Anti-Surveillance tools and tips – not just for journalists

(updated May 12, 2023)

Long before Snowden, we who snoop in the public interest knew that if we weren’t being watched we would be eventually. So we took steps to protect ourselves. Digital self-defense is now vital for everyone, not just journalists. Our toolboxes are ongoing projects. This is mine, and I am grateful to the coders who help protect us. Questions/suggestions/criticisms encouraged.

The point of greatest vulnerability in Internet interaction is the browser. So we use end-to-end encryption via Secure Socket Layer, or SSL. I like the browser add-on “HTTPS Everywhere” from the Electronic Frontier Foundation. HTTPs does not hide the IP addresses of where you visit from “sniffers.” What it does is encrypt your online interactions with a website.

If you want to hide your activity, there’s Tor, short for The Onion Router. Tor is designed to hide your IP address, erase your online footprints.  It is best with a VPN (virtual private network) connection. It is open source, free and backed by a nonprofit. It encrypts bounces connections through a random set of servers called onion routers operated by volunteers. Browsing is slower, but much more secure.  Human rights activists and journalists swear by Tor. So do ransomware syndicates.  *Don’t expect it to work against the NSA or other parties with sophisticated surveillance tools. Download it here.
How Tor works.

Tor is best used with a VPN proxy service. They circumvent censors. Use one with exit nodes in multiple countries that doesn’t log your activity. Choose your service carefully and trust Yael Grauer of Consumer Reports and Wirecutter.

ANONYMOUS SEARCH is the most popular anonymous alternative to Google’s search engine.  Its makers explain why it’s a good idea even if you’re not trying to hide from the NSA or other spooks. own web crawler and also uses other sites.  There’s a Duckduckgo Firefox browser extension. Another good option is the Epic privacy browser that’s built on top of Firefox. Google search can be run through a Tor browser for more complete results. Google will demand that you prove you are not a machine. Startpage is an anonymous search engine hosted in the U.S. and the Netherlands that gets its results from Google. Startpage also offers encrypted email.

Pretty Good Privacy (PGP) doesn’t just encrypt your email. It also authenticates them with digital signatures. Plus it encrypt disk partitions and files. What it does not do is hide from eavesdroppers the identity of those with whom you are communicating. Easiest to use of free PGP products is the combination of Enigmail and the Thunderbird email client. (Swiss-based) is good and private but I would hesitate to trust them completely.

For texting and calls the gold standard is Signal  It is free. WhatsApp uses the same end-to-end encryption tech but its owner is Meta. It tracks user activity — who you communicate with and when — and works hard at getting your address book. The best endorsement of Signal was the $50 million give to the foundation that runs it of WhatsApp co-creator Brian Acton. Signal’s president, Meredith Whittaker, is no friend of Big Tech, either. Signal’s creator, Moxie Marlinspike, is not to be upstaged. I’m inclined to believe him when he says Telegram is not to be trusted.

Use . It creates a secure video/audio chatroom to which one can invite multiple parties.

Encrypt an entire drive or create virtual disks to store data you don’t want seen even by an intruder. Security expert Bruce Schneier recommends BestCrypt  As do I.

A strategy is vital for what to do if border security people demand you unlock the data on your cellphone or laptop so they can review it. You especially need this if you handle info sensitive enough to get someone killed if revealed. Not carrying your work devices is one travel option. Putting it on a cloud-based encrypted backup service like SpiderOakOne is another.

EFF has this Guide for Travelers Carrying Digital Devices.

Whatever you do, make sure you LOCK your PHONE with a long password. No less than eight digits.

(There is a lot out there! Do send me links to guides not listed that should be)

A good guide with a catchy name to open source, free infosec solutions:
The Committee to Protect Journalists’  infosec page.
Press Freedom Foundation compendium of online security tools and how they work.
Surveillance Self-Defense from EFF:
The Tactical Tech Collective
have a very good list of tools and a how-to booklet at