Search


Tagged with Computer/Laptop x Enkripcija x Reputacija x Ra��unar/Laptop x

Good security practices

No matter what you do online, you should always try to follow general good security practices:

  • Be very careful with your personal data;
  • Respect the privacy of others on the internet;
  • Only download files and install software from known and trusted sources;
  • Regularly update all software and operating system  of your devices to reduce the risk of attacks;
  • Create unique and complex passwords and securely store them in password managers  ;
  • Enable multi-level authentication  for your online accounts wherever possible;
  • Use an anti-virus/anti-malware software;
  • Encrypt everything you can encrypt;
  • If you use a public computer, try not to leave any traces  behind;
  • If your USB flash drive was in a public or unprotected computer, be sure to scan it with anti-virus/anti-malware software before using it again. It is generally recommended that portable devices, e.g. USB flash drives or external hard drives, are scanned each time they are connected to a computer;
  • Take into account the risks that your every action on the internet implies, privacy does not mean less responsibility;
  • At least quickly read through the Terms of Use/Service before clicking "I accept".
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Bad security practices

Habits are hard to change, but you should try your best to avoid these bad security practices:

  • Never send passwords , personal data or financial information via plain text email;
  • Do not access networks or other systems for which you do not have authorisation, even if you have somehow obtained certain login credentials (username, password). This does not mean that you have been authorised to use them;
  • Do not install suspicious add-ons and software updates;
  • Don't click on suspicious links you received via email, no matter how interesting the message may seem;
  • Avoid using public or unprotected computers;
  • Avoid using other people's mobile devices;
  • Don’t write your passwords on a post-it. Seriously, don't!
  • Don’t put the names or dates of birth of people close to you as passwords;
  • Don’t leave your devices unattended and unlocked;
  • Don’t ignore suspicious activities - sometimes it’s better to be paranoid;
  • Do not use pirated software. If you do not want to pay for software, look for a free and open source  alternative;
  • Don't live in your comfort zone. Sometimes it is worth investing a little time and effort and learning the basics of how to be safe on the internet.
Digital hygiene Phone/Tablet Data leaks Safety Computer/Laptop

Access a trusted device

Having 2-step authentication  turned on for all of your accounts is an essential security practice. However, in case the verification method you set up (phone number, app) is not working or has changed, you should try accessing the account from a trusted device . Many service providers offer the option (usually just a checkbox on the 2-step page) to mark a device as trusted so you wouldn’t have to enter 2-step security codes each time you log in on that specific device, such as your home computer. 

Make sure that only personal devices (computers, tablets, phones) you use regularly are marked as trusted and never use this feature on public or someone else’s devices. 

Authentication Digital hygiene Phone/Tablet Apps Computer/Laptop

Remote lock and erase

If you are attending a protest or other high risk event, your devices such as mobile phones might be seized by the police or private security or even stolen in the crowd. In case this happens, your private data becomes exposed to all kinds or risks. 

Android phones, in case they have the “Find My Device” option enabled, provide you with a possibility to remotely lock them with your PIN, pattern or password or even erase all data on the phone. Google provides further instructions on how to secure seized Android devices. Very similar options are provided by Apple for iOS devices such as iPhone or iPad.

Phone/Tablet Location Computer/Laptop

Locate a device

In case you can’t find your device and suspect that it might be stolen, there are ways to determine its possible location . For example, smartphones based on Android and iPhones have the option to remotely locate your device. For further details and requirements (e.g. the device must be turned on, connected to the internet, etc) on how to enable the remote find option visit Google’s instructions for Android devices or Apple’s guide in case the device is an iPhone or other iOS-based device.

Phone/Tablet Location Computer/Laptop

Change all passwords

If you believe that your device might be stolen, as a precautionary measure it is good to change all the passwords  to your accounts which are logged in. It is also advisable to use a trusted device  to logout from all sessions on the lost device.

Changing all of your passwords is much easier and safer with the help of specialised applications called password managers  . These apps [APPLICATION] securely store your login credentials and protect them with a master password. That way, you only need to remember your master password and you can copy/paste your other credentials directly from the app. Password management software usually has the option to automatically generate a long and complex password, made of randomised characters and symbols. Applications commonly used for password management are KeePass, KeePassXC and Bitwarden.

Password Digital hygiene Phone/Tablet Apps Location Computer/Laptop

Factory reset

Your device may start acting strange and having various performance issues (working too slow, showing too many errors, certain apps or features not working). In case you cannot resolve these issues by restarting the device and/or clearing the cache, running an antivirus or antimalware check or updating your device software, drivers or operating system  , a factory reset  might be a solution.

Be aware that If you run a factory reset on your phone all the data will be lost, so make sure to backup any important data before proceeding. See more information from Google on how to do a factory reset on Android devices or Apple’s support page on how to do the same on iOS based devices.

Phone/Tablet Computer/Laptop Device reset

Repair shop

If resetting your device to factory settings  did not resolve the issues you experienced, it might be best to take the device to a repair shop. Before you do this, it is important to backup  any data on your device and also make sure to protect your device, sensitive files and apps with a password or a PIN.

Before choosing a specific repair shop, do a simple online search and try to find the ones with the best online reviews and positive comments.

Password Data backup Digital hygiene Phone/Tablet Computer/Laptop Device reset

INSTITUTIONAL PROTECTION

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

ALTERNATIVE PROTECTION

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Use encrypted voice communication

Encryption is a cryptographic concept of encoding messages or information, which ensures that only people who have a way to decrypt it will be able to read it.

Voice communications are very easy to monitor and intercept. However, there are applications that enable encrypted communication through voice calls, as well as text messages, including group communication, photography and video. One of these apps is Signal, which is open source , run by a non-profit organisation and is entirely funded by donations, which allows it to work without monetising the data of its users. Telegram is an application which also has an encrypted audio and video call option and is definitely among the most popular services for secure communication.

Phone/Tablet Apps Encryption Computer/Laptop

Use encrypted messaging

Messages are mainly used for informal and personal communication, and are often the subject of correspondence of confidential information about users that should not be available to third parties. There are applications that enable encrypted  communication through chat services. 

SMS communication is similar to chat communication, the only difference is that the internet is used as a data transmission medium in chat communication, while the standard network of mobile phones (GSM, 2G, 3G, 4G, etc.) is used for SMS messages. It is important to emphasize that both parties must use encryption in order for the system to be secure. A free and open source online chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. You can also use Telegram where Secret Chats need to be enabled for end-to-end encryption.

Phone/Tablet Apps Encryption Computer/Laptop

REVENGE PORN

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

Use encrypted email

Despite the development of more modern ways of communications, email has remained one of most commonly used solutions in official communications through the internet. Therefore, a large amount of important and sensitive information is still transmitted by email. On the other hand, the technology behind e-mail is not completely secure, it has a lot of security flaws, and the users have no control over who can access the metadata and content of their e-mail communication, especially when using email services such as Gmail, Outlook.com, Yahoo Mail, etc. 

Emails can be encrypted  using PGP (Pretty Good Privacy) , which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension which works with popular webmail services. By using these tools you can easily generate a key pair for encrypting your email, or import existing encryption keys.

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers.

Phone/Tablet Apps Encryption Computer/Laptop

THREATS

Endangering physical and emotional safety and wellbeing by calling for violence against a particular person or group of people, including threats of rape and other forms of gender-based violence.
 

Threat is a serious form of assault and one that should be urgently addressed to best prevent it from being realized in the physical world. Report each and every threat to the police and the public prosecutor. 

As threats often cause fear and insecurity, art. 138 of the Criminal Code - Endangering safety - provides a suitable legal basis for initiating mechanisms of protection. 

 In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge is especially relevant for (female) journalists, as this charge provides for a higher sanction. 

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

In addition to reporting threats to police and digital platforms, inform your employer and document them

If you can, protect your mental health by taking a break from social media platforms, especially those spaces that can cause additional stress or fear for your safety. Create a network of support to help take over some of the work documenting the threats. Again, prioritize your physical safety above all else and If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately! 

Digital evidence Password Authentication Recovery account Phone/Tablet Malware Report to platform Safety Sexual Harassment Journalists Fear Media Computer/Laptop Criminal charges

STALKING

The process of diligently and continually following someone’s activity online. The designation of stalking can be applied whether or not the stalker and target know one another in person.  Digital traces, data and other markers of our participation that show up on social media platforms and other websites have made stalking in the digital age a much easier task. As much as in the physical world, consequences on the targeted individual can vary, but could include an increased sense of insecurity, fear and the perception of an invasion of privacy.

Stalking, in the Criminal Code, is identified as a criminal offence (art. 138a), carrying that sanctions for not only the act of stalking but also for unlawful collection of someone else’s personal data, as a preliminary offence, prior to the instance(s) of stalking. However, the article does stipulate that to constitute stalking, the incident(s) must take place for a specified period of time. The intensity of stalking, and consequences felt by the target are not of critical relevance, but could be taken into account by the court during criminal proceedings.

If the incidence(s) of stalking fail to meet the time stipulates laid out in the Criminal Code art. 138a, then article 138 - Endangering safety - could also offer protections against acts that result in fear for one’s safety, and provides stricter sanctions if the target is a (female) journalist.  

In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. 

It is easier than ever to conduct private surveillance of public digital spaces using a number of different methods. For this reason, it is important to ensure that your tech-devices (phones, computers, smart speakers/doorbells, etc) and check if options (e.g. location, privacy settings) are best protected (turning off location tracking, strict privacy setting) and limited in their ability to share private data. 

As with all types of assault, targets of stalking should inform friends, family, partners and colleagues about the harassment, so you have a bigger network of support. If online stalking moves offline, to the physical world, you should immediately inform police and request protection. 

Check out these resources for improving your digital safety.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Safety Support Identity Computer/Laptop Criminal charges Stalking

IDENTITY MANIPULATION

Identity manipulation or misuse of personal data is a serious threat with potentially far-reaching consequences. Whether the target is a person whose personal data has been misused, or someone else, the damage can be incalculable.

Due to the complexity and different manifestations of this category of assault, it is difficult to determine the legal basis offering the most suitable protection. In the case of fraud committed using the computer belonging to another person, and resulting in material or financial gain for the perpetrator, a criminal complaint may be filed under art. 301 (Computer Fraud).  Another criminal offense, the unauthorized collection of personal data (art. 146), must be initiated via private lawsuit, and therefore the identity of the perpetrator must be known.  

If a case of identity manipulation leads to psychological harm, or damage to reputation or dignity, then compensation may be claimed using civil legal procedures. Before initiating this type of lawsuit, the identity of the perpetrator as well as evidence substantiating the claim of identity manipulation and resulting harm must be provided.

 

Identity manipulation is often tied to financial fraud and online theft. There are different ways you can protect yourself from these crimes: limit the amount of money that can be transferred to another account, or taken out via ATM at one time, use at least a two-factor authentication system for your finance-related logins, and destroy old bank and other identity cards with sensitive data. 

If you are a victim of identity manipulation, inform the police as soon as possible, notify the financial institutions or websites where you have accounts and temporarily block compromised bank accounts and/or cards. 

Timely risk assessment and digital hygiene are important means of  prevention and protection.

Digital evidence Password Authentication Recovery account Phone/Tablet Damage Reputation Identity Cybercrime User account Computer/Laptop Access recovery System restore Criminal charges

DOXXING

Publicly disclosing personal information about a target, such as home address, familial status, bank and credit card details, date of birth etc. This information can be posted on one or many different platforms, in comment sections, or via video or text. 

Regardless whether or not disclosed data is utilised for harassment, the unauthorized posting of data alone, qualifies as doxxing, and is viewed as a type of online attack. As is often the case, when doxxing creates an imminent danger to safety, art. 138 of the Criminal Code - Endangering safety - could provide legal protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Art. 146 of the Criminal Code, Unauthorised Collection of Personal Data, which prohibits the collection, publication and use of data for purposes “other than those for which they are intended”, could provide the basis for legal protection. 

Document every instance and location in which your personal data was posted, and file this evidence with the police.

Immediately report doxxing and any other unauthorised publication of personal data to the websites or platforms where it was posted, and to the police. 

Follow-up on your report to better ensure they respond.  Immediate action is key to prevent further distribution of your personal information online.

Turn off location tracking options on your phone, Google maps, and other applications that collect your sensitive data (location, key address, etc). 

Put strict privacy controls on your social media profiles, and two-step authentication  systems for all website logins storing your sensitive data. 

Talk to the people you trust - colleagues, friends, employers. Urge the police to alert the platform to remove your personal data, and use website and platform reporting mechanisms. 
Deleteme is a tool that can help find and remove sensitive data online.

If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Digital evidence Password Recovery account Digital hygiene Phone/Tablet Location Report to platform Data leaks Reputation Safety Sexual Harassment Identity User account Computer/Laptop Criminal charges

RETALIATION AGAINST SUPPORTERS

Friends, family, partners, colleagues, employers, and other witnesses to the abuse, can be  targeted in the same or similar way as the original target. 

Retaliation can take many forms, so it can be linked to different criminal offences. If the assault results in the endangerment of safety, art. 138 of the Criminal Code  could provide a suitable legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence  needed for filing the criminal charges. This charge provides stricter sanctions if the target is a (female) journalist.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Assess as to if the assault could be qualified as offence, threat, harassment, doxxing, false accusation or another form of digital assault. Identifying the type of assault based on charges set out in the Criminal Code can increase your chances of success in accessing legal protections.

In addition to the many mechanisms of protection, a useful strategy for countering an assault is to publicly call out and condemn an attack without directly identifying or naming the perpetrator. If you opt for this tactic, assess the risk and continue to document  problematic responses, especially  if they are defamatory in nature. Surround yourself with friends, family and colleagues:  safety is in numbers.

Digital evidence Password Authentication Recovery account Phone/Tablet Location Report to platform Safety Support Computer/Laptop Criminal charges