Search


Tagged with Encryption x Novinar/ka x Udru��enja x Reputacija x

Use SHA key authentication

For additional security, it is highly recommended to use SHA key authentication, i.e. setting up SSH (Secure Shell) on your server. SSH is a popular software package which enables secure system administration and file transfers over insecure networks, meaning that it uses encryption to secure the connection between a client and a server. All user authentication, commands, output and file transfers are therefore protected from attacks in the network.


All details about implementation and configuration can be found on the SSH official website.  

Server Site Authentication Encryption

Browsing Add-ons

There are ways to improve your internet browsing experience and make you safer while you use your favourite online services. Modern internet browsers '> , such as Mozilla Firefox, Brave or Google Chrome, have software widgets (add-ons/extensions) which provide additional options and benefits for your browser. Here are some of the best:

HTTPS Everywhere: this addon forces encrypted communication (HTTPS) when you visit a website if it supports HTTPS  , therefore making your browsing more secure.

Privacy Badger: an extension which enables you to block advertising trackers from third parties on websites you visit.

Facebook Container (Firefox only): it isolates your Facebook identity in a container tab, making it harder for Facebook to track your visits to other websites with third-party cookies.

uBlock Origin: a resource-friendly multi-purpose blocking extension designed to block ads, tracking and malware domains .

Digital hygiene Browser Encryption

TOR and VPN

The internet commonly provides a false sense of anonymity, whereas there is only pseudo-anonymity for most users. Pretty much everyone is identifiable online by their IP address , a unique identifier assigned to you by your internet service provider (ISP).

However, there are tools which can help you mask your actual IP address and provide an additional layer of protection for your online identity. This can be achieved with the use of Tor Browser or Virtual Private Network (VPN)  services.

Tor Browser is a free and open source software customised to work with the Tor network, based upon Mozilla Firefox, which encrypts  your browsing traffic and gives you a new identity, i.e. a new IP address. It is also particularly useful for accessing blocked websites on your network. There are some drawbacks however, as the Tor network provides generally slow internet speeds and users’ identity can be exposed if they do not use Tor Browser properly.

Virtual Private Network (VPN) is a service which enables users to connect to the public internet through a private network, providing an additional encrypted layer of privacy and masking the users’ actual IP address. There are many VPN providers, but users should still take note and be aware of possible security aspects such as:

  • Jurisdiction, i.e. in which country is the company providing VPN services based. Countries which are members of the “Five Eyes” mass surveillance alliance (USA, UK, Canada, New Zealand, Australia) should generally be avoided;
  • No logs policy, meaning that the VPN provider doesn’t log your internet traffic made through their network;
  • Regularly performed independent security audits, which are usually documented on the VPN provider’s website;
  • Price - some VPN services are quite expensive, but you should be vary of “completely free” VPN apps , as their business model is almost certainly based on tracking users. However, some paid-service providers  offer free plans with limited possibilities, such as lower speeds and a smaller number of servers .
IP Address Digital hygiene Browser Apps Encryption Data leaks Safety

Disc encryption

Encryption is the process of protecting data with a complex cipher, scrambling it so that it can only be accessed (decrypted) with a password or key, sometimes requiring an additional authentication factor, e.g. a digital certificate  . Encrypting hard drives and removable devices, such as USB drives, is especially recommended for people working with confidential information, primarily journalists and human rights activists.

VeraCrypt is a multi-platform (Windows, Linux, MacOS X) free and open source  disk encryption software with advanced capabilities. It can be used to encrypt only specific files, whole hard disk partitions, removable drives, as well as a partition or drive where Windows is installed (pre-boot authentication).

Cryptomator enables you to encrypt your cloud storage files for services such as Dropbox or Google Drive. Files are encrypted within a secure vault which is then stored with cloud service providers, which cannot access the data. Cryptomator is open source and available for Windows, Linux, MacOS X and mobile platforms (iOS, Android).

Digital hygiene Apps Encryption Data leaks Cloud

Email and Chat Encryption

Similar to hard drives and removable disks, communication channels can also be encrypted by protecting data with a complex cipher so that communication can only be accessed (decrypted) with a password or key. Of course, for journalists and human rights activists encryption is a key component of ensuring secure communication with confidential sources. This can be done in a variety of ways. 

Emails can be encrypted using PGP (Pretty Good Privacy), which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension  which works with popular webmail services. 

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers. 

A free and open source chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. Another app with a variety of options you can also use is Telegram, where Secret Chats need to be enabled for end-to-end encryption.

Digital hygiene Apps Encryption

Remote working

Access to applications and data that are physically located in the system (organisation, editorial office) is possible, with appropriate permissions, from any computer in the world. In this way, work is significantly facilitated, shortens the time required for data processing and enables participation in the field work process. 

From a security point of view, teleworking has serious drawbacks. Establishing a connection between the network or server in the system and the external computer opens the possibility for MitM (Man in the Middle) attacks. MitM [MitM] is a type of technical attack in which the client and server are not necessarily at risk, but the attacker uses connection flaws to access their communication and commit data theft. 

A secure way to work remotely is to connect via VPN (Virtual Private Network). It is a service of creating a separate tunnel between two computers on the public network, which is specially encrypted for protection. Of the several types of virtual private networks, the safest is to use the so-called TSL (Transport Layer Security Protocol). One of the best VPN implementation software at the organisational level is OpenVPN

Alternatively, non-profit organisations can opt to use G Suite, i.e. Google’s productivity package which includes several popular tools and products (Gmail, Google Drive, Google Calendar, etc.). However, it should be noted that Google’s business model is based on user profiling and analysis of personal data collected from its users.

IP Address Digital hygiene Encryption

Check for available decryption tools

One of the biggest security problems and forms of cybercrime  today is ransomware .This form of malware encrypts files so that they cannot be accessed without a decryption key. The attackers then ask for payments in cryptocurrency to provide targets with the decryption key, usually within a short time frame to put more pressure on the targets. 

In case you are a target of ransomware, general advice is not to pay, as there is no guarantee you will indeed receive the correct decryption key. Payments also encourage further cybercrime attempts. You can try to find a decryption tool based on the type of ransomware. For example, No More Ransom is an initiative which provides citizens with free decryption tools for many forms of ransomware.

Encryption Malware Damage Access recovery

INSTITUTIONAL PROTECTION

Because harassment comes in many shapes and forms, it can be reported as a number of different criminal offenses. 

Sexual harassment (art. 182b of the Criminal code) explicitly mentions verbal forms of assaults, but necessitates the filing of a motion to initiate criminal proceedings with the Public prosecutor. In other words, you must inform the police and the Public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against harassment. 

Endangering safety, one of the many consequences of harassment, under art. 138 of the Criminal Code, provides another legal basis for protection. In this case, public prosecutors and police are mandated to follow up, investigate and responsible for protection. As the filing party, you are responsible for collecting evidence needed for filing the criminal charges. This option is  especially relevant for (female) journalists.

ADVICE: Explain in detail how, why and when you feel unsafe, and detail your concern for the safety of your family and loved ones. These details could be the key to success when it comes to court proceedings.

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

ALTERNATIVE PROTECTION

There is always an inherent risk that online harassment will transition to the physical world. For this reason, physical safety is a crucial precondition for any other form of meaningful protection. In terms of mental protection, sometimes it is helpful to take a break or minimize time spent on social media platforms, or those platforms of communication where you are targeted with harassment. Talking to friends, family, partners and colleagues about harassment can also be helpful in creating a system of support. 

Blocking  , filtering and reporting options on social media platforms can often serve as a helpful tool for documenting harassment. 

The DeleteMe tool can help find and remove your personal information from some websites. 

Reaching out for support professional associations and support groups is another method for dealing with harassment. 

Several investigative journalists and their networks track down perpetrators of online harassment by analysing their digital footprint. This has been an effective mechanism for not only the identification of perpetrators, but also exposing them and their crimes to public scrutiny. 

In Serbia, female journalists can find support through the initiative “Female Journalists against violence”, and dozens of other feminist organizations that offer services for individuals targeted with violence, including online.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Malware Location Report to platform Block user Safety Support Sexual Harassment Computer/Laptop Criminal charges

Use encrypted voice communication

Encryption is a cryptographic concept of encoding messages or information, which ensures that only people who have a way to decrypt it will be able to read it.

Voice communications are very easy to monitor and intercept. However, there are applications that enable encrypted communication through voice calls, as well as text messages, including group communication, photography and video. One of these apps is Signal, which is open source , run by a non-profit organisation and is entirely funded by donations, which allows it to work without monetising the data of its users. Telegram is an application which also has an encrypted audio and video call option and is definitely among the most popular services for secure communication.

Phone/Tablet Apps Encryption Computer/Laptop

Use encrypted messaging

Messages are mainly used for informal and personal communication, and are often the subject of correspondence of confidential information about users that should not be available to third parties. There are applications that enable encrypted  communication through chat services. 

SMS communication is similar to chat communication, the only difference is that the internet is used as a data transmission medium in chat communication, while the standard network of mobile phones (GSM, 2G, 3G, 4G, etc.) is used for SMS messages. It is important to emphasize that both parties must use encryption in order for the system to be secure. A free and open source online chat app that provides end-to-end encryption  by default is Signal. It is available for iOS and Android, as well as a desktop app. It provides a wide range of security options, such as self-destructing messages, PIN protection or encrypted video calls. You can also use Telegram where Secret Chats need to be enabled for end-to-end encryption.

Phone/Tablet Apps Encryption Computer/Laptop

REVENGE PORN

Revenge porn is defined as posting sexually explicit content without consent, with the intent of humiliation, shame or blackmail. Revenge porn is a violation of  privacy and can result in extreme emotional trauma. 

Revenge porn is a serious form of assault, and as such, it is crucial that instances are reported to the police and the public prosecutor. There are several criminal acts that can be used as a legal basis to prosecute the posting of revenge porn. 

Sexual harassment (art. 182b of the Criminal Code):  filing a motion for the initiation of proceedings is a precondition to start the procedure. This means that you must inform the police and the public prosecutor - a standard procedure - as well as file a motion to initiate the proceedings. 

ADVICE: File the motion. The courts are a crucial component of protection against revenge porn.

Unauthorised wiretapping and recording (art.143 of the Criminal Code ), unauthorised taking of photos (art. 144), unauthorised publishing and presentation of another’s texts, portraits, and recordings (art.145 of the Criminal Code ), are other charges that refer to illegal recordings, and could be utilized to prosecute cases in which video was made without consent, even if it was not posted online.  These procedures carry private criminal charges, which means that you, the filing party,  must present the identity of the perpetrator, and as many details and as much evidence as you can (for example, where the recordings are stored, where the camera could have been placed during the recording, etc.). 

Your physical safety is the highest priority when it comes to protection.

If your harasser intentionally positions themself in your physical vicinity, you can request a court issued emergency restraining order. 

Document any and all recordings, comments, threats and other forms of harassment as crucial evidence for initiating protection mechanisms and/or court proceedings.

Seek support from CSOs, women’s support networks, and others who can help you choose the best way to protect yourself. 

Report any and all recordings, comments, threats and other forms of harassment to the platforms where they have been posted, and find out more about take down procedures on  Facebook and other platforms. 

And don’t forget, even if you originally gave your consent to be filmed, this does not imply consent for sharing that content. You are not to blame for being targeted with this type of assault.

 If you ever feel that the online violence you’re experiencing, might transition into the physical world, call the police → immediately. 

Password Authentication Recovery account Digital hygiene Phone/Tablet Encryption Location Report to platform Reputation Safety Support Sexual Harassment Pornography Computer/Laptop Criminal charges

Use encrypted email

Despite the development of more modern ways of communications, email has remained one of most commonly used solutions in official communications through the internet. Therefore, a large amount of important and sensitive information is still transmitted by email. On the other hand, the technology behind e-mail is not completely secure, it has a lot of security flaws, and the users have no control over who can access the metadata and content of their e-mail communication, especially when using email services such as Gmail, Outlook.com, Yahoo Mail, etc. 

Emails can be encrypted  using PGP (Pretty Good Privacy) , which is based on public key cryptography. You need to generate a key pair - a public key which you share with others and a private key which you keep secret - in order to exchange encrypted emails with correspondents. 

If you use an email provider like Gmail or Outlook, you can encrypt your communication using Thunderbird, an open source email client with built-in OpenPGP capabilities, or by using the Mailvelope browser extension which works with popular webmail services. By using these tools you can easily generate a key pair for encrypting your email, or import existing encryption keys.

However, there are email providers, such as ProtonMail or Tutanota, which encrypt your messages automatically when they are sent between their users, and also provide ways to send encrypted emails to those using other providers.

Phone/Tablet Apps Encryption Computer/Laptop

PRESSURES ON FREEDOM OF EXPRESSION

It would be nearly impossible to exhaustively list the ways in which someone can put pressure on and threaten freedom of expression. Those who have been targeted with online pressure or abuse will undoubtedly feel its consequences.

For the broader public, we can see these threats everywhere - from commenting threads, social media platforms, and increasing hate speech and intentional defamation. 

It has been nearly impossible to legally qualify the idea of ‘pressure’ as it is perceived, as it rarely meets legal thresholds for prosecution. However, this type of assault, in targeting journalists and activists, causes serious distortions in and manipulates public debate and decision making. Taken as a threat to freedom of expression as a whole, ‘pressure’ can reach a legal threshold, but the legal system is unable to effectively address the problem as it can provide only individual, and not collective, protections.

Independent State bodies, such as the Ombudsperson for the Protection of Citizens’ Rights can carry out investigations and issue public warnings to government officials or other public figures who put pressure on journalists and/or single them out through targeted assaults.
 

Digital hygiene Encryption Tactic Support Journalists Media