DemLabs blog

Protestors in Hong Kong have shown that it is possible to organize in a tightly monitored and censored environment. They offer ten practical security tips a free online handbook.

Taking photos & videos
Use instant streaming photo and video taking apps to upload content immediately. This avoids the risk of your photos and videos being deleted if your phone is taken. Instagram and Tumblr are good. Use Ustream to record, stream and instantly upload videos.

Communications
Do not use public WiFi. The connection between the laptop and WiFi server is often insecure and subject to hacking. A hacker can intercept the WiFi communications using a  man-in-the-middle (MITM) attack. This lets them monitor communications and redirect the user to fake website.

Use a secure phone app
Use secure, encrypted apps for phone calls. They recommend RedPhone (Android) or Signal(iPhone and Android).
Secure messaging apps
"Most Hong Kongers are using unencrypted instant communication apps, such as, Whatsapp, Line and/or WeChat. These apps deliver messages through a server which may store the content of the messages. It greatly enhances the chances of data being hacked or leaked. Therefore, we recommend some end-to-end encrypted instant messaging apps, for example, TelegramThreemaor Wickr. You may encode your Wickr before you start using it and set a self-destructing timer for your messages", from the handbook.
Don't install any unknown apps
The Chinese government is reported to instal apps on people's phones that collect personal info and transmit them back to the authorities. CNET reports that "More than 1,000 Android apps harvest data even after you deny permissions. The apps gather information such as location, even after owners explicitly say no." This list includes Baidu's Hong Kong Disneyland Park app.
"China Is Forcing Tourists to Install Text-Stealing Malware at its Border. The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files", reports Vice News.
Use encrypted email
Use email service providers that encrypt emails before it is sent. It will only be decrypted after it is delivered to the designated account. This can prevent the content being viewed before you open it or during the process of delivery.  allowing emails to be encrypted by PGP (Pretty Good Privacy) technology. Hushmail is a Canadian firm that provides encrypted email services.
Get a second phone
Consider deleting some sensitive information stored in your mobile phone before taking part in a protest or traveling in a harsh environment. This includes past communication records, emails, photos or video and contacts. Get a second phone for protests that only has basic apps and no private information.
Take a charger
Before you participate in any protest, make sure you have an extra phone battery. Activate your phone's service that enables you to delete the data on it, in case it is lost or confiscated.
Don't use automated log in services
Turn off Face ID and Touch ID on iPhones. Laws in Hong Kong ensure that people have a right not to incriminate themselves. This includes refusing to give the pin to unlock your phone. However, authorities could force unwilling detainees to unlock their handsets using facial recognition or fingerprints.
Use multiple platforms
During the HK protests, a live feed of the scene was broadcast on Periscope, Twitter's streaming platform. It was shut down later when mobile internet connections became sporadic within the crowded protest area. Others turned to Twitch -- normally a destination for watching people play video games -- for streams combining TV feeds and on-the-ground footage. Some of the Twitchchannels were drawing over 10,000 live viewers.
Resources
Hong Kong Civil Liberties Union (“HKCLU”) is a group of legal volunteers in Hong Kong dedicated to defend and safeguard civil rights and liberties. We aim at providing free legal assistance to the community and fellow non- governmental and non profit-making organizations on the issues of civil rights, with the ultimate goal of achieving equality and diversity in Hong Kong.
Keyboard Frontline is an internet freedom advocacy group founded in 2011 to fight for greater user rights under Internet Article 23. It published an online guide for protestors, organizes protests, exhibitions, discussion forums and online lobbying. Keyboard Frontline raises public awareness of the importance of internet freedom, and ultimately the creation of a free and open internet environment in Hong Kong.

Takeaway

The best ideas come from others on the front-lines. Let us know of good solutions and we'll be glad to get them more visibility.

Deepak
Co-Founder, DemLabs

Please share this article. Democracy Labs is a SF-based, hub for ongoing technology and creative innovation for progressives campaigns and advocacy groups. Donate here to support our work.

Subscribe to DemLabs Bulletin

A Project of The Advocacy Fund

DemLabs is a Unique Collaboration of Leading Technologists,
Creatives and Political Professionals

We deliver technology and storytelling innovation
to progressive campaigns and groups

The Democracy Labs — New Ways To Win