25497617890_722a84377e_k

Black #infosec matters by Candace Williams

June 21, 2017

Photo Credit: wocintechchat.com #WOCinTech

 

A breezy summer web security guide for folks under siege, dissidents, and engaged artists by 2017 Create Change Fellow Candace Williams. Candace is the first of our 2017 Create Change cohort to be featured as a guest writer on The LP’s Spin Cycle blog this year:

 

On the morning of November 10, 2017, a few days after the election of Donald Trump, I took 20 minutes to jot down a few web security notes on Medium. I started researching web security before the election but wanted to jot down a few initial findings and questions geared toward dissident artists, activists, journalists, lawyers, people of color, queer folks, and other people under siege. The piece received 10,000s of views and many reactions via the comments section, Twitter, and Facebook. Since I wrote the first draft of the piece, I’ve been invited to give crypto trainings at Eyebeam, Anti-Trump Free School / Escuelita Libre Anti-Trump, and Art is Labor.

 

Something I’ve noticed at these trainings is that the audience who self-selects into these trainings are mostly-white. Many folks who attend already have freelance or full-time jobs in tech. Stated another way, many of the people who seek out information about info security are those who have lower threat levels of surveillance and violence at the hands of corporations, local law enforcement agencies, ICE, federal law enforcement and intelligence agencies, emboldened trolls, and other groups who have a vested interest in surveilling, silencing, subverting, and even murdering folks under siege because of their racial identity, relationship to Islam, immigration status, involvement in sex work, queerness, gender, and other identities and experiences. These dangers are multiplied when these folks also engage in activism, protest art, organizing, and witness to inequalities and violence perpetrated by state and non-state actors.

 

In a world where capitalism is accelerating toward business models driven by surveillance and the strategic deployment of psychological triggers to influence consumer behavior, and state and federal agencies like the NSA have built the technology infrastructure and legal backbone to surveil at scale, everyone who uses the Internet and related technologies has some level of threat. Folks under siege, protest artists, and dissidents have a higher risk of being the target of surveillance and violence than folks from privileged groups. Historical and contemporary examples include everything from COINTELPRO to the Predictive Policing algorithms used by local and federal law enforcement agencies to surveil and entrap folks they label gang members and terrorists. One of the biggest shifts in policing and surveillance over the past few decades is that the mere algorithmic threat of someone committing a crime can trigger violence at the hands of law enforcement. For folks under siege, the threats can range from local law enforcement agencies and ICE to intimate partners, trolls, and political opponents.

 

You might be asking: “Ok, I’m a POC..What the heck should I do now?”. The best three pieces of advice I can give you is to adopt a growth mindset when it comes to your security, involve your community, and go easy on yourself. The goal isn’t to make yourself safe. It’s to become safer and more secure over time by taking steps that are proven to add another layer of security. Security happens in layers—if you put the right security layers over your information and habits, accessing actionable information becomes prohibitively difficult and costly. Another thing to remember, is that your community matters. As you learn more, you should share that information and encourage folks you communicate with to adopt similar strategies. If you take steps to secure yourself but don’t help your community-members secure themselves, then you won’t reap the benefits of that security.

 

Take it easy and try a few concrete strategies this summer:

 

June and July

 

  • Enable Two-factor authentication (also called 2FA) on your email, social media, and other accounts. Whenever you (or someone else) tries to log in to an account secured with 2FA, you’ll receive a text message with a one-time code.
  • Strengthen your passwords and consider using a password manager.
  • Make sure all of your devices have the latest OS and security updates offered by the manufacturer. Keeping your devices updated decreases the number of known vulnerabilities.
  • Download Signal for Desktop and your mobile device. Signal can replace SMS/text messages, iMessage, WhatsApp, and similar services. You can even conduct encrypted voice and video chats and send encrypted files. When you communicate with someone in-person or online, try to get them to use Signal as well.
  • Go to a CryptoParty. These are gatherings that are designed to demystify crypto and help you build community around web security.

 

August

 

  • Consider using a VPN to protect your browsing from snooping on public networks.
  • Encrypt your smartphones and hard drives to make it almost impossible to access their contents without a password.
  • Make your browser more secure by installing HTTPS Everywhere and Privacy Badger. Consider using the TOR browser
  • Audit your Internet and device usage. Where is your information stored? What sites do you use? Can you stop using some services, send less emails, and store less information online? What are your critical habits and what are the easiest steps you can take to protect yourself?

 

Beyond

 

 

Links and Reading

 

Books

 

 

The opinions expressed by the author and those providing comments are theirs alone, and do not necessarily reflect the opinions of The Laundromat Project or any employee thereof. The Laundromat Project is not responsible for the accuracy of any of the information supplied by the author.