11. Creating a strong password
• I was born on 9th April 1977 in Colombo
• Iwbo9A1977iC
• Why are you sad today?
• WrU:-(2d?
• My advice – at least 10 alpha-numeric and ASCII
characters
• If on public PC, try to copy and paste passwords online.
NEVER type them in.
12. Common-sense posting
• Know the laws in your country pertaining to liability, libel
etc.
• When signing up for a blog account where you will be
publishing sensitive content, do not use you personal email
address or information
• In your blog posts and profile page, do not post pictures of
yourself or friends
• Do not use your real name and do not give personal details
• Schedule posts: Blog platforms like Wordpress allow uses to
automatically publish a post on a designated date and time.
13. Common-sense posting
• On social networks, create one account for activism
under a false but real-sounding name (so your account
won’t be deleted) but don’t tell your friends about it.
• Information on Facebook, stays on Facebook. Be
careful what you upload and say.
• Never join a sensitive group with your real account.
Use your fake account to join activism groups.
• Don’t use paid services. Your credit card can be linked
back to you.
27. • http://www.mozilla.com/en-US/thunderbird/
• Spam and phishing protection
• Built for Gmail and easy to set up
• Thunderbird warns you when you click on a link which appears to be taking you to a
different Web site than the one indicated by the URL in the message.
28. Safe & best email practices
• Use a signature
• If email security is REALLY a need, go for GPG
encrypted emails
• Stick to plain text / Do not use fancy email templates
• Do not click on unknown attachments (esp. from
unknown senders)
33. Safe & best email practices
• Use phonetics to convey meaning: “Ooman writes” “whoman rites”
“see I d” “ma hinder” “go tub a yaar”
• Use words instead of human rights – say food, heat or supplies. E.g.
“the heat is bad”, “the food is poor”, “supplies are bleak”.
• Use BCC for group emails
• Never use the same email for advocacy, professional emails, personal
correspondence
• Subject lines are NEVER encrypted
• Caution and prevention more than remedy
37. What do you have on your mobile?
• Contact names
• Phone numbers
• Emails
• SMS history
• Call logs
• Photos
• Video
• Audio
• Calendar information
• Maybe even files
• In short, not too different from data on your PC, and perhaps even more
sensitive
38. Basic guidelines
• Security on mobiles is still not as advanced as computers
• Be mindful of data stored on mobile
• Is it secured via a password?
• Are there messages, call logs, emails or other data that can compromise
security for self, colleagues and partners?
• Invest in smartphone that can run Skype mobile for secure conversations
• Do NOT share confidential information over SMS
39. Surveillance
• For every phone currently on the network (receiving a signal, regardless of
whether the phone has been used to call or send messages) the network
operator has the following information:
– The IMEI number – a number that uniquely identifies the phone hardware
– The IMSI number – a number that uniquely identifies the SIM card
– The TMSI number, a temporary number that is re-assigned regularly according to
location or coverage changes but can be tracked by commercially available
eavesdropping systems
– The network cell in which the phone is currently located. Cells can cover any
area from a few meters to several kilometers, with much smaller cells in urban
areas and even small cells in buildings that use a repeater aerial to improve signal
indoors.
– The location of the subscriber within that cell, determined by
triangulating the signal from nearby masts. Again, location accuracy depends on the
size of the cell - the more masts in the area, the more accurate the positioning.
40. Mobile phone security primer
http://www.mobileactive.org/howtos/mobile-security-risks