Protest is an integral part of democracies and an essential right of citizens within such functional democracies. If protest is happening within less liberal regimes, it quickly can become dangerous for participants, such as the anti-war protests in Russia, political protests in Belarus, pro-democracy protest in Hong Kong, or the feminist uprising in Iran.
One common theme within all the protests against totalitarian regimes within the past two decades (and beyond) are physical and increasingly digital surveillance, censorship and oppression. In the age of constant Orwell-ian surveillance through digital means, such as tracking, facial recognition and mass surveillance, non-compliance is often met with dire punishment, even days or weeks after the protest.
But even within liberal democracies in the western world, protecting one’s identity during a protest may be important to protect oneself and others from sometimes only in the aftermath deemed unrightful consequences, indeed also in Germany.
Digital footprints, may endanger legitimate expression of opinion even in advance of protest. Organising demonstrations, researching adjacent topics and exchanging messages with other people leaves a data trail which could later on used against participants. Everywhere you go on the internet, information about yourself is left behind, often times in the form of metadata, such as your IP address, your web browsers user-agent or other means of digital fingerprinting.
Research
When doing research in advance to protest, general browsing during the protest or if it is an online action: use secure, trustworthy and Free and Open Source Software. Commercial, closed source programs often times do not have the users’ best interest in mind, particularly when it comes to privacy.
As a starter, use Open Source web browsers like Mozilla Firefox, whose advanced protection measures may also limit third party tracking to some degree. Online tracking by advertisers and commercial stake holders can be further limited through ad blockers such as uBlock Origin and the Electronic Frontier Foundation’s Privacy Badger Add-on. [1]
Or better yet, use the Tor Browser by the Tor Project, a hardened and extended version of Firefox that takes privacy to an extreme and communicates exclusively through the Tor network. Particularly in critical scenarios, for example within a totalitarian state in which protest is met with harsh oppression and the general internet is censored, exclusive usage of the Tor network is an important tool, but of course it works world wide even in liberal western democracies. [2, 3]
Web search is also an important factor. Try to avoid surveillance advertisers’ search engines, like Bing or Google and use privacy respecting, non-profiling search engines like Mojeek, Qwant or meta search engines like Metager and Searxng.
File storage and data sharing is another important issue. Whenever possible, critical information should best be kept offline on a secure and hopefully encrypted file storage. However, particularly when sharing data with others, beware of the potential risks and choose a secure and encrypted cloud storage host which does not sell your data and keeps file storage encrypted at all times: for example ViOffice! Particularly sensitive and critical information which has to be shared with others may also be shared in a “Peer to Peer” fashion between involved individuals without third parties or a central server (which can be attacked) in between. For example the Tor project’s OnionShare or the Free and Open Source Software Syncthing. [1]
Communication
When organising, be it in advance or during a protest, as with any day to day communication, End-to-End encrypted communication means should be used in principle. But even beyond encrypting messages’ content, meta data is an important factor. Exposing meta information could for example spill who contacted who at which time and what kind of information was shared, even if the specific contents are unknown.
E-mail is generally a good mean of communication, but only if the communication is encrypted for example via OpenPGP. Particularly regarding meta data, the choosing a trustworthy E-Mail provider is also crucial such as ProtonMail, Tuta, Posteo and many more. Surveillance advertisers like Google Mail, Hotmail and Yahoo are not to be considered trustworthy in this context. Beware, that this is also true for the recipients of your E-Mails. Your own mail account may be as secure as possible, but that is irrelevant if communication meta data is leaked or stored unencrypted on either end. [1, 2, 3]
For instant messaging before or during protest, similar considerations are required. Of course, message content – especially media files – have to be transferred (and stored) encrypted. But meta data should also be limited as much as possible. In situations where risk to involved individuals is particularly low, secure instant messaging applications with an Open Source implementation of End-To-End Encryption like Signal or indeed Nextcloud Talk (also used in the ViOffice Cloud) are more than sufficient. These chats are typically linked to digital identities (an E-mail address, a telephone number or something similar), which can be linked back to individuals. Furthermore, both solutions are connected to some central server between individuals and therefore easier to block or censor. Therefore, in high risk scenarios, these chat solutions should be replaced with a solution that is both highly secure (like the aforementioned) but also completely anonymous and ideally decentralised in a peer-to-peer fashion like Briar. [4]
Smartphones
Depending on the situation, smartphones can be both particularly useful, for example to document brutality by security forces, but also very risky in terms of tracking, eavesdropping and intercepting communication. [5]
If individuals find themselves in such risky situations, it is typically better to leave the smartphone at home, use a burner phone or at least turn the smartphone off. Many smartphones, especially with software that is not up-to-date, are easy to infiltrate. [5]
Either way, activists should always consider what data and communication channels are stored on a device they are taking to such protest. Biometric locks (like thumb or face ID) are typically easier to circumvent for adversaries than long alphanumeric passphrases. Automatic locking should be set to a very short period and lock screen notifications be turned off. Location services, including GPS but to some extent also WiFi might also be a factor relevant to surveillance and should be turned off (airplane mode) whenever possible. The same guidelines may be applied to other devices such as smartwatches, which generally should be left at home. [5, 6, 7]
Photos and Videos
Photos and videos are an integral part of protests and are important for journalists to report on ongoing situations. However, both for activists but also for journalists caution about imagery should be held in situations where participants of a protest could lead to adverse consequences for individuals or groups. In such scenarios, photos and videos should not make participants identifiable. Faces and conspicuous clothing should be blocked out. There is Artificial Intelligence that is often times able to unblur faces on weakly treated imagery. Blocking them with black boxes can be more secure in many cases. [1, 2, 3, 5, 6, 7]
Meta-Data included in the media files might also be dangerous, as they might contain information about who took the image, which device was used, coordinates of the camera while shooting the image and many more information. These can often be turned off in the camera settings or removed afterwards with many applications. [1]
One easy to use cross-plattform application that is able to block parts of images and remove all meta data from it is Image-Scrubber. Other applications like the Guardian Project’s ObscuraCam are also good choices. [1]
Sources
- Everest Pipkin (2020): Anonymize your online footprint. URL: https://web.archive.org/web/20231128122012/https://pastebin.com/TPgtvmVB
- EFF (2023): Surveillance Selfdefence – Attenting Protest. URL: https://ssd.eff.org/module/attending-protest
- Budington, B. (2016): Digital Security Tips for Protesters. URL: https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters
- It’s Going Down (2022): The Guide to Peer-to-Peer, Encryption, and Tor. URL: https://itsgoingdown.org/the-guide-to-peer-to-peer-encryption-and-tor-new-communication-infrastructure-for-anarchists/
- No Trace Project (2023): Turn Off Your Phone. URL: https://www.notrace.how/resources/download/turn-off-your-phone/turn-off-your-phone-read.pdf
- No Trace Project (2023): How To Have A Fun Night To Forget. URL: https://www.notrace.how/resources/read/how-to-have-a-fun-night-to-forget.html
- No Trace Project (2011): Measures Against Surveillance. URL: https://www.notrace.how/resources/read/measures-against-surveillance.html
Jan is co-founder of ViOffice. He is responsible for the technical implementation and maintenance of the software. His interests lie in particular in the areas of security, data protection and encryption.
In addition to his studies in economics, later in applied statistics and his subsequent doctorate, he has years of experience in software development, open source and server administration.