Recent reports about CIPAV illustrate a point
For those unaware of CIPAV, you can get details here and here. It’s really not a new concept but it does bring up a point I’d like to make again for the novices. If the FBI can do it, malicious people or oppressive governments can do it too (and actually have been for some time).
It’s extremely important that you choose the software you use carefully and that you stay current with patches. Many of your favorite applications have had serious vulnerabilities in the past and may so again in the future. Only you can protect yourself from what is allowed to run on your machine.
Things running on your machine are your greatest risk. They can get any information that is available to them and send it anywhere, negating any proxy or vpn, even Tor. There is nothing automated that will secure everything for you and keep it all updated properly. You will need to learn about your system and it’s configuration, pay attention to what runs on it, watch for reported vulnerabilities, and patch them.
Each system is different so I won’t try to go into details, but favor peer reviewed open source to closed source whenever possible and get it from jurisdictions that have no issues with how you intend to use it (helps minimize prospect of source tampering). In other words, don’t download from any entity software you may be using to report abuses by that entity (this should be common sense).
Those of you in serious situations should lose the “cool things” on the net, like video, flash, java, and other plugins, or at least run something that makes them unavailable to untrusted sites. Participation in Facebook, Myspace, and other large social networks should probably be avoided where possible in favor of a blog you fully control (users may request our web hosting, which allows even a novice to easily install and run things like this blog).
Try to remain as text based as possible on the Net. Run antispyware, antitrojan, and antivirus software and frequently scan. Don’t open unknown attachments and don’t follow unknown links sent by mail or message. Don’t leave your computer on or able to be woken up when you are not at it. And as always, stay up to date with security patches (not enough of you do this).
Google and ask what you do not know and investigate anomalies. Everything mentioned is especially important for those of you reporting on abuses or accessing forbidden information from behind a wall of information blackout.
