Security Essentials

Most normal texts and calls can be observed by your cell phone provider and the government. Telegram is incredibly insecure. (See below for our thoughts on WhatsApp.)

Signal is the best option to keep your messages secure and to keep who you are talking to private.

When to use Signal

Some examples of when you would especially want to use Signal

• Discussing a protest/action that is not public

• Organizing a protest/action that is public, but the organizers want to protect their privacy

• Criticizing the government or other power-holders

What about WhatsApp? (Avoid it if you can, use it if you must)

WhatsApp messages are secured with the encryption method developed by Signal, so the contents of your messages are secure. However, Meta harvests a lot of information about who you are talking to, how often, and what groups you're in. In 2024 alone, they turned over data for 78% of government requests. Your messages are safe, but who you are communciating with is not. It is an option to consider if the community you're working with is unlikely to move to Signal. It is safer than normal texts, Telegram, etc. If you do use WhatsApp, make sure to use the new Strict Account Settings feature and lock down your privacy settings

The best upgrade everyone can make to their use of Signal is to make sure that disappearing messages are enabled by default. Most activists we talk to haven't enabled this by default. (And most people forget to enable it manually for each new thread.)

This keeps you safe and other people safe. We don't know who's phone will be seized by law enforcement. Even if we believe we're talking about perfectly legal things, the government can find ways to twist our words to attempt to make a case against us for our dissent

There are two things to track related to disappearing messages:

1. First, change your default so any thread you make has this feature enabled.

2. Second, make sure it is enabled for threads that other people start: if someone else starts the thread, it may not have disappearing messages enabled. You may need to enable it.

Choosing your disappearing message time: How long you set your disappearing times depends on the sensitivity of your messages. A question you might ask yourself is "if someone's device was confiscated or hacked, how important is it that these messages are not accessible?"

• For chatting about low-risk things with friends, you might choose 4 weeks.

• For standard political organizing, you might choose 1 week.

• For a direct action, you might set it to 1 day or 1 hour or 5 minutes, so the messages are gone before the action starts.

We recommend Brave because it offers the most privacy without any additional configuration, which is our goal on this site.

Bonus Brave configuration tips:

• Install Privacy Badger for some added protection.

• You can install the iPhone or Android Brave app as well.

Other browser options:

• Firefox can offer even more privacy if you take the time install the right plugins and configure it properly.

• Use Tor Browser for highly sensitive browsing that is truly anonymous

All software contains bugs, which are errors or flaws that can lead to various issues.

Your location history reveals a lot about your interests, friends, and political activity. It can also be used against you in court.

Your phone is always revealing your approximate location to your cell provider because it knows what cell tower you are connected to. But any app you give your exact GPS location to has much more detail.

You can protect yourself by using a mapping app that is more privacy-preservating.

Apple Maps (iPhone only) offers privacy protections that are stronger than you might expect and is much more private than Google. However, as a big tech company, it's best for everyday use rather than sensitive organizing. We recommend it because it provides live traffic and public transportation features that privacy-focused alternatives lack.

Magic Earth (iPhone or Android; free) offers strong privacy. It is much easier to use than our other cross-platform suggestion (CoMaps). Some features are only available in the paid version, though.

CoMaps (iPhone or Android; free) is a less user-friendly than Magic Earth or Apple Maps, but has the strongest privacy promises. You can operate it entirely offline, which is especially helpful for activists doing sensitive work. That said, it doesn't have live traffic data or public transit routes, which makes it hard to use as your main navigation app.

These apps might genuinely need location while in use:

• Navigation (Apple Maps, Magic Earth, CoMaps)

• Ride-sharing (but only while actively using)

Some apps might need temporary permission:

• Food delivery apps only need location when you're actually ordering

Apps that definitely do NOT need location access:

• Photo apps

• Social media apps

• Games

• Most shopping apps

• Banking apps

• News apps

• Most productivity apps

Remember: Every app with location access is a potential privacy leak. When in doubt, disable location and only re-enable if you find you actually need it.

How long does it take to crack a passcode?

Note: These times only apply to phones. Computers can be cracked much more quickly, and need much stronger passwords.

Sources: The estimates in the table above assume real-world observed attempts/second from police forensic hacking tools. If you need more security, use a 10-digit passcode, which will protect you even under the highest-possible cracking scenarios. See the sources linked in the passcode FAQ here.

We know that ICE and other law enforcement agencies are using location tracking tools that partially rely on the "advertising ID" that your phone provides. They are often using these to suppress dissent.

iPhones have this feature disabled by default. Androids have it enabled by default.

Tech companies (like Google) often receive government demands to turn over all the account data for an activist. This often includes a "gag order" which means the company can't tell the user until months or years later.

Encrypted cloud tools like Proton Mail, Drive, Docs, and Sheets ensure the company doesn't hold readable copies of your data to hand over. If the government wants it, they'd need to demand it from you—giving you notice and the opportunity to challenge it with legal support.

CryptPad is another popular encrypted doc option, but it very difficult to use. If it has features you need, it accomplishes the same result.

Anytime you connect to the internet (phone or computer), your internet provider is revealing your approximate location to every site/app you use.

We know that law enforcement agencies are using tools that to track your location using data gathered from apps you have and ads you see. Using a VPN with ad-blocking features enabled makes it much harder for them to track you. Also, police can get a subpoena for your internet traffic from your internet provider.

A VPN (Virtual Private Network) helps mask your location and makes you slightly harder to identify.

A VPN with ad-blocking enabled is especially important on your phone.

Options: All of these are very trustworthy options.

• Mullvad VPN (top recommendation) -Better privacy since payment info isn't stored, but you need to manually pay each cycle.

• IVPN can be easier because it automatically renews.

• Proton VPN has a solid free plan, but it is only for 1 device. To get ad-blocking, you need a paid plan. (See our note regarding concerns about the Proton CEO and why we still offer Proton options.)

Downsides to using a VPN

• You will encounter more CAPTCHAs on websites

• Some websites may block VPN access, and you'll have to disable it and remember to re-enable it later

• Some streaming services might not work

If you experience odd behavior on websites, always try turning off the VPN temporarily to see if it will load.

Note: You must use a trusted VPN that doesn't keep logs of your internet traffic and will push back on government requests. We've vetted our top recommendations.

Mercenary spyware is an extremely advanced attack, exploiting sophisticated vulnerabilities on our devices. In response, Apple and Google have introduced an advanced security mode that offers enhanced protection against spyware.

On iPhones, it's called Lockdown Mode and on Android, it's called Advanced Protection Program. (You can also enable Advanced Protection Program on just your Google Account even if you don't have an Android phone.)

We have no reports of anyone getting infected with spyware who had Apple's Lockdown Mode enabled. Android's Advanced Protection is more recent and its effectiveness has yet to be tested.

Usability trade-offs

For anyone worried about targeted attacks, these usability trade-offs will likely be worth the big increase in security.

iPhone Lockdown Mode: Features that will be harder to use

• No clickable links in messages (mainly within iMessage) - Links show as raw URLs and don't work (i.e. are not instantly clickable). You have to copy-paste them manually to a browser. This encourages you to make sure they are safe before doing so, since spyware often arrives via a text message containing a custom-designed link that is impossible to ignore for you in particular.

• Most message attachments blocked (also mainly within iMessage) - When receiving PDFs, documents, Office files, contacts, location over iMessage, you might not be able to view them normally and iMessage will indicate "1 attachment." This is because some spyware can be delivered through malicious attachments.

• FaceTime calls from unknown contacts blocked - Lockdown Mode will block call attempts from unknown contacts or people you have not been in touch with in the last 30 days. You will be notified if this user attempts to FaceTime you and you can decide to call back if the call attempt is genuine.

• Web fonts don't load - Websites appear with system fonts only, often looks weird.

• Images may not display - Some images show as missing image icons.

• Interactive webpage elements fail - Complex web features, animations, dynamic content often broken.

• Location sharing is disabled in Find My. You can see other people's locations but they can't see yours.

• iCloud Shared Albums don't work as expected - When you share photos in a shared album, location information is excluded. Shared Album invitations might be blocked too.

• Device won't connect to any WiFi automatically - On Lockdown Mode your phone won't connect to insecure WiFi's automatically and you will need to manually connect to the chosen network and accept the security risk.

• 2G or 3G support is turned off - If you find yourself in a location with 2G or 3G cellular network with Lockdown Mode, your phone will simply not connect (as 2G / 3G is more insecure than 4G / 5G).

Learn more about Apple's Lockdown Mode.

Google/Android Advanced Protection Program:

• Security key required - Must use security key/passkey for every new device sign-in to Google Account, which can take some getting used to.

• JavaScript optimizer disabled (Chrome) - Some complex websites may not work properly.

• No sideloading - Can't install apps from outside Play Store or verified stores.

• USB locked when device locked - Must unlock device before connecting USB accessories.

• Insecure Wi-Fi blocked - Won't auto-connect to open/WEP Wi-Fi networks.

• Enhanced Safe Browsing warnings - More download warnings and potential blocked websites.

• Fast charging might not work as expected - You might need to unlock the phone in order to activate fast charging.

Learn more about Android Advanced Protection Program.

If your phone is confiscated by law enforcement, one of the biggest risks is exposing your entire network. Even if people aren't using their real name on their Signal account, there is still a unique ID behind every Signal username. And the cops can use this to correlate someone's identity across many seized devices.

You need to both leave AND delete the group:

• If you only leave the group, old messages stay on your phone as well as the history of who was in the group.

• If you only delete the group, new messages will still come through and the thread re-appears.

Security hygiene tips:

• Set a recurring remind to clean up your Signal thread every 3 months.

• Make sure you take note of which groups you are leaving and who you can ask to re-add you after the action.

Note: If you find this process very annoying and cumbersome (because it is!), that's another good reason to use a secondary phone for actions. That phone would only ever be in the one or two groups needed to pull of the action that day.

Spyware often arrives through a text or email with a link custom-designed to feel impossible-to-ignore specifically for you. These aren't random spam - they're personalized attacks that exploit what matters most to you.

Spyware messages can be highly targeted. Here are some real-world examples of how Pegasus Spyware has been deployed:

"Dear Carmen my brother died in an accident, I’m devastated, I send you the information about the funeral, I hope you can come: [spyware link]" (source)

USEMBASSY.GOV/ WE DETECTED A PROBLEM WITH YOUR VISA PLEASE GO PROMPTLY TO THE EMBASSY. SEE DETAILS [spyware link] (source)

LX 1955 BCN-ZRH 26Jun2020 - Click on the link to receive your mobile boarding pass [spyware link] (source)

Be aware: Some spyware is deployed using exploits that don't require you clicking a link at all ("zero click exploits"). These might show up as missed calls on WhatsApp, for example.