Online security for activists

You got enemies?… So do I.

Those enemies might not be real and if you are like me, a functional paranoid, you need some form of security that makes you look good.

I all boils down to this “anFpfKM3s3zCjNLAotHKNED5vcPA9nTVnL3” <- – This is a password.
You cant remember it and it will freak you out if you have to type it in from a note on your desk. So you don’t.

Most people chose a password they can remember. Don’t do that. Make it hard.

If you have a password you can remember, like “MemeTheCat”, It would take one of my bot’s to crack in a few days, just by trial and error and persistence.
The trick here is to use a password that is longer than 20 characters and use weird combinations you cannot remember yourself.  Why?
I tell you why – If you as a human try to hack a password it would take for ever. So a hacker would automate it using a computer trying any combination in the alphabet. but it takes time. A computer don’t care about time, it just goes on and on and on, trying to hack your account.

This is why you should use an insane password like this “anFpfKM3s3zCjNLAotHKNED5vcPA9nTVnL3”

So how do you do it? … Use a password manager!

The one i am using you can download here https://www.keepassx.org/ but there are a few other i would trust.

This program will create a database with all your passwords and accounts (never use the same password – create a new one) and it looks like this: https://www.keepassx.org/screenshots

Those passwords will get stored on you device in a file you can easily recognize and that file is the FILE you want to protect. (use backup on that file) That file is encrypted with another password of yours, so make that password the one you store in some weird place. But you are protected on your online accounts like never before if you use a password manager.

All browsers, like the one you are using now, will suggest to store your password so you can easily log in next time. Sure! But if that account is important to you, don’t. Make the habit to use your password manager to copy/paste every time you log in. Don’t trust your browser. I have a USB stick that can rip off all your stored passwords and account data, just by plugging it into your computer and that takes 5 seconds with physical access to your device. Do not allow anyone to even remotely stick a USB into your device.

Now! Most users don’t need all that security or don’t care. In that case; Use a 3 level security. 1) a stupid password like “123haha” for those annoying websites that feeds on your data. 2) Those accounts on the web you like and use all the time, make it hard but easy for yourself. 3)… Use a fucking password manager!!!

 

About those Email accounts!

You probably have one. Keep it for private stuff and never expose it online. Now, create another one for your online accounts. Use a Gmail or hushmail for your online activities. Do NOT mix it.

Why? Because that private email is the one a hacker or some idiot would go after. If you have a secondary email account, or like me, many. You will confuse the idiots. Including Facebook and Google. If you create a profile on social media, do create an email account to go with it. Do not use the same email account to multiple profiles.

Just create an email account, it takes 5 minutes and do not include any personal data or information like birthday or where you live. etc. Always use false information and noise on those accounts.

This is important as if you are an activist, you probably do not want expose your privacy to anyone. Hide your real email and do it good.

Some Activist takes a pride in revealing their privacy, like journalist and online professionals. Sure… Show your picture and take it. If you don’t. Do not reveal your privacy!

email accounts are used for creating accounts like Facebook or Twitter etc. Do not use your private or primary email account. Never!

These things gets hacked…

They always goes for your email account. Test your mail account here https://haveibeenpwned.com/

If you want to stay secure with your personal and private email account there is a better solution:

Encryption. The mother of all beast.

Some email providers promise more than they can hold. Like your Internet Service Provider (ISP) They are easy to hack. Do not trust them.

What you want is (End to End) encryption. Meaning… When you send an email, it’s encrypted on your device. It is stored on the email server as encrypted. Only your and the receiver can read the content. Not even NSA can read it. Use protonmail.com

Now… Not everyone has a secured Email like this, so your are only protected as the receiver and that account could be compromised. Think!

— Dice

 

To be continued…