Cybersecurity

Protect yourself from malicious intent

Cybersecurity is an increasingly important topic, including for activists. Cybersecurity is all about keeping your data safe, so others won’t damage, delete, change, or steal your data, while keeping your data accessible and available to you. Another part of cybersecurity is your privacy, because there are many apps and websites that collect your personal data by design.

The Basics

In 2026, it’s likely that you have important documents stored digitally. Because of this, all your devices should be password-protected. All online accounts should be password-protected, and if possible with 2-factor authentication. Passwords should have a length of at least 14 characters, with 3 of the 4 character types. The four character types are: lower case (a b c), upper case (A B C), numbers (1 2 3) and symbols (! @ #).

There are quite a few ways to store your passwords. There are cloud solutions available from companies that promise a secure password safe, however hackers are becoming more adept at hacking even the most secure systems. Taking down the internet is becoming a more popular choice for hackers in war-time. Passwords can be stored locally on your device, with apps such as KeyPass. Your most important passwords, as crazy as it may sound, can best be written on a piece of paper. This piece of paper should never be seen by a camera on any of your devices.

Use at least two email addresses, one for the really important things like the bank, insurance, your landlord, utilities, etc. Use the other for less important things like social media, the hair dresser, travel agencies, petitions you sign, etc.

Make regular back-ups of important information. Put the back-ups on a separate storage device, and make sure you can access these documents even when the internet is not available. You can use an external USB drive, or hard disk; these come as encrypted versions, too.

Make sure all your applications are up-to-date, especially your firewall and anti-virus.

Privacy

Selling personal data has become a trillion-dollar industry for a reason. The value of your personal data isn’t the direct data they get by tracking your preferences and activities (e.g. the fact that you bought apples), but the conclusions that can be drawn from it. Social media platforms often know more about the inner workings of your psyche than even you yourself know. With this information they can manipulate your behavior, such as your buying behavior, but also your (political) views.

Data privacy legislation is supposed to protect citizens, however 66 countries have no form of data privacy legislation or regulations. Europe has some of the strictest data privacy laws in the world, so Europe might seem like a safe option, but some of these countries are part of the 14 Eyes Alliance, a group of countries that collect and share the personal data of their citizens with other countries in the alliance.

The countries that have the strongest data privacy legislation are Switzerland, Iceland, Romania, and Finland.

In order to protect your personal data, you should avoid all the Silicon Valley companies, such as Microsoft (Windows, Office, etc.), Google (including Youtube, Waze, Nest, Fitbit), Netflix, Spotify, Zoom, Intel, Apple, Meta (Facebook, Instagram, Whatsapp, Threads), X, LinkedIn, Reddit, Pinterest, Doordash, Ring, just to name the biggest problems.

Microsoft has always been a paid service (and still is), however Microsoft is now also cashing in on your personal data by effectively turning your Windows into spyware, sending and saving a lot of information (Searches, texts you write in Word or Excel, etc.) to Microsoft servers. Microsoft calls this telemetry, something you have to agree to in order to use Windows.

Google, together with Meta, might be the biggest personal data brokers on the playing field.

You can help yourself by switching to alternatives:

• Use Tuta or Proton for email, and both have a calendar too.

• Search engine: Ecosia or Qwant

• Translations: DeepL or Libre

• Browser: Vivaldi or Ecosia

• Meetings: Digital Samba or Threema

• Drive: Proton drive or Crypt.ee

• Documents: LibreOffice or NextCloud

All the alternatives mentioned above are fairly easy to set up and get started with. The two below are a bit more advanced:

• Use a Mac or Linux system for your computer.

• Authenticator: Proton or Aegis

Other things you can do

For some whiz-kids this may not seem advanced, but many people struggle to identify a phishing email. Phishing is still the most common attack vector. For example, an attacker with a seemingly correct email address may demand that the reader immediately make a payment, threatening that otherwise electricity service will be terminated.These types of emails still trick quite a few people.

Configure your network. Separate trusted devices from vulnerable devices, and guest devices using VLANs. Restrict access for all devices to only the access they need. Setting up VLANs is an expert’s job, not something everybody can do. The purpose of a VLAN is to separate devices, but virtually, so you don’t need extra cables. This separation can prevent hackers from gaining access to all of your devices when only one is compromised.

Don’t let applications such as email, Whatsapp, Telegram, or any other messaging service automatically open images or videos. Don’t open attachments from unknown senders. And don’t click on links in messages from unknown senders, not even the unsubscribe link from that annoying newsletter you never subscribed to!

Uninstall unused apps.

The Unavoidable

Many people are already aware they should cover their laptop cameras when not using them, as these could be exploited. Phones often have cameras on both sides and neither are covered. Most people don’t even realize that the microphone can be exploited in the same way, and there is no off-switch for that.

Edward Snowden has proven that government agencies spy on their own and foreign citizens. For instance, the National Security Agency (NSA) used malware called Pegasus to spy on peoples’ phones (I-Phone and Android) gaining access to their files, and to their live locations, cameras, and microphones. Pegasus was not detectable, not to the firewall, and not to the anti-virus software–unless one were to search for very specific network traffic, because Pegasus operated outside the area scannable by firewalls and anti-virus. Ever since Pegasus was exposed by Edward Snowden the malware isn’t used by governments anymore. They have developed new ways, but what exactly the new ways are remains unclear.

If you really want to share information without anyone able to listen in, abandon all technology.