Most of the tools are free and/or open-source software (known as FLOSS). This software is usually much safer than closed, or proprietary, software created by Microsoft or Apple because it has been independently verified to ensure that it complies with the highest security standards. For that reason, we recommend Android and PC over Apple, though many of the tools we list can be used with either.
Note that some of the tools we recommend come with caveats. Not all recommended tools are perfect, but they are the best available options.
The links will take you to Security-in-a-box, a collaborative project devoted to digital security and privacy. There you can download software and access hands-on guides that teach you how to install and use these tools. With each chapter, be sure to read “1.1 Things you should know about this tool before you start”.Security-in-a-box is available in 16 languages. We link to the English, but click on the drop-down box in the upper right of their webpage for other languages. Kudos to Tactical Technology Collective and Front Line Defenders for such a great kit.
What do I need to do to...
Choose a strong password for your Wi-Fi connection. When your Wi-Fi is set up, make sure the connection is WPA2. WEP is child's play to hackers.
Choose a strong password for your computer. When using public Wi-Fi, your line of defence is your firewall.
Choose a strong password for your mobile.
Most computers come with a firewall already installed. This gives you control over downloads and lets you check software updates, preventing hacking. Make sure the firewall is activated.
We recommend Comodo. Comodo will help to protect your computer from attacks and allow you to easily manage programme requests when online.
Anti-virus programmes are important and relatively simple ways to secure your PC, as viruses can be deliberately sent to corrupt your system and files.
We recommend Avast. With Avast, you can find and remove viruses and prevent new viruses. Be sure to update it regularly.
We suggest you take a look at the options offered here.
Wireless internet connections send a signal through the air for tens of metres and any computer within range with a wireless card can pull the signal from the air and access information exchanged through the internet or in your computer.
Use a cable to connect to your modem instead of Wi-Fi.
If you use Wi-Fi, make sure your router and computer are as secure as possible.
Choose a strong password for your connection.
We recommend Firefox
Use the Firefox browser and install Firefox's free add-on, HTTPS-Everywhere, to force the browser to use encryption whenever possible.
Only log in or send personal information to websites that begin with https.
When you’ve finished using an account, log out.
Keep your browser and security software up to date. If your browser says you are about to visit an insecure site, leave unless you are sure.
Control when and how your mobile connects to the internet. Think about changing the phone settings so that it doesn’t automatically connect to nearby Wi-Fi as you move through the city.
Malware and spyware are used to track, record and watch what you do online. Good software “immunises” your computer against these attacks and removes any that are already present.
We suggest you take a look at the options offered here.
The overwhelming majority of malware and spyware infections originate from web pages. It is critical that you always consider whether it's safe to click on a URL, especially if it was sent to you by email. It is advisable never to click on a link in an email unless you trust the sender.
It can be tedious, but good password practice is essential for keeping your devices and data secure.
You can install software to generate strong (“unbreakable”) passwords and save all passwords in one convenient, secure database.
Use separate databases for each piece of technology and a different master password for each.
We recommend KeePass.
You can put KeePass on a USB stick and carry it with you when you need to access your information from other devices.
KeePass doesn't require any prior configuration or specific installation instructions.
We recommend KeePassDroid.
KeePassDroid does not require any prior configuration or specific installation instructions. It's ready to go when you are.
Use KeePassDroid's Random Generator for a super-strong password.
If someone hacks into your laptop or gets their hands on your phone despite your precautions, the next line of defence is encryption.
Use software that will routinely back up and encrypt your files. Only you, the person with the password, can read them.
We recommend Cobian.
Cobian backs up and encrypts every time.
We recommend using Android Privacy Guard to encrypt files before transferring them to a computer for encryption as soon as possible.
APG lets you encrypt and decrypt single files or emails, but there are limitations with encryption apps for smartphones.
Ensure that any encryption app you choose uses the 256-bit Advanced Encryption Standard (AES).
Limit the ways malicious parties can monitor your work habits and preferences or infect your system.
To do this, permanently delete your browser history, cookies and other temporary files created during your work session.
We recommend CCleaner.
CCleaner removes your online history and also cleans your computer system, a handy added bonus.
Beware that when you delete files on your computer, even if you use CCleaner, they could still be recovered by a techie.
To permanently delete unwanted files from your computer, you will need special software.
We recommend Eraser.
Install Eraser to permanently delete sensitive data from your computer. You can select files or folders to erase, and it writes over the data.
Eraser can also delete any copies of files that exist on your computer without your knowledge.
If you want to be sure that no one else can read your mail, avoid Windows Outlook or free email services like Gmail.
Thunderbird with Enigmail and GPG allows you to read and compose messages after disconnecting from the internet and to use public key encryption to keep your email private.
We recommend Mozilla Thunderbird with Enigmail and GPG.
Thunderbird lets you download email messages and manage them offline. Enigmail and GPG provide access to authentication, digital signing and encryption.
If you have serious concerns about your ability to keep your email private, Riseup is a social organisation that provides ultra-secure email and webmail for activists and others. Unless you personally know two Riseup members, you will have to wait several weeks for an account.
Visit the Riseup site to find out more.
Avoid Microsoft's Internet Explorer, as it is very vulnerable. Instead, use Firefox, Chrome or Opera browsers.
Read more about how to browse the web anonymously.
We recommend Firefox for Android.
You can disguise your identity and browsing by using Tor.
Servers in the Tor network do not know your location or the sites you are visiting.
WARNING: What you do online will be slowed significantly.
Many social networking sites offer chat options. This is one of the most insecure ways to communicate online.
Skype is supposedly encrypted, but since it is proprietary software, we cannot confirm whether or not that is really the case.
We recommend Jitsi as a safer alternative to Skype.
WARNING! Jitsi uses Java, which is vulnerable to sypware. The additional security of Jitsi is still important, but use Java with care.
We recommend TextSecure.
This will encrypt SMS messages as they are sent or while they reside on your phone.
WARNING! Both you and the person you are talking to should be using the same encrypted service.
Smartphone specificsMobile phones are like mini-computers, so it's important to protect your mobile data and communications in a similar way to your computer.
- “Basic Security Setup for Android Devices”: This guide quickly takes you through how to password-protect your mobile, encrypt communications, turn off Wi-Fi and Bluetooth, protect your number and turn off GPS.
- “How to use mobile phones as securely as possible”: This guide covers eavesdropping, interception of SMS or phone calls, SIM card issues and best practices for keeping the contents of your mobile phone secure.
Four tips for better smartphone privacy and security
Password-protect your phone and use encryption.
If someone gets their hands on your phone, you can prevent them from reading its stored data by putting a strong password on the phone and encrypting its contents. Apple iPhones offer this by default after you set a passcode. For Android, you must manually turn on encryption in the settings.
Choose encrypted apps for calls and texting.
Phone calls and text messages are easily tracked or intercepted. Use encrypted conversation apps like Android's TextSecure or Apple's FaceTime and iMessage. Educate your family, friends and associates, as anyone you are talking to needs to use the same encrypted service for you both to be covered.
Always update your Android or iOS system.
Hackers and spies take advantage of newly discovered loopholes and backdoors, so always update your mobile's operating system. This is where Apple carries an advantage, as it pushes iOS updates directly to users. Google updates Android frequently, but updates sometimes take time to become available to users. Google's Nexus phones are the most easily updated Android models.
Use a second phone for maximum security.
Phones are designed to be locatable, and many apps are designed to share data even when you don't realise it. More apps on your phone equals more risk. If you are concerned about your privacy, keep one phone for fun stuff and another for essential communication only.