Digital Security and Privacy Tips for Those Involved in Abortion Access
Cross-posted to GD, Activist Headquarters.
https://www.eff.org/deeplinks/2022/05/digital-security-and-privacy-tips-those-involved-abortion-access
CC BY license, https://www.eff.org/copyright "You do NOT have to ask permission to post original EFF material on a mailing list or newsgroup"
Legislation deputizing people to find, sue, and collect damages from anyone who tries to help people seeking abortion care creates serious digital privacy and security risks for those involved in abortion access. Patients, their family members and friends, doctors, nurses, clinic staff, reproductive rights activists, abortion rights counselors and website operators, insurance providers, and even drivers who help take patients to clinics may face grave risks to their privacy and safety. Other legislation that does not depend on deputizing bounty hunters, but rather criminalizes abortion, presents even more significant risks.
Those targeted by anti-abortion laws can, if they choose, take steps to better protect their privacy and security. Though there is no one-size-fits-all digital security solution, some likely risks are clear. One set of concerns involves law enforcement and state actors, who may have expensive and sophisticated surveillance technology at their disposal, as well as warrants and subpoenas. Because of this, using non-technical approaches in combination with technical ones may be more effective at protecting yourself. Private actors in states with "bounty laws" may also try to enlist a court's subpoena power (to seek information associated with your ISP address, for example, or other data that might be collected by the services you use). But it may still be easier to protect yourself from this private surveillance using technical approaches. This guide will cover some of each.
Developing risk awareness and a routine of keeping your data private and secure takes practice. Whether the concern is over digital surveillance, like tracking what websites youve visited, or attempts to obtain personal communications using the courts, its good to begin by thinking at a high level about ways you can improve your overall security and keep your online activities private. Then, as you come to understand the potential scope of risks you may face, you can narrow in on the tools and techniques that are the best fit for your concerns. Here are some high-level tips to help you get started. We recommend pairing them with some specific guides weve highlighted here. To be clear, it is virtually impossible to devise a perfect security strategybut good practices can help.
1: Compartmentalization
In essence, this is doing your best to keep more sensitive activities separate from your day-to-day ones. Compartmentalizing your digital footprint can include developing the habit of never reusing passwords, having separate browsers for different purposes, and backing up sensitive data onto external drives.
Recommendations:
Use different browsers for different use cases. More private browsers like DuckDuckGo, Brave, and Firefox are better for more sensitive activities. Keeping separate browsers can protect against accidental data spillover from one aspect of your life into another.
Use a secondary email address and/or phone number to register sensitive accounts or give to contacts with whom you dont want to associate too closely. Google Voice is a free secondary phone number. Protonmail and Tutanota are free email services that offer many privacy protections that more common providers like Gmail do not, such as end-to-end encryption when emailing others also on Protonmail and Tutanota, and fewer embedded tracking mechanisms on the service itself.
Use a VPN when you need to dissociate your internet connection from what youre doing online. Be wary of VPN products that sell themselves as cure-all solutions.
If you're going to/from a location that's more likely to have increased surveillance, or if you're particularly worried about who might know you're there, turning off your devices or their location services can help keep your location private.
2: Community Agreements
Its likely that others in your community share your digital privacy concerns. Deciding for yourself what information is safer to share with your community, then coming together to decide what kind of information cannot be shared outside the group, is a great nontechnical way to address many information security problems. Think of it in three levels: what information should you share with nobody? What information is OK to share with a smaller, more trusted group? And what information is fine to share publicly?
Recommendations:
Come up with special phrases to mask sensitive communications.
Push a culture of consent when it comes to sharing data about one another, be it pictures, personal information, and so on. Asking for permission first is a good way to establish trust and communication with each other.
Agree to communicate with each other on more secure platforms like Signal, or offline.
3: Safe Browsing
There are many ways that data on your browser can undermine your privacy and security, or be weaponized against you. Limiting unwanted tracking and reducing the likelihood that data from different aspects of your life spills into one another is a great way to layer on more protection.
Recommendations:
Install privacy-preserving browser extensions on any browsers you use. Privacy Badger, uBlock Origin, and DuckDuckGo are great options.
Use a privacy-focused search engine, like DuckDuckGo.
Carefully look at the privacy settings on each app and account you use. Turn off location services on phone apps that dont need them. Raise the bar on privacy settings for most, if not all, your online accounts.
Disable the ad identifier on mobile devices. Ad IDs are specifically designed to facilitate third-party tracking, and disabling them makes it harder to profile you. Instructions for Android devices are here, and for iOS devices here.
Choose a browser thats more private by design. DuckDuckGo on mobile and Firefox (with privacy settings turned up) on the desktop are both good options.
4: Security Checklists
Make a to-do list of tools, techniques, and practices to use when you are doing anything that requires a bit more care when it comes to digital privacy and security. This is not only good to have so that you dont forget anything, but is extremely helpful when you find yourself in a more high-stress situation, where trying to remember these things is far from the top of your mind.
Recommendations:
Tools: VPNs for hiding your location and circumventing local internet censorship, encrypted messaging apps for avoiding surveillance, and anonymized credit cards for keeping financial transactions separate from your day-to-day persona.
Strategies: use special code words with trusted people to hide information in plain sight; check in with someone via encrypted chat when you are about to do something sensitive; turn off location services on your cell phone before going somewhere, and back up and remove sensitive data from your main device.