy/Google Authenticator - 2FA
- ExifTool - Metadata removal
Backup
Section titled “Backup”- Encrypted cloud storage (Proton Drive, Tresorit)
- Encrypted local drives
- Physical backup in secure location
Quick Reference
Section titled “Quick Reference”- Use Signal
- Use strong unique passwords
- Enable 2FA
- Keep devices updated
- Lock phone with PIN
- Think before posting
- Use SMS for sensitive info
- Reuse passwords
- Leave phone unlocked
- Click suspicious links
- Share locations carelessly
- Post identifying info without consent