💻 Digital Security

Why Digital Security Matters

Palestine solidarity activists face: Surveillance (monitoring by hostile actors), Doxxing (personal information exposed online), Hacking (account takeovers, email breaches), Harassment (coordinated online attacks), Platform censorship (content removal, shadowbanning).

You’re not paranoid. These are real threats. But simple practices dramatically increase your security. You don’t need to be a tech expert.

Threat Assessment

Who Might Target You: Organized opposition groups, individual harassers, law enforcement (in some cases), platform algorithms, bad actors in your own networks.

What They Want: Identity (real name, address, family, employer), Communications (who you talk to, what you plan), Evidence (screenshots to take out of context), Disruption (shut down your organizing).

Your Threat Model - Ask yourself: How public-facing is your role? Are you organizing high-profile actions? Have you faced harassment before? What’s your risk tolerance?

Different roles need different security: Public spokesperson (higher risk, more precautions), Behind-the-scenes coordinator (lower profile, still need basics), Everyone (should follow baseline security).

Essential Security Practices

1. Use Signal for Organizing: End-to-end encrypted (messages can’t be intercepted), open source (security audited), disappearing messages, screenshot notifications, no phone number visible to group members. How to use: Download Signal (free), set messages to disappear (Settings → Privacy → Default timer), enable registration lock (Settings → Privacy), turn on screen security (prevents screenshots), use it for all organizing conversations. For group chats: only invite people you know and trust, enable disappearing messages, don’t share sensitive info anyway, assume screenshots might leak. ❌ Don’t use: Facebook Messenger (owned by Meta, not encrypted by default), Instagram DMs (owned by Meta, not encrypted), SMS/regular texts (not encrypted), Discord (not encrypted, easily monitored).

2. Two-Factor Authentication (2FA): Second verification step beyond password (usually code from phone app). Stops 99% of account hacks. Enable on: Email (Gmail, Outlook, etc.), Social media (Instagram, Twitter/X, Facebook, TikTok), Cloud storage (Google Drive, Dropbox), Banking/financial, Any account with personal info. How to set up: Go to account security settings, enable “Two-Factor Authentication” or “2-Step Verification”, use authenticator app (Google Authenticator, Authy) NOT SMS when possible, save backup codes in safe place. Why app over SMS? SMS can be intercepted, SIM swap attacks are real, authenticator apps are more secure.

3. Strong, Unique Passwords: Bad password: “Palestine2024”. Good password: “Tr0pic-Sunflow3r-Lavend9r-Basil42!” (20+ characters, random words, numbers, symbols). The problem: Most people reuse passwords. One breach = all accounts compromised. The solution: Password manager. Best: Bitwarden (free, open source), 1Password (paid, very good), KeePass (free, more technical). How to use: Download password manager, create one VERY strong master password (memorize it), let manager generate random passwords for every site, you only remember one password (the master), it remembers all others. Immediately change passwords if: You’ve reused passwords across sites, any account gets breached, you shared password with someone, you logged in on public/untrusted computer.

4. Separate Organizing and Personal Accounts: Protects your personal life from organizing risks, easier to maintain boundaries, can delete organizing account if needed, different privacy settings appropriate for each. Create separate accounts for: Email (Personal: yourname@gmail.com, Organizing: campusorgsforpalestine@protonmail.com), Social media (Personal: Private, friends/family only, Organizing: Public, Palestine content). Recommendation: Use ProtonMail or Tutanota for organizing email (encrypted, privacy-focused). On organizing accounts: Don’t share personal details, location services OFF, don’t post photos with identifying info, don’t connect to personal contacts, use pseudonym if appropriate.

5. Review Privacy Settings - Do this NOW for all accounts:

Facebook: Who can see your posts? (Friends only on personal, Public on organizing), Who can see your friend list? (Friends only or Only me), Who can look you up using email/phone? (Friends only), Profile searchable by search engines? (No for personal), Face recognition? (Off).

Instagram: Account private? (Personal: Yes, Organizing: No), Activity status OFF, Location services OFF, Don’t allow others to tag you without permission.

Twitter/X: Protect your tweets? (Personal: Yes, Organizing: No), Photo tagging (Review before appearing), Discoverability OFF, Location information OFF.

Google: Location history OFF, Web & App Activity PAUSE, YouTube history PAUSE, Ad personalization OFF, Review third-party app access (remove old apps).

Advanced Security

Virtual Private Network (VPN): Encrypts your internet connection, hides your IP address. When to use: Public WiFi (coffee shop, library), accessing sensitive info, if concerned about surveillance. Recommended: Mullvad (privacy-focused, accepts cash), ProtonVPN (free tier available), IVPN (strong privacy). ❌ Avoid: Free VPNs (they sell your data). How to use: Subscribe to VPN service, download app, connect before browsing. Note: VPNs are not magic. They hide your IP but don’t make you anonymous.

Secure Email - ProtonMail: End-to-end encrypted, based in Switzerland (strong privacy laws), can’t be scanned by Google, free tier available. When to use: Organizing communications, sensitive contacts, anything you don’t want monitored. How to set up: Go to protonmail.com, create free account, use for organizing, share address with trusted contacts.

Secure Browsing: Browser choice: Firefox (privacy-respecting), Brave (built-in privacy features), ❌ Chrome (Google tracks everything). Essential browser extensions: uBlock Origin (blocks trackers and ads), HTTPS Everywhere (forces encrypted connections), Privacy Badger (blocks tracking). Private browsing: Use incognito/private mode for searches you don’t want in history. Note: Your ISP and websites still see you, but history isn’t saved locally.

Secure Your Devices - Phone: Strong passcode (6+ digits, not biometric alone), Auto-lock after 1 minute, Encryption enabled (default on iPhone, enable on Android), Find My Device enabled (to wipe if lost), Review app permissions (does every app need your location?), Keep OS and apps updated.

Computer: Full disk encryption (FileVault on Mac, BitLocker on Windows), Strong password to log in, Auto-lock after 5 minutes, Keep OS updated, Firewall enabled, Antivirus if Windows.

If You’re Doxxed or Harassed

If personal info is posted online: 1. Don’t panic (take a breath, you’ll handle this). 2. Document everything (screenshot the doxx, screenshot related posts, note usernames/times/platforms, save in multiple places). 3. Report to platforms (most platforms have policies against doxxing, report the post, include context, keep reporting if first attempt fails). 4. Alert your network (tell organizing group immediately, they can report the content too, they can watch for further harassment). 5. Secure your accounts (change passwords on all accounts, enable 2FA if not already, review privacy settings, lock down social media). 6. Consider contacting: Palestine Legal (they support activists), campus security if on campus, local police if credible threats (though understand police may not be sympathetic).

If Harassment Escalates - Threats of violence: Take seriously, document everything, report to police, contact Palestine Legal, tell campus security, tell your organizing group.

Coordinated attacks: Mass reporting (trying to get your accounts banned), flooding with messages, review-bombing. This is designed to exhaust you. Response: Don’t engage, block freely, document, take breaks from social media, lean on your community, report to platforms.

Protecting Others - If you see a comrade being doxxed: Report the doxx immediately, don’t share/amplify it (even to condemn), reach out privately to offer support, help flood their mentions with positive content, coordinate group response.

Instagram: Don’t accept follow requests from accounts with no posts or suspicious profiles, turn off “Show Activity Status”, don’t click suspicious links in DMs, use “Restrict” feature for harassers (they don’t know they’re restricted).

Twitter/X: Block liberally (it’s not weakness, it’s self-care), use lists to organize trusted accounts, mute keywords related to harassment, don’t share personal info, be aware tweets are public and permanent (even if deleted, can be screenshotted).

TikTok: Duet/Stitch controls (who can use your videos), comment filters (filter harassment keywords), don’t show location, privacy account vs. public.

General: Think before you post (would I say this to a cop?), assume screenshots, location data reveals patterns (don’t post from home), faces in photos can be identified, metadata in images reveals info (strip before posting).

Law Enforcement Contact

If Police/FBI Contact You - Read this BEFORE it happens:

You have the right to: Remain silent, speak to a lawyer, refuse searches without warrant, leave if not detained.

What to say: “I am exercising my right to remain silent”, “I want to speak to a lawyer”, “I do not consent to any searches”. Then STOP TALKING.

What NOT to do: Answer questions without lawyer, let them in without warrant, give them your devices, consent to searches, make small talk (it’s all evidence).

Digital specific: Don’t unlock your devices, don’t provide passwords, don’t show them your social media, they need warrant to compel (usually).

Immediately contact: Palestine Legal (has experience with this), lawyer (if you have one), your organizing group.

Know Your Rights - Legal Support, Palestine Legal: What to Do If Contacted by FBI.

Organizational Security

Communication: Use Signal for planning, use encrypted email (ProtonMail) for external comms, don’t put sensitive plans in public channels, assume public social media is monitored.

Document security: Store sensitive docs in encrypted cloud (ProtonDrive, Tresorit), password protect important files, don’t share docs with edit access widely (view only), version control (keep backups).

Meeting security: Decide what’s on/off record, respect people’s privacy choices, don’t photograph people without permission, be aware of surveillance (campus security cameras, etc.).

Membership: Verify new members (especially for private channels), someone joins, then drama starts? Might be infiltrator, trust your gut.

Digital Security Checklist

Baseline (Everyone): Signal installed and used for organizing, 2FA enabled on all important accounts, password manager in use with strong unique passwords, privacy settings reviewed on all social media, separate organizing and personal accounts, phone and computer secured (passcode, encryption), keep everything updated.

Enhanced (Public-Facing Roles): VPN subscription and in use, ProtonMail or similar for sensitive comms, privacy-focused browser with extensions, regular security check-ins, minimal personal info online, legal support contact saved.

Maximum (High-Risk Actions): All of the above, burner phone for very sensitive organizing, separate laptop for organizing, Tails OS (for maximum anonymity), regular OPSEC training, legal observer on speed dial.

Resources

Guides: EFF Surveillance Self-Defense (comprehensive digital security guide), Security in a Box (tools and tactics), Palestine Legal Resources (specific to Palestine organizing).

Tools: Signal (secure messaging), ProtonMail (encrypted email), Bitwarden (password manager), Mullvad VPN (privacy-focused VPN).

Support: Palestine Legal (legal support for activists), 7amleh (Arab Center for Social Media Advancement, counters censorship).

Common Questions

Q: Isn’t this overkill? A: Better safe than sorry. These practices protect you from both sophisticated attacks and simple mistakes.

Q: Will this make me anonymous? A: No. These practices increase privacy and security, not anonymity. True anonymity is very difficult.

Q: What if I’ve already been compromised? A: Start now. Change passwords, enable 2FA, lock down accounts. It’s never too late to improve security.

Q: Is my campus monitoring me? A: Possibly. Campus IT can see internet usage on campus wifi. Campus security may monitor public social media. Use VPN and assume public posts are watched.

Q: Should I be scared? A: No. Be aware and prepared. These practices become second nature quickly. Don’t let fear stop you from organizing.

Questions? Email (encrypted): [Use ProtonMail to contact us]. Facing serious digital threats? Contact Palestine Legal immediately.

Security is a practice, not a one-time thing. Build these habits, help your comrades do the same, and organize safely.

From the river to the sea, Palestine will be free. 🇵🇸