molly's guide to cyberpunk gardening

resisting authoritarianism deep dive #2: secure your communications

(A series in which I ramble some personal perspective on ICYDAK's "30 Proven Tactics to Resist Authoritarianism in Daily Life," because most of this stuff is just default daily life to me.)

ICYDAK: 30 Proven Tactics to Resist Authoritarianism in Everyday Life

#1: know your rights

2. Secure Your Communications

Authoritarians thrive on surveillance. Use encrypted messaging (Signal, ProtonMail) and avoid discussing sensitive topics on social media.

I didn't grow up in a particularly encryption-concerned household, for three reasons. One, it was the 80s/90s; unless you were physically on the telephone or had hooked the telephone line to the modem, surveillance at home wasn't really a concern. Also the expectation of privacy we had then was wildly different than the one prevailing in the US now. (For a comparison, watch the X-Files episode "Kill Switch" and marvel at how utterly oblivious Mulder and Scully are to the notion that devices might watch, listen to, or track them.)

Two, surveillance was especially not a concern in my house, which was literally half a mile from the nearest neighbor. Unless someone hauled themselves through several acres of trees on the north and west sides, walked totally exposed through our fields on the south, or forded a literal swamp to the east, they weren't getting close enough to the house to peep in with binoculars.

Three, my parents were not unusually paranoid. And in the closing decades of the previous century, you had to be unusually paranoid to believe The Devices Are Watching You.

Today, "the devices are watching (and listening to and recording and transmitting those recordings of) you" isn't paranoid. It's default.

I've said this before, and I'll say it some more: The defining question of our time is "Who does the device work for?" Does it work for you, or does it work for the billionaires?

If you did not take active steps to ensure the answer is "you," then the answer is "the billionaires." And the billionaires are perfectly happy to hand over what they know about you to the government for the low, low price of a subpoena.

some active steps i have taken to make sure my devices work for me

For illustrative purposes. Honestly, the fun of this process is figuring out what works for you and then doing it.

Yes, I actually do use Signal and Proton. Also Mailfence. For me, the beauty of email services like Proton, Mailfence, and Tuta is twofold. One, their security and privacy are a lot better than Gmail. Second, I'm in the US, but they're not. Because Proton and Mailfence aren't located in the US, they don't have to care about subpoenas from a US court.

My phone runs neither Android nor iOS, but Sailfish OS - a Scandinavian OS with a small but devoted community building apps for it. This means neither Google nor Apple can make my device do their surveillance bidding.

My home computers run various Linux distros, for the same reason - none of this "Windows 11 gives Microsoft access to my system" nonsense.

Though actually, I don't worry that much about the one Windows 10 device we do have - because it's not allowed on the Internet. We don't have home broadband. I have a 20GB per month hotspot, which I use if I absolutely *must* connect one of the home laptops to the Internet but can't go to the gym/library/coffee shop/other coffee shop/a friend's house to do so. I have never used the entire 20 GB in one month.

No home broadband also means that any "smart" chips hiding in any home appliances aren't available for corporate or government surveillance. The devices can collect all the data they want. Without a connection, however, they have no way to report it.

I no longer have to notice advice to "avoid discussing sensitive topics on social media." I'm no longer on social media. And I love it.

I grew up hearing "if you're going to have a sensitive or serious conversation with someone, you have to do it in person, not over the phone." My parents' reasoning was that breaking bad news to someone via phone was rude. But I find this to be good infosec advice as well. If the conversation deserves confidentiality, do it in person.

I rarely use cloud storage, and only for temporary file access. For instance, I have a short story draft in my cryptpad (Cryptpad.fr) right now. I like Cryptpad because (a) it's in France (aka not in my home country and thus not subject to my home country's subpoenas) and (b) they have no way to get me back into my drive if I lose my own password. Which means they have no way to get themselves or anyone else in there, either. (Contrast Microsoft, who absolutely can get themselves or the feds into your "encrypted" hard drive if you're foolish enough to give them access to your Bitlocker key. Which a SURPRISING number of people do.)

I'm deliberate about what I put online. I don't keep an entire personal online Wiki or make all my grocery lists in Google Drive or store my photos online or use an online journaling app, for instance. I have this blog, my Web site, and that's pretty much it. Everything else is on a non-Internet-connected device, if it is digital at all.

For example: I am writing this blog post at home, on a laptop that is not connected to the Internet. I will upload it when I get someplace with Internet, like work or the gym.

I certainly don't think everyone *needs* to drop their home broadband. I do find going "old school" and relying on free/libre software to be liberating, though. It's fun to find new - or old - ways of doing things - and to know I'm extending a middle finger to The Man when I do it.

tip jar
email
home