Parliamentarians

Ensure that your laptop, phone, desktop, router, etc., are all free of viruses, trojans, and dangerous malware.

Ensure that your communications between yourselves, and with your constituents are secure and that hackers can't listen in.

Ensure that your banking transactions are safe.

Ensure that your passwords are not stolen.

Digital Security

"Threat Model"

i.e., why asking "Is Gmail/Facebook/Viber secure?" is not a sensible question.

What are you protecting?

Whom are you protecting yourself against?

What capabilities does the adversary have?

What do you hope to achieve?

(e.g., preventing the snooping or simply to make it tougher?)
(e.g., confidentiality of communications, or anonymity?)

To what lengths are you willing to go?

Trade-offs: Convenience vs. Privacy/Security

Security comes at a cost

(usually at the cost of convenience)

E-mail Hygiene

• Never open an attachment that you weren't expecting.
• Make sure all your attachments are scanned by a malware scanner (especially if you use Windows).  Use the web interface for VirusTotal, if need be.
• Howsoever authentic looking, never reply to an e-mail asking you for personal information like your password, account details, etc.
• Never click a link in an e-mail that scares you into thinking you need to change your password, etc.  The bulk of these are phishing attempts.
• ALWAYS check the link (usually it appears in the status bar) BEFORE clicking it.

Browser Hygiene

Use either Chromium or Firefox

Essential Extensions/Add-ons

uBlock Origin (FF & Chromium & Safari)

HTTPS Everywhere (FF & Chromium & FF for Android)

Password Manager (inbuilt, or add-on)

uMatrix (FF & Chromium, not for beginners)

NoScript (FF-only, I use it w/ default "allow")

Certificate Patrol (FF, v. useful but can be annoying)

"Private Browsing" mode only deletes stuff (browser history, cookies, etc.) once you close the browser.

Commonly Used + Insecure

Communication Protocols / Apps

1. Mobile + Landline Calls (v. weak)
    
2. SMS (v. weak)
    
3. Email (from v. weak to not strong)
    
4. Whatsapp + Viber + Line + Wechat + Skype + Twitter + FB + Google Chat (from okay to not v. strong)

There is no magic bullet!

SMS

No way to really secure.  (Metadata always leaks.)

Instead use data or use coded language.

Alternative:

SMSSecure (SMS, Android-only - Metadata still leaks)

If you have data, other alternatives exist: XMPP (Conversations, Android: Play Store + F-Droid), Signal (Android, iPhone), WhatsApp, etc.

For average needs: Use WhatsApp / Viber

Phone Calls

No way to secure.  (Metadata always leaks to telco.)

(Weak encryption. SS7 attacks!)

Alternative:

1. WhatsApp (multi-platform, call quality is great)

or

2. WebRTC

or

3. SIP app + SIP provider (cross-platform, federated, p2p)

E-mail + Attachments

Use something other than e-mail (recommended)

Peerio (very easy to use)
For press orgs: GlobaLeaks / SecureDrop

Else: E-mail Provider + E-mail Client + OpenPGP

Provider: Riseup.net

(Snowden used this, but downside: painting-target-on-your-back)

Client: Thunderbird + Enigmail / Claws + Claws GPG plugin

OpenPGP using GnuPG: built-in (Linux), GPG4Win (Windows), GPGTools (Mac OS X), OpenKeychain (Android)

IM/Chat + Files

WhatsApp (since Dec. 2015 supports file transfer)

or:

Crypto.cat (using Chromium / Firefox / iOS)

Peerio (using Chromium / Android / iOS / Windows / OSX)

Better: XMPP Provider + XMPP App + OMEMO

Provider: Jabber.at / Yax.im /

(or service I maintain: Chats.im)

App: Conversations (Android), ChatSecure (iOS), Gajim (Windows, Linux), Monal (Mac OS X)

Contact Details

Get in touch with me using:

XMPP: pranesh(at)prakash.im + pranesh(at)cis-india.org

E-mail: pranesh(at)prakash.im + pranesh(at)cis-india.org

IRC: the.solipsist/freenode + sol/oftc

SIP: pranesh@ostel.co

Mumble: sol:chats.im

For help, join this XMPP chatroom:

crypto@chat.cis-india.org