How to Protect Your Privacy and Protest Safely Online
The Anti-Terror Law allows the government to conduct surveillance on suspected "terrorists." Here are some resources on how to protest safely and protect your privacy.
Remember: stay vigilant, but never silent. If we stop dissenting, that is the chilling effect that the Terror Law was made for.
- Do not use your full name and use different usernames for each account
- Do not reveal too much information about your identity (photos, location)
- Create new accounts for online activism purposes (see next section on how to protect your personal accounts instead)
- Enable passwords/passcodes on all your devices
- Enable 2FA (two-factor authentication) on all accounts if possible
- Check unusual login activity and logout from all devices regularly
- Change passwords often, do not use the same passwords for all accounts if possible
- Exercise caution and prudence when posting/sharing on social media (e.g. do not post death threats)
- Beware of phishing sites and scam emails: always check link URLs and sender's e-mail addresses
- Enable your smartphone's location services only for certain apps (e.g. TVNS/food delivery apps)
- Use "secret chat" and/or self-destructing messages feature on your apps if applicable
- Consider using a cheap disposable phone when protesting on the streets
- Use recommended encrypted apps (see section below)
It is much easier for authorities/criminals to use social engineering tactics to retrieve sensitive data from you. Always be vigilant and do not easily hand over your credentials or devices to anyone.
If you really need to use your personal account for family/friends/school/work:
- Set your account to private, BUT leave a few old posts visible to the public as proof that you are the original account (in case of fake duplicate accounts)
- Hide all other information from the public such as your address, workplace
- Use Facebook's "View As" feature to check how your profile looks like to the public
- Unfriend or block all untrustworthy social media followers/friends
- Disable friend requests and messages from users without mutual friends
- Exercise caution and prudence when posting/sharing on social media
The government cannot easily retrieve user data from internet services. Recently, companies have been refusing law enforcement requests, especially from controversial laws that may violate freedom of speech.
However, we still cannot 100% trust them because our data, including chat messages, are still stored in their servers. Use these open-source, encrypted apps instead for maximum security:
- Instant Messaging: Signal / Telegram
- Web Browser: Firefox
- Search Engine: DuckDuckGo
- E-mail: ProtonMail
- Disposable E-mail: GuerrillaMail
- VPN: ProtonVPN (Free) / Mullvad (Paid)
- Do not use TikTok, FaceApp, etc.
- Open-source, encrypted software made by non-profit, privacy-centric groups are good
- EU has strict privacy laws. Software made by EU companies are usually trustworthy (as opposed to U.S. or China)
- Always be skeptical and do your due diligence