403 Forbidden V 3.1.0
By Alex Wieder
Making it home from a protest safely is exceedingly difficult, especially when law enforcement has the ability to raise bridges, cut off public transportation, or even barricade protestors in a tunnel before opening fire with rubber bullets. Provided you’ve made it home safely with your devices intact, it’s time to deal with the images, videos, and audio that you may have gathered.
Getting information to the public is instrumental to the longevity and growth of a protest movement, but doing so is not as straightforward as one might think. Don’t get me wrong, you can easily livestream yourself at a protest or post anything immediately to your social media accounts, but that places both yourself and others at serious risk. I will outline here some steps for managing sensitive media once you’ve returned home to ensure what you’ve captured is safe for you, safe for others, and safely stored for the long-term.
***
STEP 1: BACK IT UP
If you’ve ever had the misfortune of a failed hard drive you know all too well the panic and frustration that sets in once you lose that critical information. Your protest media won’t do you any good if it’s stored on a broken smartphone, or corrupted due to a failed drive. In recent years, many of our devices can do this automatically with services like Google Drive and iCloud which automatically backs up selected information to the cloud.
CLOUD STORAGE
Cloud storage put simply, is server space that can be accessed via the internet. Until widespread cloud storage adoption, backing up your data meant physical storage, AKA carrying around thumb drives, hard drives, CD-ROMs, even floppy disks, and spending the time writing information to and from those devices. In the age of immediacy, relying on automatic backup to and from a secure location at a moment's notice sounds like the perfect solution, but cloud storage isn’t the magical data savior it may seem to be.
There’s a common fallacy that anything you create is indisputably yours, and nobody can do anything to it without your permission. In regard to copyright, that’s not an entirely inaccurate statement, but copyright is just one piece of the puzzle. The server space you’re associated with in the cloud, whether it’s iCloud, Dropbox, Google Drive, BackBlaze, etc. are all leased to you, meaning you don’t really get to control it even though you pay for it. Placing your information in that leased space places that information under the privacy policy, terms of service, and other strictures of the company that owns it. Even innocuous services like Adobe’s Creative Cloud, designed for productivity across devices, can offer your entire storage library to the authorities if deemed necessary. Remember that you may not think you’re in the wrong, but that’s not your decision when being pursued by law enforcement. As government and policies shift towards authoritarianism, the line between “legal” and “illegal” will shift to serve those interests.
Review the Privacy Policies here for a platform you use. How private is your content?
Even if you’re storing information on the safest, most rights-conscious platform, the ubiquitous use of cloud storage makes the associated servers prime targets for hacking and data breaches, and those with sensitive information have the most to lose. Using a VPN can add a layer of security to your data transfer, but that’s not always practical or available depending on your cloud service and device type. For these reasons alone, I recommend physical storage over cloud storage whenever possible to securely back up your data. That means turning off automatic backups of your device, since photos and videos may be included as well.
PHYSICAL STORAGE
Physical storage can be hard drives, thumb drives, even the microSD card in your smartphone. While you don’t have the benefit of immediate access via the internet, physical storage offers plenty of accessibility and even more security. You don’t need to worry about a VPN or information being stolen, the drives you purchase are yours in their entirety, and you can control who has access to them both physically as well as via password protection and encryption. I highly recommend having at least 2 backups of your information, because even backups can fail. Ideally one of the two backups is offsite, meaning not in your home for most people, which provides an extra level of safety if you were to experience a natural disaster for example.
Physical storage does mean you’ll be responsible for the upkeep of your drives, but it also ensures you’re not giving that control away either, and generally it isn’t a huge undertaking when you’re dealing with just a drive or two. Save everything to your backup drives as soon as possible so the risk of deletion or corruption is minimized, and make sure to store drives in a cool, dry place when not in use. Physical storage has a lifespan, so it’s important to upgrade to newer drives every few years or so to make sure your data is as future-proofed as possible.
Once your information is backed up securely, it’s tempting to start getting it out into the world, especially when it comes to powerful images and videos. Disseminating media can make all the difference to advancing a cause, but can also open yourself or others to the risk of arrest or other legal action well after the fact. The Internet is a publishing platform first and foremost, and once out in the world there’s no telling what impact it may have or how far it will spread. Protest media can spread especially quickly, and once it’s gone viral there’s little stopping it from scrutiny, especially from law enforcement.
STEP 2: ANONYMIZE MEDIA
If you plan on capturing media during protests, you’re effectively creating evidence in one fashion or another, which should be examined extremely carefully before posting anywhere. Whether it’s an image or video, short or long, well lit or dim, can all potentially send those being depicted to jail. The best way you can mitigate this risk is by carefully anonymizing your media through blurring out faces, and removing associated data to prevent things like location and time from being discerned as well.
METADATA
Whoever came up with “a picture is worth a thousand words” was on to something, and I don’t mean the descriptive power of still images. Digital images are more than just the pixels of color you see on screen, they also contain a plethora of information called “metadata”.
Metadata, per its namesake, is data about the media that was captured and is baked into every file. Unless you’re looking for it, you probably won’t see a file’s metadata since it’s not outward facing like a file name. However, it’s incredibly easy to access with even basic editing software, and there are plenty of metadata viewing programs as well. While metadata can be benign when referring to image dimensions, color profiles, or copyright information, it can also include:
The exact time and date of capture
The make and model of the capture device
Geographical information about where the image was captured as GPS coordinates
Serial numbers of devices and lenses
How to View Metadata
For Windows users, all you need to do is right-click the photo you want to inspect, and select “Properties”. In the window that pops up, click on the “Details” tab and you can see a good amount of your image’s metadata.
For MacOS users, open any image in Preview and select “Tools” up in the menu bar. Click on “Show Inspector” which will bring up another window. In that window, select the tab with “(i)” and select “General”, “EXIF”, and “TIFF” to see varying amounts of image metadata.
These can be used to attach the media in question to the image producer, not just those depicted, as well as a specific time, and a specific place. Take a photo with your smartphone, upload it to your computer, and take a look for yourself using Windows or MacOS, you’ll be surprised what comes with your images.
IMAGE SCRUBBING
For your safety and for the safety of others, it’s critically important to scrub metadata for any media captured at a protest. There are plenty of metadata scrubbers out there, though be careful which you choose. Lots of the hits you’ll get in a google search for “Metadata Scrubber” will bring up programs which are backed by ads which can of course be compromising for a variety of reasons. I highly recommend the metadata scrubber designed by Everest Pipkin which is an excellent all-in-one solution. The program is simple: you upload images, erase the metadata, and can even selectively blur or black-out anything incriminating, before downloading your sanitized copy. Easy! The program works entirely in-browser meaning it doesn’t send information to or from anywhere, keeping your sensitive files safe, but also has the benefit of being downloadable to work offline, and automatically downsizes images which can be helpful for posting on the web.
Blurring-out the faces of protestors is a critical task before disseminating any protest media. Social media is perhaps the most common place to share protest media, but it can easily implicate others. Sites like Facebook are being actively tracked by local government, and facial recognition technology via tagging can point to specific individuals easily. Thankfully Everest Pipkin’s Image Scrubber has tools for anyone to access easily, though you’re also free to do so with image-editing software such as Photoshop, if you’re so inclined. Make sure if you’re blurring faces manually to save your final image as a flattened file so the blurring layers cannot be removed, and black out entirely anything that could be seriously incriminating such as identifiable tattoos or clothing.
STEP 3: DISTRIBUTE AND DISSEMINATE
After preparing your content to protect yourself and your fellow protestors, you can now distribute your media as you see fit. What you choose to share, and where you choose to share it, can greatly shape how you disseminate media, as there are plenty of vulnerabilities even for sanitized content.
Social media such as Facebook, Twitter, and Instagram are the most common places to see protest media, and for good reason. A post’s ability to go viral can jettison anything from just a few views to making the news cycle, and many protests rely on widespread visibility and mass attention. Widespread visibility and re-sharing also means that your post will be associated with you even if you choose to delete it later, which is why it’s important to be selective of what you associate with your personal profiles. You should also keep an eye out for irresponsibly posted media by others, potentially reach out and explain your concerns, and share tools like the Pipkin’s Image Scrubber with your networks.
After social media, the next level of media dissemination is to news organizations, who have a far-reaching and captive audience at their disposal. Sharing information with news outlets, especially sensitive information, is a completely different ballgame to clicking “post” on social media. Most journalistic organizations take very seriously their duty to protect their sources, but that requires work from both the organization as well as the source to be effective. Many news outlets have a dedicated tip line to share information across, though they’re not all treated equally. One of the more robust implementations of security comes from the New York Times, which has a tipline accessible through Signal, WhatsApp, encrypted email, and even a dedicated Secure Drop page via the TOR browser.
These services offer encryption and anonymity in some regard or another, and when compounded with a VPN, put even more security at your disposal. Generally, if you’re trying to contact an outlet and they refuse to use a secure channel, then you should not be sharing your content with them.
For those who are regularly submitting sensitive data, or who want a comprehensive solution that’s separate from their usual day-to-day data and applications, I highly recommend Tails OS. It may sound daunting to use an entirely separate operating system for these purposes, but Tails was designed from the ground-up to be safe, secure, and anonymous.
The operating system is built on a lightweight platform designed to be run on a thumb drive, which means you can remove it from your computer completely without leaving a trace, or affecting files on the rest of your computer. Tails at its core is amnesic, meaning that it doesn’t record anything to your hard drive. While placing files in the trash or recycle bin and clicking “empty” appears to delete the associated files, there’s still a record of their existence until it’s overwritten by new information. In essence, your computer deletes the path to the information, and lets the hard drive know it’s okay to overwrite, but that can take from days to years depending on the drive. Tails by contrast uses your system’s memory as storage which gets cleared after every shutdown, thus having the computer “forget” everything you did previously. Included automatically is a Digital Security Toolbox, which includes the TOR browser, Thunderbird email encryption software, the KeePass password bank, LibreOffice for editing documents, and many more applications. The greatest feature of all is that it’s free, so you don’t have to shell out anything ridiculous to access this extremely powerful tool.
***
A lot of ground has been covered throughout this series, but even still it’s not comprehensive; new applications, technologies, and vulnerabilities are being developed every day. Cybersecurity is about building a sustainable ecosystem, and having all of these tools at your disposal means nothing if you’re too overwhelmed to implement them. Remember that it’s okay to start with manageable, individual changes, even if it’s just one at a time. As you become accustomed to these changes, you can certainly add more, and in short order you’ll have ample protection from threats of all kinds.
With the most consequential presidential election of our lifetimes and plenty more protests to come, the fundamentals for good cybersecurity need to become a part of all of our daily lives. These tools applied at a protest, when disseminating media, or for general well-being and safety, will be critical for safely combating injustice, oppression, and systemic racism both now and in the future.
If you’d like to keep up with cybersecurity news, or you’ve become interested in general computer nerdery after reading this series check out How-To Geek, which has excellent resources for just about anything that blinks and beeps. If you’re looking for more comprehensive cybersecurity advice, check out Sophos which also develops top-notch cybersecurity software, as well as Everest Pipkin’s excellent document on anonymizing your online footprint. If you’d like a consultation on specific cybersecurity needs or have any questions about what was covered in this series, feel free to reach out.