- [Nicole] Hello. So this lesson today is about researching securely. So we're gonna look at why that is important. So I know everyone taking the course is gonna be from a different background with a different history. Maybe some of you have experienced some form of state repression before. Perhaps you've gone through a trial or been arrested. Maybe you've even had your computer or phone taken by the police and they've accessed it and used, you know, data against you in court. So, like, state repression is a very real risk, and at the time I'm recording this video, there's a lot of protests and demonstrations against the bill, against the new policing bill. And so, you know, there are moves all the time to kind of criminalize people potentially, so I think, for me, I take security very seriously, but I think it's always a balance between what's practical and what's, like really, really important in terms of keeping you and your comrades safe. But it's not just the state that could potentially harm you. It's also, you know, like corporations. So for example, we've seen in movements the use of paid-for informants by corporations and infiltrators by corporations. We've seen, you know, data being sold by various companies. I think I read recently about this email tool which was called Unenroll Me or Unsubscribe Me, or something like that, and it was like an access, it was a service to enable people to like, unsubscribe really easily from lots of different emails, but it gave all your data to this big company who, like 10 years later, like sold all their data to someone else. So I think it's not just about state repression, it's also about kind of corporate control and corporate repression, and just kind of surveillance in general, right? Like we're all very aware of companies, you know, such as like social media giants like Facebook profiling us and, you know, they might see that as a kind of market-driven thing to be able to sell us, you know, more appropriate adverts, like, you know, orientated towards our tastes and our preferences. But, you know, for all we know, like that kind of information could be used for more fascist purposes. And that's, you know, that's definitely the case around the world where people are targeted, and yeah. The internet and our kind of digital, our digital spaces are, you know, are important places of information and intelligence gathering by state actors and corporate actors, so I think, yeah. Even if you think right now something is like low risk, you have to think about the kind of broader pattern of how something might, you know, be used against you in the future, and I think so many of these practices that I'm gonna introduce will literally take you five minutes to set up, and I think, you know, there's just no harm, right, in being in being safe and being kind of vigilant about things. And yeah. So let's dive in. So like I mentioned, like, security practices are always this tension between what is practical, what is kind of secure, and what is accessible. So I would love to have face-to-face meetings with close people that I work with. You know, it'd be amazing if all the Corporate Watch team members could work, you know, in the same room with no phones, and we could be talking about campaigns and feeling like we're not under surveillance, but unfortunately rule in different parts of the country, and, you know, some people are abroad, so we need to be able to talk electronically. We need to be able to share documents with each other. And so, you know, there's those tensions. We'd like to just use kind of anarchisty activisty servers and technology projects but maybe they don't always meet our needs, in which case, we might need to use some sort of corporate tool like Zoom, for example, which is sometimes more reliable than our other alternatives. So it's always a balance between these three factors, and you just kind of have to do your best somewhere in the middle. So security, like in general, like it's not just digital or computer security. You know, people can get very obsessed with, oh, is your laptop encrypted, is your phone encrypted? But they might have just told their life story to some random stranger at a gathering or in a bus, for example. And it's really well-recognized that like humans are definitely the biggest security risk, like the things we share about ourselves, our kind of emotional needs to feel included, our, you know, desire to trust other humans, like all of those things are potentially more likely to affect us in terms of security. You know, I'm talking from experience here of having gone through kind of 10 years of state repression against the campaign I was heavily involved in, and it was definitely that kind of human factor of people gossiping and talking to each other and stuff that, you know, got us in sometimes more trouble than, you know, not having the right encrypted phone, for example. I think the attitude I like to take is like assuming that like nothing is secure and everything is red, so if I'm using a device, if I'm sending an email, even if it's encrypted, I will just assume that whatever I'm writing could be read one day, could be cracked, could be read by the company, could be read by the police. Like, I like to think that if I'm using some sort of device that I need to be very careful about what I'm saying on it. And I think the other aspect is like exploring like worst-case scenarios. So right now, like you feel like everything is fine, but maybe your campaign might escalate into a 10-year battle, you know, or you might get into the thick of it with some like housing developers that have, you know, kind of like hired security that are quite violent. Like, you know, you just don't know what's coming, and I think it's like very sensible to plan for those scenarios. So it might, you know, we think about worst case scenarios, like, you know, a company like suing us in court for loads of money or arresting, or, you know, the police arresting us, but actually like simple things, like just losing your phone, or leaving your laptop on a train, or losing a USB stick, like they're all much more likely everyday things that could happen that could jeopardize your security, and your kind of data autonomy. So I think it's important to consider those things. So I'm going to introduce Tor. So obviously, like, loads of our research is on the internet, and one of the best things that we can do, again, like very simple step, is installing a browser called Tor, which I'll show you in a second. But how Tor works is it basically like bounces you around the internet. So we all have this like IP address, which is like a kind of identifier for us, so I can look on a website and that website can see that I've looked at it, because they can see my IP address. Whereas what Tor does is it bounces it around like various nodes, so you know, the supermarket looking at the IP address will see this random IP address and not mine, 'cause it's like masked through all these nodes. So I've put a link here to the site that you need to click on to download it. I'll just show you that. So this is on Firefox and here you can just see you can download it for Windows and Apple and Linux and, and Android phones as well. It used to be really slow back in a day, but it's pretty fast now. Unfortunately, my Internet's not very good, but I've loaded it in advance. So you can see here, you've got a search engine that, you know, you just type whatever into, as you can see, I can't spell, corporate watch, and then you can use it like, you know, any other browser. But yeah, my internet is horrendous. People don't believe me when I tell them it is, but it really is, so I'm not gonna do that right now. But as you can see, it's just kind of like any other browser, but it's, you know, it's the best way to, to be secure in like a simple way. So yeah, I'd really recommend looking at Tor. There's also options called virtual private networks. So what they're doing is, instead of bouncing around loads of nodes, they're just kind of going through one and changing your IP address. So I'll just come out of this. So I recommend one called Mullvad VPN. You can actually, you can even post them cash in the post if you don't want it to be connected to you, and they'll send you the code via VPN or you can pay like, you know, I pay every month, like I just use it for Corporate Watch stuff, and it will have a little lock here at the top, and I can put like secure my connection, and that means that when I'm searching, they're gonna see like a different location and a different IP address. So I can also switch the location around. So this is really useful, by the way, like if you're, say I was researching a French company. If I had a French IP address when I use Google or something, it's gonna generate like results that are more relevant to my location. So yeah, that can be really useful. And the VPN, it's about five pounds a month to set up. You can get all sorts of apps and companies that offer these. You can get them on your phones now. So everything you use can be kind of like masked. Just disconnect for now. But yeah, again, like very simple way of kind of protecting your identity online as much as possible. Okay. The next thing I wanted to talk about is just like emails and messaging, because so many people have smartphones these days. I know this has all been in the news recently, but WhatsApp are obviously owned by Facebook, and, you know, you might not be able to totally get rid of WhatsApp because, you know, it's your family chat or it's how you communicate with your grandma or something. It's very frustrating, like, I wish I didn't use it, but you kind of have to sometimes. But basically, when you use something like WhatsApp, your data is, you know, they talk about it being encrypted, but actually it is, it is kind of part of their kind of data machine for these companies. Like they, you know, if you read your privacy terms in detail, it's like they do kind of have the rights to read your data and a lot of these apps can also have permission to look at other things in your apps, so in your phone. So they might be able to look through all of your contacts, for example. So a really great alternative is Signal. It's a very similar messaging app. It's very useful for organizing, I'm sure lots of you use it already, and yeah. Avoiding corporate emails, So things like Gmail, Microsoft, et cetera. You know, they're all owned by corporations that will be talking a lot about through this course, like, you know, they've all got their own kind of corporate agenda and, you know, maybe they offer quite a good service in terms of reliability or speed or whatever, but you're kind of selling them a lot of information about yourself. And ideally, in an ideal world, we would all use encrypted email for everything. So there's a tool called Pretty Good Privacy, which enables you to kind of like fully encrypt an email, and you share a key with someone, and then both of you are the only people able to read that email. New players are things like ProtonMail, which have kind of come on the scene to make encrypted emails a bit more accessible, 'cause PGP it's, you know, it's very simple to use, but I guess you do need to be dedicated to kind of learning the little things with it. And ProtonMail is a really, yeah, it's a really great alternative and very secure. And, yeah. If, you know, like the thing with encrypted email, like people say, oh, if it's encrypted, like, will that be a red flag? But really, we want to get to a point where people are using encrypted email for kind of everything under the sun. So you're emailing someone saying, oh, can you dog sit for me on Friday? Not just, oh, can we meet up to talk about this demo or something? And if, yeah, if you can't use these tools, like I really recommend using a project that's like run by people that are not gonna sell your data or give it up to the authorities. For example, Riseup or May First have really good web hosting and email hosting for groups. And yeah, I think it's just that little added layer of security. And then, you know, again, basic tips. So using strong passwords. Lots of research has shown that one of the most like strong, you know, best ways to create passwords is with this dice method. So basically, you have a kind of printout of loads of different words and you roll the dice, and that particular number links with a particular word. So instead of like, you know, having loads of letters and numbers and exclamation marks, which can be sometimes really difficult to remember, you might have a password that's like dog house bartender or something like that, which is like a lot more memorable, but is actually very, very secure. So that's a good tool, you can Google that. Or, you know, or use a different search engine. Installing a firewall and a virus checker on your computer. So there's lots of free software available, and you can also pay for these, but I think it's just like good basic protection from viruses. I'm not gonna scare people with all the ways that companies can access your computers, or key loggers that the police can use to read what you're typing. But, yeah, it is good to have something that can kind of identify any like external things like implanted on your computer. And then, yeah, I've mentioned Google a couple of times, and I'm sorry for my laziness. I'm just constantly saying, oh, Google it. But there are like alternatives to Google, things like Duckduckgo and Startpage that I'd recommend using. Sometimes, to be honest, like I don't always use them for research. We're gonna do a whole session about, about how to use like advanced Google search pages, but I think if you know exactly what you're looking for, something like Duckduckgo is like really useful if you just want to Google like Anarchist News or something. Or, you know, it's like really good for that. So I use Firefox, which is like open source browser, and in there they also have a function called private browsing. So that enables you to not record the history of what you're looking at, which sometimes is annoying if you've forgotten to record it in a different way. But yeah, it's just, again, another layer of privacy with an ad-blocker. What people don't realize is that when you go onto a website like Facebook or something, they will kind of implant cookies into your browser, and then whatever you look at after that, you know, after looking at Facebook will potentially be tracked and monitored, and so I really recommend to people like logging out of their social media accounts and their Google account before they start doing like some sort of dedicated research. And, you know, also if you can, like clearing your kind of cache, so your cookies. So I'm on like a kind of new new user here, so I probably won't have any cookies on my site to show you, but you can Google that really easily like how to do that in Firefox. I think it's just, yeah, a good way of kind of keeping, spring cleaning a web browser, and it also speeds up your web browser so you're not, you know, looking at a gigabyte of stored content from websites so you can actually use the internet faster. Okay. Another layer of security things that I like to do is to use open source applications. So these are, this is kind of software developed by people in a transparent way. So they publish their source code, so it means anyone can look at the source code and see how it's been designed and created. So it's a very butchered definition, but that's kind of it in most simple terms. So, yeah, using open source applications means there's kind of less corporate control, and yeah, good alternatives. Things like Linux. So that's like an entire operating system as an alternative to Microsoft or Apple, or using, you know, things like Crabgrass like I've mentioned, the Riseup.net as an alternative to Google Docs or Google Drive. Another thing, it's called advanced, but again, it could be very simple for you depending on your type of phone, but it's encrypting your phone and encrypting your computer. So yeah, again, like I'm not, I didn't want to like overload people in this course, but, and you can kind of Google these things very easily and figure out how to do it. And some of the links I share in a minute will have like more detailed instructions with tutorials and things of how to do that. But, you know, you might take all the precautions in the world on your computer, but then if your computer is like an open book that anyone can access, 'cause it doesn't have encryption, it's kind of, it's not pointless, but it's frustrating, so I really encourage people to learn how to encrypt their computer. If you've got an Apple computer it's very easy. They have a system called FileVault, which is like internal internalized encryption system. I know when I broke my computer couple of years ago, it took them, and I gave them the password, but it took them nearly three days to like decrypt my data. So I do kind of trust that it was encrypted. But, again, like, you know, trust is a weird word, but there's also other things you can use. So you can use a totally different operating system called TAILS. This one here. So you can have this on a USB stick, and you can insert it in your computer and kind of open it in a different way. Again, I'm not gonna go into how to do this, 'cause there's loads of stuff about it online. But it means that you've kind of got like an autonomous operating system within your computer so that you could look at, you know, do research completely separately. So that's like a much safer thing to use. It's very good if you're traveling or if you're crossing borders, but yeah, I'd encourage you to look that up. And the other advanced tip is kind of having as many items like self-hosted as possible. So, like with Corporate Watch, we try and have things like hosted with the same servers, so that we're not constantly dependent on other, you know, big companies like hosting our data and hosting live information and our technology. Okay, so these are like really great resources. There's a group called the Electronic Frontier Foundation, and they have created this surveillance self-defense guide and it's really like, really great graphics, really easy to interpret all the information, lots of like how-to's about to do different things like encrypt your phone and stuff. So I really like encourage you to check that out. And then Riseup have got just like a simple guide. It's a few years old, I think, but it's about like more safely browsing the internet, and then finally there's like this security in a box tool which has got kind of different kind of like goals. Like you can do an audit and it can encourage you to, okay, this is how to encrypt your phone. Okay, this is why you should delete your photos off social media. Like it kind of takes you through things like step-by-step. And all of these resources will have, you know, links and guides within them. Feel free to drop me an email too about this stuff. But yeah, so definitely check them out, and before we go on to the other modules, I'd really encourage you to download Tor as your next step. Okay, great.