Announcement: our online store will be deployed over the upcoming weeks. It is another way for our readers to support our non-profit.

Privacy tools for journalists and activists operating in hostile environments

With the latest backlash against Whatsapp’ updated privacy policy, users are seeking more anonymous solutions, however, journalists and activists operating in hostile environments such as in the Middle-East and North Africa must take further measures to keep their data protected. There exist various tools that can be used for that purpose, from operating systems to browsers and messaging apps. We will look in this article at the most robust solutions available. These tips are not exclusively for journalists or activists, they can also be used by the privacy-conscious.

People aren’t taking their privacy seriously enough

What would you do if someone broke into your home and took a copy of all your physical documents? You’d be pissed and you’d probably feel violated, it is, after all, an attack on your privacy. However, when it comes to one’s digital life, most people neglect how their data is used or accessed by third parties, be it your own government’s security agencies or the companies that hold and process your data, selling it off to the highest bidder in the process (e.g. Facebook, Google, Microsoft). It is as if a digital breach is somewhat different from a physical breach. In essence, it isn’t.

While using these services for non-work related purposes can be fine, when it comes to work and sensitive data, it would be smarter to look at more robust solutions.

Social media

If you are a journalist or activist operating in a hostile country, you should seriously consider refraining entirely from using Facebook at all other than for casual conversations with family and friends.

Furthermore, Facebook will not allow you to create an account through a private network such as Tor, which we will come back to later in this article. This essentially means Facebook wants to know your real location before it will allow you on its platform.

Lately, Facebook has also been censoring pro-democracy groups based in North Africa and the Middle-East, for instance, it has suspended a pro-democracy group in Algeria “Algérie Debout” on several occasions before permanently banning it, according to its founder, the group was taken down following thousands of false abuse reports submitted by trolls paid by the Algerian regime. When approached for comment, Facebook failed to respond. It appears that Facebook relies on a reporting system that is being abused by state actors to silence activists across the world.

The real solution here is to keep the usage of Facebook at a minimum, keep it for menial conversations with family and friends but certainly do not use it for anything other than that. After all, this was its original intended purpose.

If you are to use Facebook, use a fake name and a fake profile picture, set your privacy to the strongest possible settings and browse it through a VPN.

Messengers

While WhatsApp could be considered a secure messaging service in its early days, it has since lost much of the trust put in it since its acquisition by Facebook.

It should be noted that the Israeli NSO group developed tools for security agencies and state-backed actors to access you WhatsApp unhindered, this is of great concern to anyone that operates in a hostile environment.

As for Telegram, it does not provide end-to-end encryption by default in contrast to how the company seeks to portray its service. Furthermore, the Telegram team is based in the United Arab Emirates, a country distinguished for its poor human rights record and keenness to bribe officials with gold ingots to obtain what it wants.

Signal has long been used by activists and journalists, including in war-torn regions, as it is the only robust solution among the three. Signal provides true end-to-end encryption by default with the ability to have messages self-destruct, the app itself can also be protected by a passcode. The open-source nature of Signal and its current form as a non-profit also means that it is more trustworthy than its rivals. Whereas other messaging apps collect a vast range of data, Signal does not.

Operating systems

When it comes to operating systems, there are a few specialist Linux-based operating systems that are incredibly robust.

Tails OS is an amnesic operating system that boots from a USB key. This means that every time you boot it, it will restart as if it were never used before. This can be annoying if you want to save data, but Tails did address this issue, allowing one to create a persistent encrypted partition within the USB used. This partition can only be accessed after inputting a pass-code upon booting up the OS.

Furthermore, Tails OS will forcibly route all your online activity through the Tor network. The Tor network, a robust privacy tool, will bounce your data through multiple nodes across the world, this ensures that tracing your online activity will be very much difficult, even for state actors. Being a USB-based OS, you can switch it off completely by just pulling the USB from the computer, this won’t cause any damages to the OS, the files in your encrypted partition or your computer. The key here is to separate your work from your personal life.

Tails OS can be started from any computer, you can have it on keychain ready to be deployed in a couple of minutes. Its installation is fairly simple if you follow the guide on the project’s website. It also comes with secure pre-installed apps such as the email client Thunderbird.

Other operating systems worth mentioning include Qubes OS which Edward Snowden praised as the most secure Linux distribution, or Whonix. These provide a more desktop-like feel.

Browsers

The Tor browser, which is available for download on all operating systems, including Mac OS and Windows, is certainly the most robust solution, however, most companies will not allow you to user their services through Tor, try creating a Google account through Tor and you will see what happens. Big tech does not want you to be able to browse the internet anonymously.

Another browser worth mentioning is DuckDuckGo’s latest addition, a surprisingly responsive android browser that blocks trackers and has the benefit of grading websites’ privacy levels on a scale of D to A. It will also limit what websites and search engines like Google can collect about you. DuckDuckGo offers also a search engine that takes your privacy seriously, in contrast to Google’s.

Mozilla’s Firefox, likewise, is feature-rich and considered to be a robust alternative to Google Chrome and Safari, it blocks trackers by default. 

Payments

This one is tricky. The international financial system is designed in such a way that it is very difficult to make untraceable payments, however, there is one particular cryptocurrency that allows you to make completely anonymous payments internationally. Monero. Among the thousands of cryptocurrencies available, Monero stands out as a nightmare for anyone who would seek to identity where a payment has come from. Creating a Monero wallet is very easy to do, there are physical wallets and mobile wallets (android apps) that allow you to hold this currency without prior registration. In practice, the person sending you the funds can purchase Monero through one of the many exchanges available, transfer it to your Monero address and bam! Now you are rich (or maybe not) and can exchange these Moneros for real dollars before withdrawing the funds to your bank account. This could prove useful in many banana republics where the authorities can build a case around being funded from abroad, as was the case with journalist Khaled Drareni in Algeria. There will be no way for said authorities to determine where the money originated from.

Email service

The Swiss-based open-source Protonmail offers a credible alternative to popular but prying email services, it is free and offers end-to-end encryption. Opening an account is very easy and no personal information is required to do so.

VPNs and equivalents

Orbot for android forces all your network traffic through the Tor network. It can be used similarly to a VPN without having to resort to VPNs which tend to be for-profit businesses and have to comply by their jurisdictions’ laws.

ProtonVPN, of the Protonmail family, is also a decent alternative to Tor. When asked about its disclosure policy when requests are made by foreign law enforcement agencies, Edward Shone, the company’s PR manager, reassured the Algiers Herald on how it handles such requests, stating “we are only able to cooperate or share data with foreign law enforcement where requests are made through official channels and approved by the Swiss authorities. This means that without proper vetting from the Swiss authorities, we cannot respond to any law enforcement requests. However, our use of end to end encryption and our no-logs policy means that even if law enforcement requests are approved, there is little useful information that we would be able to share”.

ProtonVPN, offers a free plan which would route your online activity through Japan, the Netherland and the U.S, if you want more country options you would have to upgrade to a paid plan.

Finally, PrivacyTools.io is a good resource at the disposal of anyone seeking to mitigate the risks associated with their online activity. PrivacyTools lists the available tools by category, some of which we haven’t mentioned in this article, for instance how to purchase a domain name and hosting anonymously.