You need Secure Communications if:
- You’ve been stalked or harassed
- You think your spouse or partner is spying on you
- You are a journalist or activist
- You are an executive or business owner concerned about privacy
***If you know someone who needs this now, PLEASE SHARE.
What we’ll cover:
- Your risk profile
- Back Up Secure Communication Plans
- Burner Phones
Your Risk Profile:
What is meant by risk profile? In this case, it means you believe you are at immediate risk, or some of your communications are monitored.
If you believe your current phone, internet, accounts or computer are monitored, you need SECURE COMMS NOW:
1) Do not/not use the phone, computer or accounts for communications with your trusted intermediary or with a third party you are asking for help.
2) Leave your phone, laptop, tablets at home.
3) Get to a library, computer lab, internet café, or trusted friend’s house (as a last resort) where you can use the internet without oversight of your stalker/harasser.
4) Set up a secure email address such as ProtonMail, only used for communication with your source, trusted intermediary, or support system. Use a fake name, and fake security questions for your new account.
5) Ensure you have the email address of your Point of Contact (POC) (email@example.com), and send them a message so you can communicate securely using this method.
6) Do not/not communicate via social media accounts, established email accounts, open phone lines or in your home to your intermediary or source.
If you suspect your phone or laptop is compromised, but are not sure:
1) For apps that require an account, uninstall them from your phone between uses. You can reinstall and login again.
2) Use an app locker or vault to password-protect your apps. iPhones have an app lock preinstalled on newer phones. On Android you can use AppLock or SmartLock. Not a perfect solution, but a good measure to take.
3) Enable Two-Factor Authentication (2FA) on every account that has it, you can find a guide to 2FA for all sites that have it at Two-Factor Auth List.
4) Use a secure email account, such as Protonmail. Use a fake name and fake security answers, and do not/not use this email account for anything but communication with trusted sources, third parties and intermediaries.
5) Do not reuse your passwords, especially with your secure communications.
6) Set up an account on a secure messaging app such as Signal or Wire. Use disappearing messages, and turn off notifications for secure messaging platforms.
7) Use a new VOIP account for phone calls. Alternatively use the Burner App. Put a pin on your app and lock it.
If you have a joint mobile, financial and other accounts with your partner/spouse/ex:
1) Your bill and cell carrier’s records are accessible to this person.
2) Using third party trusted apps, such as Burner to establish a separate phone number can prevent your ex from spying on you (unless they’ve installed stalkerware).
3) When using search on mobile or computer, use a private search engine/browser such as DuckDuckGo.
4) Clear the cache on any of your searches regularly.
If you think there is stalkerware on your phone:
1) Look through installed apps for anything that is unfamiliar or you don’t recognize. If you don’t need an app, uninstall it.
2) Is your battery draining fast? Look at the battery settings to see which apps are draining your battery power.
3) Look at your phone’s security settings –>Phone administrators. If your phone has more than one administrator, disable the other admin account.
4) If all these fail, do a factory reset of your phone before installing any apps, and only install ones you trust.
Back Up Secure Communications:
If your accounts are monitored by a partner, spouse or unknown third party, ensure you have backup communication methods.
1) Primary form of communication, this could be text, phone or VOIP. If you use this form of communication, use a secure messaging app, such as Signal or Wire. While nothing is 100% secure, these platforms allow you to set-up disappearing messages.
2) Alternate or Variant Communication: The alternate communication method is one that can be checked from more than one location.
An alternate, might be an email address set-up for the specific purpose of communicating discreetly. Consider using ProtonMail and setting up a new account that no one but you and the person with whom you are communicating has access.
3) Contingency: This is a preestablished protocol in your plan, meaning if your primary point of contact has not heard from you within a certain period of time, they will check the contingency account or location daily.
This method or protocol, is not necessarily easy or convenient, but could include communicating via drafts in a secure email account, using a trusted intermediary or third party to communicate information.
4) Emergency: This is an in-person meeting or purchasing a prepaid burner phone you store at a different location from your primary residence.
There are variants to this method, however, establish as part of your plan, a location and date or two each month you’ll meet someone, especially if you are in a domestic violence situation and trying to get out. When all other methods fail, you have this as your backup.
Consider purchasing a Trac Fone, or cheap mobile phone, along with a SIM card and minutes for calls/texts. You can get a good one for under $50 at Walmart or Target. Purchase in cash only.
Do not use debit/credit cards from joint accounts. If you have a separate account your partner cannot monitor, in a pinch you can use it for phone purchase.
Do not store your burner phone in your primary residence if you can avoid it. Put it in a safe location, fully charged and away from where you live. If you can stash it at a friend’s house, or a trusted location, that is a better option.
This is important: Do not/not activate the phone using the same phone your spouse/partner may be monitoring. If you have a friend or family member whose phone you can borrow to activate your new burner, do that.
If you cannot borrow a friend’s phone, ask if you can borrow a stranger’s cell phone. Believe it or not, most people are nice enough to be okay if you make a quick call. Tell them your other phone died. A lie here is fine, you’re trying to be secure.
One caveat on burner phones, if your stalker, spouse, partner or ex happens to know you purchased a burner phone or discovers it, this may escalate or alter their behavior. Be extremely careful how and where you use the burner phone, ideally away from your primary location, and do not/not have any other phones or electronics with you when using your burner phone.
This list is general in nature, and some of the scenarios or use-cases may not apply. I’m addressing situations I’ve handled, and based on feedback I’ve gotten from fellow security pros. If you need specific help, you can reach me via my website lockdownyourlife.com, (and my Linked In Profile), on email securely at firstname.lastname@example.org and by Signal.
Resources, specifically for Journalist & Activists:
- Umbrella App by Security First is an excellent tool for protecting yourself, your sources, and your team. https://secfirst.org/umbrella/ Consider using it for more secure communications, and as a resource to help keep you safer in hostile environments.
- Operation Safe Escape is a great resource for victims of Domestic Violence, who need an escape plan, guides on protecting yourself as you prepare to leave, and resources you can use to get out with your kids, your pets, and most important of all, your life. https://goaskrose.com/
- Safe Horizon is a wealth of information for victims of violence, assault, abuse, stalking & harassment, and for advocates trying to help support the DV community. https://www.safehorizon.org/
- The Badass Army – For anyone who has experienced Non-Consensual Image Abuse aka Revenge Porn, one of the most active and helpful organizations out there. The Badass Army