By Nathan Hewitt on April 16th, 2020
Security and Privacy Tools for Artistic Collaboration
Tips and Tools | Arts Business | Artists and Members | COVID-19
One of the most amazing things about today’s artistic world is how collaboration can happen across borders; both state borders and societal ones. People who might never have met have the opportunity to work together toward beauty, inspiration, justice, peace—and pure creative exploration. Tools to facilitate collaboration unbounded by geographic location are increasingly ubiquitous in our everyday life.
We are group chatting, making collaborative documents, hosting video calls, and more. With the spread of COVID-19, digital collaboration tools become even more important, replacing our normal means of working with one another and forcing many of us to build new online communication norms.
Something we do not always think of, however, are the ways in which collaboration might put people at risk. Whether in another country, or just another community, everyone is in a different situation. Artists’ work is often deeply sensitive and vulnerable, controversial and radical. Especially with work that is personal or political, when there is a lack of safety and privacy, fear can drive people apart. In some cases, artists could risk repercussions if their work were to get out prematurely, whether from governments, law enforcement, their employers, partners, family members, or other members of their community.
The more people use these tools, the more they will become the norm, and the more anonymizing they will be. When only one person in a hundred uses a tool that blocks Internet cookies, that person is still trackable since their activity is still distinct. When all of us use tools that block Internet trackers, that person is safer—and we all are.
In unpredictable times, we need to keep each other safe. To do so, you don’t need to be a tech whiz or fluent coder. Plenty of volunteer developers have already made tools and applications to help you and your team increase safety and privacy without sacrificing functionality.
Why Online Security Matters
When we talk about tools and services to increase digital security, we are also talking about protecting those of our community who are most vulnerable. From online trolling and harassment to racist artificial intelligence, the Internet is not designed to be safe for everyone, and it can have real-world impacts on people’s lives. Especially for those who may live under repressive governments, who may be trapped in abusive homes or relationships, and for women, trans and gender diverse people, for example, the ability to communicate safely is essential.
At Fractured Atlas, we operate under Anti-Racism and Anti-Oppression guidelines to identify and counter the impact of the various and combined forms of oppression affecting our community of artists and organizations. We seek to challenge or remove barriers to artistic expression, such as a lack of security and privacy. Through better and safer practices, perhaps using some of the tools explored here, we hope that you and your collaborators will be able to mitigate risk and build a resilient team culture.
Everyone’s relationship to privacy, risk, and art is different, and I encourage you to go through the process of threat modeling for your situation. Regardless of your personal risk level, however, defaulting to tools that are private and/or secure is the easiest way to maintain a team culture that keeps its people safe from online surveillance.
At Fractured Atlas, we support artists who are pushing the societal arc towards justice, which means that they can be at risk of retribution or surveillance. We want to support their visions for greater social justice by supporting their creative practices and by sharing tools to make their work safer to do.
First Step for Digital Security, Passwords
Before we get started with privacy, let’s take care of an important security basic. Get a password manager! Password managers generate passwords on demand and save them automatically, allowing you to use super-strong unique passwords on all of your applications without fearing you will forget them. Only you will have the master password to access your encrypted password vault. Many password managers also have Team or Enterprise options that allow for passwords to be shared across your group organization.
There are a lot of excellent choices, but an open source option that comes highly recommended is BitWarden. No matter which manager you choose, you can download and install it on all of your devices and be off to the races.If you want your passwords to be memorable but still relatively secure, try using a unique passphrase.
One more thing: for your password manager and for any online account that you set up, consider using two-factor authentication. Either your phone or an authenticator app should do the trick.
Encrypt and Secure Your Internet Activity
Using secure collaboration tools is important, but the folks using them can also be points of vulnerability. If one collaborator is at risk, it is important that all other ends of your communication are as secure as possible to help maintain their safety. While these tools are not exclusively “collaborative,” encryption tools are essential basics for keeping your Internet activity secure and private.
To start, I would recommend that you and your team use HTTPS Everywhere, an unobtrusive browser add-on from Electronic Frontier Foundation that ensures that your communications with many major websites are encrypted using HTTPS (whenever possible).
I’d also recommend the ad blocker uBlock Origin (scroll down for the installation links), tracker blocker Privacy Badger, and Decentraleyes, a plugin which complements the blockers by emulating local content delivery.
A Virtual Private Network (VPN) is also a useful tool for maintaining your privacy when using a non-secured public Internet connection, like that of a coffee shop or library. The VPN routes your Internet connection through its private server rather than through a shared Internet service provider, hiding your traffic from others using the same hotspot.
Remember, however, that a VPN doesn’t automatically make your communications anonymous or secure, and it can’t protect you if you connect to a fake Wi-Fi hotspot. For a more in-depth discussion, I would recommend reading this VPN disclaimer on Privacy Tools for more about the limitations of virtual private networks. Then you can go and check out a highly-recommended free VPN, Proton VPN.
If you spend a lot of time in coffee shops and deal with sensitive communications, consider using a privacy screen filter. For a more technical upgrade, you can change your DNS server to one of these resolvers.
Collaborate More Safely Online with Tor Browser. Get It. Use It.
Despite its association with the “dark web,” Tor Browser is actually just a normal-looking browser, a lot like Firefox, which is used by millions of regular people across the world. What makes Tor special is its volunteer-run servers and three layers of encryption that make your activity anonymous.
Here are the basics of Tor from the Tor Project, the nonprofit that maintains the service:
If you and your collaborators feel that you don’t need to be anonymous yourselves, but want to help others who are in need of anonymity (for instance, people who live under repressive regimes) you might consider using Tor anyway. The more people that use Tor, the more anonymous we all are. As the Electronic Frontier Foundation says, Tor is for everyone! Even when you are using a regular browser, you can consider using the Tor Snowflake browser plugin, which allows you to share access to free and open communication on the Internet with censored Internet users around the world.
Use End-To-End Encrypted Messaging for More Secure Digital Collaboration
Once your browsing is encrypted, you’ll want to make sure that your messages to one another are encrypted as well. Encryption means that the content of your messages cannot be read by the app or platform that you’re using, so surveillance is trickier.
In secure, encrypted communication, there is one app above them all: Signal. It works a lot like a normal text, phone, and video call app, except your communications are end-to-end encrypted so that not even Signal itself can read your messages. You can also set messages to disappear after a set amount of time. I have found the call and video quality to be surprisingly good, considering how much is going on, encryption-wise, inside the app. Highly recommended.
Some of you may be wondering about other messaging apps like WhatsApp and Telegram. WhatsApp uses the Signal protocol, and shares a lot of similarities, but is less secure and owned by Facebook. Telegram, unfortunately, does not have end-to-end encryption enabled by default and may have other issues. Signal stands above the rest, and recently added features like reactions and stickers.
For video conferencing I would recommend Jitsi, which is also encrypted and free to use. You don’t even have to set up an account. If you want to stick with the industry standard, Zoom, consider requiring encryption for third-party connections, and you should be sure to password-protect your meetings to avoid “zoombombing” by uninvited participants.
If your group uses Slack, you can try Keybase as a new alternative. Keybase is also end-to-end encrypted and has a setup that will feel familiar to Slack users.
For email, there are a few different options, but one of the most widely used is ProtonMail, from the makers of ProtonVPN (mentioned above). Note: Only emails between two ProtonMail addresses will be totally secure. Messages to other email services will not be encrypted. If someone does not or can not set up their own ProtonMail address, you can send one-way encrypted messages using this process.
Utilize Secure Document Collaboration Tools
For creating shared documents, spreadsheets, and presentations, the GSuite (Google Drive, Google Docs, Google Slides) is by far the most popular option. Like with other platforms and businesses, however, governments can request user data from Google through laws such as the FISA Amendments Act Section 702 in the US, as well as other similar laws throughout the world.
These laws are what makes encryption so important: the services providers will provide the user data, as is required by law, but they will themselves have no way of decrypting it, and neither will the government (or any other infiltrator). One such secure alternative to mainstream services is CryptPad. CryptPad may not be as fool-proof as Google Docs, but it works well and doesn’t even require an account. Multiple users can log on to edit documents and the files are encrypted so your work stays secure. The service is under development but it is already one of the best options for collaboration, alongside services like RiseUp’s hosted EtherPad, which allows you to set up collaborative text documents in seconds.
One of the most difficult items to replace when moving away from the Google suite is a calendar—especially one with events that can be shared. For now, you could consider signing up with ProtonMail and their ProtonCalendar, which is currently in “beta.” For a more technical set up, you can try EteSync. On a related “note,” you might try Standard Notes, an encrypted notes app that syncs on all your devices.
Keep Learning about Collaborating Together, Safely
Technology is always changing, which means that both the risks and the things we can do to mitigate risks and keep ourselves safe are also always changing. Successful and secure digital collaboration is an ongoing process, so we encourage you to keep learning and to check out some of the resources that we trust.
For a full overview of all of these tools and so much more, be sure to check out PrivacyTools.io. It has an active base of volunteers that maintain the most up-to-date information on staying private and secure on the Internet. Another great site of that kind is Prism Break. For other alternatives, especially free and open-source ones, AlternativeTo.net is a useful tool.
My last shout-out is to Tech Learning Collective, an amazing educational organization that can teach you all about online security. I owe much of this guide to what I have learned from them and the personal research their work has inspired. TLC has recently started to do more webinars (event calendar), so their work is now accessible from anywhere!
Check out some of the other digital tools we suggest to artists.
About Nathan Hewitt
Nathan Hewitt is a nonprofit arts professional and contemporary musician. Prior to Fractured Atlas, Nathan worked with Donorly, Actors Theatre of Louisville, the Norton Center for the Arts, Naco Wellness Initiative, WRFL Radio Free Lexington, and Binge Culture Collective. Originally from Indiana, he is a former Gaines Fellow at the University of Kentucky. Nathan believes that artists, organizers, and nonprofit organizations together have the power to create a more just and equitable society.