A Fistful of Privacy Tips
How technology shapes your activism
Whether you’re expressing your disapproval online or taking to the streets, there’s no doubt that technology has become a key player in how you protest. From liking and sharing posts that voice your concerns, to finding out where and when to attend local demonstrations, to documenting and uploading pictures and stories you witness or come across—your smartphone can work as both your ally and your adversary depending on how you use it.
This Data Detox guide will take a closer look at some of the possible risks and benefits of using your smartphone, social media, and messaging apps in the context of protesting. You will also find concrete tips on how you can stay more vigilant and what to look out for.
Let’s look closer!
Disclaimer: Your situation may vary
Depending on who you are, what you’re doing, and where you live, you might have specific considerations or risks that need to be taken into account before following any advice in this or any other guide. Be sure to stay informed on your local laws, and to consider how your personal situation may increase or decrease your risks.
1. Keep your name off the guest list
Digital listening is a method of learning what you’re interested in and planning on doing based on monitoring your public online activities, whether you post angry or sad messages, blue or orange colors, or your opinions on an issue. Companies who specialize in digital listening may be hired by law enforcement, political campaigns, governments, or marketers to find out who is interested in which issues or who has been at a particular protest. Digital listening can be pinpointed at a specific individual or targeted at whole communities.
And people don’t make this work exceptionally difficult—by RSVPing for protests, posting about location and habits, overall putting quite a lot of data out there on the internet, it makes the work of digital listening quite simple. There’s one basic thing you can change going forward to make a big difference:
Decide if an RSVP is really necessary
Websites like Facebook and Meetup can be great resources to learn about events and demonstrations in your area. But think twice before you RSVP or show your interest in the event in another way, such as Tweeting about it or posting Instagram stories. While you may be excited to show your support for a cause, be sure to weigh the risks next to your own personal considerations. If the guest list were to get into the wrong hands, how might it effect you?
2. Be wary of location tracking
While it may seem like location data are just random bits of information, this could be enough for someone to piece together a story about what kind of person you are. If it’s not secured, your location data can be accessed, leaked, or sold by any number of third parties. If you don’t want random companies or law enforcement to know you attended a protest, consider locking down your location services. This exposé by the New York Times takes you through examples of how easy it can be for someone to understand your life and habits through your location alone.
Your smartphone tracks your location in a number of ways. Let’s look closer at them.
The phone’s basic operating system
You’ll have noticed that your phone has location information turned on by default.
This location information can be used by Android or iOS for a number of reasons including:
- Supplying you with the local weather
- Sharing directions easily through your map app
- Tagging the precise location in the information of photos you capture
- Redirecting you to local versions of a website
Turning off your phone’s location services may make your battery last longer. You can easily turn it back on again when you need to use your map or weather app, for example.
- Settings →
- Security & Location / Location →
- Turn location off
- Settings →
- Privacy →
- Location services →
- Turn them off
The apps installed on your phone
It might be normal for, say, your maps app to have access to where you are. But you might be surprised to see how many apps you’ve given permission to access your location.
You can go through each app’s permissions and turn off the location services. Look for the apps that don’t actually need it for the service (does that game really need to know where you are?) and for the ones who you don’t want to have it:
- Settings →
- Apps →
- App permissions →
- Manage location access on a per-app basis.
- Settings →
- Privacy →
- Location Services →
- Manage location access on a per-app basis.
Cellular towers and Wi-Fi
You’re a whiz at controlling your location data—great job! But did you know that when you’ve turned off your phone’s GPS, you can still be tracked by nearby cellular towers or Wi-Fi?
And even if you’ve disabled Wi-Fi and mobile data, that symbol on the top of your phone which indicates signal strength also illustrates that your phone is communicating to nearby cellular towers revealing your proximity within the vicinity... and this information may be tracked by law enforcement.
Turn on airplane mode
If this is something you’re worried about, you can activate airplane mode, which may temporarily take you off the map of local cellular towers.
The downside? You won’t be able to receive calls or text messages while it’s enabled. Also, depending on a number of other factors (like other information collected about you, your previous location patterns, who else you’re with, surveillance footage, etc.), law enforcement may still be able to find out where you’re going.
While there isn’t much else you can do to combat this, it’s important for you to know how that works so you don’t put yourself out there in ways you didn’t intend to. And depending on who you are, what your situation is, and where you live, you will face different risks and therefore need to take different precautions.
Did you know? Everyone faces different risks when attending a protest. Check out Amnesty International's Tactics to Secure Your Smartphone Before a Protest for a list of considerations to keep in mind before you leave your house. Does it make sense for you to take your phone with you or leave it at home? Can you obtain a burner phone or would that create new risks (e.g. might burner phones be illegal where you live)?
3. Make it a little (or a lot) harder to get into your phone
If you’ve ever unlocked your phone with Face ID or fingerprint scanning, you’ll know that biometrics (like fingerprints and facial recognition technology) can make your life more efficient, especially when your hands are full or you’re in a hurry. And this seems relatively harmless if you’re in control of when and how your biometric data is used, but that isn’t always the case.
In the US, for example, biometric data is not clearly protected under the law, and could be used by law enforcement to get into your phone before you’ve had the chance to seek legal council... whereas protecting your phone with a passcode or pin may afford you more time or protections.
Strengthen your screen locks
Instead of Face ID or fingerprint scans, choose a passcode or pin instead. Your passcode or pin should ideally be long, unique, and random (learn more in the Data Detox Kit guide: Strengthen Your Screen Locks).
4. Face the Facts about Face Data
Face data—like that compiled from your selfies and pictures from social media—is highly sought after by law enforcement, border control, and security agencies, to name a few. The data that can be extracted from your face can help these groups to more effectively keep tabs on you and your neighbors.
Protect your privacy
When used alongside other data about you, like your fingerprint, DNA, how you walk, your voice, and speech patterns, facial recognition becomes even more accurate and effective. Pair that even further with your browsing habits, location data, friends on social media, and public records like political party and land ownership, and a very clear picture can be formed about you as a person.
Photos by default also carry a great deal of information beyond what meets the eye. Some you might expect – like date and time the photo was taken, and device type and model, but you can also easily pinpoint the location based on map coordinates. And this data sticks with images when you upload them to social media or share them in messenger apps.
Screenshot and share
In order to quickly obscure the location data of a photo, while in a neutral location, you can screenshot it and share the screenshot instead of the original. On some phones, you can swipe down with three fingers on the screen to take a screenshot. Screenshot instructions vary per phone model, so be sure to do a web search to see how to do it on your phone.
For an advanced challenge, check out Tactical Tech’s Exposing the Invisible project to learn more about how to find the behind the scenes details from an image (called EXIF data).
Be considerate of others
When you snap a picture and post it to social media, have you ever stopped to consider the people in the background? A good habit to get into is to blur faces of anyone who has not agreed to have their picture posted online.
Blur the crowd
iOS also has a shortcut to blur faces, however very little is known about how the function works (like whether the original photo is uploaded to a remote server) leaving us with less confidence to recommend this method.
Important! Other personally identifying features may not get blurred through these tools like tattoos, unique clothes or hair, etc.
5. Chat with Care
When looking at your options for chat apps, it’s important to realize that they’re not all created equal. You’ll want to ask:
Is it end-to-end encrypted? This means outside of you and the other person, the message is scrambled up and only when opened by either of you is when it can be clearly seen. While this may help prevent the message from being circumvented by a third-party, you still run the risk that the other person can show it to someone else or take a screenshot of the conversation.
Is it open-source? Open-source software means the code is published online, and freely available to be studied and commented on by anyone in the world. The benefit of open-source technology is that if there is a security vulnerability in the code, there is a higher chance of someone catching it and speaking up about it, and that issue getting fixed quickly.
What does the company collect and store about you? This is key, because even if your messaging app is end-to-end encrypted, if your messages are backed up to company servers, while convenient to reload your message history on a new device, this means there is the possibility for a government to subpoena the company to request message records. The less a chat app collects about you, the less they can divulge about you.
In 2016, ACLU revealed that the creators of the messaging app Signal had received a subpoena from the government to hand over all of its records. Because they didn’t collect or store much information to begin with, their compliance was not exceptionally helpful.
- Do you have to connect your phone number to the app? While most chat apps require your phone number to sign up, there are a few privacy-conscious chat apps that give you the option to create a username, rather than connect to your phone number. Wire is one such example.
Keep your conversations private
Be critical of your chat app
There are other questions to ask of a chat app, like: Is it in active development? What do we know about the company? What is their track record with user data and privacy? Has this tool received a security audit? Who conducted the audit? How can you report security vulnerabilities?
In case you’d like to dive deeper, we’ve rounded up a few more helpful resources to check out: