Surveillance
Self-Defense

LGBTQ Youth?

  • LGBTQ Youth?

    Tips and tools to help you more safely access LGBTQ resources, navigate social networks, and avoid snoopers.

    If you lack proper support and access to LGBTQ resources, this guide teaches you how to explore such resources online in a safer way to help avoid accidental outing to your peers, family, or online advertisers as a result of online tracking or nosy snoopers.

  • Choosing Your Tools

    With so many companies and websites offering tools geared towards helping individuals improve their own digital security, how do you choose the tools that are right for you?

    We don’t have a foolproof list of tools that can defend you (though you can see some common choices in our Tool Guides). But if you have a good idea of what you are trying to protect, and who you are trying to protect it from, this guide can help you choose the appropriate tools using some basic guidelines.

    Remember, security isn't about the tools you use or the software you download. It begins with understanding the unique threats you face and how you can counter those threats. Check out our Assessing your Risks guide for more information.

    Security is a Process, not a Purchase

    The first thing to remember before changing the software you use or buying new tools is that no tool or piece of software will give you absolute protection from surveillance in all circumstances. Therefore, it’s important to think about your digital security practices holistically. For example, if you use secure tools on your phone, but don’t put a password on your computer, the tools on your phone might not help you much. If someone wants to find out information about you, they will choose the easiest way to obtain that information, not the hardest.

    Secondly, it’s impossible to protect against every kind of trick or attacker, so you should concentrate on which people might want your data, what they might want from it, and how they might get it. If your biggest threat is physical surveillance from a private investigator with no access to internet surveillance tools, you don't need to buy some expensive encrypted phone system that claims to be "NSA-proof." Alternatively, if you face a government that regularly jails dissidents because they use encryption tools, it may make sense to use simpler tactics—like arranging a set of harmless-sounding, pre-arranged codes to convey messages—rather than risk leaving evidence that you use encryption software on your laptop. Coming up with a set of possible attacks you plan to protect against is called threat modeling.

    Given all that, here are some questions you can ask about a tool before downloading, purchasing, or using it.

    How Transparent is it?

    There's a strong belief among security researchers that openness and transparency leads to more secure tools.

    Much of the software the digital security community uses and recommends is open-source. This means the code that defines how it works is publicly available for others to examine, modify, and share. By being transparent about how their program works, the creators of these tools invite others to look for security flaws and help improve the program.

    Open-source software provides the opportunity for better security, but does not guarantee it. The open source advantage relies, in part, on a community of technologists actually checking the code, which, for small projects (and even for popular, complex ones), may be hard to achieve.

    When considering a tool, see if its source code is available and whether it has an independent security audit to confirm the quality of its security. At the very least, software or hardware should have a detailed technical explanation of how it functions for other experts to inspect.

    How Clear are its Creators About its Advantages and Disadvantages?

    No software or hardware is entirely secure. Seek out tools with creators or sellers who are honest about the limitations of their product.

    Blanket statements that say that the code is “military-grade” or “NSA-proof” are red flags. These statements indicate that the creators are overconfident or unwilling to consider the possible failings in their product.

    Because attackers are always trying to discover new ways to break the security of tools, software and hardware needs to be updated to fix vulnerabilities. It can be a serious problem if the creators are unwilling to do this, either because they fear bad publicity or because they have not built the infrastructure to do so. Look for creators who are willing to make these updates, and who are honest and clear about why they are doing so.

    A good indicator of how toolmakers will behave in the future is their past activity. If the tool's website lists previous issues and links to regular updates and information—like specifically how long it has been since the software was last updated—you can be more confident that they will continue to provide this service in the future.

    What Happens if the Creators are Compromised?

    When security toolmakers build software and hardware, they (just like you) must have a clear threat model. The best creators explicitly describe what kind of adversaries they can protect you from in their documentation.

    But there's one attacker that many manufacturers do not want to think about: themselves! What if they are compromised or decide to attack their own users? For instance, a court or government may compel a company to hand over personal data or create a “backdoor” that will remove all the protections their tool offers. So consider the jurisdiction(s) where the creators are based. If you’re worried about protecting yourself from the government of Iran, for example, a US-based company will be able to resist Iranian court orders, even if it must comply with US orders.

    Even if a creator is able to resist government pressure, an attacker may attempt to break into the toolmakers' own systems in order to attack its customers.

    The most resilient tools are those that consider this as a possible attack and are designed to defend against this. Look for language that asserts that a creator cannot access private data, rather than promises that a creator will not. Look for institutions with a reputation for fighting court orders for personal data.

    Has it Been Recalled or Criticized Online?

    Companies selling products and enthusiasts advertising their latest software can be misled, be misleading, or even outright lie. A product that was originally secure might have terrible flaws in the future. Make sure you stay well-informed on the latest news about the tools that you use.

    It's a lot of work for one person to keep up with the latest news about a tool. If you have colleagues who use a particular product or service, work with them to stay informed.

    Which Phone Should I Buy? Which Computer?

    Security trainers are often asked: “Should I buy Android or an iPhone?” or “Should I use a PC or a Mac?” or “What operating system should I use?” There are no simple answers to these questions. The relative safety of software and devices is constantly shifting as new flaws are discovered and old bugs are fixed. Companies may compete with each other to provide you with better security, or they may all be under pressure from governments to weaken that security.

    Some general advice is almost always true, however. When you buy a device or an operating system, keep it up-to-date with software updates. Updates will often fix security problems in older code that attacks can exploit. Note that some older phones and operating systems may no longer be supported, even for security updates. In particular, Microsoft has made it clear that versions of Windows Vista, XP, and below will not receive fixes for even severe security problems. This means that if you use these, you cannot expect them to be secure from attackers. The same is true for OS X before 10.11 or El Capitan.

    Now that you’ve considered the threats you face, and know what to look for in a digital security tool, you can more confidently choose tools that are most appropriate for your unique situation.

    Products Mentioned in Surveillance Self-Defense

    We try to ensure that the software and hardware mentioned in SSD complies with the criteria listed above. We have made a good faith effort to only list products that:

    • have a solid grounding in what we currently know about digital security,
    • are generally transparent about their operation (and their failings),
    • have defenses against the possibility that the creators themselves will be compromised, and
    • are currently maintained, with a large and technically-knowledgeable user base.

    We believe that they have, at the time of writing, a wide audience who is examining them for flaws, and would raise concerns to the public quickly. Please understand that we do not have the resources to examine or make independent assurances about their security. We do not endorse these products and cannot guarantee complete security.

    Last reviewed: 
    10-7-2019
  • Protecting Yourself on Social Networks

    Social networks are among the most popular websites on the Internet. Facebook has over a billion users, and Instagram and Twitter have hundreds of millions of users each. Social networks were generally built on the idea of sharing posts, photographs, and personal information. Now they have also become forums for organizing and speech. Any of these activities can rely on privacy and pseudonymity.

    Thus, the following questions are important to consider when using social networks: How can I interact with these sites while protecting myself? My basic privacy? My identity? My contacts and associations? What information do I want keep private and who do I want to keep it private from?

    Depending on your circumstances, you may need to protect yourself against the social network itself, against other users of the site, or both.

    Tips to Keep in Mind When Creating an Account

    • Do you want to use your real name? Some social media sites have so-called “real name policies,” but these have become more lax over time. If you do not want to use your real name when registering for a social media site, do not.
    • When you register, don't provide more information than is necessary. If you are concerned with hiding your identity, use a separate email address and avoid giving your phone number. Both of these pieces of information can identify you individually and can link different accounts together.
    • Be careful when choosing a profile photo or image. In addition to metadata that might include the time and place the photo was taken, the image itself can provide some information. Before you choose a picture, ask: Was it taken outside your home or workplace? Are any addresses or street signs visible?
    • Be aware that your IP address may be logged at registration.
    • Choose a strong password and, if possible, enable two-factor authentication.
    • Beware of password recovery questions such as “What city were you born in?” or “What is the name of your pet?”  because their answers can be mined from your social media details. You may want to choose password recovery answers that are false. One good way to remember the answers to password recovery questions, should you choose to use false answers for added security, is to note your chosen answers in a password manager.

    Check the Social Media Site's Privacy Policy

    Information stored by third parties is subject to their own policies and may be used for commercial purposes or shared with other companies, like marketing firms. While reading privacy policies is a near-impossible task, you may want to read the sections that describe how your data is used, when it is shared with other parties, and how the service responds to law enforcement requests.

    Social networking sites are usually for-profit businesses and often collect sensitive information beyond what you explicitly provide—where you are, what interests and advertisements you react to, what other sites you've visited (e.g. through “Like” buttons). Consider blocking third-party cookies and using tracker-blocking browser extensions to make sure extraneous information isn't being passively transmitted to third parties.

    Change Your Privacy Settings

    Specifically, change the default settings. For example, do you want to share your posts with the public, or only with a specific group of people? Should people be able to find you using your email address or phone number? Do you want your location shared automatically?

    Even though every social media platform has its own unique settings, you can find some patterns.

    • Privacy settings tend to answer the question: “Who can see what?” Here you’ll probably find settings concerning audience defaults (“public,” “friends of friends,” “friends only,” etc.), location, photos, contact information, tagging, and if/how people can find your profile in searches.
    • Security (sometimes called “safety”) settings will probably have more to do with blocking/muting other accounts, and if/how you want to be notified if there is an unauthorized attempt to authorize your account. Sometimes, you’ll find login settings—like two-factor authentication and a backup email/phone number—in this section. Other times, these login settings will be in an account settings or login settings section, along with options to change your password.

    Take advantage of security and privacy “check-ups.” Facebook, Google, and other major websites offer “security check-up” features. These tutorial-style guides walk you through common privacy and security settings in plain language and are an excellent feature for users.

    Finally, remember that privacy settings are subject to change. Sometimes, these privacy settings get stronger and more granular; sometimes not. Pay attention to these changes closely to see if any information that was once private will be shared, or if any additional settings will allow you to take more control of your privacy.

    Keep Separate Profiles Separate

    For a lot of us, it’s critical to keep different account’s identities separate. This can apply to dating websites, professional profiles, anonymous accounts, and accounts in various communities.

    Phone numbers and photos are two types of information to keep an eye on. Photos, in particular, can sneakily link accounts you intend to keep separate. This is a surprisingly common issue with dating sites and professional profiles. If you want to maintain your anonymity or keep a certain account’s identity separate from others, use a photo or image that you don’t use anywhere else online. To check, you can use Google’s reverse image search function. Other potentially linking variables to watch out for include your name (even nicknames) and your email. If you discover that one of these pieces of information is in a place you didn’t expect, don’t get scared or panic. Instead, think in baby steps: instead of trying to wipe all information about you off the entire Internet, just focus on specific pieces of information, where they are, and what you can do about them.

    Familiarize Yourself With Facebook Groups Settings

    Facebook groups are increasingly places for social action, advocacy, and other potentially sensitive activities, but group settings can be confusing. Learn more about group privacy settings and work with group members to keep your Facebook groups private and secure.

    Privacy Is A Team Sport

    Don’t just change your own social media settings and behavior. Take the additional step of talking with your friends about the potentially sensitive data you reveal about each other online. Even if you don’t have a social media account, or even if you untag yourself from posts, friends can still unintentionally identify you, report your location, and make their connections to you public. Protecting privacy means not only taking care of ourselves, but also taking care of each other.

    Last reviewed: 
    10-19-2019
  • ستاسو د امنیت پلان

    هر وخت له هرچا څخه ستاسو د ټولو معلوماتو خوندي کولو هڅه کول غیر عملي او یو ستړۍ کار دی. اما، ویره مه لرئ! امنیت یوه پروسه ده، او د یوه ښه فکري پلان له لارې، تاسو کولی شئ داسي یو پلان جوړ کړئ چې ستاسو لپاره سم دی. امنیت یوازې د هغه وسیلو په اړه ندي چې تاسو یې کاروئ یا هغه سافټویر چې تاسو یي ډاونلوډ کوئ. دا د هغه ځانګړي ګواښونو درک کولو سره پیل کیږي چې تاسو ورسره مخ یاست او داچي تاسو څنګه کولی شئ د دې ګواښونو سره مقابله وکړئ.

    د کمپیوټر امنیت په برخه کې، یو ګواښ یو احتمالي پیښه ده چې کولی شي ستاسو د معلوماتو دفاع لپاره ستاسو هڅې زیانمنې کړي. تاسو کولی شئ د هغه ګواښونو سره مقابله وکړئ چې تاسو ورسره مخ یاست د دې په ټاکلو سره چې تاسو باید د کوم یو ساتنه وکړئ او دا چي له چا څخه یي باید ساتنه وکړئ. دا د امنیت د پلان کولو پروسه ده، چې ډیری وختونه ورته "د ګواښ ماډلینګ" ویل کیږي.

    دا لارښود به تاسو ته ښوونه وکړي چې څنګه ستاسو ډیجیټلي معلوماتو لپاره امنیتي پلان جوړ کړئ او څنګه مشخص کړئ چې کوم د حل لارې ستاسو لپاره غوره دي.

    امنیتي پلان څه ډول وي؟ راځئ دا ووایو چې تاسو غواړئ خپل کور او شتمنۍ خوندي وساتئ. دلته یو څو پوښتنې دي چې تاسو یې شاید وپوښتئ:

    *زه په خپل کور کې داسي څه لرم چې د ساتنې وړ دی؟*

    •             په شتمنیو کې شامل کیدی شي: زیورات، برقي توکي، مالي اسناد، پاسپورټونه، یا انځورونه

    *زه له چا څخه ددغو شیانو ساتنه غواړم؟*

    •             په مخالفینو کې شامل کیدی شي: غله، د خونې ملګري، یا میلمانه

    *دا څومره احتمال لري چې زه به یې ساتنې ته اړتیا ولرم؟*

    •             ایا زما ګاونډی د غلا تاریخچه لري؟ زما د خوني ملګري/میلمانه څومره د باور وړ دي؟ زما د مخالفینو وړتیاوي څنګه دي؟ زه باید کوم خطرونه په نظر کي ولرم؟

    که چیري پدي کار کي ناکامه شم نو پایلي یي څومره خطرناکه دي؟

    •             ایا زه زما په کور کې داسي کوم شی لرم چې زه یې نشم بدلولی؟ ایا زه د دې شیانو د بدلولو لپاره وخت یا پیسې لرم؟ ایا زه بیمه لرم چې زما له کور څخه غلا شوي توکي وپوښي؟

    *زه د دې پایلو مخنیوي لپاره څومره ستونزو سره باید مخ شم؟*

    •             ایا زه چمتو یم چې د حساس اسنادو لپاره یو سیف واخلم؟ ایا زه کولی شم د لوړ کیفیت قلف واخلم؟ ایا زه وخت لرم چې په خپل محلي بانک کې امنیتي بکس خلاص کړم او خپل قیمتي توکي هلته وساتم؟

    یوځل چې تاسو له ځانه دا پوښتنې وپوښتئ، نو تاسو په داسې موقعیت کې یاست ترڅو ارزونه وکړئ کوم تدابیر باید ونیول شي. که ستاسو شتمني ارزښتناکه وي، مګر د غلا کیدو احتمال یې ټیټ وي، نو شاید ضرور نه وي چي پر قلف دومره پیسي مصرف کړئ. مګر، که د غلا کیدو احتمال ډیر وي، تاسو باید په بازار کې غوره قلف ترلاسه کړئ، او د امنیت سیسټم ټینګولو باندې غور وکړئ.

    د امنیتي پلان جوړول به تاسو سره مرسته وکړي هغه ګواښونه چې تاسو ته ځانګړي دي او ستاسو د شتمنیو، ستاسو مخالفینو، او ستاسو د مخالفینو وړتیاو ارزونه، د خطرونو احتمال چې تاسو ورسره مخ یاست ښه درک کړئ.

    زه څنګه خپل امنیتی پلان جوړ کړم؟ د کوم ځاۍ څخه پیل وکړم؟

    د امنیت پلان جوړول تاسو سره مرسته کوي ترڅو هغه شیان چې ستاسو لپاره ارزښت لري او دا چي پریکړه وکړئ له چا څخه یې ساتلو ته اړتیا لرئ وپیژنئ. کله چې د امنیتي پلان جوړوئ دا پنځه پوښتنو ته ځواب ووایاست:

    1.          د کوم شي ساتنه باید وکړم؟

    2.          د چا څخه یي ساتنه وکړم؟

    3.          که چیري پدي کار کي ناکامه شم نو پایلي یي څومره خطرناکه دي؟

    4.          دا څومره امکان لري چې زه به یې ساتنې ته اړتیا ولرم؟

    5.          زه د احتمالي پایلو مخنیوي لپاره څومره ستونزو سره باید مخ شم؟

    راځئ چې دې هرې پوښتنې ته نږدې کتنه وکړو.

    باید د کومو شیانو ساتنه وکړم؟

    "شتمنۍ" هغه څه دي چې ستاسو لپاره ارزښت لري او ساتنه یې غواړئ. د ډیجیټلي امنیت په برخه کې، شتمني معمولا یو ډول معلومات وي. د مثال په توګه، ستاسو بریښنالیکونه، د اړیکو لیستونه، فوري پیغامونه، موقعیت او فایلونه ټولې احتمالي شتمنۍ دي. ستاسو آلي یا دستګاوي هم شتمنۍ دي.

    د خپلو شتمنیو لیست جوړ کړئ: هغه ډاټا چې تاسو یې ساتئ، چیرته ساتل کیږي، څوک دې ته لاسرسی لري، کوم شیان دې ته د لاسرسي مخه نیسي.

    زه غواړم د چا څخه یي ساتنه وکړم؟

    دې پوښتنې ته د ځواب ویلو لپاره، دا مهم دي ترڅو وپیژنئ هغه به ممکن څوک وي چي غواړي تاسو یا ستاسو معلومات په نښه کړي. یو شخص یا اداره چې ستاسو شتمنیو ته ګواښ پیښوي یو "دښمن یا مخالف" بلل کیږي. د احتمالي دښمنانو مثالونه ستاسو رییس، ستاسو پخوانی ملګری، ستاسو د سوداګرۍ سیال، ستاسو دولت یا په عامه شبکه کې هیکر دی.

    د خپلو مخالفینو، یا هغه څوک چې ممکن وغواړي ستاسو شتمنۍ ترلاسه کړي لیست یي جوړ کړئ. ستاسو په لیست کې ممکن افراد، یوه دولتي اداره، یا شرکتونه شامل وي.

    نظر ودي ته چې ستاسو مخالفین څوک دي، په ځینې شرایطو کې دا لیست ممکن هغه څه وي چې تاسو یې غواړئ د امنیتي پلان جوړولو وروسته له مینځه یوسي.

    پایلي یي څومره خطرناکه دي؟

    ډیری لارې شتون لري چې یو دښمن کولی شي ستاسو معلوماتو ته لاسرسی ومومي. د مثال په توګه، یو دښمن کولی شي کله چې دوی له شبکې څخه تیریږي ستاسو شخصي اړیکې ولولي، یا دوی کولی شي ستاسو ډاټا له منځه یوسي یا فاسد کړي.

    د مخالفینو انګیزي لکه د دوی تاکتیکونه په پراخه کچه توپیر لري. یو حکومت چې هڅه کوي د داسي یوې ویډیو د خپریدو مخه ونیسي چې د پولیسو تاوتریخوالی ښیې ممکن د دې ویډیو حذف کول یا هغه ته لاسرسۍ کمول یوه منځپانګه وي. برعکس، یو سیاسي مخالف ممکن وغواړي چې پټ مینځپانګې ته لاسرسی ومومي او پرته له دې چې تاسو خبر کړي دا مینځپانګه نشر کړي.

    د امنیت پلان کولو کي پدي پوهیدل دي چې پایلې به څومره خرابې وي که چیرې یو دښمن په بریالیتوب سره ستاسو یوې شتمنۍ ته لاسرسی ومومي. د دې مشخص کولو لپاره، تاسو باید د خپل دښمن وړتیا په پام کې ونیسئ. د مثال په توګه، ستاسو د ګرځنده تلیفون چمتو کونکی ستاسو د تلیفون ټولو ریکارډونو ته لاسرسی لري. د وائی فای په یو پرانیستي شبکه کې هیکر کولی شي ستاسو غیر کوډ کښل شوي اړیکو ته لاسرسی ومومي. ستاسو دولت ممکن قوي وړتیاوې ولري.

    هغه څه ولیکئ چې ستاسو دښمن ممکن ستاسو د شخصي معلوماتو سره څه کول غواړي.

    دا څومره امکان لري چې زه به یې ساتنې ته اړتیا ولرم؟

    خطر د دې احتمال دی چې د یوې ځانګړې شتمنۍ پروړاندې یو ځانګړی ګواښ په عملي توګه واقع شي. دغه شی د وړتیا سره نښتي وي. پداسې حال کې چې ستاسو د ګرځنده تلیفون چمتو کونکي وړتیا لري چې ستاسو ټولو ډاټا ته لاسرسی ومومي، ددي خطر چي په آنلاین توګه ستاسو شخصي ډاټا خپاره کړي ترڅو ستاسو شهرت ته زیان ورسوي ټیټ دی.

    دا مهم دي ترڅو ددي ترمینځ توپیر وکړئ چي څه شی ممکن پیښ شي او څومره احتمال لري چي دا به پیښ شي. د مثال په توګه، یو ګواښ شتون لري چې ستاسو ودانۍ به چپه شي، مګر د دې پیښې خطر په سان فرانسسکو کې (چیرې چې زلزلې عام دي) د سټاکهولم په پرتله (چیرې چې دوی نه وي) خورا ډیر دی.

    د خطرونو ارزونه دواړه شخصي او فکري (د خلکو فکر پر بنسټ) پروسه ده. ډیری خلک ځینې ګواښونه د نه منلو وړ ګڼي پرته لدې چې احتمال یې په نظر کي ونیسي ځکه چې په هر احتمال کې یوازې د ګواښ شتون په لګښت نه ارزي. په نورو قضیو کې، خلک لوړ خطرونه له پامه غورځوي ځکه چې دوی ګواښ ته د یوي ستونزې په توګه نه ګوري.

    هغه ګواښونه چې تاسو یې په جدي توګه ګڼئ، او کوم چې د اندیښنې لپاره خورا نادر وي یا خورا زیان رسونکي نه وي (یا د مبارزې لپاره خورا ستونزمن وي) ولیکئ.

    زه د دې پایلو مخنیوي کوښښ لپاره څومره ستونزو سره باید مخ شم؟

    د امنیت لپاره هیڅ بشپړ انتخاب شتون نلري. هرڅوک ورته لومړیتوبونه، اندیښنې یا سرچینو ته لاسرسی نلري. ستاسو د خطر ارزونه به تاسو ته اجازه درکړي د ځان لپاره  د اسانتیا، لګښت او محرمیت توازن په پام کي نیولو سره سم یوه سمه ستراتیژي پلان کړئ.

    د مثال په توګه، یو وکیل چې په ملي امنیت قضیه کې د پیرودونکي نمایندګي کوي ممکن د دې قضیې په اړه د اړیکو خوندي کولو لپاره ډیر کارونه ترسره کړي، لکه د کوډ کښل شوي بریښنالیک کارول خو د کورنۍ غړی چې په منظم ډول مسخره پیشو ویډیوګانې ایمیل کوي دا کار به ونه کړي.

    هغه اختیارونه چي ستاسو لپاره شتون لري ولیکئ ترڅو ستاسو د ځانګړي ګواښونو په کمولو کې مرسته وکړي. دا یادداښت کړئ که تاسو کوم مالي محدودیتونه، تخنیکي خنډونه، یا ټولنیز خنډونه لرئ.

    امنیتي پلان جوړول د یو عادي کړني په توګه

    په یاد ولرئ ستاسو امنیتي پلان جوړونه ممکن ستاسو وضعیت بدلون سره سم بدلون ومومي. پدې توګه، ستاسو د امنیت پلان په مکرر ډول بیاکتنه یوه ښه کړنه ده.

    د خپل ځانګړي وضعیت پر بنسټ خپل امنیتي پلان جوړ کړئ. بیا خپل تقویم په راتلونکي کې د نیټې لپاره په نښه کړئ. دا به تاسو وهڅوي چې د خپل پلان بیاکتنه وکړي او بیرته چیک کړئ ترڅو معلومه کړي ایا دا لاهم ستاسو وضعیت پوري تړاو لري.

    Last reviewed: 
    2-1-2021
  • Communicating with Others

    Telecommunication networks and the Internet have made communicating with people easier than ever, but have also made surveillance more prevalent. Without taking extra steps to protect your privacy, every phone call, text message, email, instant message, video and audio chat, and social media message could be vulnerable to eavesdroppers.

    Often the most privacy-protective way to communicate with others is in person, without computers or phones being involved at all. Because this isn’t always possible, the next best thing is to use end-to-end encryption.

    How Does End-to-End Encryption Work?

    End-to-end encryption ensures that information is turned into a secret message by its original sender (the first “end”), and decoded only by its final recipient (the second “end”). This means that no one can “listen in” and eavesdrop on your activity, including wifi cafe snoops, your Internet service provider, and even the website or app you are using itself. Somewhat counter-intuitively, just because you access messages in an app on your phone or information from a website on your computer does not mean that the app company or website platform itself can see them. This is a core characteristic of good encryption: even the people who design and deploy it cannot themselves break it.

    All the tools that have guides on the SSD site use end-to-end encryption. You can use end-to-end encryption for any kind of communication — including voice and video calls, messaging and chat, and email.

    (Not to be confused with end-to-end encryption is transport-layer encryption. While end-to-end encryption protects messages, for example, all the way from you to your recipient, transport-layer encryption only protects them as they travel from your device to the app’s servers and from the app’s servers to your recipient’s device. In the middle, your messaging service provider—or the website you are browsing, or the app you are using—can see unencrypted copies of your messages.)

    Under the hood, end-to-end encryption works like this: When two people want to communicate via end-to-end encryption (for example, Akiko and Boris) they must each generate pieces of data, called keys. These keys can be used to turn data that anyone can read into data that can be only read by someone who has a matching key. Before Akiko sends a message to Boris, she encrypts it to Boris's key so that only Boris can decrypt it. Then she sends this encrypted message across the Internet. If anyone is eavesdropping on Akiko and Boris—even if they have access to the service that Akiko is using to send this message (such as her email account)—they will only see the encrypted data and will be unable to read the message. When Boris receives it, he must use his key to decrypt it into a readable message.

    Some services, like Google Hangouts, advertise “encryption,” but use keys that are created and controlled by Google, not the sender and final receiver of the message. This is not end-to-end encryption. To be truly secure, only the “ends” of the conversation should have the keys that let them encrypt and decrypt. If the service you use controls the keys, that is transport layer-encryption instead.

    End-to-end encryption means that users must keep their keys secret. It can also mean doing work to make sure the keys used to encrypt and decrypt belong to the right people. Using end-to-end encryption can involve some effort—from simply choosing to download an app that offers it to proactively verifying keys—but it's the best way for users to verify the security of their communications without having to trust the platform that they're both using.

    Learn more about encryption in What Should I know About Encryption?, Key Concepts in Encryption, and Different Types of Encryption. We also explain one particular kind of end-to-end encryption—called “public key encryption”—in more detail in A Deep Dive on End-to-End Encryption.

    Phone Calls and Text Messages versus Encrypted Internet Messages

    When you make a call from a landline or a mobile phone, your call is not end-to-end encrypted. When you send a text message (also known as SMS) on a phone, the text is not encrypted at all. Both allow governments or anyone else with power over the phone company to read your messages or record your calls. If your risk assessment includes government interception, you may prefer to use encrypted alternatives that operate over the Internet. As a bonus, many of these encrypted alternatives also offer video.

    Some examples of services or software that offer end-to-end encrypted texting and voice and video calls include:

    Some examples of services that do not offer end-to-end encryption by default include:

    • Google Hangouts
    • Kakao Talk
    • Line
    • Snapchat
    • WeChat
    • QQ
    • Yahoo Messenger

    And some services, like Facebook Messenger and Telegram, only offer end-to-end encryption if you deliberately turn it on. Others, like iMessage, only offer end-to-end encryption when both users are using a particular device (in the case of iMessage, both users need to be using an iPhone).

    How Much Can You Trust Your Messaging Service?

    End-to-end encryption can defend you against surveillance by governments, hackers, and the messaging service itself. But all of those groups might be able to make secret changes in the software you use so that even if it claims to use end-to-end encryption, it is really sending your data unencrypted or with weakened encryption.

    Many groups, including EFF, spend time watching well-known providers (like WhatsApp, which is owned by Facebook, or Signal) to make sure they really are providing the end-to-end encryption they promise. But if you are concerned about these risks, you can use tools that use publicly known and reviewed encryption techniques and are designed to be independent of the transport systems they use. OTR and PGP are two examples. These systems rely on user expertise to operate, are often less user-friendly, and are older protocols that don’t use all of the modern best encryption techniques.

    Off-the-Record (OTR) is an end-to-end encryption protocol for real-time text conversations that can be used on top of a variety of instant messaging services. Some tools that incorporate OTR include:

    PGP (or Pretty Good Privacy) is the standard for end-to-end encryption of email. For detailed instructions on how to install and use PGP encryption for your email, see:

    PGP for email is best-suited for technically experienced users communicating with other technically experienced users who are well aware of PGP’s complexities and limitations.

    What End-To-End Encryption Does Not Do

    End-to-end encryption only protects the content of your communication, not the fact that you are communicating in the first place. It does not protect your metadata, which includes, for example, the subject line of an email, who you are communicating with, and when. If you are making a call from a cell phone, information about your location is also metadata.

    Metadata can provide extremely revealing information about you even when the content of your communication remains secret.

    Metadata about your phone calls can give away some very intimate and sensitive information. For example:

    • They know you rang a phone sex service at 2:24 am and spoke for 18 minutes, but they don't know what you talked about.
    • They know you called the suicide prevention hotline from the Golden Gate Bridge, but the topic of the call remains a secret.
    • They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour, but they don't know what was discussed.
    • They know you received a call from the local NRA office while it was having a campaign against gun legislation, and then called your senators and congressional representatives immediately after, but the content of those calls remains safe from government intrusion.
    • They know you called a gynecologist, spoke for a half hour, and then called the local Planned Parenthood's number later that day, but nobody knows what you spoke about.

    Other Important Features

    End-to-end encryption is only one of many features that may be important to you in secure communication. As described above, end-to-end encryption is great for preventing companies and governments from accessing your messages. But for many people, companies and governments are not the biggest threat, and therefore end-to-end encryption might not be the biggest priority.

    For example, if someone is worried about a spouse, parent, or employer with physical access to their device, the ability to send ephemeral, “disappearing” messages might be their deciding factor in choosing a messenger. Someone else might be worried about giving their phone number out, and so the ability to use a non-phone-number “alias” might be important.

    More generally, security and privacy features are not the only variables that matter in choosing a secure communications method. An app with great security features is worthless if none of your friends and contacts use it, and the most popular and widely used apps can vary significantly by country and community. Poor quality of service or having to pay for an app can also make a messenger unsuitable for some people.

    The more clearly you understand what you want and need out of a secure communication method, the easier it will be to navigate the wealth of extensive, conflicting, and sometimes outdated information available.

    Last reviewed: 
    6-9-2020
  • Creating Strong Passwords

    Creating Strong Passwords Using Password Managers

    Reusing passwords is an exceptionally bad security practice. If a bad actor gets ahold of a password that you've reused across multiple services, they can gain access to many of your accounts. This is why having multiple, strong, unique passwords is so important.

    Fortunately, a password manager can help. A password manager is a tool that creates and stores passwords for you, so you can use many different passwords on different sites and services without having to memorize them. Password managers:

    • generate strong passwords that a human being would be unlikely to guess.
    • store several passwords (and responses to security questions) safely.

    • protect all of your passwords with a single master password (or passphrase).

    KeePassXC is an example of a password manager that is open-source and free. You can keep this tool on your desktop or integrate it into your web browser. KeePassXC does not automatically save changes you make when using it, so if it crashes after you've added some passwords, you can lose them forever. You can change this in the settings.

    Wondering whether a password manager is the right tool for you? If a powerful adversary like a government is targeting you, it might not be.

    Remember:

    • using a password manager creates a single point of failure.

    • password managers are an obvious target for adversaries.

    • research suggests that many password managers have vulnerabilities.

    If you’re worried about expensive digital attacks, consider something more low-tech. You can create strong passwords manually (see “Creating strong passwords using dice” below), write them down, and keep them somewhere safe on your person.

    Wait, aren’t we supposed to keep passwords in our heads and never write them down? Actually, writing them down, and keeping them somewhere like your wallet, is useful so you’ll at least know if your written passwords go missing or get stolen.

    Creating Strong Passwords Using Dice

    There are a few passwords that you should memorize and that need to be particularly strong. These include:

    One of many difficulties when people choose passwords themselves is that people aren't very good at making random, unpredictable choices. An effective way of creating a strong and memorable password is to use dice and a word list to randomly choose words. Together, these words form your “passphrase.” A "passphrase" is a type of password that is longer for added security. For disk encryption and your password manager, we recommend selecting a minimum of six words.

    Why use a minimum of six words? Why use dice to pick words in a phrase randomly? The longer and more random the password, the harder it is for both computers and humans to guess. To find out why you need such a long, hard-to-guess password, here’s a video explainer.

    Try making a passphrase using one of EFF's word lists.

    If your computer or device gets compromised and spyware is installed, the spyware can watch you type your master password and could steal the contents of the password manager. So it's still very important to keep your computer and other devices clean of malware when using a password manager.

    A Word About “Security Questions”

    Beware of the “security questions” that websites use to confirm your identity. Honest answers to these questions are often publicly discoverable facts that a determined adversary can easily find and use to bypass your password entirely.

    Instead, give fictional answers that no one knows but you. For example, if the security question asks:

    “What was the name of your first pet?”

    Your answer could be a random password generated from your password manager. You can store these fictional answers in your password manager.

    Think of sites where you’ve used security questions and consider changing your responses. Do not use the same passwords or security question answers for multiple accounts on different websites or services.

    Syncing Your Passwords Across Multiple Devices

    Many password managers allow you to access your passwords across devices through a password-synchronizing feature. This means when you sync your password file on one device, it will update it on all of your devices.

    Password managers can store your passwords “in the cloud,” meaning encrypted on a remote server. When you need your passwords, these managers will retrieve and decrypt the passwords for you automatically. Password managers that use their own servers to store or help synchronize your passwords are more convenient, but are slightly more vulnerable to attacks. If your passwords are stored both on your computer and in the cloud, an attacker does not need to take over your computer to find out your passwords. (They will need to break your password manager’s passphrase though.)

    If this is concerning, don't sync your passwords to the cloud and instead opt to store them on just your devices.

    Keep a backup of your password database just in case. Having a backup is useful if you lose your password database in a crash, or if your device is taken away from you. Password managers usually have a way to make a backup file, or you can use your regular backup program.

    Multi-Factor Authentication and One-Time Passwords

    Strong, unique passwords make it much harder for bad actors to access your accounts. To further protect your accounts, enable two-factor authentication.

    Some services offer two-factor authentication (also called 2FA, multi-factor authentication, or two-step verification), which requires users to possess two components (a password and a second factor) to gain access to their account. The second factor could be a one-off secret code or a number generated by a program running on a mobile device.

    Two-factor authentication using a mobile phone can be done in one of two ways:

    • your phone can run an authenticator application that generates security codes (such as Google Authenticator or Authy) or you can use a stand-alone hardware device (such as a YubiKey); or
    • the service can send you an SMS text message with an extra security code that you need to type in whenever you log in.

    If you have a choice, pick the authenticator application or stand-alone hardware device instead of receiving codes by text message. It’s easier for an attacker to redirect these codes to their own phone than it is to bypass the authenticator.

    Some services, such as Google, also allow you to generate a list of one-time passwords, also called single-use passwords. These are meant to be printed or written down on paper and carried with you. Each of these passwords works only once, so if one is stolen by spyware when you enter it, the thief won't be able to use it for anything in the future.

    Sometimes, You Will Need to Disclose Your Password

    Laws about revealing passwords differ from place to place. In some jurisdictions you may be able to legally challenge a demand for your password while in others, local laws allow the government to demand disclosure — and even imprison you on the suspicion that you may know a password or key. Threats of physical harm can be used to force someone to give up their password. Or you may find yourself in a situation, such as travelling across a border, where the authorities can delay you or seize your devices if you refuse to give up a password or unlock your device.

    We have a separate guide to crossing the U.S. border that gives advice on how to deal with requests for access to devices while travelling to or from the United States. In other situations, you should think about how someone might force you or others to give up your passwords, and what the consequences would be.

    Last reviewed: 
    2-3-2021
  • د شبکې سانسور باندې پوهیدل او د هغه لاره چاره (خنډ له مینځه وړل)

    دا د شبکې سانسور په اړه یوه عمومي کتنه ده، مګر دا هر اړخیزه کتنه نده.

    حکومتونه، شرکتونه، ښوونځي او د انټرنیټ چمتو کونکي ځینې وختونه داسې سافټویر کاروي ترڅو د دوی کاروونکو لخوا ویب پاڼې او خدماتو ته د لاسرسي مخه ونیسي چې په بل ډول په عمومې ویب کې شتون لري. دې ته د انټرنیټ فلټرینګ یا مخنیوۍ ویل کیږي، او دا د سانسور یوه بڼه ده. فلټرنګ په بیلابیلو بڼو موندل کیږي. حتی د انکرپشن سره، سانسور کوونکي کولی شي ټولې ویب پاڼې، د کوربه توب چمتو کونکي، یا انټرنیټ ټیکنالوژي بند کړي. ځینې وختونه، مینځپانګه د هغه کلیدې کلیمو پراساس بندیږي چې پکې شامل وي. کله چې سایټونه کوډ شوي نه وي، سانسور کوونکي کولی شي انفرادي ویب پاڼې هم بندې کړي.

    د انټرنیټ سانسور ماتولو مختلف لارې شتون لري. ځینې تاسو له څارنې څخه ساتي، مګر ډیری یې دا کار نه کوي. کله چې یو څوک ستاسو د شبکې کنټرول په لاس کې لري نو بیا فلټر کوي یا سایټ بندوې، تاسو تل کولی شئ د اړتیا وړ معلوماتو ترلاسه کولو لپاره د خنډ له مینځه وړلو وسیله وکاروئ.

    یادداښت: د خنډ له مینځه وړلو وسیلې چې د محرمیت یا امنیت ژمنه کوي تل محرم یا خوندي ندي. او هغه وسیلې چې دا اصطلاحات لکه "نامعلوم"کاروي  تل ستاسو هویت په بشپړ ډول پټ نه ساتي.

    د خنډ له منځه وړلو وسیله چې ستاسو لپاره غوره ده ستاسو په امنیتي پلان پورې اړه لري. که تاسو ډاډه نه یاست چې څنګه د امنیت پلان رامینځته کړئ، دلته یې پیل کړئ. د امنیت پلان رامینځته کولو پرمهال، خبر اوسئ هغه څوک چې ستاسو د انټرنیټ وصلول کنټرولوي ممکن خبر شي چې تاسو د خنډ له منځه وړلو یوه ځانګړې وسیله یا تخنیک کاروئ، نو شاید ستاسو یا نورو پروړاندې اقدام وکړي.

    پدې مقاله کې، موږ به د انټرنیټ سانسور پوهیدو په اړه وغږیږو، دا چې څوک يي ترسره کولۍ شي، او دا څنګه پیښیږي.

     

    •             د انټرنیټ سانسور او څارنې په اړه پوهیدل

    –            سانسور او څارنه: د ورته سکې دوه اړخونه

    –            د څارنې لګښتونه

    •             چیرته او څنګه د شبکې سانسور او څارنه پیښیږي

    –            بندیز یا بلاکنګ چیرته کیږي؟

    –            دا کار څنګه ترسره کیږي؟

    •             د خنډ له منځه وړلو تخنیکونه

    –            بند شوي ویب پاڼې یا خدماتو ته د لاسرسي لپاره ستاسو د DNS چمتو کونکي بدلول

    –            بند شوي ویب پا ڼې یا خدماتو ته د لاسرسي لپاره د مجازی خصوصي شبکې (VPN) یا کوډ شوې ویب پراکسي یا آدرس کارول.

    –            بند شوي ویب پاڼې ته د لاسرسي لپاره یا د خپل هویت خوندي کولو لپاره د تور (Tor) براوزر کارول

    د انټرنیټ سانسور او څارنه په اړه پوهیدل

    انټرنیټ ډیری پروسې لري چې ټول باید په سمه توګه یوځای کار وکړي ترڅو ستاسو اړیکې له یو ځای څخه بل ځای ته ورسیږي. که څوک هڅه کوي د انټرنیټ ځینې برخې، یا ځانګړي فعالیتونه بند کړي، دوی ممکن د سیسټم ډیری مختلف برخې په نښه کړي. هغه میتودونه چې دوی یې کاروي ممکن پدې پورې اړه ولري چې دوی په کوم ټیکنالوژۍ او وسیلو کنټرول لري، د دوی پوهه، د دوی سرچینې، او ایا دوی د ځواک په موقعیت کې دي ترڅو نورو ته ووایی چې څه وکړي.

    څارنه او سانسور: د یوي سیکې دوه اړخونه

    د انټرنیټ څارنه او سانسور ډیر ورته والۍ لري د انټرنیټ سانسور دوه مرحله پروسه ده:

    1.          د "نه منلو وړ" فعالیت موندل

    2.          د "نه منلو وړ" فعالیت بندول

    د "نه منلو وړ" فعالیت موندنه د انټرنیټ څارنې په څیر ده. که د شبکې مدیران وګوري چې تاسو د انټرنیټ کومو ځایونو ته ځئ، دوی کولی شي پریکړه وکړي چې ایا دا بند کړي. د انټرنیټ او ډیټا محرمیت وسیلو او ټیکنالوژیو په ملاتړ سره، موږ کولی شو د انټرنیټ فلټر کول او بندول نور هم ستونزمن کړو.

    د خنډ له منځه وړلو ډیری تخنیکونه په ورته ډول ستاسو د معلوماتو خوندي کولو اضافي ګټه هم لري کله چې تاسو آنلاین ځئ.

    د څارنې لګښتونه

    د انټرنیټ ترافیک بندول به لګښتونه ولري، او ډیر بلاک کول حتی ډیر لګښت لري. یو مشهور مثال دا دی چې د چین حکومت د GitHub ویب پاڼه نده سانسور کړي، حتی که څه هم ډیری حکومت ضد خبر پاڼې په دې ویب پاڼې کې کوربه دي. د سافټویر جوړونکي GitHub ته لاسرسي ته اړتیا لري ترڅو هغه کار ترسره کړي چې د چین اقتصاد لپاره ګټور وي. همدا اوس، دې سانسورونو پریکړه کړې چې د Github بلاک کول به ددوۍ لپاره د بندولو په پرتله ډیر لګښت ولري.

    ټول سانسور کوونکي به ورته پریکړه ونه کړي. د مثال په توګه، د انټرنیټ لنډمهاله بندیدل ورځ تر بلې عام کیږي، که څه هم دا اقدامات کولی شي سیمه ایز اقتصاد ته جدي زیان ورسوي.

    چیرته او څنګه سانسور او څارنه پیښیږي

    بندیز چیرته پیښیږي؟

    Your computer tries to connect to https://eff.org, which is at a listed IP address (the numbered sequence beside the server associated with EFF’s website). The request for that website is made and passed along to various devices, such as your home network router and your Internet Service Provider (ISP), before reaching the intended IP address of https://eff.org. The website successfully loads for your computer.

    ستاسو کمپیوټر هڅه کوي https://eff.org سره وصل شي، کوم چې په لیست شوي IP آدرس کې دی (د EFF ویب پاڼې سره تړلي سرور سره شمیرل شوی ترتیب). د دې ویب پاڼې غوښتنه د مختلف وسیلو لکه ستاسو د کور شبکې روټر او ستاسو د انټرنیټ خدماتو چمتو کونکي (ISP) ته لیږدول کیږي او مخکې لدې چې https://eff.org ټاکل شوي IP آدرس ته ورسیږي. ویب پاڼه په بریالیتوب سره ستاسو کمپیوټر لپاره لوډ کوي.

    An eye, watching a computer trying to connect to eff.org.

    (1) ستاسو په وسیلو کې بندول یا فلټر کول. دا په ځانګړي توګه په ښوونځیو او کاري ځایونو کې عام دی. یو څوک چې ستاسو کمپیوټرونه او تلیفونونه تنظیم یا اداره کوي کولی شي په دوی کې داسې سافټویر واچوي چې ددغو وسیلو کارول محدود کړي. سافټویر د وسیلې د کار کولو طریقه بدلوي او کولی شي ځینې سایټونو ته لاسرسی محدود کړي، یا په ځانګړي لارو آنلاین اړیکه ونیسي. سپای ویر (Spyware) کولی شي په ورته ډول کار وکړي

    An eye, watching traffic going in and out of a home network router.

    (2) د ځایی شبکې فلټر کول. دا په ځانګړي توګه په ښوونځیو او کاري ځایونو کې عام دی. یو څوک چې ستاسو ځایی شبکه اداره کوي (لکه د وای فای شبکه) ستاسو د انټرنیټ فعالیت باندې ځینې محدودیتونه پلي کوي، لکه څارنه یا کنټرول چیرې چې تاسو آنلاین ځئ یا کله چې د ځینې کلیمو لټون کوئ.

    An eye, watching traffic coming in and out of an ISP.

    (3) د انټرنیټ خدماتو چمتو کونکو (ISPs) لخوا بندول یا فلټر کول. ستاسو ISP عموما ستاسو د ځایی شبکې مدیر په توګه د فلټر کولو ورته ډول ترسره کولی شي. په ډیری هیوادونو کې ISPs د دوی حکومت لخوا مجبور دي چې د انټرنیټ منظم فلټر کولTítulo: fig: او سانسور ترسره کړي. سوداګریز ISPs کولی شي د کورنیو یا کار ګمارونکو لپاره د خدمت په توګه فلټر کول ترسره کړي. د ځانګړي استوګنې انټرنیټ خدماتو چمتو کونکي ممکن د یو اختیار په توګه پیرودونکو ته مستقیم د فلټر شوي اړیکې بازارموندنه وکړي، او په اتوماتيک ډول د دوی ISPs ټولو اړیکېو کې د سانسور ځانګړي میتودونه (څرنګه چې لاندې تشریح شوي) پلي کړي. دوی ممکن دا کار وکړي حتی که دا د حکومت لخوا اړین نه وي، ځکه چې د دوی ځینې پیرودونکي دا غواړي.

    بندول څنګه پیښیږي؟

    د IP آدرس بندول. "IP آدرسونه" په انټرنیټ کې د کمپیوټر موقعیتونه دي. د معلوماتو هره برخه چې په انټرنیټ لیږل کیږي د "ته" آدرس او "له" څخه آدرس لري. د انټرنیټ خدماتو چمتو کونکي یا د شبکې اداره کونکي کولی شي د هغه موقعیتونو لیستونه رامینځته کړي چې د ورته خدماتو سره مطابقت لري کوم چې دوی یې بلاک کول غواړي. دوی بیا کولی شي په شبکه کې د معلوماتو هرې برخې بندې کړي چې دې ځایونو ته یا له هغه ځایه لیږدول کیږي.

    دا کولی شي د بي حده بلاک کیدو لامل شي، ځکه چې ډیری خدمات په ورته ځای، یا IP آدرس کې کوربه کیدی شي. په ورته ډول، ډیری خلک خپل د انټرنیټ لاسرسي لپاره کوم ورکړل شوي IP آدرس شریکوي.

    In this diagram, the Internet Service Provider cross-checks the requested IP address against a list of blocked IP addresses. It determines that the IP address for eff.org matches that of a blocked IP address, and blocks the request to the website.

    پدې ډیاګرام کې، د انټرنیټ خدماتو چمتو کونکي غوښتل شوي IP آدرس د بند شوي IP آدرسونو لیست په مقابل کې کره کتنه (کراس چیک) کوي. دا مشخص کوي چې د eff.org لپاره IP آدرس د بند شوي IP آدرس سره سمون لري، او ویب پاڼې ته د لاسرسۍ هر ډول غوښتنه بندوي

     

    د DNS بندول. ستاسو وسیله د "DNS resolvers" په نوم کمپیوټرونه غوښتنه کوي چیرې چې سایټونه موقعیت لري. کله چې تاسو انټرنیټ سره وصل شئ، د ډیفالټ DNS حل کونکی چې ستاسو وسیله کاروي معمولا ستاسو د انټرنیټ خدماتو چمتو کونکي پورې اړه لري. ISP کولی شي خپل DNS حل کونکی پروګرام کړي او هرکله چې یو کارونکی هڅه کوي د بند شوي سایټ یا خدمت موقعیت وګوري ترڅو غلط ځواب ورکړي، یا هیڅ ځواب ورنکړي. که تاسو خپل د DNS حل کونکی بدل کړئ، مګر ستاسو د DNS اتصال کوډ شوی نه وي، ستاسو ISP لاهم کولی شي په انتخابي ډول بند شوي خدماتو لپاره ځوابونه بند یا بدل کړي.

    In this diagram, the request for eff.org’s IP address is modified at the Internet Service Provider level. The ISP interferes with the DNS resolver, and the IP address is redirected to give an incorrect answer or no answer.

    پدې ډیاګرام کې، د eff.org IP آدرس غوښتنه د انټرنیټ خدماتو چمتو کونکي کچې کې بدل شوې. ISP د DNS حل کونکي سره مداخله کوي، او IP آدرس د غلط ځواب یا نه ځواب ورکولو لپاره اړول کیږي.

     

    د کلیدې ټکو فلټرنګ. که ترافیک پرته له کوډ وي، د انټرنیټ خدماتو چمتو کونکي کولی شي د دوی مینځپانګو پراساس ویب پاڼې بلاک کړي. په کوډ شوي سایټونو کې د عمومي زیاتوالي سره، د فلټر کولو دا ډول دومره مشهوره ندي.

    یو خبرداری دا دی چې مدیران کولی شي د کوډ شوي فعالیت ډکرپټ کړي که چیرې کاروونکي د دوی وسیلې مدیرانو لخوا چمتو شوي باوري "CA تصدیق لیک" نصب کړي. لدې چې د وسیلې کارونکی باید تصدیق لیک نصب کړي، دا د ځایی شبکو لپاره په کاري ځایونو او ښوونځیو کې خورا عام کړنه ده، مګر د ISP کچې کې خورا عام ندی.

    On an unencrypted website connection, an Internet Service Provider (ISP) is able to check the content of a site against its blocked content types. In this example, mentioning free speech leads to an automatic block of a website.

    په یوه غیر کوډ شوي ویب پاڼې کې، د انټرنیټ خدماتو چمتو کونکی (ISP) د دې وړتیا لري چې د سایټ مینځپانګه د دې بلاک شوي مینځپانګې ډولونو پروړاندې وګوري. پدې مثال کې، د وړیا وینا ذکر کول د یوې ویب پاڼې اتوماتیک بلاک لامل کیږي.

     

    HTTPSد سایټ فلټرنګ. کله چې د HTTPS له لارې سایټونو ته لاسرسی ومومئ، ټول مینځپانګه پرته د سایټ دنامه څخه کوډ شوې. څرنګه چې دوی لاهم کولی شي د سایټ نوم وګوري، د انټرنیټ خدماتو چمتو کونکي یا د ځایی شبکې اداره کونکي کولی شي پریکړه وکړي چې کوم سایټونو ته لاسرسی بند کړي.

    In this diagram, a computer attempts to access eff.org/deeplinks. The network administrator (represented by a router) is able to see domain (eff.org) but not the full website address after the slash. The network administrator can decide which domains to block access to.

    پدې ډیاګرام کې، کمپیوټر هڅه کوي eff.org/deeplinks ته لاسرسی ومومي. د شبکې مدیر (د روټر لخوا) د دې وړتیا لري چې ډومین (eff.org) وګوري مګر د سلیش وروسته د ویب پاڼې بشپړ آدرس نشي کتلای. د شبکې مدیر کولی شي پریکړه وکړي چې کوم ډومینونو ته لاسرسی بند کړي.

     

    پروتوکول  او د پورټ بندول. فایروال (دفاع ګر) یا روټر ممکن هڅه وکړي وپیژني چې یو څوک د خبرو اترو لپاره کوم ډول انټرنیټ ټیکنالوژي کاروي، او ځینې یې د دوی د خبرو کولو تخنیکي توضیحاتو په پیژندلو سره بندوي (پروتوکول او د پورټ شمیرې د معلوماتو مثالونه دي چې د ټیکنالوژۍ پیژندلو لپاره کارول کیدی شي). که فایر وال په سمه توګه وپیژني چې کوم ډول اړیکه پیښیږي یا کوم ټیکنالوژي کارول کیږي، نو داسې تنظیم کیدی شي چې دا اړیکه له سره تیر نه کړي. د مثال په توګه، ځینې شبکې ممکن د ځانګړي VoIP (انټرنیټ تلیفون زنګ) یا  VPN  غوښتنلیکونو لخوا کارول شوي ټیکنالوژۍ بند کړي.

    In this diagram, the router recognizes a computer attempting to connect to an HTTPS site, which uses Port 443. Port 443 is on this router’s list of blocked protocols.

    پدې ډیاګرام کې، روټر یو کمپیوټر پیژني چې هڅه کوي د HTTPS سایټ سره وصل شي، کوم چې پورټ 443 کاروي. پورټ 443 د دې روټر د بند شوي پروتوکولونو په لیست کې شامل دی.

    د بندولو یا بلاک نور ډولونه

    معمولا، بندول او فلټر کول د ځانګړو سایټونو یا خدماتو ته د خلکو د لاسرسي مخه نیولو لپاره کارول کیږي. په هرصورت، د بلاک کولو مختلف ډولونه هم خورا عام دي.

    د شبکې بندیدل. د شبکې بندیدل ممکن د فزیکي پلوه د شبکې زیربنا د برق څخه ایستل وي، لکه روټرونه، د شبکې کیبلونه، یا موبایل برجونه، ترڅو چې په فزیکي ډول د کنکشن یا اتصال مخه ونیول شي یا دومره خرابې شي چې د کارولو وړ ندي.

    دا د IP آدرس بندولو یوه ځانګړې پیښه کیدی شي، په کوم کې چې ټول یا ډیری IP آدرسونه بندې وي. ځکه چې دا ډیری وخت ممکن په یو هیواد کې د IP آدرس کارول کیږي، ځینې هیوادونو په لنډمهاله توګه ټول یا ډیری بهرني IP آدرسونه بندولو تجربه هم کړې، چې په هیواد کې ځینې اړیکو ته اجازه ورکوي مګر له هیواد څخه بهر د ډیری اړیکې مخه نیول کیږي.

    A computer attempts to connect to eff.org’s US-based IP address. At the Internet Service Provider’s level, the request is checked: the IP address for eff.org is checked against a list of blocked international IP addresses, and is blocked.

    یو کمپیوټر هڅه کوي د eff.org متحده ایالاتو کې میشته IP آدرس سره وصل شي. د انټرنیټ خدماتو چمتو کونکي پر اساس، غوښتنه چیک شوې: د eff.org لپاره IP آدرس د بند شوي نړیوالو IP آدرسونو لیست په مقابل کې چک شوی، او بند شوی.

    ورو کول. د انټرنیټ خدماتو چمتو کونکي کولی شي په انتخابي ډول د ترافیک مختلف ډولونه ورو کړي. ډیری حکومتي سانسورونو په بشپړ ډول بندولو پرځای ځینې سایټونو وصلیدل یا کنکشن ورو کول پیل کړي. د دې ډول بلاک کول پیژندل سخت دي، او ISP ته اجازه ورکوي ترڅو دا خبره چي لاسرسی محدودوي رد کړي. خلک شاید فکر وکړي د دوی د انټرنیټ اتصال ورو دی، یا کوم خدماتو سره چې دوی ورسره وصل دی کار نه کوي..

    A computer tries to connect to eff.org. Their Internet Service Provider slows down their connection.

    یو کمپیوټر هڅه کوي eff.org سره وصل شي. د دوی د انټرنیټ خدماتو چمتو کونکي د دوی اړیکې ورو کوي

     

    د خنډ له منځه وړلو تخنیکونه

    عموما، که ستاسو د انټرنیټ فعالیت په اړه لږ معلومات شتون ولري، نو دا ستاسو د انټرنیټ خدماتو چمتو کونکي یا شبکې مدیر لپاره سخته وي ترڅو د فعالیت ځانګړي ډولونه په انتخابي ډول بند کړي. له همدې امله د انټرنیټ په کچه انکرپشن معیارونو کارول کولی شي مرسته وکړي.

    A graphic showing an insecure HTTP request for "http://example.com/page" from a device. The page URL and contents can be read by your network administrators, your ISP, and any entity in between.

    HTTP ستاسو د لټون کولو لږ معلومات خوندي کوي ...

    A graphic showing a secure HTTPS request for "https://eff.org/deeplinks" from a device. The site is revealed to your network administrators and your ISP, but they can't see the page you're viewing.

     ...HTTPS بیا خورا ډیر معلومات خوندي کوي...

    A graphic showing an ideal secure HTTPS request for "https://eff.org/deeplinks" from a device. By encrypting DNS and the site name, your network administrators or ISP will have trouble figuring out what website you're viewing.

    … کوډ شوی DNS او نور پروتوکولونه به د سایټ نوم هم خوندي کړي.

    ستاسو د DNS چمتو کونکي بدلول او د کوډ شوي DNS کارول

    که د انټرنیټ خدماتو چمتو کونکي یوازې د DNS بلاک کولو باندي تکیه کوي، ستاسو د DNS چمتو کونکي بدلول او د کوډ شوي DNS کارول ممکن ستاسو لاسرسی بیرته ممکن کړي.

     

    ستاسو د DNS چمتو کونکي بدلول. دا ستاسو د وسیلې (تلیفون یا کمپیوټر) "شبکې تنظیماتو" کې ترسره کیدی شي. په یاد ولرئ چې ستاسو نوی DNS چمتو کونکی به ستاسو د لټون کولو فعالیت په اړه معلومات ترلاسه کړي هغه چې ستاسو ISP یوځل درلود، کوم چې ستاسو د ګواښ ماډل پر اساس د محرمیت اندیښنه کیدی شي. موزیلا (Mozilla ) د DNS چمتو کونکو لیست ترتیبوي کوم چې د محرمیت قوي تګلارې او ژمنې لري ترڅو ستاسو د لټون کولو ډیټا شریک نه کړي.

     

    د کوډ شوي DNS کارول. کوډ شوی DNS ټیکنالوژي دا مهال په لاره اچول شوي. دا ستاسو د DNS ترافیک لیدلو (او فلټر کولو) څخه د هر شبکې کارونکۍ مخه نیسي. تاسو کولی شئ په فایرفاکس کې په اسانۍ سره DNS-over-HTTPS تنظیم کړئ او په Android کې DNS-over-TLS تنظیم کړئ.

     

    همدا اوس، د کاروونکو لپاره په نورو غوښتنلیکونو کې د دې کولو اسانه لارې شتون نلري.

    د VPN یا کوډ شوي پراکسي کارول

    In this diagram, the computer uses a VPN, which encrypts its traffic and connects to eff.org. The network router and Internet Service Provider might see that the computer is using a VPN, but the data is encrypted. The Internet Service Provider routes the connection to the VPN server in another country. This VPN then connects to the eff.org website.

    پدې ډیاګرام کې، کمپیوټر یو VPN کاروي، کوم چې د دې ترافیک کوډ کوي او eff.org سره وصل کیږي. د شبکې روټر او د انټرنیټ خدماتو چمتو کونکی ممکن وګوري چې کمپیوټر VPN کاروي، مګر ډیټا کوډ شوی دی. د انټرنیټ خدماتو چمتو کونکي په بل هیواد کې د VPN سرور سره وصل کوي. دا VPN بیا د eff.org ویب پاڼې سره وصل کیږي.

     

    یو مجازی خصوصي شبکه (VPN) ستاسو د کمپیوټر څخه د انټرنیټ ټول معلومات د سرور (بل کمپیوټر) له لارې کوډ کوي او لیږي. دا کمپیوټر ممکن په سوداګریز یا غیر انتفاعي VPN خدمت، ستاسو شرکت، یا باوري اړیکې پورې اړه ولري. یوځل چې د VPN خدمت په سمه توګه تنظیم شي، تاسو کولی شئ دا ویب پاڼې، بریښنالیک، فوري پیغام رسولو، VoIP، او کوم بل انټرنیټ خدمت ته لاسرسي لپاره وکاروئ. یو VPN ستاسو ترافیک په سیمه ایز ډول د جاسوسۍ څخه ساتي، مګر ستاسو د VPN چمتو کونکي لاهم کولی شي د هغه ویب پاڼې ریکارډونه وساتي (چې د لاګ په نوم هم پیژندل کیږي)، یا حتی اجازه ورکړي ترڅو دریمې ډلې په مستقیمه توګه ستاسو ویب لټون وویني. نظر و ستاسو د ګواښ ماډل ته، ستاسو د VPN اتصال په اړه د حکومت د جاسوسۍ امکان یا ستاسو VPN لاګونو ته لاسرسی ممکن د پام وړ خطر ولري. د ځینې کاروونکو لپاره، دا کار کولی شي د VPN کارولو لنډ مهاله ګټو په پرتله ډیر مهم وي.

    د ځانګړي VPN خدماتو غوره کولو په اړه زموږ لارښود چیک کړئ.

     

    د ټور براوزر کارول

    تور یو آزاده سافټویر دی چې تاسو ته په ویب کې د نوم پټولو لپاره جوړ شوی. ټور براوزر داسې یو ویب براوزر دی چې د تور نامعلوم شبکې پراساس جوړ شوی. د دې له امله چې څنګه تور ستاسو د ویب لټون ترافیک پرمخ وړي، دا تاسو ته اجازه هم درکوي سانسور مخنیوی وکړئ. (زموږ د څنګه کولۍ شو ټور وکاروو لارښود او  Linux, macOS, Windows, اوAndroid برنامو لیدلو لپاراه).

    The computer uses Tor to connect to eff.org. Tor routes the connection through several “relays,” which can be run by different individuals or organizations all over the world. The final “exit relay” connects to eff.org. The ISP can see that you’re using Tor, but cannot easily see what site you are visiting. The owner of eff.org, similarly, can tell that someone using Tor has connected to its site, but does not know where that user is coming from.

    کمپیوټر د eff.org سره وصل کیدو لپاره تور کاروي. تور د څو "ریلي ګاني" له لارې انټرنت وصلوي، کوم چې په ټوله نړۍ کې د مختلف اشخاصو یا سازمانونو لخوا پرمخ وړل کیدی شي. وروستی "د وتلو ریلي" eff.org سره وصل کیږي. ISP کولی شي وګوري چې آیا تاسو تور کاروئ، مګر په اسانۍ سره نشئ لیدلی چې کوم سایټ څخه لیدنه کوئ. په ورته ډول د eff.org مالک کولی شي ووایی هغه څوک چي تور کاروي د دې سایټ سره وصل دی، مګر نه پوهیږي چې دا کارونکی له کوم ځای څخه راځي

     

    کله چې تاسو لومړی ځل لپاره د ټور براوزر پیل کړئ، تاسو کولی شئ یو انتخاب غوره کړئ کوم چې مشخص کوي تاسو په داسې یوه شبکه کې یاست چې سانسور شوی دی:

    A screen capture of Tor's Network Settings page, which offers users extra choices via a "Configure" button if their Internet connection is censored or proxied.

    تور به نه یوازې ځینې ملي سانسور له پامه وغورځوي، مګر، که په سمه توګه تنظیم شوی وي، کولی شي ستاسو هویت ستاسو د هیواد په شبکو کې د جاسوس دښمن  څخه هم خوندي کړي. په هرصورت، دا کیدی شي ورو او کارول یې ستونزمن وي، او هرڅوک چې ستاسو د شبکې فعالیت لیدلی شي ممکن خبر شي چې تاسو تور (Tor) کاروئ.

    یادداښت: ډاډ ترلاسه کړئ چې تاسو د رسمي ویب پاڼې څخه د تور براوزر ډاونلوډ کوئ.

    د Linux, macOS, Windows, او Android لپاره د تور کارولو څرنګوالي زده کړئ، مګر مهرباني وکړئ پورته ښودل شوي کړکۍ کې د "Configure" پرځای "Connect" غوره کړئ. 

    Last reviewed: 
    4-24-2020
  • How to: Encrypt Your iPhone

    If you have an iPhone 3GS or later, an iPod touch 3rd generation or later, or any iPad, you can protect the contents of your device using encryption. That means that if someone gets physical access to your device, they will also need your passcode to decrypt what's stored on it, including contacts, instant messages or texts, call logs, and email.

    In fact, most modern Apple devices encrypt their contents by default, with various levels of protection. But to protect against someone obtaining your data by physically stealing your device, you need to tie that encryption to a passphrase or code that only you know. See below for instructions on how to do this.

    On devices running iOS 4–iOS 7:

    1. Open the General settings and choose Passcode (or iTouch & Passcode).
    2. Follow the prompts to create a passcode.

    On device running iOS 8-iOS 11

    1. Open the Settings app
    2. Tap Touch ID & Passcode
    3. Follow the prompts to create a passcode.

    If your device is running iOS 8, disable Simple Passcode to create a code that is longer than 4 digits. With the release of iOS 9, Apple defaulted to a 6-digit passcode.

    If you choose a passcode that's all-numeric, you will get a numeric keypad when you need to unlock your phone, which may be easier than typing a set of letters and symbols on a tiny virtual keyboard. However, we suggest choosing a passcode that's alphanumeric, and longer than 6 characters because it's simply harder to crack, even if Apple's hardware is designed to slow down password-cracking tools.

    To customize your passcode, select "Passcode Options" and "Custom Alphanumeric Code." If you want to customize an existing passcode, select “Change Passcode” and then “Passcode Options.” You should also set the “Require passcode” option to “Immediately,” so that your device isn't unlocked when you are not using it.

    Once you've set a passcode, scroll down to the bottom of the Passcode settings page. You should see a message that says “Data protection is enabled.” This means that the device's encryption is now tied to your passcode, and that most data on your phone will need that code to unlock it.

    How to Encrypt Your iPhone 1

    Here are some other iOS features you should think about using if you're dealing with private data:

    • iTunes has an option to backup your device onto your computer. iTunes doesn't encrypt your backups by default. If you choose the “Encrypt backup” option on the Summary tab of your device in iTunes, iTunes will backup more confidential information (such as Wi-Fi passwords and email passwords), but will encrypt it all before saving it onto your computer. Be sure to keep the password you use here safe: restoring from backups is a rare event, but extra painful if you cannot remember the password to unlock the backup in an emergency.

    • If you back up to Apple's iCloud, you should use a long passphrase to protect the data, and keep that passphrase safe. While Apple encrypts most data in its backups, it may be possible for the company to obtain access for law enforcement purposes since Apple also controls the keys used for iCloud encryption.

    • If you turn on data protection as described above, you will also be able to delete your data on your device securely and quickly. In the Touch ID & Passcode settings, you can set your device to erase all its data after 10 failed passcode attempts. If you do this be sure your phone is backed up in case someone purposefully enters your passcode incorrectly.

    • According to Apple’s old Law Enforcement Guide, “Apple can extract certain categories of active data from passcode locked iOS devices. Specifically, the user generated active files on an iOS device that are contained in Apple’s native apps and for which the data is not encrypted using the passcode (“user generated active files”), can be extracted and provided to law enforcement on external media. Apple can perform this data extraction process on iOS devices running iOS 4 or more recent versions of iOS. Please note the only categories of user generated active files that can be provided to law enforcement, pursuant to a valid search warrant, are: SMS, photos, videos, contacts, audio recording, and call history. Apple cannot provide: email, calendar entries, or any third-party App data.”

    The above information applies only to iOS devices running versions of iOS prior to 8.0.

    • Now, Apple states that “For all devices running iOS 8.0 and later versions, Apple is unable to perform an iOS device data extraction as the data typically sought by law enforcement is encrypted, and Apple does not possess the encryption key.”

    REMEMBER: While Apple will be unable to extract data directly off a phone, if the device is set to sync with iCloud, or backup to a computer, much of the same data will indeed be accessible to law enforcement. Under most circumstances, iOS encryption is only effective when a device has been fully powered down (or freshly-rebooted, without being unlocked). Some attackers might be able to take valuable data from your device's memory when it's turned on. (They might even be able to take the data when it has just been turned off). Keep this in mind and, if possible, try to make sure your device is powered off (or rebooted and not unlocked) if you believe it's likely to be seized or stolen. At the time this guide was published, a few companies claimed they were able to break the passcodes of iPhones for law enforcement, but details surrounding these claims are unclear.

    • If you are concerned about your device getting lost or stolen, you can also set up your Apple device so that it can be erased remotely, using the “Find My iPhone” feature. Note that this will allow Apple to remotely request the location of your device at any time. You should balance the benefit of deleting data if you lose control of your device, with the risk of revealing your own position. (Mobile phones transmit this information to telephone companies as a matter of course; Wi-Fi devices like iPads and the iPod Touch do not.)

    Last reviewed: 
    3-26-2018
  • How to: Use Signal on iOS

    Installing Signal - Private Messenger on your iPhone

    Step 1: Download and Install Signal Private Messenger

    On your iOS device, enter the App Store and search for “Signal.” Select the app Signal - Private Messenger.

    Screen displaying the cloud with the down arrow

    Tap the cloud with the down arrow to download and install the app.

    App Store with “OPEN” text for Signal

    Once it is downloaded, tap “OPEN” to launch the app.

    Step 2: Grant or Deny Permissions

    After an introductory screen, you will see a screen asking for you to grant permissions to Signal on your phone.

    The “Ask Permissions” screen

    After tapping “Enable Permissions,” your iPhone will prompt you to share your contact list with the Signal app. This will allow you to more easily discover which of your contacts you can communicate with over Signal. If you don’t allow this permission, you can still use Signal, but you will have to manually enter your contact’s phone number to begin chatting with them.

    Contacts permission dialogue

    You will also be prompted to receive notifications from Signal. This will let you know when you receive new messages. If you don’t allow this permission, you can still manually check Signal for new messages, but you won’t be notified automatically when new messages arrive.

    Notifications permission dialogue

    Step 3: Register and Verify your Phone Number

    You will now see the following screen. Enter your mobile phone number and tap “Next.”

    Screen to enter your number

    In order to verify your phone number, you will be sent an SMS text with a six-digit code. You will now be prompted to enter that code.

    Screen to enter verification code

    Step 4: Choose a Profile Name and Image

    The profile image and name you choose will be shown to any contacts you have saved in your address book, when you initiate or accept new chats, and when you join new groups. A first name (either genuine or made up) is required, the image and last name are optional. Enter your information in this step and tap “Save.”

    Profile screen before information is entered

    Profile screen after information is entered

    Step 5: Choose a PIN or Passphrase

    A PIN keeps your information safe on Signal’s servers, and if you switch phones you will be able to recover your settings, profile, and contacts using it. Choose a secure PIN or Passphrase and then tap “Next.”

    “Choose pin” screen

    Using Signal

    In order to use Signal, the person that you are contacting must have Signal installed. If you try to call or send a message to someone using Signal and they do not have the Signal app installed, the app will ask if you would like to invite them via SMS, but it will not allow you to complete your call or send a message to them from inside the app.

    Warning: Signal provides you with a list of other Signal users in your contacts. To do this, data representing the phone numbers in your contact list is uploaded to the Signal servers, although this data is deleted almost immediately. This may be an issue for those with particularly sensitive threat models. If sharing your contacts with Signal is a concern, you can deny the contacts permission during setup as described above.

    Communicating with a Contact

    How to Send an Encrypted Message

    Warning: Note that the Signal Foundation, the makers of Signal, use other companies’ infrastructure to send its users alerts that they’ve received a new message. They use Google on Android and Apple on iPhone. That means information about who is receiving messages and when they were received may leak to these companies.

    To get started, tap the pen icon in the upper-right corner of the screen.

    The pen icon circled

    You will see a list of all the registered Signal users in your contacts.

    Registered Signal users to choose from

    When you tap a contact, you’ll be brought to the conversation screen for your contact. From this screen, you can send end-to-end encrypted text, picture, stickers, audio, or video messages.

    How to Initiate an Encrypted Call

    To initiate an encrypted video call to a contact, select that contact and then tap on the camera icon (1). For voice calls, tap on the phone icon (2).

    A conversation with the camera icon labeled “1” and the phone icon labelled “2”

    At this point, Signal may ask for permission to access the microphone. Tap “OK.”

    Once a call is established, your call is encrypted.

    A one-to-one video call

    Communicating with a Group

    How to Start an Encrypted Group Chat

    You can send an encrypted group message by tapping the pen icon in the upper-right corner of the screen, and then selecting “New Group.”

    The pen icon circled

    “New Group” circled

    On the following screen, you’ll be able to name the group and add participants to it. After adding participants, you can tap “Next” in the upper right corner of the screen.

    Selecting participants in group chat

    This will initiate the group chat.

    A group chat

    At this point, anyone can add members to the group. If you wish to change this, or the group name, icon, or add or remove participants, this can be done from the group chat screen by tapping the name of the group.

    Sharing a Link for Anyone to Join Your Group

    Signal allows you to create a link for a group and share that link so anyone can join without having to be added manually.

    To enable the “group link”, open the screen where you are able to message your group. From this screen, tap the name of the group at the top of the screen, then scroll down and tap on “Group Link.”

    Group chat settings with “group link” circled

    A screen will appear allowing you to enable the group link, and also choose whether new members must be manually approved by a group administrator. In this example, we enable both of these.

    Once enabled, you can share the group link with others by tapping “Share.”

    Group link setting with both sliders enabled

    If you’ve enabled “Approve New Members,” any time a member tries to join the group you will receive a notification as seen below.

    Group chat with pending member request

    From here, you can tap “View Requests” to be brought to the “Member Requests & Invites” screen. You can also navigate to this screen from the group settings screen.

    Member Requests and Invites screen

    Tap the check mark to approve a request, or the “x” to deny it.

    Restricting and Administering Groups

    When first created, anyone can add new members to a group or change group settings. Groups can be restricted so that only group administrators have these permissions.

    To restrict a group, open the screen where you are able to message your group. From this screen, tap the name of the group at the top of the screen, then scroll down. You will see the group settings under “Who Can Add Members” and “Who Can Edit Group Info.” Tap on these to change the settings.

    Group chat settings with restriction options circled

    When a group is first created, the only administrator is the group creator. Signal allows the group creator to delegate administrator permissions to members of the group.

    To make a member an administrator, tap on the group name at the top of the screen. Then, scroll all the way down to group members. Tap on a member.

    Group chat settings with a member circled

    You will see the option to make that member an administrator of the group.

    Group chat settings after a member is selected, with “Make Admin” circled

    How to Initiate a Group Encrypted Call

    To initiate an encrypted video call to an entire group, select that group and then tap on the camera icon.

    A group with the camera icon circled

    At this point, Signal may ask for permission to access the microphone. Tap “OK.”

    Microphone permission dialogue

    You will then see a screen with the ability to swap which camera you are using, turn off video, or mute your microphone before initiating the call. Tap “Start Call.”

    Group call preparation screen

    At this point, your call will start. When participants join your call, they will display on your screen.

    Group call screen

    Mute Conversations

    Sometimes conversations can be distracting. One feature that is especially useful for group chats is muting notifications so you don’t see a new notification every time a new message is written. This can be done from the group chat screen by tapping the group name and selecting “Mute.” You can then select how long you’d like the mute to be active for. This can be applied to individual conversations as well, if desired.

    How to Verify your Contacts

    At this point, you can verify the authenticity of the person you are talking with. This is to ensure that their encryption key wasn’t tampered with or replaced with the key of someone else—a process called key verification. Key tampering is a potential risk when downloading an application over an insecure network. Verifying is a process that takes place when you are physically in the presence of the person you are talking with.

    First, open the screen where you are able to message your contact, as described above. From this screen, tap the name of your contact at the top of the screen.

    Conversation with contact name circled

    From the following screen, tap “View Safety Number.”

    Contact info with “View Safety Number” circled

    You will now be brought to a screen which displays a QR code and a ‘safety number.’ This code will be unique for every different contact you are conversing with. Have your contact navigate to the corresponding screen for their conversation with you, so that they have a QR code displayed on their screen as well.

    QR code of contact

    Back on your device, tap the QR code to scan. At this point, Signal may ask for permission to access the camera. Tap “OK.”

    Now you will be able to use the camera to scan the QR code that is displayed on your contact’s screen. Align your camera to the QR code:

    Verify contact screen scanning other phone

    Hopefully, your camera will scan the QR code and show a “Safety Number Matches!” dialogue, like this:

    Safety number matches

    This indicates that you have verified your contact successfully. You should now tap “Mark as Verified” to have the app remember that your contact has been verified. If instead your screen looks like this, something has gone wrong:

    Failed to verify safety number

    You may want to avoid discussing sensitive topics until you have verified keys with that person.

    Note for power users: The screen displaying your QR code also has an icon to share your safety number in the top-right corner. In-person verification is the preferred method, but you may have already authenticated your contact using another secure application. Since you’ve already verified your contact, you can safely use the trust established in that application to verify numbers within Signal, without having to be physically in the presence of your contact. In this case you can share your safety number with that application by tapping the “share” icon and sending your contact your safety number.

    Disappearing Messages

    Signal has a feature called “disappearing messages” which ensures that messages will be removed from your device and the device of your contact(s) in a chat some chosen amount of time after the messages are seen.

    Warning: You do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you’ve enabled “disappearing messages.”

    To enable “disappearing messages” for a conversation, open the screen where you are able to message your contact or group. From this screen, tap the name of the contact or group at the top of the screen, then tap the slider next to “Disappearing Messages.”

    Group chat settings with “disappearing messages” circled

    A slider will appear that allows you to choose how quickly messages will disappear:

    Group chat settings with disappearing messages enabled

    After selecting this option, you can tap the “<” icon on the top-left corner of the screen, and you should see information in the conversation indicating that “disappearing messages” have been enabled.

    Group chat with notification that disappearing messages is enabled

    You can now send messages with the assurance that they will be removed after the chosen amount of time.

    Sending Files or Photos

    Signal also enables you to share files and photos with your contacts. From the conversation screen, tap the “+” icon in the bottom-left corner of the screen.

    Conversation with “+” circled

    At this point, Signal may ask for permission to your photos. You can choose “Select Photos…” or “Allow Access to All Photos.”

    Photos permissions screen

    The bottom of the screen will now display a marquee of photos which you can select to share. Below that, you can also choose to share a file, contact, or your location.

    Marquee of photos to share 

     

    Using Signal

    In order to use Signal, the person that you are contacting must have Signal installed. If you try to call or send a message to someone using Signal and they do not have the Signal app installed, the app will ask if you would like to invite them via SMS, but it will not allow you to complete your call or send a message to them from inside the app.

    Warning: Signal provides you with a list of other Signal users in your contacts. To do this, data representing the phone numbers in your contact list is uploaded to the Signal servers, although this data is deleted almost immediately. This may be an issue for those with particularly sensitive threat models. If sharing your contacts with Signal is a concern, you can deny the contacts permission during setup as described above.

    Communicating with a Contact

    How to Send an Encrypted Message

    Warning: Note that the Signal Foundation, the makers of Signal, use other companies’ infrastructure to send its users alerts that they’ve received a new message. They use Google on Android and Apple on iPhone. That means information about who is receiving messages and when they were received may leak to these companies.

    To get started, tap the pen icon in the upper-right corner of the screen.

    The pen icon circled

    You will see a list of all the registered Signal users in your contacts.

    Registered Signal users to choose from

    When you tap a contact, you’ll be brought to the conversation screen for your contact. From this screen, you can send end-to-end encrypted text, picture, stickers, audio, or video messages.

    How to Initiate an Encrypted Call

    To initiate an encrypted video call to a contact, select that contact and then tap on the camera icon (1). For voice calls, tap on the phone icon (2).

    A conversation with the camera icon labeled “1” and the phone icon labelled “2”

    At this point, Signal may ask for permission to access the microphone. Tap “OK.”

    Once a call is established, your call is encrypted.

    A one-to-one video call

    Communicating with a Group

    How to Start an Encrypted Group Chat

    You can send an encrypted group message by tapping the pen icon in the upper-right corner of the screen, and then selecting “New Group.”

    The pen icon circled

    “New Group” circled

    On the following screen, you’ll be able to name the group and add participants to it. After adding participants, you can tap “Next” in the upper right corner of the screen.

    Selecting participants in group chat

    This will initiate the group chat.

    A group chat

    At this point, anyone can add members to the group. If you wish to change this, or the group name, icon, or add or remove participants, this can be done from the group chat screen by tapping the name of the group.

    Sharing a Link for Anyone to Join Your Group

    Signal allows you to create a link for a group and share that link so anyone can join without having to be added manually.

    To enable the “group link”, open the screen where you are able to message your group. From this screen, tap the name of the group at the top of the screen, then scroll down and tap on “Group Link.”

    Group chat settings with “group link” circled

    A screen will appear allowing you to enable the group link, and also choose whether new members must be manually approved by a group administrator. In this example, we enable both of these.

    Once enabled, you can share the group link with others by tapping “Share.”

    Group link setting with both sliders enabled

    If you’ve enabled “Approve New Members,” any time a member tries to join the group you will receive a notification as seen below.

    Group chat with pending member request

    From here, you can tap “View Requests” to be brought to the “Member Requests & Invites” screen. You can also navigate to this screen from the group settings screen.

    Member Requests and Invites screen

    Tap the check mark to approve a request, or the “x” to deny it.

    Restricting and Administering Groups

    When first created, anyone can add new members to a group or change group settings. Groups can be restricted so that only group administrators have these permissions.

    To restrict a group, open the screen where you are able to message your group. From this screen, tap the name of the group at the top of the screen, then scroll down. You will see the group settings under “Who Can Add Members” and “Who Can Edit Group Info.” Tap on these to change the settings.

    Group chat settings with restriction options circled

    When a group is first created, the only administrator is the group creator. Signal allows the group creator to delegate administrator permissions to members of the group.

    To make a member an administrator, tap on the group name at the top of the screen. Then, scroll all the way down to group members. Tap on a member.

    Group chat settings with a member circled

    You will see the option to make that member an administrator of the group.

    Group chat settings after a member is selected, with “Make Admin” circled

    How to Initiate a Group Encrypted Call

    To initiate an encrypted video call to an entire group, select that group and then tap on the camera icon.

    A group with the camera icon circled

    At this point, Signal may ask for permission to access the microphone. Tap “OK.”

    Microphone permission dialogue

    You will then see a screen with the ability to swap which camera you are using, turn off video, or mute your microphone before initiating the call. Tap “Start Call.”

    Group call preparation screen

    At this point, your call will start. When participants join your call, they will display on your screen.

    Group call screen

    Mute Conversations

    Sometimes conversations can be distracting. One feature that is especially useful for group chats is muting notifications so you don’t see a new notification every time a new message is written. This can be done from the group chat screen by tapping the group name and selecting “Mute.” You can then select how long you’d like the mute to be active for. This can be applied to individual conversations as well, if desired.

    How to Verify your Contacts

    At this point, you can verify the authenticity of the person you are talking with. This is to ensure that their encryption key wasn’t tampered with or replaced with the key of someone else—a process called key verification. Key tampering is a potential risk when downloading an application over an insecure network. Verifying is a process that takes place when you are physically in the presence of the person you are talking with.

    First, open the screen where you are able to message your contact, as described above. From this screen, tap the name of your contact at the top of the screen.

    Conversation with contact name circled

    From the following screen, tap “View Safety Number.”

    Contact info with “View Safety Number” circled

    You will now be brought to a screen which displays a QR code and a ‘safety number.’ This code will be unique for every different contact you are conversing with. Have your contact navigate to the corresponding screen for their conversation with you, so that they have a QR code displayed on their screen as well.

    QR code of contact

    Back on your device, tap the QR code to scan. At this point, Signal may ask for permission to access the camera. Tap “OK.”

    Now you will be able to use the camera to scan the QR code that is displayed on your contact’s screen. Align your camera to the QR code:

    Verify contact screen scanning other phone

    Hopefully, your camera will scan the QR code and show a “Safety Number Matches!” dialogue, like this:

    Safety number matches

    This indicates that you have verified your contact successfully. You should now tap “Mark as Verified” to have the app remember that your contact has been verified. If instead your screen looks like this, something has gone wrong:

    Failed to verify safety number

    You may want to avoid discussing sensitive topics until you have verified keys with that person.

    Note for power users: The screen displaying your QR code also has an icon to share your safety number in the top-right corner. In-person verification is the preferred method, but you may have already authenticated your contact using another secure application. Since you’ve already verified your contact, you can safely use the trust established in that application to verify numbers within Signal, without having to be physically in the presence of your contact. In this case you can share your safety number with that application by tapping the “share” icon and sending your contact your safety number.

    Disappearing Messages

    Signal has a feature called “disappearing messages” which ensures that messages will be removed from your device and the device of your contact(s) in a chat some chosen amount of time after the messages are seen.

    Warning: You do not have control over the person with whom you are chatting—she could be logging or taking screenshots of your conversation, even if you’ve enabled “disappearing messages.”

    To enable “disappearing messages” for a conversation, open the screen where you are able to message your contact or group. From this screen, tap the name of the contact or group at the top of the screen, then tap the slider next to “Disappearing Messages.”

    Group chat settings with “disappearing messages” circled

    A slider will appear that allows you to choose how quickly messages will disappear:

    Group chat settings with disappearing messages enabled

    After selecting this option, you can tap the “<” icon on the top-left corner of the screen, and you should see information in the conversation indicating that “disappearing messages” have been enabled.

    Group chat with notification that disappearing messages is enabled

    You can now send messages with the assurance that they will be removed after the chosen amount of time.

    Sending Files or Photos

    Signal also enables you to share files and photos with your contacts. From the conversation screen, tap the “+” icon in the bottom-left corner of the screen.

    Conversation with “+” circled

    At this point, Signal may ask for permission to your photos. You can choose “Select Photos…” or “Allow Access to All Photos.”

    Photos permissions screen

    The bottom of the screen will now display a marquee of photos which you can select to share. Below that, you can also choose to share a file, contact, or your location.

    Marquee of photos to share 

    Last reviewed: 
    2-17-2021
  • Privacy for Students

    Schools are increasingly adopting surveillance technology to spy on students while they’re at school, at home, or even on their social media. The companies that make these surveillance products and services advertise them to schools as a way to keep students safe–but there’s no evidence so far that they actually protect students, and worst of all, they can harm the people they are supposed to protect.

    Surveillance isn’t normal–it’s spying. Schools that use these technologies to track and monitor students are violating their privacy. If you’re a student being spied on by one of these technologies, you’re right to be concerned.

    Techniques Used to Invade Your Privacy

    While not all of the technologies used to surveil students have the same capabilities, these are some of the techniques that can be used to track every move you make and the data that can be gathered through these techniques. The types of surveillance and related filtering technologies schools are using continue to grow, so this list does not cover every type of tool or the ways they could be used.

    Types of Data That Can Be Tracked

    • Location Data: Tracking students’ location using their device’s GPS coordinates, Wi-Fi connections, and contactless chips in bus passes/ID cards, potentially both on and off school property. Schools have used this data for automated attendance tracking and management, including for class tardiness and school bus riding, and assigning consequences such as detention.
    • Audiovisual Data: Images, video, and audio of students while they are on school grounds. These can be compared to databases of known audiovisual files to identify a person.
    • Web Browsing Data: Monitoring browsing history keeps a record of everything you read online, every site you access, and every term you search for, and then forwards this information to school administrators, and possibly reviewers employed by the surveillance service company.
    • Device Usage: Some invasive software can capture and keep a record of everything you do on a device (phone or laptop), even the things you type or delete. This can include everything you search for on the Internet, what you post on social media, and messages sent through chat applications. If you log into a website or service (like your email or social media accounts), invasive software may also capture your usernames and passwords.

    Types of Technologies That Can Track You

    • Spyware (sometimes called stalkerware): This is an application that has been installed on a device that gives the administrator full control over it. If this surveillance tool has been installed on your device, the administrator of the spyware could have access to every single file, picture, text message, email, and social media post (even the disappearing ones). Once this application is installed, the device can be monitored in real time and scanned for things like location data, contacts, call/text logs, and browser history.
    • Surveillance Cameras: Some schools have installed surveillance cameras that have the ability to identify and track students as they move across campus, both inside buildings and outdoors. These cameras may also have face recognition capabilities.
    • Microphones: Microphones can be installed at various points across a school. They can be equipped with software that is used to record and analyze all sound for the purposes of aggression and stress detection, but this technology is often inaccurate.
    • Social Media Monitoring: These are services that monitor students’ social media accounts and then report flagged content to school administrators. These services also have the potential to map who students are friends with, who they spend time with, and what topics they are interested in.
    • Internet Monitoring and Filtering: If you use school Wi-Fi, administrators can get a high-level view of your web browsing activity, and even block access to some sites. A more invasive version of this technology requires students to install a security certificate, which enables administrators to decrypt students’ encrypted Internet activity. When this kind of certificate is installed, administrators can access everything students read and type into their browsers while on school Wi-Fi, like questions on search engines, messages sent to others, and even sensitive information like passwords.
    • Document and Email Scanning: Some services integrate with productivity tools students use to complete their assignments and communicate with each other and school staff. These integrations use filters to scan the contents of what students write in services such as Google for Education (also known as G-Suite) and Microsoft’s Office 365. In some cases, these services also scan email attachments, such as images or PDFs.

    What Happens to All this Data?

    Data Aggregation, Reporting, and Sharing: Many of these services and technologies retain and store the invasive data they gather about students. This data can tell detailed stories about a student’s life and contain extremely sensitive information that can cause serious harm if there is a data leak. Some companies may even sell this data or share it with third parties. In some cases, student data is reported to school resource officers or the police.

    What Can I Do About It?

    #1. Understand How School Surveillance Affects You

    Before you can address school surveillance, it’s important to know the ways it can affect you and the people around you.

    What Do They Know?

    The best solutions for fighting back against surveillance don’t need to involve a fancy tool or workaround. Sometimes, the smartest way to beat surveillance technology is not to use the systems that are targeted by surveillance (if you can), or to be careful about the information you do reveal as you navigate using them.

    An important step in this process is finding out what, if any, surveillance technologies your school is using to track you, the devices you use (personal or school-issued), and school networks. Find out and research what the school is using, so that you know what information is being tracked and can take steps to protect yourself and your data.

    Privacy as a Team Sport

    Protecting your privacy is a job no one can do alone. While there are many steps you can take to protect your privacy on your own, the real protection comes when we protect each others’ privacy as a group. If you change your own tools and behavior, but your classmates don’t, it’s more likely that information about you will be caught up in the surveillance they are under as well.

    Let’s use an example scenario to explore how this could happen:

    You’re socializing with friends from your school, and some who go to other schools. You turned off location tracking on your mobile device, but your friends haven’t. Their devices are tracking all of their movements and how long they are in a location. One of your classmates takes a picture of everyone with their mobile device. Since their mobile device is tracking their location, this information is included in the picture’s metadata. Your friend posts the picture on their public social media profile and tags you. If your school is conducting social media surveillance, they can see who posted the picture, everyone in the picture, and the time and location the picture was taken. Even though you tried to keep yourself from being tracked, your school now knows all of this information–not just about you, but about everyone in your friend group who was there.

    You are only as protected as the least-protected person in your social group. That’s why it’s important to help each other and protect your privacy as a team.

    You may wonder, “How could the information gathered in this scenario be used to harm me or my friends?” Here are some examples:

    • Your friends who don’t attend your school are now included in your school’s surveillance system dragnet and don’t know they have been surveilled.
    • You and your friends might be attending an LGBTQ+ event when the photo was taken. If you share or discuss this photo on social media while being under school surveillance, it may trigger a scanning technology's list of keywords and notify school officials. If school officials have biases against LGBTQ+ people–or if the school gives unsupportive parents access to this information via a dashboard, parent login, or even direct notifications–this could put you or your friend's well-being at risk.
    • You might be doing political organizing for a cause, and if you’re at a private or religious school, the school and/or your parents may not approve of it depending on the issue. In this scenario, your school could suspend you or your parents could punish you for this activity.

    #2. Talk About It

    • Talk to Your Friends: Help them understand the problem, why their privacy is important to protect, and that privacy is a team sport.
    • Talk to Trusted Adults: Tell them your concerns and ask for their help.
    • Use Your Collective Voice: Tell your school how surveillance affects you. Request, at least, transparency and accountability on decisions regarding school surveillance technologies: your school should be honest about what technologies they are using, how the technologies work, and how your data is being protected. You should also ask them to provide proof that the technologies actually help improve school and student safety. You may even want to demand that your school stop using certain technologies altogether or promise not to adopt certain technologies in the future.
      • Meet with your school’s principal, information technology administrator, and other school administrators.
      • Attend school board meetings and present your concerns.
        • Find your school’s or district’s calendar of board meetings.
        • Recruit other students and have clear talking points.
        • Speak during the comment period for the topic if it’s on the agenda, or in the general comment period if it’s not on the agenda (arrive early and sit toward the front to give yourself the best chance of getting to speak).
        • Be courageous and firm. It’s your privacy, not theirs.
      • Research and write about it in your school newspaper or other student media.
      • Create a petition and organize your classmates.
      • Contact state/federal government officials and ask them to act to protect your privacy.

    Arguments You Might Encounter

    Surveillance proponents use a few common arguments to convince you to give up fighting for your privacy. Here are counterpoints you can use to push back against surveillance culture and help others understand the harm it does.

    Myth #1. “If you did nothing wrong, you’ve got nothing to hide.”

    This argument is based on an incorrect assumption: that only “bad” people or people who broke the rules or the law want privacy. There are numerous reasons why someone would want to maintain their privacy. It comes down to this: what do you want to protect? The fact that you went to a health clinic or attended a political rally, searched online about sexual orientations or a health issue, or shared personal photos with a friend–these are all examples of things that are private and should remain that way. Privacy is about protecting things that matter to you.

    Myth #2. “You’re worried that we could use this technology to cause serious harm, but we would never do that!”

    The people in charge want you to trust that, while they could use surveillance technologies to abuse their power, they wouldn’t. It’s not a matter of trust–they shouldn’t have this power in the first place. Here’s a short film that explores the effect surveillance can have on people, with examples of how this power imbalance is unjust. Another issue is that student data is often in the hands of the companies that provide these surveillance products and services, that have control over this sensitive data, and could share it with others.

    Myth #3. “This is for your own safety.”

    There is no evidence that these technologies increase student safety, and, in fact, they have been shown to harm the very students they are intended to protect:

    Myth #4. “It’s useless to fight against it.”

    This is privacy paralysis, and this sense of helplessness is exactly how surveillance proponents want you to feel. However, you do have the power to create change. When people collectively work together to fight for what they believe in, it works. Don’t let anyone tell you differently.

    #3. Minimize the Data Being Tracked

    Surveillance is all about getting as much information about you as possible: your habits, where you go and when, who you associate with, and what you care about. While the strategies described below won’t protect you from all the surveillance types described in this guide, they will help reduce the amount of data that can be collected about you.

    Lockdown Your Identity Online

    • Protect yourself on social networks:
      • Where you can, change your social media accounts to be private instead of public, and review all new follower requests before approving them. You may also want to review your current followers to make sure you know and trust them.
      • If you need a public account, consider using a separate, private account for topics, posts, or conversations you’d like to keep private.
      • Don’t just change your own social media settings and behavior. Talk with your friends about the potentially sensitive data you reveal about each other online, and how you can protect each other as a team.
      • Reduce the risks you face in online groups by adjusting visibility settings.
    • Enable two-factor authentication (or “2FA”) on as many online accounts as you can. If the data gathered about you through surveillance is leaked in a breach, having 2FA enabled will make it harder for others to access your accounts, even if they know your usernames and passwords.

    Turn Off Location Tracking When You Don’t Need It

    The way to do this can vary by device and by application. You can change your overall location-tracking preferences in your system settings, but this may not turn off location tracking completely. For example, some mobile device applications may turn your location tracking on for a variety of reasons; you may need to look at your phone’s settings, or in some cases each application’s permissions to disable it.

    Be Aware of Risks in Personal vs. School Environments

    For students worried about school surveillance, it’s critical to keep your personal and school lives separate. Avoid using school devices, accounts, and networks for personal activity. Even if your school claims to use geofencing (i.e. you’re only monitored on campus), a lot of the information can leak between your personal and school life through your Internet activity or the devices you use.

    • Devices and Networks: Everything you do on a school-issued device, even if you’re using your home Wi-Fi or another trusted network, could be tracked. Similarly, if you’re using a personal device on a school network, your activity could also be monitored. That’s why it’s best to access your personal or sensitive accounts only on your personal devices and networks you trust. This might not always be possible, but it’s a good goal.
    • Logins: Don’t use your school email address for any personal online accounts. This could expose notifications, direct messages, and other content from your personal accounts to the school’s monitoring systems.
    • Web Browsing: If there is information you don’t want your school to track, it’s better to search for those topics off of school devices and networks.

    Use Good Digital Security Practices

    And Lastly...

    Surveillance isn’t normal, and it isn’t okay. You are right to feel concerned and to want to speak up about your privacy. To learn more about how you can protect yourself, check out the rest of Surveillance Self-Defense’s guides. If you need a place to get started, take a look at our Security Starter Pack or our playlist of guides for LGBTQ Youth.

    Last reviewed: 
    3-2-2020
Next:
JavaScript license information