Keep it to yourself

Digital security for everyone
Burmese version / မြန်မာလိုဖတ်ရန်

In some parts of the world, the state is changing the laws to make it easier to see what you say and do with your phone and use it against you in court. Take these steps today to strengthen your digital security practices and become invisible. Next: share them with the friends and family you want to protect - using safe, encrypted channels.

Everything you do online has some element of risk. To stay hidden, think about digital security like an onion: layers of protection offered by multiple strategies. The greater the risk in your day-to-day life, the more steps you’ll need to take.

Let's get started.

  • 1

    Basic digital security steps everyone should take

    This is the first layer of protection, and everyone — regardless of their tech use and level of exposure — should take the following precautions...
    Read more
    Verify the source of your information.
    Fake news and misinformation spread easily online, especially on social media. Before you believe or act on something you read, verify that it comes from a trusted source.

    Poorly written articles and obviously fabricated imagery are a giveaway, but fake news can also look professional.

    Erase sensitive information and photos.

    If your phone is confiscated, anything you’ve written, shared, or saved to your device can be used as evidence against you, especially proof of political activity or messages that criticize the state, army, or police. Make sure apps like WhatsApp or Viber are not set to automatically save messages and images as you could get in trouble for someone else’s photos.

    Immediately erase any message critical of the government after sending or receiving them.
    Do not use your real name and photo in public resistance channels or groups.

    Use long, unique passwords.

    Use a passcode instead of a face or touch ID for your phone, and make the passcode as long as possible. Use a different long password for every account. Password software like KeePass can help you create and keep track of strong passwords. Set up and use two-factor authentication whenever it is possible. Here’s how for iPhone and Google.

    Set social media accounts to 'friends only'.

    If your social media is public, anyone can see your posts and potentially use them in a case against you. Set your accounts to “friends-only” on Facebook and Twitter.

    Review your friend lists and unfollow anyone you don’t know well or fully trust. Never post personal details like your phone number or address.

    Don't click fishy links.

    Be suspicious of links sent by email or text, even when they look like they’re from someone you know. Hackers make a lot of money coming in through malicious links. Turn app auto-updates on, as new versions are often updated to protect against hackers.

    If you are attending protests, keep reading below.
    Show less
    Toggle accordion item
  • 2

    Digital security steps for the resistance supporter

    If you’re involved in community activism or any kind of resistance movement, make sure you create a second layer of digital security by taking the following steps...
    Read more
    Use easy extra login protection.

    Set up Google’s Advanced Protection to prevent someone else from logging into your accounts.

    Use encrypted apps and set messages to disappear.

    It’s best to use encrypted apps like Telegram for messages or Protonmail for email, but don’t use your real name or photo as an avatar in any public channel. If you must use FB Messenger, set messages to disappear.

    When storing contacts in your phone, use the person’s first name only or a nickname, never their full name, to protect their identity.

    Protect your identity at protests.

    Stay safe at protests. Wear plain long-sleeved garments and cover your face with a mask, glasses, or goggles.

    It’s best to leave your phone at home, but if you choose to bring it with you, put it on airplane mode to prevent traceability, or enable full encryption (here's how for Android) if there is a chance it could get confiscated.

    If the internet is expected to be cut off, be prepared by downloading apps you can use without the internet, like Briar.

    Bypass internet censorship

    If the state blocks certain websites, you can still visit them by using a VPN. We recommend Express VPN, which does not save your information. For searches, use DuckDuckGo with ‘incognito’ or ‘private’ mode enabled.

    Erase lost phones from home.

    Enable “Find my iPhone” or “Find my device” (for Android) right away. If you lose your phone, remotely wipe it. Here’s how for Android and iPhone.

    If you’re an organizer or state agitator, keep reading below.
    Show less
    Toggle accordion item
  • 3

    Digital security steps for potential State targets

    If you know yourself to be, or know that you could become a State target because of your work or activism, ensure a maximum level of safety by taking these steps...
    Read more
    Encrypt your workflow.

    Your work puts you at increased risk. Use Google’s Advanced Protection, Protonmail with messages set to expire, and a Chromebook which can be factory reset in seconds.

    Back up your work on secure, remote servers like SpiderOak, and practice the steps you will need to erase your computer in emergencies.

    Get your entire team on a secure workflow so there are no weak links. If you can, request in-depth security training for your team.

    Get the word out anonymously.

    Most mailing list tools require a name and physical address to set up. You can get the word out without providing a physical address by using Telegram Channels.

    Make copies of your website if it gets censored.

    Request an archive “snapshot” of any website using Archive.is (this also works for saving a state website you think might get removed!) If you are concerned about your Facebook page getting censored, download and save your content.

    If you have access to a technical teammate or developer, you can create a mirror of your website at a different URL using a distributed website hosting tool like IPFS.

    Create a safe distance to leaked documents.

    Some activists are working with whistleblowers and anonymous sources. Take extra precautions working with these files, as they could contain malicious viruses. You can safely open them if you boot up your computer through a product like Tails, then run anti-virus software to confirm the files are clean.

    You can use a similar method to create distance between your regular working computer and highly sensitive information you want to encrypt even more securely.

    Backup your computer.

    It’s essential to have a secure backup of your critical information, such as evidence, names of sources, and campaign strategies. Do this with encrypted servers like One Backup from SpiderOak.

    Encrypt your sensitive files.

    A password is not enough to keep your files secure if your computer is taken. To keep information secure, you can easily encrypt your devices by updating their settings or using open-source software like Veracrypt.

    In an emergency, erase your hard drive.

    Now is a good time to check that your files are backing up properly. In an emergency, you want to be certain of this before you erase anything. If you are at risk of being detained and can do it safely, here are the steps you can take:
    For your phone, entering wrong passcodes locks your phone for increasing periods, eventually erasing it permanently.

    For your Chromebooks, do a factory reset. For Windows, you can use Secure Eraser to permanently delete some files, or DBAN to erase your entire hard drive.
    Show less
    Toggle accordion item

Take a screenshot of these important steps - share with your network in safe, encrypted channels.

Was this article helpful?
YesNo