We're in the mist of what may be the largest civil rights movement in US history. In Belarus, inspiring protests are bringing down the authoritarian Aleksandr Lukashenko. Around the world, authoritarians and nationalists are being met with a rise in democratic political protests.
The US government has sometimes not lived up to its declared values in the face of protests. From COINTELPRO to the PRISM revelations, it is clear that it has often treated political protest as a threat, and turned to surveillance and infiltration in order to undermine it. A Nixon administration official admitted that the war on drugs was started to undermine the antiwar and civil rights movements.
We are, unfortunately, not as democratic as we might hope to be. And the situation is unlikely to have improved in the current era. In a world where it's not a given that the President will step down if he loses the election, domestic activists need a toolbox at their disposal that will keep them safe as they exercise their Constitutional rights. Around the world, activists fighting for equality and democracy need the same.
Unfortunately, the Bridgefy app that was widely used in the Hong Kong protests has been shown to be a privacy nightmare: easy to take down, compromise, and deanonymize. Choosing the wrong tool can have consequences. So what's safe?
Open source software allows anyone to view and share the source code. It can be audited by anyone who wants to verify that it is seucre and fit for purpose. The result is applications that are more trustworthy.
Here are a few auditable, open source tools that I believe activists can rely on.
Easy to use and end-to-end encrypted, Signal is recommended by both Edward Snowden and security guru Bruce Schneier. It behaves like a slick instant messaging app you might download from Google or Facebook, but you know your messages are end-to-end encrypted.
I use Signal every day to communicate with people all over the world. It just works.
It's worth saying that while the Signal protocol is also used to secure WhatsApp messages, it is technically possible for messages saved on that app to be shared with Facebook, its corporate parent. They can also be technically shared with governments and law enforcement.
While Signal is best at one-to-one communication, Element is a bit like an open source, end-to-end encrypted Slack. Based on the decentralized Matrix network, which can theoretically support an infinite number of different apps, it combines a commercial quality user experience with fully open source code, a decentralized back-end, and end-to-end encryption.
Like Slack, it can be extended using bots and integrations. For example, an upload to a SecureDrop endpoint could notify an Element channel (or a channel on any other Matrix-powered app). In the same way Slack can be turned into a notification center for commerical teams, Element or Matrix can be used to be an activist group's control center. And it runs behind Tor.
Organizations like The New York Times, the anti-corruption NGO Global Witness, and the Center for Public Integrity run SecureDrop instances on their own infrastructure to maintain the safety and anonymity of whistleblowers. Any organization can do the same.
The InterPlanetary File System is a censorship-resistant way to publish content on the internet without having to rely on a central provider. When used with the Tor Browser, it's anonymous, too.
IPFS's distributed architecture allows content to be published without easily being removed. Content is hosted by other IPFS users. Unlike the web, there's no central DNS registry, so domains can't be pulled down. And content at one IPFS location can easily be forked and copied to another.
Tor is the most secure way to browse the web. It blocks trackers and prevents browser fingerprinting: the process by which tracking networks can identify you by your browser configuration alone, whether you have cookies enabled or not.
Most importantly, though, it uses the Tor network, which is designed to anonymize your internet traffic. (TOR stands for The Onion Router, and its anonymous architecture is built in layers, like an onion.) There are lots of sites that only exist on the network, and these "dark web" nodes aren't as rife with criminality as reports suggest. DuckDuckGo operates a Tor node; so does everything from Medium to Facebook. In every case, it's to establish greater security for users around the world.
Tor allowed protesters in the Arab Spring to escape censorship or retaliation, and is used to bypass China's Great Firewall. It can do the same for today's protesters. Chrome and Firefox users in free countries can download the Snowflake plugin to help host layers of the Tor network without implicating yourself.
Bitmask is a cross-platform VPN built specifically for activists. Most people use a VPN to create a secure connection to protected infrastructure: for example, to access production servers. Some commercial VPNs are designed to allow people to access streaming services in other countries. In both cases, anti-surveillance isn't the goal; they tend to have centralized architectures where traffic travels through servers monitored and controlled by a single company.
Conversely, Bitmask gives you access to multiple networks designed to circumvent surveillance and network monitoring. Its parent, the LEAP Encryption Access Project, wants to provide high quality encryption to everyone. (The Trump administration has considered banning end-to-end encryption.)
This list is a starting point: I'd love to hear about other software you think should be included. If you're aware of an open source, easy to use, cross-device encrypted email solution, I would particularly like to know - mostly so I can switch to it immediately.