Activist Safety: Protect Yourself from Internet Spies!

 
Many activists around the world use e-mail and Internet tools on a regular basis. They are often spied on and harassed by people who are trying to hurt them or their cause. If you use technology for your cause, you may be endangering yourself or the people you communicate with - unless you take the following precautions.

Don't make it easy for the wrong people to gain access to your private information, i.e., to identify and locate you, and to read your e-mail messages. Protect your safety and the safety of others! (Please pass this information on to anyone whose life may be threatened by forces monitoring their use of email and the Internet.)

Passwords

No matter what kind of email address you use, do not let strangers know your password. It is best to change your password regularly, especially if you use shared computers where someone might be watching or filming you typing it in.

Do not use passwords that might be easy for other people to guess - for example, do not use your name, your birthdate, your spouse's birthdate, or the word "merdeka". They are too easy to guess.

It is a good idea to use unusual passwords that include both letters and numbers, or punctuation marks. (for example, something like: t54;aq.7 etc.)

Public and Private Email Accounts

If you use a public email address, e.g., your email account is with Hotmail, MSN, Yahoo, Gmail, etc., all of your email messages sent and received are stored with these companies. This includes messages you have deleted from your In-box, or that you do not open. These companies have legal obligations to report certain kinds of activities. It is very easy for them to read and keep a copy of any of your email messages, and to pass them on to your enemies if they choose.

Sending a message to anyone with one of these public email addresses is just as dangerous, since your message could also be intercepted. Unfortunately, most people use public e-mail addresses!

It is almost always safer to use an e-mail address assigned to you by your local Internet Service Provider (ISP). However, if you connect to the Internet through Telkom (telkom.net), keep in mind that Telkom is an Indonesian telecommunications company based in Jakarta. It is subject to pressure from the Indonesian secret service to provide access to any e-mails that flow through its service ('server'). Therefore, using an e-mail address that ends with "@telkom.net" may pose a significant risk if you are an activist based in Indonesia.

You are best to own a private e-mail address assigned to you by an Internet service provider from outside whatever country (e.g. Indonesia) might pose a threat to you, and one with a good privacy policy. Please contact us at WestPAN if you need assistance getting one of these addresses. Explain to us who you are, and in what country you are located (we do not want your specific location) and we will try to set up a secure email address for you.

If you are in any possible danger, it's best if you do not use your real name in your email address. Use something else you will easily remember.

Never click through a link in a message that is clearly "Spam" (nuisance e-mails from strangers), and do not open suspicious attachments. Try to avoid opening these messages at all. It is best to delete them immediately, and regularly empty ("purge") your Trash folder to be sure they are gone. Do not reply to any Spam messages, even to remove yourself from their list or request they stop sending you messages. This will only make it worse!

Internet (Web Browser) Security

If you have a choice between using Firefox or Internet Explorer (IE), always choose FireFox (or another web browser program like Safari, Opera, Camino, etc.) Firefox is faster and more secure, and it is much easier to "cover your trail". You simply need to select the Tools menu, then Clear Recent History, and check all boxes. Even better is to choose Start Private Browsing before you visit any websites or check web-mail.

If you can't use Firefox and need to use IE, and especially if you use a computer that others use, you must do the following after each session to "cover your tracks". If you do not do this each time, it is easy for individuals to follow your tracks to websites you visited, to see what you did there, and maybe also to gain access to your E-mail correspondence.

To cover your tracks after you use Internet Explorer, clear the Cache and History files each time you use it. (The actual process will depend on what version of IE you are using, so you may have to experiment to find a slightly different procedure that will work.)

From April 2007: To clear your Web Browser Cache and History:
--> Select Tools, then Internet Options from the menu. Click the General tab. To clear the cache on older versions of IE, click Delete Files, then click Clear History and Delete Cookies. On newer versions of IE, click Browsing History, then the Delete button, then the Delete All button at the bottom of the final page.

Mac Users of Safari can cover up their tracks by opening the Safari browser and clicking Empty Cache from the Safari menu, followed by clicking Empty on the confirmation dialogue window. To clear the browswer history, choose Clear History from the History menu located on the menu bar. That's it! Safari also has Private Browsing which you can activate by clicking Private Browsing on the Safari menu. When private browsing is turned on, webpages are not added to the history, items are automatically removed from the Downloads window, information is not saved for AutoFill (including names and passwords), and searches are not added to the pop-up menu in the Google search box. Until you close the window, you can still click the Back and Forward buttons to return to webpages you have opened.

Always be cautious using e-mail and Internet. If you are using a website that requires you to log in, log out from the website before someone else uses your computer. Never click on banner advertisements, no matter what they say. Whenever possible, turn off Active Content in your browser settings. (Unfortunately, this is called different names and is found in different places, so we cannot provide instructions.)

Never provide personal information to a website which you do not trust. Many things are offered at very low prices or free through the Internet. If something is offered at a much lower price than other sources for that item, or if you're asked to enter your contact information to enter a contest or win a prize, there is a good chance that someone is collecting your personal information to sell to someone else, or is trying to entice you to click through a link that will allow them access to your computer files or send you "Spam" (nuisance e-mails from strangers).

If you must give an e-mail address on a website but are not sure if it will be safe, set up an extra "dummy" e-mail address to use, to keep Spam separate from the main e-mail identity you use for critical communications with trusted friends. Gmail accounts from Google work well for this - but remember that Gmail and Yahoo are still "public" email addresses like Hotmail and MSN, and not entirely private.

If You Use a Shared Computer

If you share a computer with other users, such as at an Internet Cafe, library or other public place, you must take additional precautions to "cover your tracks". One of the easiest things you can do is to Log Out.

If you can, always try to:
1. Log Out from any websites you have logged into
2. Close (fully shut down - not just minimize) the programs you are using (such as Internet Explorer)
3. Log Out from Windows if you can, by selecting Start, then Log Off, or
4. Log Out from the User account provided for you to gain access to the computer at the start of your session, or
5. Shut down the computer.

If You Own a Computer

If you own (or normally use) a private computer, and are able to make changes to the computer's systems and software, there are further precautions you can take.

If you are using Internet Explorer to access the Internet, please use an alternative Web Browser like Firefox or Safari (see section above for why). You can download a (free) copy of Firefox to your personal computer from www.mozilla.com.

All Web Browsers should be updated on a regular basis, because new threats are constantly appearing. "Patches" to plug these security holes must be added to your Web Browser program to ensure maximum protection, and this is done through updates offered by yourbrowser program.

Try to ensure that your personal computer is protected by a "Firewall" that blocks hackers from gaining access to your data. (Windows and other software-based Firewalls are more popular but not as effective as a hardware Firewall if you can get one.) Many Routers have a built-in firewall, but quality can vary. Dedicated firewalls can also be purchased and hooked up between your computer and your Internet connection, or provided by your ISP.

If you access the Internet using wireless technology, try to use only secured ("encrypted") wireless sources, which will require a password for you to connect - at least the first time your computer connects to the network. If you own a wireless Router, ensure that the signal it sends is protected by WEP (easier to set up) or WPA encryption.

To keep their machines clean, many computer owners must now use Spyware (such as SpyBot) and Adware (such as Ad-Aware) detection programs, in addition to Anti-Virus protection, which is essential if you use a Windows computer. The best free Antivirus program is Bit Defender, which also offers a free on-line checkup that is more thorough than the free software download offered.
Your ISP might provide most of this, and it's better for your computer's processing speed if you don't use these programs. But if your ISP can't confirm these services, then you need an anti-virus program of some kind. Most people use Norton Anti-virus, but it doesn't rank as well in studies, and I found it intrusive, sluggish, and over-priced for both Mac and PC - there are more effective alternatives to Norton at more reasonable prices.

Some Apple "Mac" users claim that Mac computers do not need an Antivirus program at all, but macros can come in through Microsoft Office used on a Mac, so your choice of Mac software will also matter. Macs are generally safer than Windows computers, which need to be updated much more often and remain much less secure. Macs cost more, but provide additional privacy and fewer software problems, and are generally built to be more durable.

More Advanced

Whether you check your email through a web browser like Internet Explorer, or if you use a program like Outlook, Outlook Express, Eudora, Mozilla's Thunderbird (Thunderbird is best for Windows PCs; Outlook is worst for spreading viruses.), or Apple Mail for Mac users,... you might want to turn off HTML Executables. These are programs like Java, VB Script, Activex Controls) embedded in your e-mail program. For instructions on how to do this, search for any of these words in the Help feature of the program you are using.

Use encryption settings whenever possible to encode the information you send. Search for the word "encrypt" in the Help feature of the program you are using.

Further tips on Internet privacy can be found on many websites, including thisone on how to assure privacy while using Internet search engines: www.eff.org/Privacy/search/searchtips.php.

Joining 'Listserve' News Groups on West Papua

If you want to receive world news on West Papua by e-mail (in Bahasa Indonesia and English), there are at least two great sources.
http://lists.riseup.net/www/info/reg.westpapua
and
www.kabar-irian.com/mailman/listinfo/kabar-irian

You can find other lists by searching for West Papua at http://lists.riseup.net/www. If you have a slow dial-up Internet connection (connect through the telephone) the lists from riseup.net can be set to "digest" mode to combine news stories and send you only one e-mail per day.

Another great way to have the latest news on "West Papua" summarized and sent to you by email is to set up an ongoing search on Google Alerts.

Again, if you are in any potential danger as an Indonesian citizen or visitor, there are real security concerns if you use or communicate with people who use: Google, MSN, Yahoo or other public search engines and free e-mail providers.

Practice safe use of the Internet!

In friendship and solidarity,
Tom Benedetti
WestPAN

(We are hoping to translate this article into Bahasa Indonesia.)