FAQ
Suggestion: let's go through these questions when we are finished, to see which ones we address in the manual so we can refer to chapters, and which we can answer by referring to others.
General
1 How to assess the risks of online communication, and how to counter them?
This is a good question. This is always a factor between social and technological factors. Read the introduction/explanation about the manual, make an estimation of the risks and choose between basic or more complex safety measures. If you are experiencing suspicious behaviour in your computer at suspicious times, (pop-ups, loads of traffic when you are not even browsing, fans that are always on because you're processor is working very hard all the time etc.) please have a good look into your stuff and take appropriate action.
2 How to keep updated about safety risks online?
The Electronic Frontier Foundation (EFF, http://www.eff.org) and European Digital Rights (http://www.edri.org/) keep you updated about online defence strategies and of course we hope you and others will update this book frequently online!
3 What can others find out about me online?
Depends on what traces you leave.
(a) in public for normal users: This is very simple, just type in your names and aliases in google.
(b) semi-public for the technologically educated: Not all pages are indexed in Google. Have a good look into your social networks. Also remember entering your private data into some websites is sometimes stored in places where you cannot find this.
(c) non-public for sophisticated intelligence services: This is difficult to know. Remember phone lines and internet connections can be tapped by government institutions, especially when you are not using security measures, which can be found in this book in the chapter about securing your connection or using TOR.
4 Which data can companies give to governments or other parties?
Basically all data you give them, although in some countries there some legals limitations to what they are allowed to give. Most companies only care about their profit and not about your privacy. Or, like Mark Zuckerberg from Facebook said: "Privacy is so 1984".
The Electronic Frontier Foundation (EFF) has a section on the legal rules (https://ssd.eff.org/3rdparties) that govern when and how law enforcement agents can obtain this kind of information stored by and with third parties, but this is focussed on the US. Check with your local Digital Rights Group (like Bits of Freedom in the Netherlands) for details about the country you are residing.
Social Media
5 How long does my Facebook profile stay online? Does Facebook keep my data forever?
Facebook makes money with your private data. Although you are never sure, the chances are very big Facebook will keep your data forever. To be sure, ask Mark Zuckerberg, but don't expect a truthful answer.
There are several websites on 'how to delete my Facebook account', but Facebook also regularly changes its settings. Possible sources: http://www.facebook.com/group.php?gid=16929680703 or Maximizing privacy on Facebook: http://www.eff.org/deeplinks/2010/05/more-privacy-facebook-new-privacy-controls
You can prevent interaction with Facebook from other Web sites by installing Ad-ons to Firefox. Check the Ad-on database of Firefox to look for this.
6 What are the do's and don'ts with Social Media?
do's: keep away from them.
don't: create an account.
Telecommunication
7 Can we use local SIM cards and if so, how?
Yes, you can use them, but please remember, in most countries your are required to give a copy of your ID. There is always a connection between your SIM card and the Telephone network. If you think you are under direct threat, please keep a close attention about what you do with your identity regarding phone networks. Even when your are not calling, but your phone is online, the network can track the location of your phone (and you). Also have a look on de IMEI chapter.
8 How to safely use smart phones, in my own country and during travels?
If you are not brave enough to throw your iPhone or Blackberry away, make sure you have read the chapter on how to secure them through at least a VPN. A better option is to buy an Android, that allow better encryptions.
Email
9 How to safely use webmail? (Hotmail, gmail etc.)
Safe webmail = safe provider + safe technology + safe connection + nobody looking over your shoulder.
It also depends on who you are, who is threatening you, the country of your webmail provider, where is the data resides and how your provider relates to others (commercially or politically). If you use Gmail, you don't always know where the server is, but the (business) customers can choose to take a server in the US
Generally, you might consider to use Thunderbird, which is much safer than webmail.
10 What is mail encryption and how to do it? PGP?
Depends what you want to encrypt. There is a difference between securely connecting to your mail and actually encrypting the mail data. PGP stand for Pretty good Privacy and does indeed a pretty good job at keeping your data secure on your computer and while being send through the net.
11 How to send or receive e-mails without giving away my location?
This can be done by using Tor or a VPN. Tor is the most secure way, but is slower then a VPN solution. Be aware however that both solutions come with some small security issues. Please read the chapters about these issues.
12 How are passwords for webmail, external websites and CMS systems hacked?
This really depends. There are many risks if you do not connect safely to your e-mail and internet in general. Many people 'loose' their password by giving it away voluntarily because they are subject to social engineering; i.e.. they are made believe they are communicating with a trustworthy source (a friend in a chat) while actually it is a crook. It is difficult to protect yourself against this, but a good rule of thumb is: NEVER GIVE YOUR PASSWORDS TO ANYBODY.
More information about other threats and risks can be found in the chapters VPN, Setting up email and HTTPS-Everywhere. Also it is important to use safe passwords. Please have a close look to password security.
13 What to do with e-mails that seem to be coming from you 'know' but look strange.
The sender's address can be easily forged. Reply to the mail asking confirmation, or if you suspect that the mailbox of the sender was actually hacked; call the owner of the mailbox and warn her. And check our chapter on safe e-mail about how to sign e-mails.
Personal safety and privacy:
15 We are activists that work in an undemocratic country. Do we need to take our pictures offline?
What do you think yourself? Everything on social networking sites, for instance Facebook, is online and will remain available to Facebook and possibly also to others. So if you fear that your friendship with Iranian bloggers will endanger their future, unfriend them and take your Facebook account offline. Hopefully the data get's deleted at some point soon by the corporation running the social media network you were using...
There is currently no safe way of using Social Media. Period.
16 My private and business communication seem to become fused.
Start seeing your online profile as something you need to "manage". Just as you take care of how you look when going outside on the streets, make sure your online self appears the way you want it for the appropriated public.
17 How to delete online information about myself?
Depends on what kind of information. Is your concern your profile on social networking sites? See our answers under 'Social Media'. Don't you like the way you appear in the Google search results? That is really beyond the scope of our possibilities. Ask Google.
Internet while travelling
19 Can I use wireless internet in bars?
You can only if you do it with care. Read our chapter on using VPN and secure email.
20 What are the dangers of internet café's?
We have a special chapter on internet cafés.
It is possible to install Firefox on a CD-ROM or USB-drive. This will also enable you to bring you're own bookmarks, setting, add-ons etc. etc. and it will limit the amount of data and traces you'll leave on the computer your using. So it could prove to be exceptionally useful when you have to use untrusted computers or internet cafés.
It is also recommended to read the chapter on safe browsing.
21 How to secure my laptop when travelling?
It depends: install the right passwords, encrypt your mail on securing your computer.
22 How safe is Skype?
Skype is safer than using a mobile phone, but we don't know exactly the specifics because Skype uses a closed protocol. From time to time intelligent services complain about their inability to listen in on Skype. Them being so open about this could also been seen as an way to lure people into using Skype because they secretly do have access to it. Bottem line; we think it is safe, but we have no way of knowing for sure.
23 What are alternatives for e-mail when travelling?
Depends on the form of data you want to send and which other possibilities are open to you. End to end encryption is always the safest option be it VPN, a tunnel or encrypted SMS. Make sure that if you know on forehand you won;t be able to use email that other trustworthy options are open so that you are not tempted to use an insecure connection.
24 What is a proxy and what to do with it?
Read the chapter on proxies.
25 Should we avoid public proxies?
There are very good open and public proxies. But you should always know who owns and operates it and decide for yourself if you trust these people.
Sharing information versus security
26 I work in a dangerous country but I need to get my message through. What to do?
As all are questions hopefully make clear: it is always a trade off. Read this book, know the dangers and the possibilities, talk about it with professionals and then make a risk assessment.