Surveillance technologies are on the rise, including facial recognition technology which captures biometric data from people’s faces, and tools that harvest information from social media. In australia, the right to protest is also currently under threat.

While digital security is not a one-size-fits-all process, the goal of this section is to help you safely participate in activism while mitigating unnecessary police surveillance, violence, harassment, or threats to your employment.

Phone Safety At Protests #

Consider not bringing your phone, especially if you have strong privacy concerns. Check information from local event organisers to assess the needs and risks of your situation. 1

Don’t go alone if you choose not to bring your phone to the protest. Before you go, arrange times and places to meet up with people and what to do in case of separation.2

Suppose you are bringing a mobile phone with you. In that case, you can do the following things to avoid surveillance technology or the police forcefully gaining access to your phone:

  • Turn off face ID and touch ID3

    • iOS: Settings > Face ID (or Touch ID) and Passcode > “Use Face (or Touch) ID For:” > Turn off all the options.
    • Android: Check your manufacturer’s instructions, as it will differ between devices. Under Settings, it will usually be under Screen Lock Type > Biometrics > Turn off all the options.

  • Turn on aeroplane mode4

  • Disable location services5

  • Disable Bluetooth6

  • Download and use Signal, a secure end-to-end encrypted messaging app, to communicate, especially if you plan to attend protests and actions regularly.7

  • Enable and practice using Emergency SOS, which allows you to quickly call for help and alert emergency contacts (by call and/or text) with quick swipe gestures or button presses. Depending on your device, you can configure other functions, like auto-attaching images.8

    • iOS: How to set up emergency contacts and use SOS.
    • Android: Check your manufacturer’s settings, as it will differ between devices. Under Settings, it will usually be under something like **“Send SOS Messages”**or “Emergency SOS”. Turn on, configure the side key, and set your emergency contacts.

  • Ensure you have a passcode/PIN on your phone (not a swipe pattern), and practice it in advance. The longer the PIN, the more secure, so choose the maximum length you are comfortable remembering.

  • Set up your lock screen to disable message previews so someone with your locked phone can’t read your chats.

  • Take photos without unlocking your phone, and try to keep your phone locked.9

  • Backup your phone before you go out.10

  • If you’re an iOS user, disable AirDrop.11

  • Consider not using Google Maps. Google Maps always tracks its users, and Google keeps this detailed tracking data forever. Consider Apple Maps, DuckDuckGo Maps, or OsmAnd.12

  • If your phone gets taken away by the police, remotely log out of all your accounts as soon as possible.

Photography And Social Media #

  • Consider setting your social media profiles to private.

  • Don’t share your social media handles with people you may meet that you don’t already know and have reason to trust.

  • Don’t post photos of protestors that distinguish their identity or faces unless you have their permission.

  • While it’s important to document protests to spread the word about actions that news outlets are downplaying or not covering, be extremely mindful of surveillance risks when sharing images on social media. Protecting others’ identities is a form of community care – police can use images and the metadata they produce to track the identity of protestors and place them in highly specific areas and times of action.13

  • Be selective about the subject and framing of your photos.14

    • Take photos at a distance, capturing crowds rather than individual details.
    • Position yourself behind the march, showing only the backs of heads.
    • Focus on signs and flags to capture protest energy without revealing sensitive details.

  • Before sharing something, ask yourself:

    • Am I putting someone at risk, particularly marginalised folks?
    • Does my photo/footage contain identifiable features, e.g., uncovered faces, tattoos, or unique hairstyles?
    • Can I do something more helpful with this than post it, e.g. use it as a reference point to write about?
    • Is posting this photo benefiting me or the **movement **and activists at the forefront?

  • Without permission from the protestor(s),blur any distinguishing or identifiable features.

    • Signal has a built-in feature that allows you to blur faces in photos before sending – do this before sharing or posting images. Alternatively, manually draw over photos in the Signal app.15

      • Note that using your phone’s photo default editing app may be ineffective at censoring and will not remove metadata.

    • Another option is this web tool, which allows you to scrub metadata and effectively paint over or blur features.

  • Consider taking screenshots of the photos and posting those instead. This removes the original image metadata.16

  • Videos are trickier to hide people’s faces and may require additional time, effort, and software. If you do not have these resources, focus on minimising capturing faces in video footage in the first place.17

  • For extra protection in case your device is compromised, delete the original photos and videos that show people’s faces from your phone after you have made a version that obscures the faces.18

Filming And Photographing The Police #

Recording incidents such as arrests and use of violence by law enforcement can be a powerful tool of accountability.

Tips from Melbourne Activist Legal Support:19

  • Record in landscape mode. It captures more of the scene.
  • Hold your device steady and move it slowly for better evidence.
  • If taking your phone to an action, make sure you don’t take sensitive data with you.
  • Record the moments before an arrest - context can be as important as the arrest itself.
  • Try to take clear steady images that capture the police officer’s badge name or ID number.
  • Don’t hinder an arrest when observing or you may end up arrested too.
  • Try not to narrate. Your recording may not capture key information if you’re speaking over it.
  • Police do not have the right to stop you recording public interactions.

Find more in-depth guides, resources, and advice from WITNESS and the National Justice Project’s CopWatch.

Doxing, Harassment And Surveillance20 #

What Is Doxing? #

Doxing is the online practice of researching, documenting, and broadcasting private or personally identifiable information to harass and traumatise individuals and groups. These attacks can also extend to physical violence, stalking, intimidation, and psychological harassment.

Some common signs that you’ve been doxed:

  • You’re receiving an abnormal influx of harassing emails, texts, phone calls, or social media comments from people you don’t know.
  • People you don’t know show up at your workplace or home or follow you to and from these places.

Evaluating Threats #

Assessing the threats you face can be a way to ground yourself and determine the most appropriate security measures for your situation.

The following questions are best answered with trusted friends or family:

  • What information are you most concerned about, or is most vulnerable?
  • Who are you concerned about, an individual or “civilian” group, a corporate or government entity?
  • What information do these entities want, and what are their likely goals? Non-state-affiliated individuals and groups will generally have less sophisticated methods than law enforcement.
  • How might you be surveilled – online and in person?
  • How serious are the consequences of the risks you’re facing? For example, if your address has been posted online, you’re at higher risk of physical harm and should take steps to address this.

Preventative Measures21 #

These steps aim to limit your “attack surface” as much as possible so that malicious actors won’t have as much to work with if you become a target.

  • Find out what information exists about you online– search in incognito mode for your name, location, job, school, and any other public details, e.g. “Firstname Lastname”, in quotes. Try various combinations of these details. Note down which accounts and information show up.

  • Review and update your privacy and security settings on your social media accounts. Consider making them private.

  • Have strong and unique passwords for all your accounts, especially for social media, financial accounts, and those tied to your legal ID.

    • Ensure that your answers to security questions are difficult to guess, and don’t inadvertently reveal these answers on social media.

  • Set up app-based two-factor authentication for your accounts. Avoid using SMS-based 2FA (it is better than no 2FA, but it’s the least secure 2FA method).

    • This process can be time-consuming, so prioritise your most critical accounts, such as those tied to your real-world identity and those that showed up when searching for yourself.

  • Protect your financial accounts, as attackers may try to escalate their threats. Let your financial institutions and utilities provider know you are a target, as they may be able to implement an added layer of security for you.

  • Limit personal information posted online.

    • Be mindful of sharing employer information online, including LinkedIn.22

    • Where appropriate, use aliases and/or non-primary emails when signing petitions or sign-up sheets. This is one of the most common ways people get doxed.

  • Have a conversation with loved ones about what information they reveal online – if you’re at high risk of doxing, your family and friends are also implicated. Consider asking them to be careful about what they post about you and themselves.23

  • Protect your web browsing activity by moving away from Google Chrome. Use Firefox + uBlock Origin Extension instead.

  • Use a VPN to mask your IP address – ProtonVPN is free.

  • Delete any unused accounts.

If You Have Been Doxed24: #

  • Immediately change your existing passwords on all platforms.
  • Complete preventative measures if not already done.
  • Do not immediately react publicly. Secure yourself first, and privately alert your friends, family, and support networks.
  • Create and update an incident log of attacks or harassment you’re experiencing. This evidence record can be used to reveal broader attack patterns. It can be compared with others experiencing the same threats.
  • Seek support from your communities. Taking care of your security during this time can be overwhelming, anxiety-inducing and re/traumatising – ask for help from your support network and create a self-care plan. Some examples of support might include:
    • Checking emails, social media and other online accounts for you.
    • Helping out with logging incidents.
    • Checking in on you and making sure you’re okay.
    • Offering you a safe place to stay if your home address is shared and/or the harassment escalates.
    • See our Collective Care section for further resources.
  • Report incident(s) and accounts to the platform where the harassment occurred and block unwanted contact.
    • Refer to eSafety Guides for popular sites (including Instagram, Facebook, TikTok, etc.)
  • It is not recommended to approach the police when you are doxed. They may use the information you provide about the harassers but will also keep information they get about you and others you’re associated with.
  • Remember: you’re not in this alone! We are much harder to target and isolate when we have built robust and trusted networks.

Other Resources #

Please note that though they are very useful, these resources may contain u.s.-specific recommendations that do not apply to an australian context.

Notes #

  1. Infosec for Activists. <https://infosecforactivists.org/#things-to-know> Accessed 27/12/23. ↩︎

  2. Infosec for Activists. <https://infosecforactivists.org/#things-to-know> Accessed 27/12/23. ↩︎

  3. Legal Observers NSW. <https://www.instagram.com/p/CyoywzQyL3v/?img_index=5> Accessed 27/12/23. ↩︎

  4. Legal Observers NSW. <https://www.instagram.com/p/CyoywzQyL3v/?img_index=5> Accessed 27/12/23. ↩︎

  5. Legal Observers NSW. <https://www.instagram.com/p/CyoywzQyL3v/?img_index=5> Accessed 27/12/23. ↩︎

  6. Legal Observers NSW. <https://www.instagram.com/p/CyoywzQyL3v/?img_index=5> Accessed 27/12/23. ↩︎

  7. Bill Budington. Electronic Frontier Foundation. <https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters> Accessed 27/12/23. ↩︎

  8. Infosec for Activists. <https://infosecforactivists.org/#before> Accessed 27/12/23. ↩︎

  9. Bill Budington. Electronic Frontier Foundation. <https://www.eff.org/deeplinks/2016/11/digital-security-tips-for-protesters> Accessed 27/12/23. ↩︎

  10. Infosec for Activists. <https://infosecforactivists.org/#phone-backups> Accessed 27/12/23. ↩︎

  11. Infosec for Activists. <https://infosecforactivists.org/#airdrop> Accessed 27/12/23. ↩︎

  12. Infosec for Activists. <https://infosecforactivists.org/#tools-not-to-use> Accessed 27/12/23. ↩︎

  13. Infosec for Activists. <https://infosecforactivists.org/#tools-not-to-use> Accessed 27/12/23;
    Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 27/12/23. ↩︎

  14. Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 27/12/23. ↩︎

  15. Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 27/12/23. ↩︎

  16. Mask On Zone. <https://maskon.zone/> Accessed 27/12/23;
    Surveillance Self-Defense. <https://ssd.eff.org/module/attending-protest> Accessed 27/12/23. ↩︎

  17. Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 7/1/24. ↩︎

  18. Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 7/1/24. ↩︎

  19. Digital Rights Watch. <https://digitalrightswatch.org.au/2023/11/15/posting-protest-photos-online/> Accessed 7/1/24. ↩︎

  20. CrimethInc. <https://crimethinc.com/2020/08/26/doxcare-prevention-and-aftercare-for-those-targeted-by-doxxing-and-political-harassment> Accessed 27/12/23;
    Equality Labs. <https://www.equalitylabs.org/wp-content/uploads/2023/10/ADVANCE-COPY_-EQUALITY-LABS-ANTI-DOXING-GUIDE-FOR-ACTIVISTS-3.0.pdf> Accessed 27/12/23. ↩︎

  21. Information Ecology. <https://docs.google.com/document/d/1flvGgb2cjjLMRA71dYruuJRaC_8b3ZDZy3–Ex1OcuY/edit> Accessed 27/12/23; Equality Labs. <https://equalitylabs.medium.com/anti-doxing-guide-for-activists-facing-attacks-from-the-alt-right-ec6c290f543c> Accessed 27/12/23. ↩︎

  22. Palestine Legal. <https://palestinelegal.org/news/2023/10/12/resources-for-advocating-for-palestine-across-us> Accessed 27/12/23. ↩︎

  23. PEN America. <https://onlineharassmentfieldmanual.pen.org/protecting-information-from-doxing/> Accessed 27/12/23. ↩︎

  24. eSafety Commissioner Australia. <https://www.esafety.gov.au/industry/tech-trends-and-challenges/doxing> Accessed 27/12/23; Equality Labs. <https://equalitylabs.medium.com/anti-doxing-guide-for-activists-facing-attacks-from-the-alt-right-ec6c290f543c> Accessed 27/12/23. ↩︎