440
edits
Guide:Resisting technological domestic abuse: Difference between revisions
Guide:Resisting technological domestic abuse (edit)
Revision as of 17:14, 12 June 2021
, 2 years agono edit summary
No edit summary |
|||
Line 1:
{{Template:Draft}}
{{Warning|1='''Do NOT follow the advice below if any of it will place you at risk of further harm should you be discovered.'''<br /> We are not domestic abuse experts and cannot make judgement calls regarding advisability of resisting the perpetrator given the prospect of further abuse. <br /> If you need further non-technical support, please reach out to one of the resources [[w:List of domestic violence hotlines|listed on this page]].}}▼
{{TOC right}}
Purpose of this guide is to help victims of technological domestic abuse resist surveillance and recover from privacy or security compromise by the perpetrators of abuse, whether romantic, familial or otherwise. <br />Technologically savvy perpetrators have more options than ever before to keep tabs on their victims, take away control or agency and continue abuse from afar. We will try to give you the tools and knowledge to resist technological aspects of the abuse, and once you're able to leave the abusive situation, recover from the privacy compromise.
<br>
▲{{Warning|1='''Do NOT follow the advice below if any of it will place you at risk of further harm should you be discovered.'''<br /> We are not domestic abuse experts and cannot make judgement calls regarding advisability of resisting the perpetrator given the prospect of further abuse. <br /> If you need further non-technical support, please reach out to one of the resources [[w:List of domestic violence hotlines|listed on this page]].}}
{{ombox | image=[[Image:JS Icon Edit.svg|80px]] | text =
'''Main takeaways'''
* Technology enables new avenues of domestic abuse.
* Beware of
** Stalkerware, programs designed to spy on you
** Internet connection control and [[w:Man-in-the-Middle attacks|Man-in-the-Middle attacks]]
** Account compromise
* Consider setting up a trusted computing environment, via Tails
* Once safely away from the perpetrator, follow the check-list to restore control over your privacy
}}
<br>
= Core assumptions =
In this guide we are assuming following:
Line 49 ⟶ 61:
Apple, like Google, also actively removes stalkeware apps from its store. To install external apps on iOS devices, generally the device has to be [[w:jailbroken|jailbroken]] (basically, unlocked to enable non-Appstore apps. Most jaibroken devices have an alternative app store on it, called Cydia. If your device has Cydia on it, but you did not jailbreak the phone and install Cydia yourself, you might be a victim of stalkerware.
====Should you remove stalkerware?====
We cannot say, given that this depends on your personal circumstances. The perpetrator is very likely to notice this, and if attempting to resist may result in further abuse, it may not be advisable.<br>
Remember that in most jurisdictions [[w:wiretapping|wiretapping]] is a serious crime, it may be worth it to keep the stalkerware on the device as evidence.
Even if you cannot remove the stalkerware, just knowing it is there empowers you to make better decisions about your situation.
==Connection monitoring==
==Account compromise==
=Setting up a safe computing environment=
While we cannot possibly anticipate every exact combination of technology-enabled domestic abuse you may face, we can help you set up a safe working environment that you can use for your essential computing needs without the fear of being spied upon or intercepted by the perpetrator.<br>
The basic idea is that we will setup a portable computing environment consisting of an operating system and persistent storage on an encrypted USB device. This portable computing environment will be protected by strong encryption and designed to resist even the most capable adversary. It may look a bit daunting, but if you persist, you will finally have one way of accessing the internet in a way that you can completely trust (as long as you keep your encryption password secret).
===About Tails===
To achieve this, we will rely on the excellent work of the Tails project. Their objective is to produce a safe computing environment for journalists, activists, human rights defenders and domestic abuse survivors.
You may read more about the project [https://tails.boum.org/index.en.html on their website], but in short Tails:
* ''' is discreet''' - it leaves no trace on the computer it is used on. It does not write to the hard disk, it does not leave your files or browsing history behind. Even the most skilled computer forensics professional would struggle to prove that Tails was ever used on a particular computer.
** it does, however, leave trace on the computer where it was initially installed to the USB; remember to delete any downloaded files and to delete your browsing history or try to install it using the computer from a trusted friend
* '''protects your connection''' - all traffic to and from Tails is protected by the [[w:Tor (network)|TOR]] anonymity network; it leaves not trace on the router or DNS server you're using, even if they're monitored
* '''strongly encrypted''' - once you shut down the computer that is using Tails, getting the data on the USB stick without knowing the password is, for all intents and purposes, impossible
* '''separate from your compromised computer''' - because all the files that Tails needs to run are on the USB device which you control, it does not matter if the device you're using it on is riddled with stalkerware; Tails uses it's own trusted operating system, and can be used safely on computers that are actively monitored
** because all the contents are encrypted, it also cannot be tampered with while in the shut down state
* '''amensiac''' - by default, when shut down after use, Tails will forget and discard all the files that may have been generated (such as browsing history) which leaves less opportunity to somebody to compromise you further should they obtain your encryption password
** you can, optionally, set it up to remember certain files. This is called persistence. It is generally safe to enable persistence (those files are encrypted as well), but if you do, you have to be sure to not disclose your encryption password
This point cannot be overstated, but <u>'''everything really depends on the strength of the encryption password you select'''</u> while creating a Tails USB stick. If you reuse a password that the perpetrator knows, you will be putting yourself at risk (particularly if you use persistence). For advice on how to come up with better passwords, see [[Passwords#Choosing_better_passwords]].
===Installing Tails===
Rather than reinventing the wheel, we will instead point you to the excellent installation guide maintained by the Tails project itself.<br>
https://tails.boum.org/install/index.en.html
===Using Tails===
Using Tails is much like using any other desktop operating system. You have access to a browser, email client, and an office suite. You can connect to all your normal online services. It may look slightly differently, but don't let that intimidate you. 95% of the normal use of Tails is same as Windows or Mac.
=Taking back control and reasserting your privacy rights=
=Closing thoughts=
Although facing a perpetrator of domestic abuse is always difficult, please remember that domestic abuse is primarily and (anti-)social problem. No amount of technological knowledge and intervention can solve the fact that perpetrator is committing a crime by wiretapping your communications and that you may benefit from help by specialist services with resources and knowledge to help you in dealing with the perpetrator.
In this guide we've tried to equip you regarding technological aspects of domestic abuse but more help is out there. Seek it and reach out. Do not let the perpetrator control you.<br>
Good luck, and thank you for indulging us.
| |||