Security of Data at Rest

Resources for securing the data stored in your devices and your online accounts.

Last updated: Jan 2019

• ACCOUNT SECURITY
  • MyActivity (Google)
  • Takeout (Google)
• CLOUD STORAGE AND BACKUP
  • Disroot
  • eclips.is
  • Tresorit
• PASSWORDS
  • PASSWORD MANAGERS
    • Encryptr
    • KeepassXC
    • LastPass
• SECOND-FACTOR AUTHENTICATION
  • YubiKey
• USER-SIDE FILE ENCRYPTION
  • Cryptomator
  • Veracrypt
• WEBSITE SECURITY
  • Certbot
  • Deflect

---

ACCOUNT SECURITY

MyActivity (Google)

WHAT: A service that allows you to check the privacy and security of your Google account.

USEFUL FOR: Controlling what data you share with Google, checking the security of your Google account across Google products.

COST: Free.

DIFFICULTY: Easy.

LEARN MORE “View & control activity on your account”.

Takeout (Google)

WHAT: A service that allows you to make a copy of your data from across Google products.

USEFUL FOR: This may come in handy if you have to, for example, deactivate or remove a Google account that has been compromised. Make a copy of your data stored with Google before deleting the account altogether.

COST: Free.

DIFFICULTY: Easy.

---

CLOUD STORAGE AND BACKUP

Disroot / Nextcloud

WHAT: Disroot is a project based in Amsterdam, it is maintained by volunteers and depends on the support of its own community. It offers online services including a cloud service using Nextcloud, an open source cloud-based file storage and collaboration software.

USEFUL FOR: Safe cloud storage, syncing and sharing of files, calendar, contacts and more. Secure alternative to popular/commercial service providers such as Google.

PLATFORM: Works across platforms, on both computers and mobile devices.

COST: 2GB of free storage. Paid for additional storage space.

DIFFICULTY: Easy.

LIMITS: Space storage is relatively more expansive than commercial alternatives.

JURISDICTION: The Netherlands, EU.

LEARN MORE: Check out the other services that Disroot offers:

• Webmail.
• Diaspora, a user-owned, decentralized social media platform.
• Discourse, an open-source “modern approach to discussion forums”.
• Prodosy, an open-source, encrypted and decentralized instant messaging service.
• Etherpad and Ethercalc for collaborative editing.
• PrivateBin, an open-source online pastebin and discussion board.
• Lufi, an open-source, encrypted temporary file upload service.
• SearX, an anonymous multi-search engine platform.
• Dispoll, an online service for conducting polls and planning appointments.
• Taiga, an open-source, project management board for programmers, designers and startups.

eclips.is

WHAT: Platform for deploying your own, secure mail, chat and video conference services, or building your own applications. Funded by Open Technology Fund, eclips.is is administered by Amsterdam-based tech company Greenhost.

USEFUL FOR: Protecting your infrastructure especially if you are working with privacy-sensitive information and do not want to depend on software by big corporations like Amazon, Azure and Digital Ocean.

WHOSE ELIGIBLE: Human rights organizations and human rights defenders, whether journalists or activists.

COST: Free.

DIFFICULTY: Hard.

JURISDICTION: The Netherlands, EU.

LEARN MORE ON HOW TO GET STARTED at eclips.is.

Tresorit

WHAT: Online cloud storage service.

USEFUL FOR: Storing, sharing, syncing data across devices and backing it up safely. Tresorit uses strong security features such as end-to-end encryption and two-factor authentication to protect your data.

PLATFORM: Works on mobile and desktop, across all platforms.

COST: Variable. Tresorit provides limited free subscription for nonprofit organizations.

DIFFICULTY: Easy.

LIMITS: Because Tresorit is NOT open source, some of its security claims cannot be entirely verified. You will, therefore, use it at your own risk.

JURISDICTION: Switzerland, EU.

---

PASSWORDS

PASSWORD MANAGERS

Encryptr

WHAT: Open source, fully encrypted password manager.

USEFUL FOR: storing passwords and syncing passwords across your devices.

PLATFORM: Works on mobile (iOS and Android) and desktop (cross-platform).

COST: Free.

DIFFICULTY: Easy.

KeepassXC

WHAT: Free, open source, fully encrypted password manager.

USEFUL FOR: Generating and safely storing passwords, notes and files in your device.

PLATFORM: Works on desktop (cross-platform).

COST: Free.

DIFFICULTY: Hard.

LIMITS: Hard to sync across devices.

LEARN MORE at KeepassXC.org.

LastPass

WHAT: Browser-based password manager.

USEFUL FOR: Generating, managing passwords and syncing them across devices. Also useful for safely sharing passwords and secret notes with other LastPass users.

PLATFORM: Works on mobile (iOS, Android, Windows Phone) and desktop (cross-platform).

COST: Freemium.

DIFFICULTY: Easy.

LIMITS: LastPass is not open source. It is, however, recommended for most users for its ease-of-use and solid security record.

---

SECOND-FACTOR AUTHENTICATION

Having extra steps of authentication requires that you enter other methods of authentication on top of your usual password to log in to your accounts. This adds an extra layer of protection, like an extra lock on the door, making your online accounts much harder to break.

There are many methods of authentication. Below, we list those recommended most.

YubiKey

WHAT: Hardware authentication device (small USB key or wireless dongle).

USEFUL FOR: Securing access to your most senstive accounts. To log into your account you would need to input your password then plug in or activate the device (usually a small USB key) to be able to have access.

PLATFORM: Works on mobile and desktop (cross-platform).

COST: Variable, starting around $20.

DIFFICULTY: Medium.

LIMITS: Some security keys (older models) only work on devices with a USB port. More recent models no longer require being plugged in and can be activated remotely at the push of a button.

LEARN MORE about security keys here.

---

USER-SIDE FILE ENCRYPTION

Cryptomator

WHAT: Open source user-side encryption for your local and cloud files.

USEFUL FOR: Protect sensitive files before you store them in your device (computer or mobile) or upload them to the cloud.

PLATFORM: Works across platforms.

COST: Free on desktop. Around €5 on app stores.

DIFFICULTY: Easy.

LEARN MORE: Video tutorial.

Veracrypt

WHAT: Open source disk and file encryption software.

USEFUL FOR: Full disk encryption and to protect sensitive files before you store them in your computer.

PLATFORM: Works across platforms.

COST: Free.

DIFFICULTY: Medium.

LIMITS: Does not work on mobile devices as of the publication of this notice.

LEARN MORE: Video tutorial.

---

WEBSITE SECURITY

Certbot

WHAT: Bot developed by EFF for the deployment of Let’s Encrypt certificates.

USEFUL FOR: Enabling HTTPS on your website for free, if you haven’t already. HTTPS is a protocol that secures data (such as login credentials) between a browser and your website. It also helps authenticate your website for its users.

COST: Free.

DIFFICULTY: Hard.

LEARN MORE about why HTTPS matters.

Deflect

WHAT: Free open source anti DDoS (distributed denial-of-service) attack mitigation service.

USEFUL FOR: Protecting your website from DDoS attacks.

COST: Free. (Elgibility criteria do apply.)

DIFFICULTY: Hard.

LEARN MORE about DDoS attacks here.