Particularly for smartphones, there are many apps that promise improved privacy and security for your mobile communications. Like all apps, some are very good, but other are poorly written or overpriced, and may even be malicious. This article will help you evaluate whether you should trust their promises.
Before You Start
Security apps are most useful as part of a coherent security policy covering all your mobile communications. The Mobile Risk Assessment Primer will help you complete an inventory of mobile communications risks, and decide which are most important and most feasible to mitigate.
Once you’ve completed a risk assessment, it’s important to search broadly for security apps. MobileActive is in the process of reviewing many of these from our current list of security apps, but the mobile security landscape changes quickly. Ask friends and colleagues, read about your specific security need online, and search your device’s app marketplace. Once you’ve identified as many options as possible, it’s time to start evaluating your security apps.
Will It Work on Your Phone?
As with computer software, some mobile apps are built to work on one platform - Android, iPhone, Blackberry, Symbian, Java - and may not work on others. There may be other requirements too, such as particular phone models. Make sure the apps you have chosen are all going to work on your device.
Also consider how you will actually get the app - can it be downloaded from a web link that you open on your phone, or can you get it from an app marketplace? Some apps can also be downloaded to a PC and transferred via bluetooth or a data cable. This step sounds obvious, but it can be tricky when you don’t have stable Internet access on your phone or aren’t used to the app install process.
Facebook has more than 500 million users, half of which access the site through their mobile phone. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time, your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk. This how-to explains what those risks are and how to use Facebook on your mobile device more securely.
Facebook has more 500 million users, half of which access the site through their mobile phones. Being able to communicate your message to an audience this large is exceptionally valuable. At the same time your activities on the site generate very detailed information about you and your networks. If you are concerned about surveillance, this information can put you at risk.
Assess Your Facebook Mobile Risks
Like Twitter, Facebook is a way to get your messages to a potentially large audience. It is not a secure method of communication for sensitive information.
This article offers advice about how to mitigate risks when using Facebook as a dissemination and organizing tool. In particular, we consider the following risks:
The risk that your public activities on Facebook reveal compromising information about you or your networks - for example, revealing the identity of supporters or identifying people who were present at a particular event.
The risk of your private information being revealed to a third party without your consent.
The risk that your account details (username and password) are discovered, and that someone may impersonate you.
The risk of your account being deleted or suspended.
The risk that Facebook is blocked or becomes inaccessible.
in general, you should only use Facebook to share information that you consider public. Public information can be freely distributed by you, your organization, and your supporters, without any risk to individuals or organizational operations. In communicating public information, you can send and receive this information without taking any precautions.
Smartphones (iPhone, Android, Blackberry, Windows Mobile, Symbian) and many feature phones allow you to download and install mobile applications (“apps”). Apps do many useful things. However, some apps (and other types of software, such as your mobile operating system) can also present security risks. These include:
Apps and other software may have access to information stored on or generated by your phone.
Apps and other software may have the ability to transmit this information using your phone’s Internet connection.
Maliciousapps or other mobile software installed on your mobile device can expose you to the following risks:
With smartphones gaining market share, malicious apps are beginning to pose a serious threat. In an article titled “YourAppsAreWatchingYou”, the Wall Street Journal tested popular iPhone and Android apps, and found that of 101 apps tested, 56 transmitted a unique identifier for the phone without informing the user or asking for consent. 47 apps also transmitted the phone’s location, while 5 sent age, gender or other personal details to various companies. The AppGenomeProject reports that 28% of all apps in the Android Market and 34% of all free apps in the Apple App Store have the capability to access location, while 7.5% of Android Market apps and 11% of Apple App Store apps have the capability to access users’ contacts.
It can be very difficult to tell which apps are safe and which are not. App behaviours that might not bother most users, such as transmitting the phone’s location to an advertising server, can be unacceptable to people with higher privacy and security requirements.
This article offers suggestions on how to assess risks to security and privacy posed by apps.
Despite the smartphone craze of the past 5 years, featurephones are still king in much of the world. From the perspective of activists, rights defenders, and journalists, they cannot be ignored. And feature phones have plenty of built-in capability to help users stay safer. During the course of our research, we've uncovered valuable features that even the most experienced users may not be aware of.
As a part of SaferMobile, a project of MobileActive.org, we've focused on documenting the most important ways that a user can lock down a mobile handsets. No external apps or special tools are required, just a charged battery. We've condensed these tips into single-page, device-specific reference guides for a variety of makes & models that get straight to the point. And yes, we made sure to cover smartphones and featurephones.
A Guide to Mobile Security Risk Assessment data sheet 3625 Views
Author:
SaferMobile
Abstract:
You are an activist, rights defender, or journalist. You use a mobile device. And you work in sometimes risky situations in your country. This guide will help you implement mobile security practices in your work. It will help you assess the particular risks that face you and then assist you in developing a plan to mitigate those risks.
You are an activist, rights defender, or journalist. You use a mobile device. And you work in sometimes risky situations in your country.
This guide will help you implement mobile security practices in your work. It will help you assess the particular risks that face you and then assist you in developing a plan to mitigate those risks. First, we'll cover some of basic concepts. Then, in the second part of this guide, we'll take you through developing your own risk assessment in 5 steps.
We have previously published a Mobile Risk Primer that describes general security vulnerabilities associated with mobile technology and communication. Read it!
Throughout this guide, we'll also highlight the fictitious case of Asima, a blogger and activist in Egypt. Examples of how Asima might complete the assessment worksheet and create a security plan for her work are highlighted in this guide.
Asima lives in Cairo, Egypt and is a blogger and an activist. She used to maintain a blog on Blogspot, but now mostly uses Facebook and Twitter to follow current events, to share information, and to communicate with colleagues. She tweets from her mobile phone while in traffic and at cafes and protests and from her computer when she is at work or at home.
Activists, rights defenders, and journalists use mobile devices for reporting, organizing, mobilizing, and documenting. We have written about many of these uses for years now, describing how mobile phones provide countless benefits to activists and rights defenders. Mobile tech is relatively low cost and allows for increased efficiencies and vast reach, for example. But, there is a darker side.
Mobile Phones present specific risks to rights defenders, journalists, and activists. We believe that is is critically important to know that mobile communication is inherently insecure and exposes rights defenders and those working in sensitive environment to risks that are not easy to detect or overcome. (We provide an overview of those risks in this Primer, for instance)
To address mobile safety and security for rights defenders, we are introducing SaferMobile, to help activists, human rights defenders, and journalists assess the mobile communications risks that they are facing, and then use appropriate mitigation techniques to increase their ability to organize, report, and work more safely.
What is SaferMobile?
Online and offline educational and tactical resources (risk evaluation tools, case studies, how-to guides, security tool reviews);
Trainings and curricula for use in various countries and with different constituencies;
Specific mobile security software focused on the needs of rights defenders, activists, and journalists.
As will all that we do, we believe that there certain values and principles that are paramount in this work. For SaferMobile, we are following these principles:
We believe that skilled, trained, and knowledgeable activists, journalists, and rights defenders are key to democratic changes. We also believe that the smart and effective use of technology constitutes an integral piece of their skill set.
The better activists, journalists, and rights defender are able to work, the more safely they are able to organize and communicate, the more likely it is that their work is effective and heard.
We are committed to accessible, useful, actionable, and technically accurate and secure content, materials, and software.
We are also committed to describing technological vulnerabilities in terms that non-technical users can easily understand.
We work with activists on the ground to ensure that the content we produce addresses real uses and risks.
We also seek responsive connections between activists and security professionals so that both are more able to assess and respond to changing risks.
Lastly, we are maintaining information that reflects current security risks and technological vulnerabilities and is vetted for security and technological accuracy by knowledgeable experts.
Roadmap and Process
The SaferMobile project is just beginning its second Phase. Phase 1 included needs assessment with users and peers – activists, rights defenders, journalists, technologists, security experts, and mobile developers. Through this research, we outlined plans for web content, training curriculum and tools (software) and are now creating these pieces in Phase 2 of the project (May-August 2011).
Mobile Security Risks: A Primer for Activists, Journalists and Rights Defenders data sheet 10817 Views
Author:
SaferMobile
Abstract:
A primer on mobile security risks for activists, rights defenders, and journalists. includes tips on how to protect yourself.
Activists, rights defenders, and journalists use mobile devices and communications for reporting, organizing, mobilizing, and documenting. Mobiles provide countless benefits -- relatively low cost, increased efficiencies, vast reach -- but they also present specific risks to rights defenders and activists.
Additionally, information about other mobile uses, such as your photos or video, your data, the Internet sites you visit from your phone, and your physical location, are stored on your device and often logged by your mobile network. (The above graphic shows a schematic overview of the layers of the mobile networks to give you sense of the different elements that make up communications between two phones.)How much is this putting you at risk? This Overview will help you evaluate your level of risk in regard to your mobile communications.
ICTs and Political Activism - a Zimbabwean Experience data sheet 1479 Views
Author:
Burrell, Brenda
Publication Date:
Dec 2010
Publication Type:
Report/White paper
Abstract:
To counter the Zimbabwean government’s tight grip over the traditional media, activists integrated old fashioned tactics of leaflets, graffiti, and small covert meetings with electronic media: short wave radio, pocket sized video cameras, digital cameras, fax machines, the Internet and email.
An early adopter of this mix of ICTs was Kubatana.net, a locally based non-profit which became an important aggregator of civic and human rights information on Zimbabwe. Its free online archive, established in 2001, offered articles, reports, documents and interviews with much of the information sourced from local civic organisations and international watch dogs. Its electronic NGO directory made civil society organisations accessible at a time when contact details were extremely fluid. Its email newsletter mailing list kept thousands of ordinary Zimbabweans regularly informed of events, opportunities and newly added resources to the web site. And its early adoption of SMS proved crucial to keeping Zimbabweans informed during the critical 2008 elections.
Surveillance technology is currently only in the hands of those who are already in power, which means it cannot be used to combat the largest problem facing modern society: abuse of power. So the question remains: "Quis custodiet ipsos custodes?" - roughly, Who watches the watchers? This is where OpenWatch comes in. The recent ubiquity of mobile telephones with media recording capabilities and the ability to run any software the users chooses gives the public a very powerful tool. Now, we are all equipped to become opportunistic journalists. Whenever any of us come in contact with power being used or abused, we can capture it and make it become part of the public record. If we seek truth and justice, we will be able to appeal to documentary evidence, not just our word against theirs. Ideally, this will mean less corruption, more open government and a more transparent society.
OpenWatch aims to democratize this theory of 'scientific journalism' championed by Julian Assange and apply it to citizen media. OpenWatch is not only intended to display abuse of power, but also to highlight appropriate use. As we are unbound by technological restrictions, we can aim to record every single time power is applied so that we may analyze global trends and provide a record for future historians. Police, corporate executives, judges, lawyers, private security agents, lobbyists, bankers, principals and politicians: be mindful! We are watching!
OpenWatch recorder is a tool for Android phones which secretly records audio and video, then automatically and anonymously uploads it to a server, which it can be reviewed and listen on the OpenWatch website. Client and server software is Free and Open Source.
Tool Category:
App resides and runs on a mobile phone
App resides and runs on a server
Is a web-based application/web service
Key Features :
Secretly Records Audio and Video
Automatically Uploads Media Anonymously to a Secure Server
The same technologies that groups of ordinary citizens are using to write operating systems and encyclopedias are fostering a quiet revolution in another area - social activism. On websites such as Avaaz.org and Wikipedia, citizens are forming groups to report on human rights violations and organize email writing campaigns, activities formerly the prerogative of professionals. This article considers whether the participatory potential of technology can be used to mobilize ordinary citizens in the work of human rights advocacy.
Existing online advocacy efforts reveal a de facto inverse relationship between broad mobilization and deep participation. Large groups mobilize many individuals, but each of those individuals has only a limited ability to participate in decisions about the group’s goals or methods. Thus, although we currently have the tools necessary for individuals to engage in advocacy without the need for professional organizations, we are still far from realizing an ideal of fully decentralized, user-generated activism.
Drawing on the insights of network theory, the article proposes a model of “networked activism” that would help ensure both deep participation and broad mobilization by encouraging the formation of highly participatory small groups while providing opportunities for those small groups to connect with one another. Drawing on a series of interviews with human rights and other civil society organizations, the article recommends specific design elements that might foster a model of networked activism. The article concludes that although online activism is unlikely to replace some of the functions served by human rights organizations, efforts to create synergies between traditional and online efforts have the potential to provide avenues for real, meaningful, and effective citizen participation in human rights advocacy.
Mobile phones in human rights monitoring is still relatively rare and there are few examples where mobile shave been used successfully in this field. In this video from the recent Open Mobile Camp in New York, three experts are discussing their projects and thinking on the use of mobiles in human rights work. Nathan Freitas discusses security issues in regard to using mobiles in this field and his project Guardian, Enrique Piraces from Human Rights Watch describes his thinking in regard to the use of mobiles in human rights work, and Emily Jacobi features Handheld Human Rights and the mobile tools that are part of the project.
It was May 2008 in Thailand,and Win Tun was anxiously watching his phone. Early May marks the beginning of rainy season, and reports were coming in of a major cyclone hitting Rangoon. A couple of days after the initial landfall on May 2, residual rains had made it to Thailand, and it was clear that Cyclone Nargis - “butterfly” - had destroyed major swaths of land in the Irawaddy delta. Up to 140,000 were missing or dead. Win Tun was worried about his family in Rangoon.
A former political prisoner, he spent 5 years in the infamous Insein prison for democratic activities in university in the ‘90s. When we met in early 2008, he had a sad air to him. Twenty years have passed since since the uprising of ’88, in which he was too young to participate. The exhaustion of fighting for something that seemed so far out of reach was wearing on him. Worse yet, he missed his family but couldn’t return home without bringing undue attention to them or risking another prison sentence.
After Nargis he was lucky. It took three days for him to get through to his family on their mobiles, and he learned they were okay – just upset, like most Burmese, at the government’s negligence of the victims. In the wake of Nargis, international aid groups waited in Thailand and offshore as the government refused to grant entrance to most.
The first few days after the Cyclone, bewildered Burmese in Rangoon stumbled out of their houses to survey the damage. In the streets, monks helped residents clear felled trees and downed power lines. But there were much bigger problems in the delta. Entire villages had been destroyed, and farmland had turned into swamps, contaminated by drowned bodies.
This article was written by Emily Jacobi from Digital Democracy. We are publishing her extensive report on Burmese dissidents' use of technology in three parts. Names of individuals in this account have been changed to protect their identity.
Burma – a modern anomaly
In September 2007, Buddhist clergy in the Southeast Asian nation of Burma (also known as Myanmar) led hundreds of thousands of citizens in peaceful protest against the ruling military regime. Armed with camera phones and limited internet access, they coordinated the largest protests the country had seen in 19 years, and broadcast the story to the outside world. These tools proved so threatening that the Burmese government responded by shutting off all Internet and mobile phone communications for five days. Why is this significant?
Globally, mobile phone penetration has reached an estimated 4.6 billion subscribers by the end of 2009, more than half the world’s population. Yet in Burma, mobile phone usage remains the exception rather than the rule. Government-imposed barriers and prohibitive prices have kept mobile penetration to approximately 1% of the population, a rate comparable to Internet access in the country.
Burma’s technological isolation accompanies the country’s greater political isolation. Ruled by a military dictatorship since 1962, the nation has become increasingly estranged from the global community. Even the name, changed from Burma to Myanmar by the military government in 1989, is disputed around the world as well as among Burmese political groups. Economic sanctions have been leveled against the country by the US and EU for its human rights abuses, and The Economist ranked Burma163 out of 167 countries in its 2008 Democracy Index.
Burma’s ruling military junta does maintain business deals with neighboring countries including China and Thailand, but the nation lags far behind its neighbors economically and technologically.While there were only 610,000 mobile users in the country at the end of 2008 (1% of the population), India and China were expected to account for a quarter of global mobile penetration – approximately 1 billion subscriptions - by the beginning of the year, according to the ITU. In neighboring Thailand, meanwhile, approximately 92% of the population is covered by mobile telephony.
Compared to its neighbors, Burma’s mobile access seems woefully behind. Despite this, mobiles have played a critical role in crisis moments, such as the monk-led protests in 2007 and in coordinating recovery from the devastation of Cyclone Nargis in May 2008. Additionally, mobile availability in neighboring countries has been effectively harnessed by Burmese groups operating in the bordering countries, where an estimated 3.5 million Burmese have been displaced.
Fluid Nexus is an application for mobile phones that is primarily designed to enable activists to send messages and data amongst themselves independent of a centralized cellular network. The idea is to provide a means of communication between people when the centralized network has been shut down, either by the government during a time of unrest, or by nature due to a massive disaster.
Fluid Nexus is an application for mobile phones that is primarily designed to enable activists to send messages and data amongst themselves independent of a centralized cellular network. The idea is to provide a means of communication between people when the centralized network has been shut down, either by the government during a time of unrest, or by nature due to a massive disaster. During such times the use of the centralized network for voice or SMS is not possible.
Yet, if we can use the fact that people still must move about the world, then we can use ideas from sneaker-nets to turn people into carriers of data. Given enough people, we can create fluid, temporary, ad-hoc networks that pass messages one person at a time, spreading out as a contagion and eventually reaching members of the group. This enables surreptitious communication via daily activity and relies on a fluid view of reality. Additionally, Fluid Nexus can be used as a hyperlocal message board, loosely attached to physical locations.
This application is designed to address all steps of the process of documenting human rights violations. It first makes on-the-ground recording and documentation of violations easier to share, thanks to mobile technology. It then speeds up the collection, aggregation and databasing of that data. Finally, it makes that data usable for advocacy and awareness actions.
Handheld Human Rights provides a secure hub for groups around Burma’s borders documenting human rights abuses. By allowing users to submit data directly from their mobiles, Burmese refugees in community organizations will be able to turn data on abuses into action. Once abuses and alerts are channeled through the hub and mapped, this information can be used to raise international awareness and support advocacy campaigns.
Tool Category:
Runs on a mobile phone
Key Features :
-Enables mass broadcasting of SMS messages
-Enables sending and databasing of SMS data forms
-Mapping of data via SMS or internet
NetSquared just announced the top ten projects in UCB Human Rights Center Mobile Challenge, as chosen by community vote. The challenge, which was open to any project using mobile technology to support human rights work, had over fifty entrants from a wide spectrum of human rights organisations, technical experts and issue-based groups. Three winners will be announced at the Soul of the New Machine conference in May.
While there have been few implementations of mobile technoogy so far in human rights work, recent innovations have the potential to be used to expose war crimes and other serious violations of human rights, and disseminate this information in real time throughout the world. Mobile phones, combined with GPS, cameras, video, audio, and SMS are transforming the way the world understands and responds to emerging crises. Handheld data collection devices, such as PDAs, provide researchers with new ways of documenting mass violence and attitudes toward peace, justice, and social reconstruction in conflict zones.
In response to the violence against foreigners, the Western Cape Emergency Task Team with the leadership of Peter Benjamin of Cell-Life, has activated a national SMS emergency system for citizens to respond to the violence. The Task Team, a coalition of South Africa's Treatment Action Campaign (TAC) and over 20 NGOs, has activated “NO TO XENOPHOBIA” SMS lines across South Africa.
A new website called the Hub, calling itself "the global platform for human rights media and action," has its official beta launch today in honor of International Human Rights Day. The Hub, a project of human rights advocacy group WITNESS, hopes to create a new space for human rights related video content, including footage shot on mobile phones.
Tamaryn Nelson, program coordinator for Latin American and the Caribbean at WITNESS, told MobileActive that the Hub goes beyond the capabilities of YouTube. "There's no real place for human rights related material [on YouTube]," she said. "YouTube has tons of videos, but if you go onto YouTube and try to find a video related to human rights it's like finding a needle in a haystack. With the Hub, Tamaryn said, human rights advocates will be able to create a campaign around their videos, join online chats, provide context, and frame videos from a human rights perspective.
Just back from MobileActive07 in Brazil (more on that shortly!) we are immediately jumping into sharing some of our learnings in an online discussion on using mobiles in human rights work over with our colleagues at New Tactics. Please join us there where we'll be dicussing with human rights practitioners all over the world question like:
1) How are you using mobiles in human rights work?
New Tactics, a community for people committed to human rights, is sponsoring a virtual discussion on "Using Mobile Phones in Action" from November 28 to December 4. MobileActive.org is partnering with New Tactics and is also participating in this online conversation. We all believe that "strategic and tactical thinking, long used by business and military strategists, is an effective means for the human rights movement to expand options and possibilities of what can be done." The discussion will focus on tactics for activism using mobile phones.
Control Arms, a joint campaign of Oxfam, Amnesty, and Iansa, is running the 'Million Faces' campaign to push for an international arms trade treaty. Mobile users can upload teir picture and join the petition via their mobile phones in the UK (curiously this is not mentioned anywhere on the site..)
Here is how it works: To join the call for an international arms treaty on a mobile phone, participants text the word 'petition' followed by their full name to a number in the UK (84118) and their name is automatically added to the Million Faces petition. Alternatively, they can upload their picture (to 07955 474747) with their name and age and their photo will be added to the petition.
