440
edits
Guide:Resisting technological domestic abuse: Difference between revisions
Guide:Resisting technological domestic abuse (edit)
Revision as of 18:38, 17 June 2021
, 2 years agoproofing
No edit summary |
(proofing) |
||
Line 2:
{{Warning|1='''Do NOT follow the advice below if any of it will place you at risk of further harm should you be discovered.'''<br /> We are not domestic abuse experts and cannot make judgement calls regarding advisability of resisting the perpetrator given the prospect of further abuse. <br /> If you need further non-technical support, please reach out to one of the resources [[w:List of domestic violence hotlines|listed on this page]].}}
{{TOC right}}
Purpose of this guide is to help victims of technological domestic abuse resist surveillance and recover from privacy or security compromise by
<br>
{{ombox | image=[[Image:JS Icon Edit.svg|80px]] | text =
Line 9:
* Beware of
** Stalkerware, programs designed to spy on you
** Internet connection control and [[w:Man-in-the-middle attack|
** Account compromise
* Consider setting up a trusted computing environment,
* Once safely away from the perpetrator, follow the
}}
<br>
Line 18:
In this guide we are assuming following:
* The perpetrator is somebody who has physical access to you and to the devices (and potentially accounts) you use.
** The perpetrator also controls your internet access, either by controlling the router or controlling the ISP's account.
* The perpetrator is generally more technologically savvy than you.
* The perpetrator is willing to deploy technological measures that are generally unacceptable, such as tracking your location, monitoring your search history, compromising your social media accounts, and so on.
= But first =
If you share the device you're reading this on with the perpetrator, DO NOT allow them to use your browser history to find out about your attempts to resist.<br />
Line 39:
}}
Potentially most concerning method the perpetrator could use is installing [[w:stalkerware|stalkerware]], also known as creepware, on your devices. Stalkerware are apps and programs that are designed to keep track of another's person's activity and report it back to the perpetrator. Many of those apps masquerade as 'parental control' or 'employee monitoring' solutions, but most make little to no effort to limit the potential for abuse.<br>
These are very difficult to counter as they are designed to be stealthy and avoid detection, much like any other [[w:malware|malware]]. There are many stalkerware products, and new shady operations sprout all the time,
If you answered yes to any of those
===
* If you can, do not
** Use a strong screen lock method, and do not use fingerprint scan or face unlock (as those methods are rather easily fooled). There is no substitute for a [[Choosing better passwords|good password]].
* Most stalkerware programs run in the background all the time, using your battery (
* Stalkerware programs must send the captured data to the perpetrator. Therefore, look at your data (and WiFi) usage and look for unusual patterns, like apps you don't know suddenly sending a large amount of data.
* Look for apps that you don't know and have permissions that you do not remember granting.
* Remove the apps you do not use. This will
====Canary trap====
[[File:Peter Dinklage by Gage Skidmore.jpg|thumb|If you've seen Game of Thrones, you've seen a 'canary trap' in action. [https://www.imdb.com/title/tt2070135/trivia
One method of narrowing down how and were you're being spied upon is the use of so-called '[[w:canary trap|canary trap]]'.
The basic idea is that you give different version of an event, document or a plan (bait) via different methods of communication and see which one the perpetrator brings up. For example, if the perpetrator is attempting to control your social life, you might text one friend about plans to meet up for drinks, and email a completely different one to meet up for coffee at the same time. If the perpetrator now brings up you going for drinks with a specific friend, you know they're monitoring your texts, and probably not monitoring your email.
====Device specific tells====
======[[Android]]======
Line 60:
======[[iOS]]======
[[File:Cydia logo.png|thumb|Cydia app store logo]]
Apple, like Google, also actively removes stalkeware apps from its store. To install external apps on iOS devices, generally the device has to be [[w:jailbroken|jailbroken]] (basically, unlocked to enable non-Appstore apps). Most jaibroken devices have an alternative app store on it, called Cydia. If your device has Cydia on it, but you did not jailbreak the phone
===Should you remove stalkerware?===
We cannot say, given that this depends on your personal circumstances. The perpetrator is very likely to notice this, and if attempting to resist may result in further abuse, it may not be advisable.<br>
Remember that in most jurisdictions [[w:wiretapping|wiretapping]] is a serious crime, it may be worth it to keep the stalkerware on the device as evidence.
If you suspect stalkerware there are couple reliable ways to remove it:
* if it is an Apple device, take it to the nearest Apple Store; they will be happy to un-jailbreak it for you
* in most cases, a simple factory reset will be sufficient. Any phone repair store will be able to do it for you.
* for Windows devices, reinstalling Windows is the safest option (any computer tech can do this easily) but absent of that most reputable anti-virus solution will catch it
** even in-built Windows Defender may be able to catch it; the perpetrator would have disabled it when installing, but if you simply make sure that Windows Defender is re-enabled it may be enough
Even if you cannot remove the stalkerware, just knowing it is there empowers you to make better decisions about your situation.
Line 69 ⟶ 76:
Even if your devices aren't spying on your directly, the perpetrator can monitor your online activity if they control the internet connection your use.
===Gateway/Modem/Router===
If you share your WiFi with the perpetrator, there is
====DNS====
DNS is essentially internet's phonebook. It allows your computer to convert a website, such as {{SERVER}} to an [[w:IP address|IP address]] which the computer can actually use to deliver you the website. For various complicated historical reasons, this traffic has not been protected by encryption by default until very recently, and anyone who is on the network can observe you as you access websites. By doing this they can tell which website you access, but they cannot tell what you were doing on that particular website. So, in case of {{SITENAME}}, they would be able to tell you accessed {{SERVER}}, but not not that you looked up this particular page.
=====
If you use Chrome or Firefox, the solution to this is to make sure your browsers are up to date. Both have recently enabled their encrypted DNS by default, so this should kick in with an update. You can check if your DNS is encrypted by
====TLS====
[[File:HTTPS lock Firefox.svg|thumb|Look for the 'lock' in your browser; those pages are encrypted]]
Vast majority of internet traffic nowadays is encrypted by Transport Layer Security (TLS, formerly SSL). You may know it as the little
=====Server Name Indicator=====
To establish a secure connection, TLS needs to perform a 'so-called' handshake. Because intermediate computers who carry your connection need to know where to send your data, this handshake has to have the address (so-called Server Name Indicator (SNI) and IP address) of the destination website in the plain text. You can think of this in terms of sending a physical mail letter. If you want your letter to be delivered, you need to make the recipient's address public.
That being said, just like unencrypted DNS mentioned above, the perpetrator using this technique can only see the domain of the website you're using, not the content of the website or the exact page.
=====
There is no easy solution to this currently. A [[VPN]] would be effective at hiding this, but VPNs are paid for and have their own issues. You can access sensitive sites occasionally with [[TOR Browser]], but conducting all your browsing through TOR can be cumbersome.
There is a proposal to encrypt this 'address field' too, called [[w:Encrypted Client Hello|Encrypted Client Hello]], but it is not yet ready for primetime, and thus most websites don't use it. Here's hoping this changes soon.
Line 90 ⟶ 97:
[[File:Firefox - Insecure connection on CACert.jpg|frameless]]
This indicates that somebody may be trying to intercept your connection, and might be serving you something your browser does not expect. '''Try your very best to resist the urge to click 'Add exception'''' as doing so is basically giving permission to the perpetrator to continue observing and interfering with your traffic. Just come back to the website later. If it is a genuine certificate error, the website will fix it soon (because everyone, not just you, is seeing this error). However, if you are the only person seeing this error, or all your websites show this error, this is a good indicator of a man-in-th-middle attack.
==Account compromise==
=Setting up a safe computing environment=
Line 103 ⟶ 110:
* '''protects your connection''' - all traffic to and from Tails is protected by the [[w:Tor (network)|TOR]] anonymity network; it leaves not trace on the router or DNS server you're using, even if they're monitored
* '''strongly encrypted''' - once you shut down the computer that is using Tails, getting the data on the USB stick without knowing the password is, for all intents and purposes, impossible
* '''separate from your compromised computer''' - because all the files that Tails needs to run are on the USB device which you control, it does not matter if the device you're using it on is riddled with stalkerware; Tails uses it's own trusted operating system, and can be used safely on computers that are being actively monitored
** because all the contents are encrypted, it also cannot be tampered with while in the shut down state
* '''amnesiac''' - by default, when shut down after use, Tails will forget and discard all the files that may have been generated (such as browsing history) which leaves less opportunity to somebody to compromise you further should they obtain your encryption password
Line 120 ⟶ 127:
===Fundamentals===
If you're going to go through the effort, it is worth putting your future privacy at stronger foundational footing.
* [[Passwords#Use a password manager|Use a password manager.]]
* Think about your future passwords, and familiarise yourself with [[choosing better passwords]].
* Learn about [[2FA]] and consider using it.
Line 132 ⟶ 139:
* Log out and/or delete any user accounts perpetrator may have used on all the devices.
* Round up all the electronic devices you don't recognise and dispose of them or at least turn them all off by unplugging them from power or removing batteries.
**This applies to your car too.
* Factory reset your router/gateway device. Perpetrator may have installed monitoring software.
** If you're not sure how, call your service provider; they will generally be able to walk you through the steps and help you reconnect.
Line 140 ⟶ 148:
** Remember to change your [[secret questions]] and check that the account recovery method isn't something the perpetrator can access.
* Find 'current sessions' screen (the one that shows all the currently logged devices) and either reset all login sessions or at least remove all unfamiliar sessions.
* Enable [[2FA]] on every website that supports it.
* Block the perpetrator on social media.
** Make yourself harder to find on social media by setting your profile private or to undiscoverable mode.
Line 146 ⟶ 154:
* Ask your financial institution to reissue your credit cards.
* Remove them from utilities or bills.
*Sweep your car for unknown electronics. Consumer grade trackers are easy to come by and don't even need external power (such as [[w:Tile (company)]]).
=Closing thoughts=
Although facing a perpetrator of domestic abuse is always difficult, please remember that domestic abuse is primarily
In this guide we've tried to equip you regarding technological aspects of domestic abuse but more help is out there. Seek it and reach out. Do not let the perpetrator control you.<br>
| |||