how to:How To Use Your Mobile Phone Securely and Safely for Activism
It's hard to find an activist these days that doesn't use a mobile phone to send texts, check email, Tweet updates, and call friends. Yet many users may not know how to safely and securely use their devices.
We've pulled together a number of tips and tricks below to help you become a savvier mobile phone user, better protect your privacy, and avoid surveillance when you are on the go with your mobile device in hand. For more detailed advice, check out the Safer Mobile project.
Lock your phone with a password to prevent anyone else from accessing it.
Avoid signing a contract and use a pre-paid phone so you can remain anonymous.
See if your mobile web browser supports HTTPS browsing so your connection is encrypted.
If you have an Android device, download and install Tor from the Android Marketplace so you can browse the web safely and securely. Tor is a free and open source software that makes it difficult for people to find out where you’ve been online by masking your location. Using Tor makes it much harder to trace internet traffic back to you.
There are a number of ways you can more securely send text messages. SMS you send or receive are stored on your mobile phone’s SIM card. Standard SMS include your location, phone, and SIM card identifiers. This information is visible to network operators. In certain locations, your text messages could be monitored. For example, in China, there are nearly 3,000 SMS surveillance centers to monitor the content of text messages being sent and received (Learn more in this report.)
If you are worried about someone intercepting or reading your text messages, it's a good idea to use CryptoSMS, a service that sends and receives encrypted texts and public keys. SMS encryption services work by asking the SMS sender to choose a key (or password) which is used to encrypt the message. The sender must disclose the key to the intended recipient. The recipient then uses the key to decrypt the message. Public keys are another form of encryption that is even more secure. This form uses two different keys. CryptoSMS only works on Java-enabled phones. The program is free; you don’t need to buy a license to use it. Learn how to get started with CryptoSMS by checking out our how-to guide.
Send encrypted emails on your mobile device using Hushmail, a free and open source anonymous web-based email service. Learn how to create an account with our how-to guide. If you use a smartphone that runs on the Microsoft Windows operating system, consider purchasing PGP Mobile, which offers email and data encryption.
Then, when you want to access Hushmail via your mobile device, point your browser to https://m.hush.com/.
Aside from apps that provide encryption, try to avoid installing third party applications that could access your personal information.
Take precautions with your SIM card. A SIM card is a removable card in your mobile device that identifies you to the mobile phone network. It holds all of a subscriber's personal information and phone settings, including the SIM's unique serial number, an internationally unique number of the mobile user (known as IMSI), temporary information related to the local cell network, and a list of services the mobile user has access to.
Protect the data on your SIM card with a PIN lock. Each SIM card comes with a default PIN that is set by the carrier or manufacturer, so you will need to contact your carrier or consult your device’s documentation to find out what your default SIM PIN code is. Once you enable PIN locking, you’ll usually be asked to enter the PIN each time you turn on your phone.
If you are using a mobile phone for a sensitive project and you are worried about your safety, it’s a good idea to dispose of your SIM card after you’ve used it for whatever project or event you needed the phone for.
Protect your contacts. Don’t use real names for contacts in your phone’s address book and frequently delete your call history and the text messages received.
Also try to memorize numbers so that you can cut down on the number of contacts listed in your phone.
It’s also a good idea to make sure location tagging is removed from pictures taken on your phone’s camera. Learn how to disable geolocation tags on iPhone, Blackberry, and Android here.
When your phone is on, it’s constantly in contact with the nearby cell towers and you can be geo-located. When you aren’t using your phone, turn it off or put it in airplane mode.
Avoid using geo-location “check-in” apps like Foursquare and Facebook Places that share your location.
Since device makers frequently release patches to fix bugs and update operating systems, it’s important that you make sure your phone’s system is up to date.
Use beeping (intentional missed calls) in lieu of texting. According to Jonathan Donner, a researcher for Microsoft, “Beeping is simple: A person calls a mobile telephone number and then hangs up before the mobile's owner can pick up the call. If the beeper's name and number have been programmed into the recipient's mobile, then the recipient will see the beeper's name on the call log as a missed call. If not, the recipient will see only the number of the telephone placing the call. In either case, the missed call is often intentional; the beeper has sent a signal to the recipient without saying a word or typing a character.”
A beep can be a signal to call someone back or a pre-negotiated message such as “I’m safe” or “Come meet me.”