Philly Socialists Tech Collective 

Digital security policy for protests

Organizing safely in these times is essential. These digital security guidelines can help us protect ourselves while we get in the streets. Security is an art, not a science, but following these guidelines is good harm reduction. 

We've noted when we think the advice applies to all comrades or people in higher risk categories. People with more privilege, like white folks and people who aren't at risk for losing jobs or housing for getting arrested, are probably low risk. Higher risk folks include POC comrades, people with criminal records, people more willing to take risks, people with higher social media followings, and people doing countersurveillance of police or fascists. Highest risk folks include Black comrades, undocumented comrades, and people with some cross-section of those higher risks. These are imperfect categories, and we encourage comrades to read more about security threat modeling if they're not really sure where they fit. 

The adversaries that we want to protect ourselves from include law enforcement on the street, fascists on the street, fascists on the internet, and prosecutors pursuing cases against comrades in the future. The guidelines below note if the advice is for a unique risk category or a unique adversary; otherwise, it should be assumed as advice for all situations.

General advice

  • The most important thing to do is maintain a security mindset. Unless you have evidence otherwise, treat everything like cops and fascists are watching. This means in all places -- email listservs, Facebook, etc -- and with all information. Organizing conversations and plans for our actions/marches/jail support should be considered sensitive and private!

  • Personal information of comrades is sensitive and private. This includes membership lists, last names, phone numbers, addresses. Do not share any of this information unless you have explicit permission.

  • Be mindful of police technology in use: we've seen small drones (taking photos and videos), and police are probably using Stingrays.

  • Covering faces isn't just pandemic protection; it's great for avoiding unwanted identification from police or fash, especially if you are higher risk.

Social media

  • Before the protest: delete social media posts containing anything sensitive or potentially incriminating. Look for posts that have information about where you live, your family, your work, pictures of higher risk comrades, or anything else you don't want adversaries finding. When in doubt, delete the post.

  • Facebook allows you to retroactively change the privacy setting of all posts. If you are concerned about information leaks, you can set it so your posts are only visible to friends. Do not accept friend requests from people who do not have much information on their profiles, or who have no mutual friends with you.

  • Maintain a security mindset when posting anything. Look in the background of photos and videos for anything sensitive. 

  • Make sure you're maintaining good unique passwords on all accounts. Use a password manager and 2-factor authentication.

  • Unless you are live streaming, wait to make posts on social media until you get home.

  • Do not post pictures or video of crimes. Do not do the work of the cops.

  • Consider sensitive info when posting screenshots, etc. Crop/blur/cross out anything sensitive.

Mobile devices

  • All devices should be secured with a password of at least 8 random numeric digits or an alphanumeric code. 

  • If you use your face or thumbprint to unlock your device, turn it off before the protest and use the above advice instead. It's too easy for police to coerce opening phones with faces/thumbs.

  • Burner phones should not be used! It's very hard for most people to use them safely, and they can actually make you stand out. See "location" section for alternative options for location privacy. 

  • Instead of burners, higher risk models can use a backup phone with fewer contacts and photos and sensitive info on it. But don't expect it to keep you anonymous! 

  • Communicating by text

    • Signal is the texting app you should use. It also allows encrypted voice and video. Signal is resistant to Stingray interception (cops on the ground) and communications being subpoenad later. It's the only texting app that protects both messages and metadata about who you communicate with.

    • Share your profile when in a Signal group (so that group members know your name) by clicking on Settings -> Profile.

    • Enable disappearing messages in all groups by clicking Settings within the group.

    • Be mindful of who gets added to the Signal group. Each new person should be vouched for and share their profile. 

    • Signal group texts can get out of control! It’s advisable to keep the group to less than 30 people, and create a new group and re-add only active members whenever the number of inactive group members is getting high.

    • It's a good idea to have a backup text thread in case Signal goes down. Wire or Riot.im are the next best options. 

    • Signal removes metadata when images or video are sent or received in a thread.

  • Location data

    • Turn off location data on all apps, but especially on the camera. 

    • Turning airplane mode on and off when the phone isn’t in use is a good way to prevent some data leaks. 

    • Higher risk comrades can turn on airplane mode before leaving the house and leave it off the entire protest to avoid location detection via cell towers. However, be advised that airplane mode can still leak some data.

    • Highest risk comrades should consider leaving phones at home to protect not only their location but also the data on their phone. Make sure you always have a protest buddy, especially if you aren't reachable by phone.

  • Photo and video best practices

    • Do not post any photo or video identifying anyone on the street without their consent. Even with their consent, it's a good idea to avoid identifying images. Police are already using this information to make arrests. 

    • Signal has a blur feature in its photo editor; use this to blur any faces and other identifying info (e.g. tattoos) before posting. Another app for this is ObscuraCam (Android only).

    • f you're taking a lot of photos or video but not posting, you should still be cautious about capturing faces. If police get a hold of your phone and get into your camera roll, they'll have all those images. 

    • Leave location services turned off on the camera. 

    • It's a good idea to leave your phone locked when taking pictures; that makes it harder for police to snatch your unlocked phone. 

    • Do not do the work of the police. Do not post or share pictures or video of crimes.

Video chatting 

  • Zoom announced recently that they leave encryption off their free tier accounts so that they can more easily work with law enforcement. Free Zoom accounts should never be used for organizing.

  •  Paid Zoom accounts are encrypted, but should be used with caution, given Zoom's relationship to cops.

  • Jitsi (meet.jit.si) is a free and open source encrypted video platform, but has serious performance issues and can't be relied on for groups larger than five or so. Running our own internal Jitsi instance might improve performance and can help with security, but we don't have that yet. 

  • Signal video is great, but it's only for 1:1 calls. 

  • Large group calls (more than 10) should be treated as if they're fully public.

  • Small group calls (fewer than 10) can be treated as a little more private, but all attendees should be vouched for. 

Philly Socialists, 2659 Kensington Avenue, Philadelphia, PA, 19125, United Statesadmin@phillysocialists.org
Cart (0)