resist doxing & take back your online privacy
TRANSCRIPT
Oh Shit! What Now?
The Oh Shit! What now? Collective plans study
groups, discussions, and workshops aimed at
equipping folks with radical skills to share with
others.
For more information, visit our website:
http://ohshitwhatnow.org/
Take Back Your Online Privacy
Dox Resisters Edition
Online privacy & computer security tips for
activists and everyday humans
(📷: One way to prevent doxing.
Flickr / Leorex CC NC ND license)
Why Security & Privacy Matters
The internet is not free -- you are the product
Marginalized people are targets online
You have a right to privacy
You have a right to be online safely
If everyone is secure, spies must work harder
Threat Modeling
When Conducting an Assessment, There are Five Main
Questions you Should Ask Yourself:
1. What do you want to protect?
2. Who do you want to protect it from?
3. How likely is it that you will need to protect it?
4. How bad are the consequences if you fail?
5. How much trouble are you willing to go through in order to try to prevent those?
See "Surveillance Self Defense" (ssd.eff.org) for more
What is 'Doxing' (one x dammit)
“Doxing is the act of publishing someone’s personal information, of which there
would be a reasonable expectation of privacy and dubious value to the
conversation, in an environment that implies or encourages intimidation or threat.”
-Crash Override Definition
See www.crashoverridenetwork.com
Basic Concepts
Create layers around your identity. Create false identities.
Think about what you share.
Think about where and how you share it.
Take precautions in advance to prevent future doxing.
When in doubt, don't share it in the first place.
That's not honey, Pooh!
It's a pot full of carnivorous frogs named Pepe.
Watch Out For Honeypots 🍯
Intentional honeypots: Fake antifa / activist pages designed to collect
information / build networks.
Unintentional Honeypots: Petitions, Crowdfunding Sites (Give Anonymously)
Facebook Fun Times
Lock your friends list so only mutual friends visible.
Delete / lock down personal information (email, phone number, address etc)
Think about who / when you tag people
Beware of Facebook groups that help map out networks
On Events: Keep your guest list private, delete after the event
Separate accounts: Business/family & activism
Other Concerns / Tips
Watch out for geotagging in photos
Protect your address & phone number
Use PO Box, Google Voice
Hide WhoIs information
White Pages / Public Info Sites
I've Been Doxed, What Now?
It's not your fault
Document everything
See if you can get it taken down
Change / upgrade passwords & security protocols
Use threat modeling: What got released? How much risk am I in?
What Can Get Doxed?
Home Address
Financial information
Work/School Info
Account Passwords
Social Media / Email
Skype
Phone Number
Personal History
Deadname
Post-Dox: Questions to Ask
Involve Law Enforcement or Lawyers?
Ask for community aid and comrade security?
Do I go public?
Should I warn my family?
Should I go offline?
Should I leave my home?
📷: Computer Board with Key
Flickr / Blue Coat Photos, CC SA license
Current Events: Reality Winner Self-Doxes
NSA contractor leaked docs to The Intercept about Russian interference in U.S.
elections.
Sent leaked data from her work computer.
"Hidden yellow dots" in printout from work printer
Leaked to The Intercept who shared w/ another contractor
Bluetooth: Turn It Off!
Turn off Bluetooth when not in use
Turn Bluetooth off at protests
Turn Bluetooth off in "target rich" environments (concerts, conferences, etc)
Turn off Bluetooth.
Encryption: Lock It Down
Encrypt your devices!
iOS is encrypted if locked
Android (version <7.0): Look in Settings > Security
Android (version ≥7.0): Require password at startup
Always lock / turn it off
Use a long password (at least 8 characters)
Don't give up access if you can help it
Encryption: Lock It Down 2
MacOS: Use FileVault (Google It)
Windows: Look under System > about “Device Description”
Linux: Enabled during installation
Use a password
Turn it off or lock it
Keep computers up to date
Don't give up access if you can help it
Use Signal & Other Secure Apps
Signal is Snowden Recommended
Hide Signal messages on your lock screen
Verify that you’re talking to the right person
via phone
via text
Archive and delete messages
Be careful who you let into your closed systems.
📷: Meow meow purr.
P@$$w0rd$ (Don't Use This)
Use a password vault and secure passwords
Use a passphrase when you must remember it
Use 2 Factor Wherever You Can
Save your 2FA Backup Codes
Your recovery email must be secure
Being More Secure & Private Online
Use HTTPS Everywhere
Don't Sign Into Your Browser (Or Be Aware Of What You Give Up)
Beware of scams & phishing
Use secure search like Duck, Duck, Go
Tor Browser as needed
Think about what you store in the cloud (& encrypt)
Don't use public Wi-Fi (without VPN & encryption)
Beware of untrusted USB devices & ports
Secure Your Home Network
Always change default password
Do not use ISP supplied equipment as your router if you can help it
Use ethernet (wired) connection whenever possible
Use WPA2 wireless encryption, never use WPA1 or WEP,
Never, ever, leave your home wireless network unsecured!
Setting up device whitelisting for wireless devices can solve some of the vulnerabilities with wireless
encryption standards
If your router supports it, set up a guest network
Basic Protest Tips
Phones can be tracked even when off
It only takes one loose link in the chain
Use Burner phones
Leave it at home, or turn it off before you arrive?
Designated check-in time with friend
Do not consent to search of phone
Don't use fingerprint lock!
You are not required to provide your password to a police officer
Some final ideas
Don't panic, don't give up
Implement security a step at a time
Go low tech when you can
Rediscover old methods of communication
Use social misdirection
Oh Shit! What Now?
is Growing Resistance
Class schedule, resources, and calendar at
http://ohshitwhatnow.org
Feedback, class ideas, or other suggestions?