Protestors in Hong Kong have shown that it is possible to organize in a tightly monitored and censored environment. They offer ten practical security tips a free online handbook.
Taking photos & videos
Use instant streaming photo and video taking apps to upload content immediately. This avoids the risk of your photos and videos being deleted if your phone is taken. Instagram and Tumblr are good. Use Ustream to record, stream and instantly upload videos.
Communications
Do not use public WiFi. The connection between the laptop and WiFi server is often insecure and subject to hacking. A hacker can intercept the WiFi communications using a man-in-the-middle (MITM) attack. This lets them monitor communications and redirect the user to fake website.
Use secure, encrypted apps for phone calls. They recommend RedPhone (Android) or Signal(iPhone and Android).
"Most Hong Kongers are using unencrypted instant communication apps, such as, Whatsapp, Line and/or WeChat. These apps deliver messages through a server which may store the content of the messages. It greatly enhances the chances of data being hacked or leaked. Therefore, we recommend some end-to-end encrypted instant messaging apps, for example, Telegram, Threemaor Wickr. You may encode your Wickr before you start using it and set a self-destructing timer for your messages", from the handbook.
The Chinese government is reported to instal apps on people's phones that collect personal info and transmit them back to the authorities. CNET reports that "More than 1,000 Android apps harvest data even after you deny permissions. The apps gather information such as location, even after owners explicitly say no." This list includes Baidu's Hong Kong Disneyland Park app.
Use email service providers that encrypt emails before it is sent. It will only be decrypted after it is delivered to the designated account. This can prevent the content being viewed before you open it or during the process of delivery. allowing emails to be encrypted by PGP (Pretty Good Privacy) technology. Hushmail is a Canadian firm that provides encrypted email services.
Consider deleting some sensitive information stored in your mobile phone before taking part in a protest or traveling in a harsh environment. This includes past communication records, emails, photos or video and contacts. Get a second phone for protests that only has basic apps and no private information.
Before you participate in any protest, make sure you have an extra phone battery. Activate your phone's service that enables you to delete the data on it, in case it is lost or confiscated.
Turn off Face ID and Touch ID on iPhones. Laws in Hong Kong ensure that people have a right not to incriminate themselves. This includes refusing to give the pin to unlock your phone. However, authorities could force unwilling detainees to unlock their handsets using facial recognition or fingerprints.
During the HK protests, a live feed of the scene was broadcast on Periscope, Twitter's streaming platform. It was shut down later when mobile internet connections became sporadic within the crowded protest area. Others turned to Twitch -- normally a destination for watching people play video games -- for streams combining TV feeds and on-the-ground footage. Some of the Twitchchannels were drawing over 10,000 live viewers.


Hong Kong Civil Liberties Union (“HKCLU”) is a group of legal volunteers in Hong Kong dedicated to defend and safeguard civil rights and liberties. We aim at providing free legal assistance to the community and fellow non- governmental and non profit-making organizations on the issues of civil rights, with the ultimate goal of achieving equality and diversity in Hong Kong.
Takeaway
Deepak
Co-Founder, DemLabs
Please share this article. Democracy Labs is a SF-based, hub for ongoing technology and creative innovation for progressives campaigns and advocacy groups. Donate here to support our work.