How the IP spy attack works




Protecting Your Anonymous Account


  1. Don't reveal information that can be used to link your account to a person, or a different account.
  2. Do ensure that the other accounts linked to your anonymous account (Twitter, Facebook, e-mail) use the same anonymous identity.
  3. Don't open unsolicited or suspicious links or attachments.
  4. Do document any suspicious links or attachments, forward the suspicious items to bill@bahrainwatch.org, and block the sender
  5. Do follow these steps to prevent malicious links from revealing your identity:

Computer (Windows, OSX, Linux):

  • Only access your anonymous account in the TOR browser. Do not access your account from your regular web browser, or any apps (TweetDeck, HootSuite, etc.)

Phone (Android):

  • Install HotSpotShield for Android from the App Store. Connect to HotSpotShield before you use your anonymous account. Warning: the VPN can disconnect at any time, while you are using your anonymous account keep checking to make sure it is connected.

Phone (iPhone or Blackberry):

  • Avoid using your iPhone or Blackberry to operate an anonymous account. If you must, only do so through a VPN

Phone (All phones):

  • Choose a strong PIN/passcode. Turn on your phone’s “screen lock” feature. If you are using Android, make sure your encrypt your phone (Settings > Security > Encrypt phone).
  • Turn off GPS / location on your phone to prevent attaching location to photos/videos you upload. iPhone: (Setting > Location Services); Android (Settings > Location Access)

Do take these steps to ensure the Government can’t use your accounts to attack others if, God forbid, you are arrested:

  • Designate a trusted friend or family member as a “backup operator” for your account. Tell them the username and password. When you are arrested, they will immediately change the password.
  • If you use Whatsapp or any other instant messaging app to communicate with other activists then it is recommended that you delete your chat history daily to prevent the government from exploiting it to target others in the event you are arrested or your phone confiscated.
  • If your village or house is raided, take the battery out of your mobile phones and hide them immediately. If you cannot take the battery out of the phone, turn it off and enclose it in metal (e.g., completely cover it with aluminum foil) to block the signal. Police will search and confiscate all electronic equipment found on the premises.

Key contacts for help with any of this or for more information:

  • Bill Marczak @billmarczak
  • Reda al-Fardan @ibnkan
  • Ali Abdulemam @abdulemam

Good websites with extra info:



Installing and Using the TOR Browser


PC:

  1. Download from here
  2. When the download is finished, open the file. You will see a window like this:



  3. Click on “...” You will see a list of folders. Scroll to the top and click on “Desktop.” Then click on “OK,” then click on “Extract”



  4. Installation is complete!
  5. Whenever you want to use the Tor Browser, go to your Desktop, and open the folder called “Tor Browser.”



  6. Double click on “Start Tor Browser.” You should see a window like this come up for a short amount of time, which shows the progress of loading the Tor Browser. Wait and the browser will automatically start. If it does not start after a few minutes, check to see that your computer’s clock is set to the correct time, and is on the correct time zone:



  7. When the Tor Browser is ready to use, it looks like this.



  8. Now, you can operate your anonymous Twitter, Facebook, and e-mail accounts from the Tor Browser. Do not use the regular browser to operate anonymous accounts. To ensure you are using the Tor Browser and not the regular browser, always make sure it says “TorBrowser” in the top left. The Tor Browser will be slower than the regular browser:



Mac:

  1. If you are using a recent Mac, download from here. If you are using an old Mac, download from here.
  2. When the download finishes, you should see it in the downloads folder:



  3. Drag “TorBrowser_en-US” to the desktop. Installation is complete!
  4. Whenever you want to use the Tor Browser, go to the desktop, and Ctrl+Click (or right-click) on TorBrowser_en-US on the desktop, and then click “Open”:



  5. If you see this window. Click “Open”:



  6. You should see a window like this come up for a short amount of time, which shows the progress of loading the Tor Browser. Wait and the browser will automatically start. If it does not start after a few minutes, check to see that your computer’s clock is set to the correct time, and is on the correct time zone:



  7. When the Tor Browser is ready to use, it looks like this.



  8. Now, you can operate your anonymous Twitter, Facebook, and e-mail accounts from the Tor Browser. Do not use the regular browser to operate anonymous accounts. To ensure you are using the Tor Browser and not the regular browser, always make sure it says “TorBrowser” in the menu bar left. The Tor Browser will be slower than the regular browser:



  9. When you are done using the Tor Browser, you may exit it by going into the TorBrowser menu, and clicking Quit TorBrowser:



  10. You should also exit Vidalia by clicking on the “Exit” button: