electronic Max Van Kleek ๐
evacideI'm just a girl, standing in front of the entire infosec community, asking them to give practical, simple digital security/privacy advice to people seeking abortions instead of describing outlandish Jason Bourne scenarios.
elpolacodesplegado@evacide Can EFF or whomever is technically capable create a virtualized Browser with TOR? At least to allow looking for a doctor?
James M.@elpolacodesplegado have you tried the Tor Browser?
@jamesmarshall Long time ago. Germany had browser in the box a long time ago. It would automatically run the browser inside a pre set Virtual Machine. That may help obfuscate some data sent by the OS. Combine with TOR and you should have something reasonably secure that should be easy to use.
@elpolacodesplegado the Tor Browser is a modified version of Firefox that uses only Tor, and takes other steps to anonymize your browsing (e.g. it hides JavaScript properties that could be used for fingerprinting). That should do what you're looking for.
Sphinx of Black QuartzTails is easy to obtain and simple to use. Once it's installed on a flash drive, there's no computer expertise required.
And now I see this is exactly the kind of advice the OP doesn't think is useful and describes as "outlandish Jason Bourne scenarios," so... apologies.
Andreas K@sphinx @elpolacodesplegado @evacide How is that exactly outlandish?
The core observation is never ever lookup information about something that you do not want to be published in your local Sunday newspaper with your face grinning beside it with your normal kit.
Especially if your idea might be illegal.
Most genius โhackersโ get caught either with gigantic effort when their brainchild has a wide impact. Or at the start because they tried out their cool idea if it works from their regular kit.
@sphinx @elpolacodesplegado @evacide
That initial search, that initial attempt to see if a certain trick works, could potentially stay for very long in the logs, even if the later nefarious operations are well hidden.
So the critical point is, if abortion is illegal in your state, move the research on that topic to devices that are not linked to you ASAP. Public library? For a first try?
To do this, you can boot TAILS, even though it might be a little bothersome, but it's important, isn't it?
Alternatives, that might also work, would be to boot a live Linux boot USB. Being interested in Linux is not yet illegal, and these by default have no data of yours.
And then connect via some public network, e.g. some fast food place, but that risks that the fast food place blocks such topics in medieval places that forbid abortions too.
BlueDot๐บ๐ฆWhat you're describing is the Tor Browser. You can download it for free here: https://www.torproject.org/
folkenDon't use an internet device with any of your personal credentials in them. Library, Public internet terminal, tor browser.
I'd be interested what others come up with.
ArmageddJen@folken at my local library you have to sign in with your library card number and password, which is absolutely tied to you. Not sure there's anything that exists anymore that doesn't have your personal credentials tied to it
Bigot Banishment Squad@ItsJenNotGoblin @folken
The trick there is to ask the librarian if they have guest accounts. Some library systems do.
But other than that... Yeah.
@ItsJenNotGoblin ok, then the second option is to get an anonymous device. There is tails linux or any other distro that boots off a stick on any laptop. That way at least the source is clean.
@ItsJenNotGoblin in addtion i'd use some kind of vpn.Perferably use a wifi that isn't a subscription you are paying.
Don't log in anywhere.. Get the info you need and then yank the cord.
Don't log in anywhere.. Get the info you need and then yank the cord.
@folken @evacide now you're into territory that MANY people would say breaks the practical/simple request.
Quite frankly the best option is to not use the internet yourself at all, ask someone you trust with your life to do it for you & relay the information in person, make the call to the drs on their phone not yours, esp if they're in a state that is safe and have the ability to do so, ESP friends who can't get pregnant themselves.
We figured it out before the internet, we can again
@ItsJenNotGoblin @evacide well you potentially endanger them, and you lose control over the information that you are pregnant.
Neil Kandalgaonkar@ItsJenNotGoblin @folken @evacide
It might be illegal in some jurisdictions already, or theyโll use their new favorite cheat code of authorizing civil suits with enormous penalties. And some more laws are in the pipeline https://www.brookings.edu/articles/can-a-state-block-access-to-online-information-about-abortion-services/
Yes it would be blatantly unconstitutional. But, until recently, the right to healthcare rested on an interpretation of the constitution. No reason to believe they will stop now.
Jessamyn@ItsJenNotGoblin @folken In most libraries there are state privacy laws that support the library not giving up this information without a warrant. Very much depends on local climate, but it's one level of friction at least.
meejah@folken This is pretty impractical advice. "Just exist forever without a cellphone or personal computer".
I think what OP is looking for is an existing, comprehensive guide with things like, "throw your fitbit in the ocean, because it records and uploads body-temperature which is a very accurate predictor of pregnancy"
marco_m_aus_f@evacide First thing I can think of:
Get the "tails" distro and write it to a (cheap, disposable) usb stick. It has the Tor-Browser builtin.
Boot Laptop from usb, use public wlan elsewhere, store research on a public cryptpad in Europe, as you can not and should not store the info on any device at home. Leave mobile phone elswhere meanwhile.
Tails leaves no trace on the laptop.
But maybe that's already to complicated for non-tech people?
@marco_m_aus_f This is exactly the kind of advice that my tweet is about.
grouchox@evacide @marco_m_aus_f a helpful tool for exchanging files is Lan Crypt 2Go - it encrypts files with a password, so anywhere you post them, send them, store them, becomes safe. Plus it works on all devices and even browser-only. EU-based.
grob (teeth era) ๐บ๐ฆ๐ณ๏ธโ๐๐ณ๏ธโโง๏ธ@marco_m_aus_f @evacide I *guess* it's a tough call for many. Would be important to have info on how to set that up easily accessible for everyone without them googling "abortion in private" first. I kinda liked the ShieldsUp hashtag to spread security related info. Would be great if that caught on, so people could turn to that everywhere without prior use case reveals.
jยฐsh@evacide Initial ideas:
1. Donโt use social media.
2. Get a prepaid SIM/phone.
3. Always use the private/incognito mode in your browser.
4. Create an e-mail account with an EU based provider - with no business in the US (add list here).
5. Only use the e-mail account & prepaid SIM for communication with the clinics. Only use the browser - No app.
This should improve security/privacy for regular users significantly.
@j_oshua I am an expert in this field. I am not looking for other peoples' top-of-the-head guesses about what good advice might look like.
Kenneth
Pyperkub@evacide use Tor to research, signal to communicate, don't use your phone or bring your phone to your appointments and don't post about it on social media?
Vertana
haley
mupan ๐@evacide I don't think using Tor is enough. If starting a computer from a disc or stick is an option, use Tails. I'd say the advice route should go ยปdarkยซ, that is, into the anonymized onion net. But, Big Tech and governments have done a successful job of framing the so called dark net to be all criminal and nerdy. Indeed, entering the underground, you need to know how to avoid police or worse honeypots.
So practically, the best way currently is asking trustworthy friends over encrypted communication like at least Signal, or another messenger recommended in the https://messenger-matrix.de, which is available in English too, or in person, and spread the word spoken and on paper.
There are some spaces and paths in the internet that are safe, but if you don't get the info there that you need it's worthless, until affected people and supporters have #orcanize'd and have built a net with these tools.
Bill Day@evacide Thank you, eff.org?
Security and Privacy Tips for People Seeking An Abortion
Given the shifting state of the law, people seeking an abortion, or any kind of reproductive healthcare that might end with the termination of a pregnancy, may need to pay close attention to their digital privacy and security. We've previously covered how those involved in the abortion access...
Jonah Stein@evacide It's a humble beginning, but how about "Don't talk about your plans on social media or (ever use) Facebook Messenger?"
Simple Nomad@evacide Infosec thinks in extremes at times. I've helped a few people that were non-technical, and I simply advised them to use a personal VPN and second email account assuming they needed email at all. Most are simply looking for information from clinics in a nearby blue state.
I will say I did step most of these individuals through the setup of the personal VPN per their request and it was still rather non-intuitive for them, or just "weird" as I was told more than once. All have written down instructions on how to "turn on" the VPN and do their research.
For particulars I've suggested ProtonVPN and ProtonMail (if needed) and most people simply used ProtonVPN and was done with it. Yes they all wrote down "click on the Quick Connect button". Most modern browsers support a "privacy mode" so that is also in their instructions.
But I do know what you mean, Infosec sometimes forgets how to talk to "normals"....
bEA ๐@evacide the replies sadden me, and I imagine you too.
Rick Deckard@evacide So true! Security/privacy often comes along like just another nerd bubble where digital preppers are arguing about threat models theyโll never face in reality. Meanwhile โnormalโ people losing their real world information battles day by day.
Ben Aveling@evacide I have 10+ years in info sec. I do not have practical simple advice for this situation. Itโs really hard to do anything without leaving traces these days.
๐ 5kidRo0t ๐ดโโ ๏ธ
โ
Amy Star โ
@evacide I once tried to get involved in an "Infosec for Kids" initiative but I was drummed out when I suggested that we need to prepare resources and solutions for kids who have abusive parents (even just basic opsec stuff like keeping things compartmentalized), because we could not, and I quote, "treat parents as adversarial".
anyway, that was six years ago. I hope they feel utterly stupid and smooth-brained after everything that's happened culturally, but probably not.
Skyler 
@AmyZenunim @evacide that's awful, it is important that kids with abusive parents know how to stay safer
but in practice i don't know if there is a good way to do it, because most parents would get really upset at the idea of anyone encouraging their kids to hide things from them and i wouldn't be surprised if it led to "grooming" allegations and stuff like that
i think maybe ideally there would just be stuff about it online and in books where kids would find it and it was mostly about basic opsec but also included info on the fact that some parents are abusive and its okay to try to avoid being unfairly punished, and info about the type of spyware available to parents and how to avoid getting in trouble from that
but in practice i don't know if there is a good way to do it, because most parents would get really upset at the idea of anyone encouraging their kids to hide things from them and i wouldn't be surprised if it led to "grooming" allegations and stuff like that
i think maybe ideally there would just be stuff about it online and in books where kids would find it and it was mostly about basic opsec but also included info on the fact that some parents are abusive and its okay to try to avoid being unfairly punished, and info about the type of spyware available to parents and how to avoid getting in trouble from that
@alienskyler @evacide the fear that you might be accused of "grooming" holds no weight for me. people are getting accused of "grooming" by simply saying the term "LGBT" out loud. let them say what they want.
๐๐@AmyZenunim sounds like you wete supposed to make them perfect little worker bees for three letter government agencies not actually give then agency.
Gadfly (-booq-)@AmyZenunim @evacide Did you ever find anything even beginning this? I tried to look and ask for advice like nine years ago, for a friend who needed it at the time, but got similarly stonewalled. I've carried the "I still have seen no answers to this" feeling with me, for the sake of the next person I see asking, and keep looking where I can.
Butterflyweed@evacide I just remember saying stuff along the lines of "holy shit don't use facebook to discuss anything, delete your period tracking app if it connects to the internet in any way, please for the love of all that is good and just in this world use something with encryption like signal to communicate plans"
TransitBiker@evacide sigh. ๐
prainbow@evacide signal
"Nurture-boy" Ric Flair@evacide
Just want to leave this here, since it may be relevant:
Abortion Care
Abortion Care No One should control your body โFor we have been socialized to respect fear more than our own needs..." - Audre Lorde MISO CARDS PLEASE NOTE: Abortion drugs are available through the mail throughout the US. Check out Plan C Pills for more information. If you need abortion services, check out this map [...]
@evacide I once tried to ask the cypherpunks mailing list if they had any thoughts or advice for a friend whose threat model was "my parents, who know enough to be able to install monitoring software on the home router".
Their thoughts were: "why would a kid be threatened by their parents? I'm a parent, and I have a right and possibly a duty to spy on my child's usage of the internet."
xyhhx@evacide my friend referred me to this when i showed them your post:
https://hackblossom.org/cybersecurity/
https://hackblossom.org/cybersecurity/
@xyhhx This is not a request for guides. I am extremely familiar with the security and privacy guides out there. I have written and contributed to a lot of them over the last 16 years.
bmaxv
'I'm Just A Girl'' | Notting Hill | Screen Bites
Richard K 
@evacide Jason Bourne seeking an abortion might make a good movie...
Zeugs@evacide I have read the replys and I don't understand the Message of your toot. I can understand frustration needing infosec for abortions in the US. But I think this is a much too serious matter to communicate that cryptic.
Maybe I'm just not a native speaker but:
What is your point?
What can people in this situation do?
Maybe I'm just not a native speaker but:
What is your point?
What can people in this situation do?
malte@Zeugs @evacide i think the point is, that many people give "security" advise to people without understanding what security-needs those people have.
your second question is a bit ambiguous, as it's not clear if "people" refers to "infosec experts" or "people who need an abortion".
and either way, it depends, but eva's follow-up post might answer both? https://hachyderm.io/@evacide/110709107081532289
evacide (@[email protected])
"Eva," you ask, "What does good, practical digital privacy advice for abortion-seekers look like if I'm not supposed to tell them to download Tails?" It looks like this: https://digitaldefensefund.org/ddf-guides/abortion-privacy