Author: Sage Cheng | Access Now’s Digital Security Helpline | CPJ’s Journalist Safety Guide
Bangladesh’s next general election takes place on 7 January 2024, against a backdrop of spiralling digital threats and challenges. Journalists face growing censorship, harassment, and even violence. Political activists are prevented from sharing their views via draconian laws, or arrested and detained arbitrarily for doing so. And eligible voters are either being targeted with AI-generated disinformation or prevented from communicating by election or protest-related internet shutdowns. Such shutdowns are enacted by Bangladesh’s government under the guise of “combating fake news,” but actually only serve to push already-marginalised communities further to the margins.
People in Bangladesh need to know how to protect themselves and their communities against network disruptions, platform blockages, and any form of interference with access to information and communication platforms — but for many, resources that help build this capacity are out of reach. The guide aims to support Bangladesh’s journalists, independent media workers, and human rights defenders to increase their digital resilience and individual online safety, particularly during and after the election this month.
Use this guide to create your own digital safety action plan — and if you or your media, human rights, or activist organisation needs more tailored support, reach out to the Access Now’s Digital Security Helpline.
Step 1: secure your online accounts
- Always keep your apps, systems, and software updated. (Pro-tip: enable automatic updates.)
- Use a strong password that is unique to each account. You can use a password manager app like KeePassXC (Mac, iOS, Windows, Linux) or KeePassDX (Android) to generate and manage passwords.
- Activate two-factor authentication (2FA) as an important additional layer of protection.
- Use the following platform guides to check for account compromises and to close possible security gaps (note: several of these platforms offer the choice of enacting 2FA either through SMS or using an authentication-app. We recommend using an authentication app to avoid giving out your phone number.):
- Use the Security Planner tool for developing a more personalised approach to basic account and device security.
Step 2: secure your data and communications with others
- Reduce the amount of data, especially contact information, saved on your devices. Keep in mind the risks of bringing your phone with you to an event in case it gets seized.
- Create an encrypted backup for your phone and computers. Follow this section of Security in a Box to back up your digital assets.
- Turn off your phone’s location services:
- iOS: Settings → Privacy → Location Services → turn it off, or customise it for each app in case you need to use “Find My Phone” to remotely locate or format your phone.
- Android: Settings → Location → turn it off (may vary based on model)
- Delete location history from Google Maps by erasing it here and here.
- Use the screen lock feature to protect your phone, but rather than using a face/fingerprint to unlock it, use a strong password instead.
- If using an Android phone, you can create different user profiles, which are independent from each other and are unlocked using different passcodes. Thus, you can protect important data, contacts, and information by containing them in one profile while using the other for less important activities. Here is how.
- Avoid connecting to public WiFi networks (e.g. in hotels or cafés), especially those unprotected by a strong password. If you don’t use mobile internet access, turn on aeroplane mode. Your phone is most secure when powered off.
- Install and use end-to-end (E2E) encrypted messaging tools to speak with contacts. Signal and Wire use E2E encryption by default, while Telegram allows you to use E2E encryption in one-on-one chats when Secret Chat mode is switched on. Enable disappearing messages.
- If you are likely travelling to a risky location, set up a protocol with a trusted person who will not be with you, or with a legal hotline, e.g. agreeing on a secret code to denote an emergency. Be ready to send it under urgent circumstances. Samsung and Google Pixel devices have an SOS mode allowing this.
- When you receive an email, SMS, or direct message on social media, always verify the sender before opening message links and attachments, which could constitute a phishing attack. If in doubt, use another channel to confirm with the sender before clicking any links or opening attachments.
- You can consult this step-by-step guide from Security in a Box for more actions to secure your communications.
- If conducting open source investigations, be mindful and take care of your mental well-being, as well as your physical safety.
Step 3: prepare for different scenarios
- Defend yourself against doxxing and harassment
- Find and monitor what information about you can be found online by using a different browser from your usual ones(s), preferably one that enhances your privacy, e.g., Tor Browser. If that’s not possible, use Firefox Focus.
- Ask major search engines to remove your information. Read our guide to self-doxxing for more instructions about search engines:
- If necessary, set your social media accounts to private. You can do this in the privacy and security settings on most platforms. If you are concerned about an escalating situation, consider temporarily deactivating your accounts:
- Follow Equality Labs’ anti-doxxing guide for activists to more fully protect yourself.
- Document online harassment. Learn why and how in this Online Harassment Field Guide.
- Reduce the visibility of harmful content in your own feed and report what you see to the platform.
- If you need hands-on help from a civil society support team, use this questionnaire from Digital First Aid to guide you to the right place.
- Evade censorship and internet shutdowns
- When you lose internet connection or can’t visit certain websites, services, or apps, it is very difficult to identify the reason for these disruptions. However, the global internet measurement community provides tools and data to help you investigate the technical details. You can test your internet connections using the OONI probe app, but be aware of certain risks first.
- A circumvention tool, such as a VPN, can help you visit blocked websites or online platforms, including specific services such as social media platforms and instant messaging apps. If you are at risk of an internet shutdown, download several VPNs in advance. Not all VPNs guarantee privacy or offer the same level of protection. When choosing a VPN provider, opt for open source tools with publicly accessible codes, which are transparent on how they protect your data. A few free, open-source tools include Tor Browser (use it with Tor bridges if Tor is blocked), ProtonVPN, TunnelBear, Psiphon, and Lantern.
- Be aware that your internet provider, or other people in your network, can tell if you are using VPNs or Tor.
- Defend against dis/misinformation
- Learn how to talk to friends and family who share misinformation.
- Tactical Tech has a guide on how to steer clear of misinformation.
- Tactical Tech also has resources explaining how misinformation is created and how to recognize it, including an e-learning course on how to avoid spreading it.
- Protest security 101
- Learn from cross-culture technologists, protesters, human rights defenders, and activists sharing their own experiences,including:
- Considerations for organisers, especially in a context of heavy surveillance; and
- Advice for protesters on what to wear, what supplies to bring, and how to securely navigate a protest environment.
- If you are bringing devices with you, secure them in advance by following Step 2, and read Amnesty International’s guide for securing your smartphone before a protest.
- Whenever necessary and possible, document violations of freedom of assembly and association. Video recording such violations during protests can help protect you, but do so carefully to avoid being targeted. Review these tips provided by SMEX before taping any incidents.
- Learn from cross-culture technologists, protesters, human rights defenders, and activists sharing their own experiences,including:
Step 4. Get help
There are many civil society organisations that specialise in supporting activists, journalists, and human rights defenders, both online and off.
- If you or your organisation are being doxxed, hacked, or need help to recover compromised or suspended online accounts, you can contact Front Line Defenders and/or Access Now’s Digital Security Helpline for urgent support.
- To report incidents of internet shutdowns or telecommunications disruptions, contact Access Now’s Digital Security Helpline.
- For support on any other digital safety issue, human rights defenders can use the Digital First Aid Kit to match with a civil society help desk or contact Access Now’s Digital Security Helpline, who can guide you to the best resource to help.