How to stay safe online as an LGBT person in the Middle East

This article in the first part in a series explaining ways people in repressive nations may stay safe in cyberspace.

Digital security means protecting digital data, information, and resources from internal, external, intentional or accidental threats. In countries with regressive governments such as Iran, Syria, Saudi Arabia, and Afghanistan the authorities constantly monitor the Internet and cyberspace. There have been numerous reports of people being arrested for their digital activities. The LGBT community is not immune to these dangers. In Iran the cyber police, called FATA, are charged with identifying and detaining users. Security forces routinely appear on LGBT dating apps to trap people or install spyware on their devices.

But many LGBT citizens still do not seem to take the risk of being monitored in cyberspace seriously. Still others believe that by just using the Internet their identities are automatically protected.

Personal Computers

The first step in securing personal computers is to use the correct operating system. All operating systems in the markets of countries such as Iran, Afghanistan, Syria and Iraq with no access to the free Internet have been compromised. Some Windows tools and security features designed to protect users’ information may be intentionally or unintentionally disabled. This will create dangerous security holes in Windows.

In Iran, for example, the regime sells fake Windows products where they break the encryption, install malware in the operating system, and sell these products to consumers. Since people may not have access to the original versions, or they are too expensive, they purchase these cracked versions. To prevent this, use the original operating systems and make sure the label or hologram is valid. The hologram is a registered logo which may be scanned to ensure it is the original.

 Do not trust software purchased on local online shopping apps.

Instead, download or buy applications from known sources, including official international websites.

We also recommend installing a firewall and an antivirus program on your system for more security.

You can use the following links to download free security software and firewalls:

Antivirus: https://www.avg.com/en-eu/free-antivirus-download

Firewall: https://personalfirewall.comodo.com/

Storing sensitive data

The best way to store important and sensitive files is to save them as hardware and not online. This reduces the possibility of being hacked and helps to restrict access to your files. If you store sensitive data on hardware such as a hard drive, keep it in a safe place.

Be aware when you delete your data from a computer’s memory, even if you empty the Recycle Bin, there is still a chance the data will be restored or recovered. When a file is deleted from memory, that part of the computer’s internal memory is freed up to store new information there. In other words, you will no longer be able to view the file and will no longer be able to access it in the usual way. But old information is available until new data is stored in the same place, and this information can be retrieved using special software. Use File Shredder or Eraser software to remove data from memory altogether. However, you still can not be sure of deleting 100% of the data. In extreme situations, it is better to destroy the memory physically if necessary.

If you feel threatened by your government, it is not recommended to use your mobile phone to access services where you have stored sensitive information. One of the reasons for not using a mobile phone for such cases is that security forces can easily check all your accounts if your mobile phone is stolen or you get arrested with your phone. In these situations, authorities can read your conversations or access your photos and other information.

If this happens to you, you should immediately change the password for all the accounts you were using on that phone as soon as possible.

All smartphones have GPS tools. You may have granted access to your location while installing applications. Therefore, your location may be accessible through these applications. We recommend that you always turn off your cell phone GPS.

Internet

Whenever users connect to the Internet, they are assigned an Internet identifier called an IP. When you visit a website like Yahoo or Google, this Internet ID is specific to the destination, and any sending and receiving is done through the same IP. The second issue is that all this traffic is sent and received from the channels provided by the service provider to you; in other words, all this traffic is visible to the service provider as long as it is not encrypted. People can be identified through traffic and IP.

It will help if you do not connect directly to the Internet to prevent this from happening. Be sure to get help from a proxy or a VPN.

If you want to manage your emails with your mobile phone, remember to use the main applications from those email services. If you’re going to use the browser to manage emails, include HTTPs in the URL. This protocol is more secure than HTTP.

Never use the same password for multiple accounts, especially for emails. You should not share your email and password with anyone else.

If you are asked to enter your email username and password on a website for a specific purpose (such as inviting friends), you should not do so, especially on anonymous and unreliable websites and applications.

Do not click on links or attachments sent via unknown email addresses.

If you receive an email about winning a contest or receiving a prize, and if you do not know the sender, do not reply to it at all.

Have separate emails for your various activities. Create an email with a real name for business and official correspondence. For leisure activities and registration on social media platforms, use a separate email with a nickname. Create a third email for private and risky tasks.

Chat apps

In most chat apps and messengers, the user’s IP is visible and recognizable to the other party. For this, you must use VPNs when chatting. VPNs encrypt all user traffic, not just in browsers.

If you receive a file during conversations from an anonymous recipient that looks like a photo, do not click on it at all. This image file may contain viruses or malware that, when clicked, will be immediately installed on your system.

If you receive nonsensical messages or see a warning or error in which you do not know the meaning, do not click on it. In these cases, you must close the application.

If you are asked for unnecessary information in chat applications or email messages, it is better not to respond. Security forces may be asking for the name of your school, university, city of residence, city of birth, job title, or other identifying information.

Social media

Most people spend part of their daily lives on social media, and to some extent, these networks have become an integral part of today’s life. It is better to separate personal and family accounts from the accounts you use for more public activity. You should not publish your private pictures in the account related to risky activities. Any information such as an address, contact number, real name, or place of study can be very dangerous. Despite all the security tips, users can still be identified through their friends. While you may not have left any trace of yourself on a seemingly private account, you can be identified by an examination of your friends or the friend list of other people.