1/25 How to Establish Secure Communications
- This is for you if:
- You’ve been stalked or harassed
- You think your spouse/partner is spying on you
- You are a journalist or activist
- You are a concerned about privacy
#30DaysofThreads #Security #infosec

1/25 What we’ll cover:
- Your risk profile
- Back Up Communication Plans
- Burner Phones
- Resources

3/25 Your Risk Profile:
If you believe your current phone, internet, accounts or computer are monitored, DO THIS NOW:
1) Do not/not use the phone, computer or accounts for communications with your trusted intermediary or with a third party you are asking for help.

4/25 2) Leave your phone, laptop, tablets at home.
3) Get to a library, computer lab, internet café, or trusted friend’s house (as a last resort) where you can use the internet without oversight of your stalker/harasser.
4) Set up a secure email address such as ProtonMail,

5/25 only used for communication with your source, trusted intermediary, or support system. Use a fake name, and fake security answers for your new account.
5) Ensure you have the email address of your Point of Contact (POC) (example: [email protected])

6/25 send them a message so you can communicate securely using this method.
6) Do not/not communicate via social media accounts, established email accounts, open phone lines or in your home to your intermediary or source.

7/25 If you want to be more secure, or suspect someone is monitoring you:
1) For apps that require an account, uninstall them from your phone between uses. You can reinstall and login again.
2) Use an app locker or vault to password-protect your apps. iPhones have an app lock

8/25 preinstalled on newer phones. On Android you can use AppLock or SmartLock. Not a perfect solution, but a good measure to take.
3) Enable Two-Factor Authentication (2FA) on every account that has it. https://twofactorauth.org/ 
4) Use a secure email account, such as Protonmail.

9/25 Use a fake name and fake security answers, and do not/not use this email account for anything but communication with trusted sources, and intermediaries.
5) Do not reuse your passwords, especially with your secure communications.

10/25 6) Set up an account on a secure messaging app such as Signal or Wire. Use disappearing messages, and turn off notifications for secure messaging platforms.
7) Use a new VOIP account for phone calls. Alternatively use the Burner App. Put a pin on your app and lock it.

11/25 If you have a joint mobile, financial and other accounts with your partner/spouse/ex:
1) Your bill and cell carrier’s records are accessible to this person.
2) Using third party trusted apps, such as Burner to establish a separate phone number can prevent your ex from

12/25 spying on you (unless they’ve installed stalkerware).
3) When using search on mobile or computer, use a private search engine/browser such as DuckDuckGo.
4) Clear the cache on any of your searches regularly.

13/25 If you think there is stalkerware on your phone:
1) Look through installed apps for anything that is unfamiliar or you don’t recognize. If you don’t need an app, uninstall it.
2)Is your battery draining fast? Look at the battery settings to see which apps are draining your

14/25 battery power.
3)Look at your phone’s security settings-->Phone administrators. If your phone has more than one administrator disable the other admin account.
4) If all these fail, do a factory reset of your phone before installing any apps and only install ones you trust

15/25 Back Up Communications:
If your accounts are monitored by a partner, spouse or unknown third party, ensure you have backup communication methods.
PACE
1) P - Primary form of communication, this could be text, phone or VOIP. If you use this form of communication, use

16/25 a secure messaging app, such as Signal or Wire. While nothing is 100% secure, these platforms allow you to set-up disappearing messages.
2)A - Alternate or Variant Communication: The alternate communication method is one that can be checked from more than one location.

17/25 An alternate might be an email address set-up for the specific purpose of communicating discreetly. Consider using ProtonMail and setting up a new account that no one but you and the person with whom you are communicating has access.

18/25 3)C - Contingency: This is a preestablished protocol in your plan, meaning if your primary point of contact has not heard from you within a certain period of time, they will check the contingency account or location. This method is not necessarily easy or convenient,

19/25 but could include communicating via drafts in a secure email account, using a trusted intermediary or third party to communicate information.
4) Emergency: This could be an in-person meeting or purchasing a prepaid burner phone you store at a different location from

20/25 your primary residence. Establish as part of your plan, a location and date/time or two each month you’ll meet someone, especially if you are in a domestic violence situation and trying to get out. When all other methods fail, you have this as your backup.

21/25 Burner Phones: Consider purchasing a cheap mobile phone, along with a SIM card and minutes for calls/texts. You can get a good one for under $50 at Walmart or Target. Purchase in cash only. Do not use debit/credit cards from joint accounts. If you have a separate

22/25 account your partner cannot monitor, in a pinch you can use it for phone purchase.
Do not store your burner phone in your primary residence if you can avoid it. Put it in a safe location, fully charged and away from where you live.

23/25 This is important: Do not/not activate the phone using the same phone your spouse/partner/stalker may be monitoring. If you have a friend or family member whose phone you can borrow to activate your new burner, do that.

24/25 If that is not possible, ask if you can borrow a stranger’s cell phone. Believe it or not, most people are nice enough to be okay if you make a quick call. Tell them your other phone died. A lie here is fine, you’re trying to be secure.

25/25 One caveat on burner phones, if your stalker/spouse/ partner/ex happens to know you purchased a burner phone, or discovers it, this may escalate or alter their behavior. Be extremely careful how and where you use the burner phone, ideally away from your primary location.

And: This list is general in nature, and some of the scenarios or use-cases may not apply. I’m addressing situations I’ve handled, and based on feedback I’ve gotten from fellow security pros. If you need specific help you can reach me via my website http://lockdownyourlife.com 

Bonus: on email securely at [email protected] and by Signal.
Other Resources for You
Operation Safe Escape - https://safeescape.org/ 
@Cyber_Cox @ @OSPASafeEscape
Safe Horizon - https://www.safehorizon.org/ 
Badass Army @ @TheBADASS_army

Additionally, I've written an ebook, Secure Your Social Media, it covers: privacy settings, messaging apps, how to enable 2FA for your accounts, talking to your kids about sexting, and what to do if you're harassed or stalked. You can get it here https://lockdownyourlife.mykajabi.com/offers/a8KyFU5e  #safety