Activist Digital Security Checklists

Plain language steps for digital security, because protecting yourself helps keep your whole community safer. Built by activists, for activists with field-tested, community-verified guides.

WARNING

I'm still tweaking the sections on this page. All the checklists are correct and useful, but I'm still fixing some of the recommendations. Do your own research on the tools mentioned on this specific page.

✈️ Travel & Flight Security

Checklist for both domestic and international flights. Also applies to land/sea border crossings.

 What are your rights when crossing the border

Read the following articles to learn your rights:

• Know Your Rights travel guide from stop AAPI Hate
• Is it safe to travel with your phone right now? from The Verge
• Can border agents search your electronic devices? It's complicated from the ACLU

WARNING

Border police CAN search any electronic device at airports/borders without a warrant, regardless of your status.

 How to fully power down your device

Android: Press and hold the power button and select Power off.

iPhone: Press and hold power and volume down buttons, then slide to power off.

Laptop: Select Shut down from your system menu. In an emergency, almost all laptops can be forced to power down by pressing and holding the power button for 5-10 seconds.

 Which apps to uninstall

Consider uninstalling Signal, email & calendar apps, social media apps, docs & notes (Google Docs, Evernote), communication apps (Slack, WhatsApp), and Google Maps. Apps on iPhone can be hidden by long-pressing the app > Require Face ID > Hide and Require Face ID.

Apps to consider removing:

• Signal
• Email & Calendar apps
• Social Media apps (Facebook, Twitter, Instagram, TikTok)
• Docs & notes (Google Docs, Evernote, etc.)
• Communication apps (Slack, WhatsApp, etc.)
• Google Maps

 How to safely remove your password manager

Make absolutely sure you have memorized or written down your master password before uninstalling. For 1Password users, also write down your Secret Key. You can travel with this information if you don't think your possessions will be searched. Keep passwords written on paper in a journal or dayplanner, or have a trusted person share them via secure channel.

⚠️ Important: Never delete your Two-Factor Authentication (2FA) codes - these are hard to restore and not useful unless someone also has your password.

 How to change your passcode

Generate a random 10-digit passcode (don't make one up yourself).

iPhone: Settings > Face ID & Passcode > Change Passcode > Passcode Options > Custom Numeric Code

Android: Settings > Security > Screen Lock > Enter Current Lock > PIN/Password > Choose 10-digit Passcode

Write your new passcode on paper and keep it safe until memorized.

 Encrypting Laptops

Encryption may need to be enabled on your laptop.

MacOS: System Settings > Privacy & Security [scroll to bottom] > FileVault > Turn on, save Recovery Key securely, do not enable iCloud recovery.

Windows: Settings > Privacy & Security > Device encryption.

 How to hide or deactivate social media accounts

Make Twitter/X private or deactivate, LinkedIn private or deactivate, Instagram private or deactivate, Facebook private or deactivate, TikTok private or deactivate. Consider hiding public posts like blogs and YouTube videos. Use Block Party to assist with this process.

Platforms to secure:

• X / Twitter: make private or deactivate
• LinkedIn: make private or deactivate
• Instagram: make private or deactivate
• Facebook: make private or deactivate
• TikTok: make private or deactivate

 How to set up IVPN

Go to IVPN and click Generate IVPN Account ($6/month or $60/year). Write down your Account ID somewhere safe - you cannot recover it. Download apps for computer and phone, enable launch at login, autoconnect on launch, and background daemon management. Keep VPN on at all times unless having connection issues.

Setup Steps:

1. Go to IVPN.net and generate account
2. Select Standard Plan ($6/month or $60/year)
3. Important: Write down Account ID - cannot be recovered if lost
4. Download apps for Mac, Windows, iPhone, Android
5. Configure: Launch at login, Autoconnect on launch, Allow background daemon

🏛️ Digital Security for Federal Workers

For federal workers who are resisting the authoritarian takeover and want to protect themselves and each other.

 How to set up Signal

Install Signal on your phone, message existing contacts (they must have Signal installed), enable disappearing messages by default and for existing threads. Follow the Signal Checklist for maximum security and privacy.

Setup Steps:

1. Install Signal on your phone
2. Message existing contacts who have Signal
3. Enable disappearing messages by default
4. Follow the complete Signal Checklist below

 How to change your profile

Change your Signal display name: Signal > Settings > Tap name/icon > Edit profile display name. Change profile photo: Upload a generic photo from online that doesn't relate to your identity, preferences, interests, or location.

Profile Security:

• Use a generic display name unrelated to your real identity
• Use a generic profile photo from online
• Avoid photos that reveal location, preferences, or interests

 How to set your social media profile to be private

LinkedIn: Go to Edit Profile > Edit Visibility and adjust settings. Consider fully hibernating your profile temporarily. Tighten other visibility settings and review your activity feed.

Twitter/X: Follow instructions to hide your posts and make account private.

Additional Steps:

• Review and delete sensitive posts from your feed
• Consider temporarily hibernating profiles during sensitive periods
• Adjust all visibility settings to maximum privacy

 How to set up Brave Browser

Install Brave browser (privacy-focused, supports Chrome extensions). Configure Settings > Shields: Select 'Aggressive' for trackers & ads blocking, 'Strict' for HTTPS upgrade, uncheck social media blocking. Optionally enable 'Forget me when I close this site' and disable new tab page.

Configuration Steps:

1. Install Brave Browser
2. Go to Settings > Shields
3. Select "Aggressive" for trackers & ads blocking
4. Select "Strict" for HTTPS upgrade
5. Uncheck all social media blocking options
6. Optional: Enable "Forget me when I close this site"

 How to physically secure devices

Make sure devices are powered down at end of day and when discussing dissent in your house. Keep devices away in drawer, closet, or room with door closed to ensure conversations aren't overheard if microphone were somehow still on.

Physical Security Practices:

• Power down devices completely at end of day
• Store powered-off devices away from discussion areas
• Use drawers, closets, or separate rooms with doors closed
• Never leave devices on during sensitive conversations

 How to enable and use a guest network

Look at your Wi-Fi router for model/brand. Use Brave Search to find instructions for enabling guest network on your router. Set up Wi-Fi network with different name than main network. On government phone/laptop, forget main network and connect to guest network instead.

Setup Process:

1. Identify router model/brand
2. Search for "[Router Model] enable guest network"
3. Create guest network with different name
4. On government devices: Forget main network
5. Connect government devices to guest network only

 How to use Proton Docs

Create free Proton account if needed. Visit Proton Drive > Click 'New' > Select 'New Document'. When ready to share, click 'Share' button and either share with other Proton accounts or enable 'Create public link' for those without Proton accounts. Be careful where you share the link.

Setup Steps:

1. Create free Proton account
2. Go to Proton Drive > Click "New" > "New Document"
3. For sharing: Click "Share" button
4. Choose: Share with Proton users OR create public link
5. ⚠️ Caution: Be very careful where you share public links

📱 Signal Security Checklist

Configure Signal to protect your messages and calls

 How to enable disappearing messages

To change default: Signal > Settings > Privacy > Disappearing Messages > Set to desired time.

For existing threads: Signal > Open thread > Click person/group name > Disappearing Messages > Set time.

⚠️ Note: Disappearing messages does NOT apply retroactively, so delete old threads manually.

 How to disable Signal notifications

Open Signal > Settings > Notifications > Notification Content > Select 'No Name or Content'. This prevents sensitive information from appearing in notifications when your phone is locked.

Why this matters: Prevents sensitive contact names and message content from appearing on your lock screen.

 How to hide screen in App Switcher

iPhone: Signal > Settings > Privacy > Enable 'Screen Lock' then enable 'Hide Screen in App Switcher'.

Android: Signal > Settings > Privacy > Enable 'Screen lock' then enable 'Screen Security'.

Benefit: Prevents Signal content from being visible when switching between apps.

 How to change your profile

Change display name: Signal > Settings > Tap name/icon > Edit profile display name.

Change photo: Signal > Settings > Tap name/icon > Edit photo > Upload generic photo unrelated to your identity/preferences/interests/location.

Security Tip: Use names and photos that don't reveal your real identity or preferences.

 How to enable usernames and hide your phone number

First change your profile display name if it's your full name.

Set username: Signal > Settings > Tap name/icon > Tap @ symbol > Edit username > Use something unrelated to your identity ending in 2+ numbers.

Hide number: Signal > Settings > Privacy > Phone Number > 'Who Can See My Number' > Select 'Nobody'.

Sharing: Share your username instead of phone number for new contacts.

 How to disable link previews

Signal > Settings > Chats > Disable 'Generate Link Previews'. This prevents Signal from automatically fetching and displaying previews of links you send, which could reveal your IP address to third-party websites.

Privacy Benefit: Prevents your IP address from being revealed to external websites when you share links.

📢 Digital Security for Direct Action Organizing

For anyone organizing a direct action or protest where the risk of surveillance and arrest is higher.

 Follow Security Essentials checklist

Do everything in the Security Essentials checklist, including the 'enhanced security' section. This provides the foundation for secure organizing communications and practices.

Reference: Complete the Security Essentials checklist below as your foundation.

 Follow Prepare for a Protest checklist

Do everything in the Prepare for a Protest checklist, including the 'enhanced security' section. This ensures you're protected during higher-risk activities.

Reference: Complete the Prepare for a Protest checklist below.

 How to set up secure Signal

Install Signal, set username (ex: @cloudy.52) and share this instead of phone number. Set default disappearing messages to 1 week for new chats, shorter as action approaches (1 hour or 5 minutes day-of). Disable Signal notifications so they aren't visible when phone is locked.

Timeline for Disappearing Messages:

• Planning phase: 1 week
• Week of action: 1 day
• Day of action: 1 hour or 5 minutes
• During action: Consider 5 minutes or less

 How to set up and use CryptPad

Create account at cryptpad.fr. Enable doc password if containing sensitive information. Enable auto-deletion when possible to reduce digital paper trail after action. For sharing: use Share button > Link > Select 'View' or 'Edit' > Copy URL (don't just copy-paste the URL like Google Docs).

Setup Steps:

1. Create account at CryptPad.fr
2. Enable document password for sensitive content
3. Enable auto-deletion when possible
4. Sharing: Use Share button > Link > Select permissions > Copy URL
5. ⚠️ Important: Don't just copy-paste URL from browser

 How to establish digital security agreements

Create phone security agreements around who brings phones and security level needed. Send participants link to protest checklist. For high-arrest-risk folks, suggest leaving phone home, bringing secondary phone, or following enhanced security. Create photo privacy agreements for how photos are shared and face protection.

Agreement Topics:

• Phone Security: Who brings phones, what security measures required
• Photo Privacy: How photos shared, face protection protocols
• Arrest Risk: Special measures for high-risk participants
• Communication: Secure channels and protocols

 How to protect against doxing attacks

Lock down social media privacy settings (Facebook, Twitter, Instagram, especially LinkedIn with workplace/location). Remove data from brokers using DeleteMe service or manually. Consider PO Box instead of street address for packages/accounts/payments, especially if moving soon.

Immediate Steps:

• Make all social media accounts private
• Especially critical: LinkedIn (shows workplace/location)
• Use DeleteMe or manual data broker removal
• Consider PO Box for address privacy

📚 Detailed Guide: Equality Labs Anti-Doxing Guide (start at page 25)

🔍 Action Research & Scouting

For anyone doing sensitive online research or in-person scouting who wants to protect their identity.

 How to use private navigation

Use Organic Maps (iPhone, Android) for most private mapping when getting directions for scouting. Best to save 'offline map' for region needed. Alternatively, print paper directions. Apple Maps also offers good privacy with offline maps saved. Disable location services and keep phone in airplane mode while scouting from time you leave house until you return.

Private Navigation Options:

1. Organic Maps (most private)
   • Download offline maps for your area
   • No tracking or data collection
2. Apple Maps (good privacy)
   • Download offline maps
   • Better privacy than Google Maps
3. Printed directions
   • Print from OpenStreetMap
   • Use Tor Browser for extra privacy

Scouting Security:

• Disable location services completely
• Keep phone in airplane mode
• Leave smart watches at home
• Disable Bluetooth trackers

📱 Secondary Phone Checklist

How to set up an alternate phone for actions and activism that has less data. For anyone who is higher risk of arrest who wants to invest in protecting their data.

 Understand 'Burner Phone' vs 'Secondary Phone'

Burner phone: Truly anonymous, disconnected from identity, used few times before discarding - requires great effort for true anonymity.

Secondary phone: Second phone with minimal info in case of confiscation, reusable over many actions. Goal is harm reduction, not anonymity.

Consider if you are:

• An organizer/leader in social movement spaces
• Likely to be targeted based on identity (POC, LGBTQ+, documentation status, etc.)
• Working with targeted communities
• Someone with very sensitive data on your phone

 What data am I protecting?

Your phone contains: all contacts (friends, family, organizers/activists), location data and map history (can determine where you've been and who you've met), message history (texts, Signal, WhatsApp), years of email history, browser history/bookmarks/passwords, all photos (including of other people without their consent), calendar events (meetings - who, when, where), documents (Google docs, encrypted tools if signed in).

Data at Risk:

• Contacts: Everyone in your phone becomes visible to authorities
• Location History: Shows everywhere you've been and who you've met with
• Messages: Texts, Signal, WhatsApp conversations going back years
• Photos: Including photos of others who didn't consent to seizure
• Calendar: Meeting details reveal organizing activities
• Browser Data: Search history, bookmarks, saved passwords
• Documents: Google Docs, encrypted tools if logged in

 What you'll need

Equipment & Costs:

• Secondary smartphone (used or new): $60+ or free if donated
• SIM card: $5
• Prepaid plan: ~$15/month (cheapest) or $100/year (best long-term)

Time & Difficulty:

• Setup time: 3 hours
• Technical difficulty: Moderate
• Maintenance: 30 minutes after each use

 How to set up the phone

Factory reset device if used. Skip/decline all optional setup (phone, location tracking, analytics, cloud backup). IMPORTANT: Do NOT sign in with normal Apple/Google Account during setup - look for 'skip' button. Activate phone BEFORE making Apple/Google account since they require phone number and you want to use new number.

Setup Process:

1. Factory reset device (iPhone / Android)
2. Skip ALL optional features:
   • Location tracking
   • Analytics/usage data
   • Cloud backup
   • Account sign-in (look for "Skip" buttons)
3. ⚠️ Critical: Never sign in with your main Apple/Google account
4. Activate phone first, then create new accounts

 How to set up separate Signal profile

Follow standard Signal activation for new number, then set up username. Tell contacts your new Signal username by messaging from main Signal first to verify identity. Message your main Signal from new one to send info between accounts with disappearing messages on. Join minimal relevant groups and leave when no longer active/relevant.

Signal Setup:

1. Install Signal with new phone number
2. Set up username (e.g., @cloudy.52)
3. Verify identity: Message contacts from main Signal first
4. Bridge accounts: Message between your two Signals
5. Minimize exposure: Join only essential groups
6. Clean up: Leave groups when no longer needed

⚠️ Remember: Every Signal group provides more data if phone is confiscated.

 Before and after each action

Before each action: - Ensure phone number active and not expired

• Check minutes/data remaining if not unlimited plan
• Charge phone
• Download offline maps

After each action: - Clear all app data (messages, Browse, maps)

• Remove Signal threads and leave unneeded groups
• Clear browser/navigation history
• If confiscated: Consider selling and getting new phone (factory reset may not remove spyware)

✊ Prepare for a Protest

Protect yourself and your community while protesting or attending any kind of action where arrest risk and surveillance is higher.

 If arrest risk is going up, turn your phone off!

When fully powered off, phone is more secure against data extraction by police. Data stays encrypted until you turn on and enter passcode for first time. The number one protection is turning phone off if you think you're getting closer to a risky situation. Remind others to turn off phones too.

iPhone tip: Press screen lock button 5 times to quickly bring up 'power off' option.

Why this works: When powered off completely, your phone's data remains encrypted and is much harder for police to access.

 How to disable GPS location tracking

iPhone: Settings > Privacy & Security > Disable 'Location Services' (Shortcut: Say to Siri 'Disable location tracking').

Android: Settings > Location > Disable 'Use Location'.

Print maps or save offline maps for phone use. Leave smart watches or Bluetooth trackers at home or disable their tracking.

Additional Steps:

• Print directions from OpenStreetMap
• Download offline maps in Organic Maps
• Remove/disable smartwatches, AirTags, Tile trackers
• Consider putting devices in a Faraday bag

 How to change your passcode

Generate a random 10-digit passcode (don't make one up yourself).

iPhone: Settings > Face ID & Passcode > Change Passcode > Passcode Options > Custom Numeric Code.

Android: Settings > Security > Screen Lock > Enter Current Lock > PIN/Password > Choose 10-digit Passcode.

Write new passcode on paper, keep it safe until memorized.

⚠️ Important: Use a truly random passcode - humans are terrible at making up random numbers.

 How to disable face/fingerprint unlock

iPhone: Settings > Face ID & Passcode > Disable 'Use Face ID for iPhone Unlock' (can leave rest enabled).

Android: Settings > Lock Screen (or Security) > Biometrics and Security > Disable both 'Face Recognition' and 'Fingerprint Unlock' for phone unlocking.

Why this matters: Police can potentially force you to unlock with biometrics, but cannot force you to reveal your passcode.

 How to install and use Signal

Install Signal on phone. Message/call existing contacts using phone number or ask for their Signal username - they must have Signal installed too. Enable disappearing messages and disable notifications showing content.

Quick Setup:

1. Install Signal
2. Connect with existing contacts
3. Enable disappearing messages (5-15 minutes for protests)
4. Disable notification content display
5. Follow complete Signal Checklist above

 How to take photos while protecting identities

Try not to capture faces when possible. Disable automatic cloud uploads (Google Photos, iCloud Photos) so you can review before uploading. If you capture faces, use the blurring tool in Signal when sending anywhere. If organizing with a known group, discuss documentation and sharing agreements in advance.

Photo Security:

• Prevention: Avoid capturing faces when possible
• Cloud uploads: Disable automatic backup to review first
• Face protection: Use Signal's blur tool before sharing
• Group agreements: Discuss photo/video protocols in advance
• Consider: Photos may be used to identify and target others

 How to use private navigation

Turn off location services before leaving for the action. Keep the phone in airplane mode as much as possible so the carrier doesn't know your location. Use printed directions if possible - print from OpenStreetMap via Tor Browser for privacy. Use the Organic Maps app for private mapping - open it before leaving to download offline maps.

Navigation Options (most to least private):

1. Printed directions (most secure)
   • Print from OpenStreetMap
   • Access via Tor Browser for extra privacy
2. Organic Maps with offline maps
   • Download maps before leaving home
   • Works without an internet connection
3. Airplane mode + saved maps
   • Prevents cell tower tracking
   • Still allows offline navigation

 How to select phone number for arrest

Decide who to call if you're arrested. If there's no active jail support hotline in your area, pick an emergency contact (a friend/trusted comrade for legal support - get their consent in advance). For higher-risk actions, organizers may have established a specific legal hotline. Larger cities may have an NLG jail support hotline. Write the legal number on your body in sharpie where it won't rub off (upper arm, leg, torso).

Emergency Contact Options:

1. Jail support hotline (if available in your area)
2. Trusted friend/comrade with legal knowledge
3. National Lawyers Guild hotline (major cities)
4. Action-specific legal support number

⚠️ Remember: Get consent from personal contacts in advance.

Write number on body: Use a Sharpie on your upper arm, leg, or torso where it won't rub off.

📚 Resources: National Lawyers Guild Jail Support

🔐 Security Essentials

Essentials that everyone should do to protect themselves from surveillance and attackers.

 How to set up Signal

Install Signal on your phone. Message existing contacts using their phone number (they must have Signal installed). For new contacts you don't trust yet, exchange usernames instead of phone numbers when possible. To start a new message: Press the 'Create' icon, then type the person's phone number or username. Follow the Signal Checklist for maximum security and privacy.

Setup Steps:

1. Install Signal on your phone
2. Message existing contacts (they need Signal too)
3. For new/untrusted contacts: Use usernames, not phone numbers
4. New message: Press "Create" icon > enter phone number or username
5. Complete setup: Follow the Signal Checklist above

 How to set up Brave Browser

Install Brave (a privacy-focused browser that supports Chrome extensions) on your computer/phone. Import your configuration from Chrome/other browsers. Configure Settings > Shields: Select 'Aggressive' for trackers & ads blocking, 'Strict' for HTTPS upgrade, and uncheck social media blocking. Optional: Enable 'Forget me when I close this site,' disable the new tab page, and disable toolbar items (Brave Rewards, VPN, Wallet, Leo AI).

Setup Process:

1. Install Brave Browser
2. Import bookmarks/settings from your current browser
3. Configure Shields: Settings > Shields
   • Trackers & ads blocking: "Aggressive"
   • HTTPS upgrade: "Strict"
   • Social media blocking: Uncheck all
4. Optional privacy features:
   • Enable "Forget me when I close this site"
   • Disable the new tab page
   • Remove toolbar items you don't need

 How to set up private search

Brave Search: This is the default in Brave browser, or you can follow instructions for other browsers.

DuckDuckGo: Follow instructions to make DuckDuckGo your default search engine.

Both options prevent your search history from being tracked and sold.

Setup Options:

1. Brave Search - No tracking, independent index
2. DuckDuckGo - No tracking, uses other sources
3. Startpage - Google results without tracking

Why this matters: Google tracks and profiles every search you make.

 How to run updates

Keep all your devices current with security updates. iPhone: Check model eligibility, update the OS, and enable automatic updates. Android: Check Samsung/Pixel models, update the OS, and enable automatic updates. Mac: Ensure it's not on the 'obsolete' list, update the OS, and enable automatic App Store updates. Windows: Update the OS and enable automatic Microsoft Store updates. For other apps, check the Help menu for updates.

Device-Specific Instructions:

iPhone:

• Check model eligibility
• Settings > General > Software Update
• Enable automatic updates

Android:

• Check Samsung or Pixel support
• Settings > System > System update
• Enable automatic updates

Mac:

• Ensure not on the obsolete list
• System Settings > General > Software Update
• Enable automatic updates

Windows:

• Settings > Update & Security > Windows Update
• Enable automatic updates

 How to set up private mapping

iPhone: Apple Maps is installed by default. Go to Settings > Privacy & Security > Location Services > System Services, then disable iPhone Analytics, Routing & Traffic, and Improve Maps.

All platforms: Install Organic Maps, and open it once in your area to download offline navigation data. Both options are more private than Google Maps.

Setup Steps:

Apple Maps (iPhone):

1. Already installed by default
2. Settings > Privacy & Security > Location Services > System Services
3. Disable: iPhone Analytics, Routing & Traffic, Improve Maps

**Organic Maps (All devices):

1. Install Organic Maps (iPhone / Android)
2. Open the app in your area to download offline maps
3. Benefits: Completely private, works offline, no tracking

 How to review location permissions

iPhone: Settings > Privacy & Security > Location Services. Review each app: Never (best for most), Ask Next Time (rarely needed), While Using App (essential navigation only), Always (almost no app needs this). Set Photos to Never to avoid revealing location in sent photos. Disable System Services > Significant Locations.

Android: Settings > Privacy > Permission manager > Location. You'll see similar options: Don't allow, Ask every time, Allow only while using, Allow all the time.

Permission Levels (most to least secure):

iPhone:

• Never (best for most apps)
• Ask Next Time (for rarely needed location)
• While Using App (essential navigation only)
• Always (almost no app should have this)

Android: - Don't allow (best for most apps)

• Ask every time (for rarely needed location)
• Allow only while using app (essential navigation only)
• Allow all the time (almost no app should have this)

⚠️ Critical: Set the Photos app to "Never" to prevent location data from being included in shared photos.

 How to opt out of data broker websites

This process is very time-consuming to do manually, so it's recommended to pay for an automation service. Sign up for EasyOptOuts ($20/year). Fill out the form with your current/past phone numbers, emails, addresses, and housemates. After 1-2 weeks, you'll receive an email with removal details. Do separate Google searches for your name, email, phone number, and address to find any remaining sites for manual removal.

Automated Option:

1. Sign up for EasyOptOuts ($20/year)
2. Fill out the comprehensive form (all past info)
3. Wait 1-2 weeks for a removal report
4. Follow-up: Google search your details to find remaining sites

Manual Option:

• Big-ass data broker opt-out list
• Very time-consuming but free
• Expect to spend 10+ hours

Why this matters: Data brokers sell your personal info (address, phone, family) to anyone, including bad actors.

 How to set up IVPN

Go to IVPN and click Generate IVPN Account ($6/month or $60/year). Select the Standard Plan (or Pro for 2+ devices). Write your Account ID somewhere safe - it cannot be recovered if lost. Enter your payment details or order a voucher card for more privacy. Download the apps for your computer/phone, install them, and enter your Account ID. Enable: Launch at login, Autoconnect on launch, and Allow background daemon. Keep the VPN on at all times unless you're having connection issues.

Setup Steps:

1. Go to IVPN.net > "Generate IVPN Account"
2. Plan: Standard ($6/month) or Pro ($9/month for 3+ devices)
3. ⚠️ Critical: Write down your Account ID - it CANNOT be recovered if lost
4. Payment: Credit card or voucher cards for more privacy
5. Download apps: Computer / Mobile
6. Configure: Enable launch at login, autoconnect, and background daemon

Alternative: Mullvad VPN - Similar privacy focus, accepts cash payments

 How to set up 1Password

Download and install 1Password ($3/month). Create a strong, random master password using a passphrase generator - it should be memorable but not used elsewhere. Write the master password on paper and destroy it after you've memorized it. Import your existing passwords, and install the browser extension and mobile app. Update your most important passwords using the random generator if you were re-using similar ones.

Setup Process:

1. Download 1Password ($3/month)
2. Master Password: Use a passphrase generator
   • It should be memorable but unique
   • Write it on paper and destroy it after memorization
3. Import existing passwords from your browser
4. Install extensions: Browser and mobile apps
5. Update passwords: Change reused passwords using the 1Password generator

⚠️ Security Note: Your master password protects everything - make it strong and unique.

Free Alternative: Bitwarden offers similar features at no cost.

 How to set up two-factor authentication

Install an authenticator app: 1Password (which has a built-in authenticator) or Ente Auth. Optional: Create an account for backup (Ente encrypts your data). Set up 2FA on your accounts: Go to the Security/Privacy settings and look for '2FA'/'two-factor'/'multi-factor authentication'. Select the 'authenticator app' option if it's available (and save the backup codes in your password manager). If only SMS is available, use that. Common sites to secure include Google, Apple ID, Facebook, Twitter/X, and Instagram.

Authenticator Apps:

1. 1Password (if you have it) - Built-in authenticator
2. Ente Auth - Privacy-focused, end-to-end encrypted
3. Avoid: SMS when possible (it can be intercepted)

Setup Process:

1. Go to your account's Security/Privacy settings
2. Look for "2FA," "Two-factor," or "Multi-factor authentication"
3. Choose "Authenticator app" over SMS when available
4. Save backup codes in your password manager
5. Test the login with your new setup

Essential Accounts to Secure:

• Email accounts (Gmail, etc.)
• Apple ID
• Social media accounts
• Financial accounts
• Work accounts

📚 Check which sites support 2FA: 2FA Directory

 How to use Proton Mail

Sign up for a free ProtonMail account. Choose a random username that's not connected to your identity. When verifying that you're human, choose 'CAPTCHA,' not 'email.' When asked for a recovery method, choose 'Maybe later' (but you must save your password securely). Messages between Proton users are automatically end-to-end encrypted. Messages to other providers are not encrypted, but you can send a password-protected email.

Setup Steps:

1. Sign up for a free ProtonMail account
2. Username: Choose a random name unconnected to your identity
3. Verification: Choose "CAPTCHA," not "email"
4. Recovery method: Choose "Maybe later" (save your password safely!)
5. ⚠️ Important: You must secure your password since there's no recovery option

Encryption Levels:

• Proton to Proton: Automatic end-to-end encryption
• Proton to others: Not encrypted, but you can send a password-protected message
• Still beneficial: It's harder for the government to access via backdoors

📚 More Info: Proton Security Features

📚 Additional Resources

🛡️ Essential Security Tools

• Signal - Encrypted messaging and calls
• Brave Browser - Privacy-focused web browser
• Organic Maps - Private, offline navigation
• IVPN - No-logs VPN service
• 1Password - Password manager
• Proton Mail - Encrypted email
• Tor Browser - Anonymous web Browse

📖 Further Reading

• Equality Labs Anti-Doxing Guide - Comprehensive privacy protection
• Electronic Frontier Foundation - Digital rights and privacy
• National Lawyers Guild - Know your rights resources
• Security in a Box - Digital security toolkit

🚨 Emergency Resources

• National Lawyers Guild Jail Support: Check for local chapters
• ACLU Know Your Rights: aclu.org/know-your-rights
• Stop AAPI Hate Travel Guide: For border crossing rights

WARNING

This information is for educational purposes. Laws and technologies change frequently. Always consult with legal experts and security professionals for your specific situation.

This guide is based on content from ActivistChecklist, which I read and modified based on a stricter threat model.