Resources

Online Security Checklist

2025-01-06
latenightafa

New year, new security risks 🎉

The shifting political climate makes right now a great time for a digital security checkup and cleanup. We’ve put together a checklist of things to tackle over the coming weeks.

Some items take significant time to do, so start ASAP.

 

Task 1: Password Management

If you don’t have a password manager by now, go get that taken care of. It’s time to use complex passwords. Not only can you get hacked, but “anonymous” people can be identified through repeated password use across accounts.

Fix it, and check yourself on https://haveibeenpwned.com

Recommended: 1Password, BitWarden

 

Task 2: VPN

A VPN does not make you anonymous, but it does obfuscate your internet traffic from your ISP and we recommend using one at all times. A VPN is only as strong as the policy it follows and it can shield your IP address and rough location based on that IP.

What a VPN does not do: While having a VPN adds another layer of security, it does not stop web tracking or shield you from bad OPSEC practices. When thinking of security or selecting services, also think in terms of “who is going to be asked to hand over my information?”

Recommended: Mullvad, ProtonVPN

Read More:
VPNs and the law: How often does law enforcement actually request VPN logs?

 

Task 3: Account Cleanup

Check your emails to find accounts you don’t use anymore and delete them. Before deleting an unused account, change the user details and password to something else to help anonymize it more. Abandoned accounts on websites frequently end up in data breaches, and these can cause security issues down the road.

 

Task 4: Email Cleanup

If someone broke into your email account today, what would be at risk? Clean up what’s in there. Unsubscribe from unnecessary things. Move or remove sensitive information. (Also consider moving away from Google-related products to something more secure.)

 

Task 5: Compartmentalize

If you have your personal stuff and activism stuff in the same app/browser on the same device, you are not anonymized. Many apps and websites can see what browser you’re logged into, your operating system, your IP, your IP location, and that info can tie accounts together. Separate them.

Use separate devices, and if that’s not possible, create separate logins for personal and research accounts. If anything you do is sensitive, it’s time to invest in a research device and fresh accounts. If you have multiple accounts to manage, we recommend using Firefox multi-account containers.

 

Task 6: Learn Security Culture

Do not share or ask for more information than is necessary. The weakest link in security can be how much a person shares of themself, whether that is on a public timeline or in private chats.

Resources:
CrimethInc – What Is Security Culture?
Zine – Security Culture: a handbook for activists

 

Task 7: Get Encrypted Messaging

Normalize using encrypted apps like Signal and Wire for your communication. End-to-end encryption (E2EE) keeps your messages private from the messaging service, preventing data from being read outside of the sender and recipient.

Resource:
Texting Tips for the Brave: Guidelines for Using Signal 

 

Task 8: App and Website Settings

Check the security settings on all used apps and websites, and give them the least amount of data and permissions possible. Delete data when possible. Turn off notification previews for apps, as these may be subpoenaed. Use long pins for phones, avoid biometric authentication.

Read more:
Police Can Spy on Your iOS and Android Push Notifications

 

Task 9: Keep Data Safe

Clean up the cloud. Download and delete sensitive documents and media from cloud providers. Move your files to encrypted drives.

Read more:
The 2025 journalist’s digital security checklist

 

Task 10: Data Broker Removal

Data brokers are the worst. We recommend giving DeleteMe a try if you need to remove personal info from the internet quickly, but if that is too expensive or you need more coverage there are guides for manual removal.

Here’s a good starting point:
Big Ass Data Broker Opt-Out List

 

Task 11: Prevent Doxing

Here are multiple websites with tips and info for preventing doxing and dealing with the aftermath.

Equality Labs – Anti-Doxing Guide for Activists Facing Attacks

Doxcare: Prevention and Aftercare for Those Targeted by Doxxing and Political Harassment

We Are Being Doxxed: What To Do To Help Keep Each Other Safe

I’ve been doxed: What to do in the first 24 hours

So What the Hell Is Doxxing?

 

Many of these items can take a significant amount of time to get through the first time you do it. After it’s done the first time, it just takes diligence and regular maintenance. Being safer and having a little more peace of mind is worth the effort.

Good luck, and happy cleaning.