A quick digital security guide: 4 tips to keep you safe
Mohammad Tauheed and Sarah-Jane Saltmarsh
The world that emerges at the end of 2020 is going to be starkly different from what we have been used to, and these changes are happening too rapidly for many to keep up. There has never been a better time to instill good digital security practices into your life. Here are a few tips (Part 1 of 2):
(1) Spot misinformation
Crises are times of large information gaps. We are impatient, so we often fill these blanks with unfounded theories, made up by people taking the chance to fabricate information for a ready audience. Recent months have brought an infodemic with them — a surge of misinformation, unfounded theories and unqualified experts.
Here is an example of a headline which is likely to be fake; ‘Remedy for Covid-19: [Insert medicine name] Cures Covid-19’.
All of our knowledge about Covid-19 is so far gathered from general observation, previous knowledge of similar viruses, and speculation. We have not had enough time to confirm anything through standard scientific ways of researching, testing and publishing, so a headline not containing some sort of doubt in it is likely to be false.
Here is an example of a headline which is more likely to have some truth in it; “A group of doctors claim [insert medicine name] is helping some patients”.
Always check sources of all news, dates, authors and the source of sources. Memes or random people making YouTube videos are not credible sources. In a rush to constantly create more content, even news outlets are basing reports on social media posts, e.g. the news about dolphins in Venice canals. If research is cited, check where it came from, and, if possible, who funded it. Watch for lobby groups with misleading names paid to push agendas. Check if a reputable newspaper has covered the issue yet. Our trusted media sources include the Guardian, BBC, New York Times, Economist, Telegraph, Hindustan Times, Japan Times and Al Jazeera.
If you are looking for COVID-19 updates, it is better to refer to WHO-run websites, or your country’s official website.
(2) Choose your news
Do not just rely on your social media feed for news, otherwise you will only see content that your algorithm thinks you should see.
Each time you click and search from a browser, your activity is logged as your ‘interest’, and added to your personal algorithm, which creates your bubble of information (content which is consistent with what you have already searched for).
Take control of your news sources: make a habit of visiting the homepages of a few trusted news sites, such as the ones cited above. This also ensures that your traffic supports these news sites, rather than social media giants (remember that every click/second spent browsing the internet is monitored and worth money).
(3) Encrypt your communication
Encryption is the holy grail of security on the Internet today. There are two types of encryption you need to know about:
TLS/SSL encryption, displayed as a lock sign next to the URL in a browser, is the bare minimum of security that we should ensure is enabled every time you are writing on a webpage, such as email, Google Docs and sign-up forms. This means that your device encrypts your data to and from the server. The server itself can read it or use it, but nothing can be stolen on the way to and from the server.
End to End Encryption (E2E) is more advanced encryption; a technique of transferring data between two devices where even the server (or anything/anyone else) cannot decrypt it.
Most of us are aware now that conversations held over platforms owned by social media giants can be archived, recorded and used for advertisement targeting or be used against us. They are an obvious target for hackers and governments for surveillance.
Generally, all social media has TLS encryption, but unless they have E2E, the messages are open and saved as plain text in the server; i.e: they can be read, analysed, sold for ads or subpoenaed by the government.
Two platforms which offer strong E2E and becoming increasingly popular and user-friendly are Signal and iMessage/Facetime.
(4) Exercise caution with group calls
Group video calls are difficult to encrypt because of the nature of the technology. The server needs to know who is talking, so it can highlight one speaker at a time — so it needs access to the group activity to manage a call, making E2E difficult.
You may want to stop using Facebook and Google (and anything which is owned by them, e.g. Instagram and Facebook Messenger, Meet, Hangouts etc.) for private conversations; almost all governments have some sort of agreement or backdoor access to them. Skype has bad reputation for security. Zoom is not end-to-end encrypted, they have suspended encryption for free calls recently and some of their admin features has been criticised of being too invasive (the host can track if you are attentive to the meeting window or not etc.).
Jitsi is a more secure option. Create a URL from meet.jit.si and send it to your peers, no account or information is required and you can set a password. Jitsi is completely free, unlimited, open-source and encrypted. They also have an API, so you can also integrate Jitsi inside your team/corporate apps/software.
Mohammad Tauheed is an editor, architect and technology consultant and Sarah-Jane Saltmarsh specialises in storytelling, communications and branding, in Australia and Bangladesh. We both believe that a better world is possible — both in real and digital life, and that all the tools to make it happen already exist.
Originally published on Sarah-Jane Saltmarsh’s Medium