So I'm a #digisec trainer and consultant and I need to get a work phone so I can have a better work/life balance (and also for security reasons.)

I currently have a Pixel 7 which I plan to keep as my personal phone. Should I...

a) Get an iPhone for work and keep standard Android OS on my personal phone so I can give better guidance to users on each platform?

b) Get an iPhone for work and switch to #GrapheneOS for my personal phone since I can already guide people on Android pretty well?

c) Get a Pixel whatever for my work phone and put GrapheneOS on both phones, meaning I won't be able to help people on iPhones very well but I'll be rid of all this corporate spyware?

What say ye?

Anyone have any trusted resources for #digisec protection while traveling into or out of the US? (I've already got the ones from the EFF!)

In 30 minutes I'm gonna guide a #trans organization through a #digisec threat modeling session and I'm gonna do everything I can to make it less-horrible for the participants and I hope that I don't cry

Lots of folks at progressive nonprofits are freaked out because they see mailing list signups from DEIAtruth@opm.gov and other .gov email addresses and think that they are being monitored by the feds.

That is a REAL email address that the federal government is using to let people snitch on their coworkers if they are secretly doing DEIA work.

But I don't think the gov't is doing it to spy on orgs. These are public newsletters with (hopefully) non-sensitive content.

So, this is my take on what's happening, from most to least likely:

1) Individual or organized assholes are signing up real and fake opm.gov email addresses to scare people (apparently some of the signups are from addresses like insertawfuloffensivethinghere@opm.gov)

2) The federal government are signing up the real email address to intimidate organizers, or

3) Someone who hates what's the federal government is doing thinks they are clever and are subscription bombing them on purpose to inundate the inbox with actual DEIA stuff, but don't get that they're scaring the very organizations they support.

My suggestions for orgs who are experiencing this:

1) Change the settings on your mailing list providers so that people need to click a link in a signup confirmation email in order to complete the signup. That way people who are signing up from fake email addresses can't complete the signup.

2) Remove any opm.gov email addresses who successfully signed up, mostly for peace of mind.

3) Don't ever share anything sensitive or private in your public newsletters!!!

#digisec #fud #nonprofit

Accused Kitchener hacker unmasked after threatening woman online https://buff.ly/3Zud0mu ...a large number of the smartest #DigiSec folks are femme (macho fools forget this)

Worried about what's to come in January and beyond (and before that)? Want to start upping your digital security as part of your preparation? Check out my piece on five things you can do to start increasing your #digisec ASAP!

https://jackaponte.com/blog/2024/11/08/anti-fascist-digital-security-five-things-do-right-away

If you could make only ONE recommendation to an organization trying to improve their data security, what would it be?

#digisec

Does anyone have recommendations for image search websites besides PimEyes?

#digisec #privacy

#TechCare is a step-by-step guide to create help desks to support civil society organisations and individuals facing digital security issues.

Visit http://tech-care.cc to download the guide!

#digitalsecurity #digisec #humanrights

In my #digisec work with #nonprofits I've noticed that time and time again, loss of trust comes up as one of the possible and most serious consequences of a digisec breach. The trust of staff, community members, people accessing services, donors, funders and allied organizations are all crucial to a nonprofit being able to carry out its mission. It is rightfully a huge concern!

I'm in New Orleans this week for the #CreatingChangeConference! Let me know if you're here and want to meet up and talk #digisec, #nptech or what's going down in grassroots #queer and #trans organizing these days, especially on the community security front.

CryptPad is end-to-end encrypted... but I'm assuming that's true only if you log in? Or is it true for any document that anyone can access by simply visiting a publicly accessible link?

Trying to figure out why so many folks are using CryptPad instead of Etherpad these days besides the fact that it's prettier.

#digisec #encryption

I'm #OpenForWork doing #tech in #HumanRights.

I'm a public-interest technologist and #journalism #security consultant and trainer. I'd be happy doing #SysOps, #SRE, #testing and #metrics, but open to positions involving some amount of #CyberSecurity incident response and #digisec #orgsec strategizing. #remotejobs

14+ yr work experience, 10+ in #NonProfit.

Résumé: https://czesiek.net/linkedout/Michal_Czyzewski-resume.pdf

#infrastructure #infra #infosec #privacy #FreeSoftware #jobs #GetFediHired #JobSearch #FOSSJobs #JobAlert

Dneska začala konference NPI_CR #DigiSeč o Digitálních technologiích ve výuce. Na naší konferenci (za 2 týdny) budeme na některé z těchto témat navazovat. Třeba přednáškami o vzdělávání v 21 století, vizualizační gramotnosti nebo vrstevnickém vzdělávání. https://www.openalt.cz

In other news, fuck Microsoft but their STRIDE threat model is a useful expansion on the usual CIA (confidentiality, integrity and accessibility) model for understanding different aspects of #digisec

https://learn.microsoft.com/en-us/azure/security/develop/threat-modeling-tool-threats

Just read https://www.tni.org/en/article/the-everywhere-border then https://elfaro.net/en/202105/el_salvador/25479/Sting-Operation-against-Migrant-Caravan-Arrests-Working-Class-Migrants-as-Human-Traffickers.htm then https://arstechnica.com/gadgets/2021/09/whatsapp-end-to-end-encrypted-messages-arent-that-private-after-al then re-read https://jitsi.org/e2ee-whitepaper/e2ee-pitfalls/ and am feeling overwhelmed and depressed about the shortcomings of end-to-end encryption when the same entity controls both the method of transport AND the endpoints 😭

#digisec #encryption #e2ee

I'm proud to work alongside the folks at the amazing Vision Change Win Consulting (https://visionchangewin.com) and am psyched to present an Intro to Org #Digisec workshop for them on Wednesday, August 2 from 3-5pm PT/12-2pm ET.

If your organization is concerned about your digital security and want an accessible primer on what it all really means and how to begin to protect yourselves and your data, this workshop is an excellent start! (And if you know of groups who need this help, please let them know!)

Register at https://bit.ly/digisec101 -- flexible pricing and scholarships are available. And hit me up if you have any questions about the workshop or my work in general!

#WeProtectUs #WeKeepUsSafe #digisec

Said with absolutely no shade to anyone:

Our movements and organizations urgently need to improve our security culture!

An important first step: build community security and safety into EVERY event from the start, whether it's in person or virtual. Don't sleep on it!

#digisec #CommunitySafety #SecurityCulture #WeProtectUs #WeKeepUsSafe #trans #queer

DIGITAL SECURITY TIPS TO PREVENT THE COPS FROM RUINING YOUR TRIP ABROAD

https://theintercept.com/2023/04/29/phone-laptop-security-international-travel/

#digisec #digitalsecurity

Thoughts? #digisec #nptech