Digital Security

for Parliamentarians

Pranesh Prakash

Policy Director

(also Technologist)

Centre for Internet & Society


Bangalore, India



CC-BY-SA 4.0

no proprietary software or standards were used in the making of this slideshow.


Ensure that your laptop, phone, desktop, router, etc., are all free of viruses, trojans, and dangerous malware.


Ensure that your communications between yourselves, and with your constituents are secure and that hackers can't listen in.


Ensure that your banking transactions are safe.


Ensure that your passwords are not stolen.

Digital Security

"Threat Model"

i.e., why asking "Is Gmail/Facebook/Viber secure?" is not a sensible question.


What are you protecting?

Whom are you protecting yourself against?

What capabilities does the adversary have?

What do you hope to achieve?

(e.g., preventing the snooping or simply to make it tougher?)
(e.g., confidentiality of communications, or anonymity?)

To what lengths are you willing to go?

Trade-offs: Convenience vs. Privacy/Security

Security comes at a cost

(usually at the cost of convenience)


<important>Good Security Hygiene</important>


{Traffic, End-to-End} Encryption


Free/Open Source Software


Open Standards


Decentralized Solutions


Federated Networks


Learn about common pitfalls.


Think about your security practices.


Develop good security hygiene.


Realize that security technologies are tools and not solutions.


Operating System


How many of you use Microsoft Windows?

(What version of Windows?)


Mac OSX?


Operating System

Linux is used by fewer people, so almost no viruses and malware for Linux.


(Even my parents use Ubuntu Linux, and have fewer problems since they shifted.)


Operating System

If you use MS Windows: you must use

anti-malware / antivirus software


Microsoft Security Essentials (Vista + Win 7)

Windows Defender (Win 8+)








Installing  Software




E-mail Attachments









General Hygiene

  • Set a lock-screen with a passcode!
  • Use Free and Open Source Software
    • Linux (even my parents can use Ubuntu)
      • When need be, use TAILS /
        QubesOS / Whonix
    • Android (but binary blobs)
    • FOSS on Mac/Windows
  • Physically secure your devices
  • Use full-disk encryption

Passphrase Hygiene


Use a password manager (LastPass / KeePass)

Long master password / passphrase using phrases in Hindi/Tamil/etc. / / Diceware

Don't reuse passwords!

Test password strength using telepathwords & zxcvbn

Use two-factor authentication wherever available


Good sources for info on passwords: Ars Technica, AgileBits blog. 

E-mail Hygiene


  • Never open an attachment that you weren't expecting.
  • Make sure all your attachments are scanned by a malware scanner (especially if you use Windows).  Use the web interface for VirusTotal, if need be.
  • Howsoever authentic looking, never reply to an e-mail asking you for personal information like your password, account details, etc.
  • Never click a link in an e-mail that scares you into thinking you need to change your password, etc.  The bulk of these are phishing attempts.
  • ALWAYS check the link (usually it appears in the status bar) BEFORE clicking it.

Transport Security

On an Open WiFi, e.g.


  • Encrypted Proxy Service ("VPN") (weak anonymity, security till VPN, so hides content from ISP but is not end-to-end)
    • Bitmask (Linux, Android, w/ Win, OSX coming soon)


Transport Security

On an Open WiFi, e.g.



Browser Hygiene

Use either Chromium or Firefox


Essential Extensions/Add-ons

uBlock Origin (FF & Chromium & Safari)

HTTPS Everywhere (FF & Chromium & FF for Android)

Password Manager (inbuilt, or add-on)

uMatrix (FF & Chromium, not for beginners)

NoScript (FF-only, I use it w/ default "allow")

Certificate Patrol (FF, v. useful but can be annoying)


"Private Browsing" mode only deletes stuff (browser history, cookies, etc.) once you close the browser.

Commonly Used + Insecure

Communication Protocols / Apps

  1. Mobile + Landline Calls (v. weak)
  2. SMS (v. weak)
  3. Email (from v. weak to not strong)
  4. Whatsapp + Viber + Line + Wechat + Skype + Twitter + FB + Google Chat (from okay to not v. strong)


There is no magic bullet!


No way to really secure.  (Metadata always leaks.)

Instead use data or use coded language.



SMSSecure (SMS, Android-only - Metadata still leaks)


If you have data, other alternatives exist: XMPP (Conversations, Android: Play Store + F-Droid), Signal (Android, iPhone), WhatsApp, etc.


For average needs: Use WhatsApp / Viber

Phone Calls

No way to secure.  (Metadata always leaks to telco.)

(Weak encryption. SS7 attacks!)




1. WhatsApp (multi-platform, call quality is great)


2. WebRTC


3. SIP app + SIP provider (cross-platform, federated, p2p)

Skype (video/voice/desktop)


1. ( (recommended)

2. Jitsi Meet (

3. Firefox Hello (built into newest Firefox)



Windows / Mac / Linux: Jitsi


Video livestreaming

Web: (



Talky just works.



E-mail + Attachments

Use something other than e-mail (recommended)

Peerio (very easy to use)
For press orgs: GlobaLeaks / SecureDrop


Else: E-mail Provider + E-mail Client + OpenPGP



(Snowden used this, but downside: painting-target-on-your-back)


Client: Thunderbird + Enigmail / Claws + Claws GPG plugin


OpenPGP using GnuPG: built-in (Linux), GPG4Win (Windows), GPGTools (Mac OS X), OpenKeychain (Android)

IM/Chat + Files

WhatsApp (since Dec. 2015 supports file transfer)

or: (using Chromium / Firefox / iOS)

Peerio (using Chromium / Android / iOS / Windows / OSX)


Better: XMPP Provider + XMPP App + OMEMO

Provider: / /

(or service I maintain:

App: Conversations (Android), ChatSecure (iOS), Gajim (Windows, Linux), Monal (Mac OS X)

Contact Details

Get in touch with me using:

XMPP: pranesh(at) + pranesh(at)

E-mail: pranesh(at) + pranesh(at)

IRC: the.solipsist/freenode + sol/oftc




For help, join this XMPP chatroom:

Made with