Digital rights of vulnerable groups 2

How can vulnerable groups, including the LGBTI+ population, protect themselves online and what should they pay attention to?

We need to start from the steps where we still have some form of control. Today, when using different types of platforms, whether they are social networks or some other sites, e.g. online stores, we are often put in the position of a passive observer or someone who can post user-generated content. Will that content be blocked, removed, etc. remains to be seen. There are various problematic points, e.g. due to the policy of Instagram or some other network, the content we have posted can be removed. Again, there are some things we can do ourselves as a precaution, so that even if some kind of incident does occur, there are multiple lines of defense.

What is one of the most important things when we create accounts either for us personally or for the organization we work for, is creating unique, long and complex passwords. Such passwords are difficult to guess using technical methods. We are all used to having to remember those passwords, to write them down on paper, and every day we run the risk of losing the notebook in which we wrote down the passwords or simply forgetting them, if we did not write them down. At some point, users give up on precautions, and put in easy and insecure passwords. It only takes a few hours for someone with the necessary skills to crack a short and simple password. Nowadays, it is practically impossible to remember all the passwords we have, considering how many accounts we have for different things.

Password managers, specially designed applications, should make this process easier for users. Those applications are specially designed to protect our passwords, so they are not accessible without the chosen master password. So, there is only one password we need to remember, and it should be as long as possible, as complex as possible and not contain any information that someone who knows us can easily find. Once we enter all those passwords for various accounts in that application, we continue with only one password. Those password manager apps can also generate a lot of quality and random passwords. Some of the most prominent applications for this are: KeePass, Bitwarden and KeePassXC. Passwords must be unique, i.e. not to be repeated for different accounts. The password should be at least twice as long as the minimum prescribed by a specific platform. The longer the better, especially if we use password managers. Complexity is a separate issue. Passwords must be composed of different types of characters, lower and uppercase letters, numbers, punctuation marks, special characters... this simply increases the number of random attempts needed to crack a password. The number of combinations and the time needed to break those codes increases. It is our first line of defense and is truly important.

Another important thing is the inclusion of two-factor authentication. It allows that even if someone breaks your password or discovers it by accident, there is another level of defense i.e. a one-time code, usually six digits, that you receive every time you log in from another device. For example, Google sends you a warning email when someone has logged into your account from an unknown location and device. Google Authenticator is a special application that generates authentication codes by itself. Moreover, there are physical keys, for the most advanced users, and they are similar to USB flash drives and through them physical confirmation is performed when you access an account.

How can we protect ourselves when it comes to data, since we have been talking about digital security issues so far?

We should always read the privacy policy and see if a platform even has one. If something seems strange to us, for example, the platform collects data that is not necessary at all to provide the service to us, we should be careful and find an alternative option. Many mobile applications thus request permissions to access data on our devices. We should think about why we would give a simple application, such as notes or reminders, access to our location. This is especially important when it comes to vulnerable groups, because they can go to specific locations. Then some other information, e.g. conclusions about your sexuality, can be deduced from the location and movement data.

When it comes to freedom of expression, the biggest problem is the freezing effect, due to the reactions of people who can be quite rude and aggressive. There is also a group of people who make direct threats, that they will attack the body and life of a certain person, which we must take seriously. This denies us the right to assembly, expression, as well as the right to protect personal integrity and sense of security. Such threats should always be documented via screenshots. It should be documented when it happened, from which account the threats were sent, and everything else that could be useful for some further process for the protection of rights and freedoms. Direct and serious threats should be reported to the competent authorities, and if a person feels that they need emotional support, they should look for it among friends or family or contact organizations that deal with the LGBTI+ issues. Unfortunately, in homophobic societies, such as Serbia, this happens often and intensifies with public debates, for example, on the eve of Pride.

We are currently in Perast, waiting for the digital rights school. Can you tell us more about that?

We are currently in Perast, Montenegro, where the digital rights summer school is being organized. We gathered a large number of experts from the Western Balkans, but also from Europe, who deal with issues of freedom of expression on the Internet, data protection and digital security. We will try to, through a program that will last a week, bring these topics closer to people, to enable them to discuss with experts what are the biggest challenges and what are our next steps. This is all happening within the SEE Digital Rights Network, which includes more than 20 organizations from the region of Southeast Europe.