Sign in Subscribe
Programs

Internet Security advice for persons of interest

CCT

4 min read
Internet Security advice for persons of interest
Photo by FlyD / Unsplash

Good Ancestor provides pro-bono last mile assistance, security advice, and referrals to volunteers and professionals for security targeted individuals who face nation state actor or commercial spyware threats to get connected with the help they need.

VIPs we've assisted include our grantees, donors, and ecosystem partners, former heads of state in exile, human rights activists and their families, AI safety leaders, policy experts, journalists, semiconductor CEOs and others facing threats from APTs, as well as more mundane actors. We receive these requests through our ecosystem partners and donors, and connect them to volunteers and resources.

You may also fill out this interest form or if needed reach out to us through our Contact page.

For Human Rights Activists and Journalists:
If you are in an emergency, contact https://www.accessnow.org/help/ a full service help line that can even help you recover stolen email and social media accounts. Having a live security person to help you is ideal. If that's not feasible read below for general guidance.

Recommendations for Security Concerned Persons


If you are concerned about an incident we recommend doing the following things in the following order.

#1 - Establish your physical safety

- Understand that your cell phone is a real-time tracking and listening device, even if it appears off. If you are on an apple device go to Settings -> privacy and security -> safety check, then to manage sharing and access and follow the instructions.

#2 - Be careful what you click (if at risk of cyber attack)

- First we strongly suggest you do not click URL shortened links, or any links, files, or videos sent to you via SMS, iMessage, Whatsapp, email or similar, even if from a friend.

- If you are at risk of cyber attack - Avoid the use of SMS entirely, or clicking links sent in SMS (such as package tracking or boarding passes, especially while traveling)
- Do not click any links or play any media sent by unknown persons and if possible even known persons
- Do not open any unusual emails or attachments over messaging apps
- The best messaging app to use is signal

#3 - Secure your Mobile Device

Lockdown Mode - If on an Apple device turn on "lockdown mode" at the bottom of security and privacy settings. We leave this on all the time, but you can also turn it on when leaving the country.

Scan - Download iVerify Basic (free), run a device scan to see if it can detect your device is compromised. If you have received iVerify Elite from us, you can contact iVerify directly. This is not a guarantee your device is clear.

Stow temporarily - If you worry your device is compromised don't type passwords into it or say your location or passwords around it. You may wish to turn it off and move it into another room or location (or the microwave) temporarily. Turning it off does not guarantee it is actually off. Reserve it in case you need it for forensics later.

Secure Settings - If you feel good about your device and want to secure it now before your other accounts, go through iVerify's app under Guideline and complete each security activity. Otherwise we can do this later after securing key accounts.

The guidelines cover settings to
- Protect against theft
- Limit software exploits
- Review for Compromise
- Protect Wireless Data
- Protect your communications
- Prevent Ad Data Leakage

#4 - Connect to a VPN on a device you trust

If you are not sure which device to trust, consider a Google Chromebook, or an iPad, over a Macbook, or Windows computer, or a phone, and choose someone else's device over yours if possible.

You may wish to turn on https://protonvpn.com/, or other free/paid VPNs and if possible use the NetShield blocker, and use it across all your devices

#5 - Secure your Email and Cloud on a device you trust

For G-Suite/Gmail Users: Google Advanced Protection
For iCloud Users: Cloud Advanced Data Protection

While you are doing this log any questionable or unnecessary devices out of your account. For example Google Account Security

If using Gmail, go to your gmail settings and turn on "Ask before displaying external images"

#6 - Secure your other key accounts via a trusted device


Change your key passwords and setup 2 factor auth via an app -
- If you do not already have a password manager, install Proton Pass or Bitwarden - Use a password manager to keep track of site unique passwords, which also checks your passwords against internet leak databases.
- Go through and update all your important passwords with unique generated passwords.
- Make sure to setup 2factor with a app like Authy rather than via SMS messages
- You do not want to do this on a potentially compromised device as you could be watched with screenshots of your password

#7 - Learn more about your scenario

Visit the Consumer Reports Security Planner and find more information on your scenario in places like Computer Security and Privacy

#8 - Take actions to maintain privacy

To learn more about what you can do visit our Privacy Guide.

Resources 

- Visit our grantee Naomi Brockwell's Ludlow Institute on privacy and security to learn more and watch her youtube videos
- For people with Google Pixel devices or who want the highest level of security see our GrapheneOS Setup Guide which includes detailed advice on setting up a secure phone.
- We provide Donors and VIPs a special access page with recommendations for paid tools (such as secure and high priority cell providers), and offer licenses of https://iverify.org/ mobile security software to donors and other targeted persons.