Home

01 Feb 2020

Working Securely During COVID-19

With the COVID-19 we’re all trying to continue to work with online sessions and remote communication. Some professionals that have to do their work in person to discuss private matters, such as lawyers, financial advisers or therapists, have been asking how to continue to work remotely without risking privacy. I’ve curated a list of apps that allow for secure and encrypted communications. Regardless of the pandemic, activists, investigators and whistle-blowers have used these apps for their work.

Video Conferencing

Jitsi

Jitsi is an encrypted, open-source group videoconferencing app available on multiple platforms such as web, Linux, macOS, Windows, iOS and Android. The Jitsi Videobridge briefly decrypts the data to pass it on, check out the full details, but there’s a beta for a true end-to-end encryption solution. You do not need to create an account to use Jitsi.

Chat and Calling

Signal

Signal is an encrypted chat app that is available for Android, iPhone, and desktop computers. It encrypts messages so that only the sender and receiver can read them, called end-to-end encryption. It offers group chat, and ont-to-one encrypted video and voice calling. You can also choose to have messages disappear after a specific time once viewed.

Remote Collaberation

Riot

Riot is a secure alternative to Slack. It features end-to-end encrypted chat rooms, file sharing, video and voice calling. It is open sourced and available for desktops, iPhone and Android.

Retroshare

A privacy equivalent to Slack. Offers encrypted connections between you and your acquaintances to create a network of computers. It also provides various distributed services: forums, channels, chat and mail. Retroshare is a decentralized network designed to provide security and anonymity to its users. Retroshare is free and open-source software. Open Sourced means that the full code for the program is open to the public so that security researches can audit it to make sure there are no weaknesses or back doors.

Loomio

An alternative open sourced collaboration software to the above.

Cloud Collaboration

CryptPad

The Zero Knowledge Cloud. In the current health crisis linked to the COVID-19 outbreak, CryptPad supports remote working. The storage limit for all registered users is 1GB. Registration is free and there’s no personal data required.

Proprietary services like Google Drive and Dropbox have weakness; the companies can access all the documents you’ve opted to send to them. Cryptpad is free, open sourced and uses a blockchain for a zero-knowledge platform for collaborative document editing. This ensures only the people working on the documents have access to them.

It offers common features such as presentations, sheets, notes and whiteboards.

NextCloud

NextCloud is an alternative open sourced project to CryptPad. It provides document syncing and sharing that also respects your privacy. Some of the features it includes are Contacts, Calendar, Video calls, Mail and Newsreaders.

Riseup

Riseup is special in that it offers many collaboration features. First, users can encrypt and share files via share.riseup.net. It also offers a VPN, as well as an Email service. Many activists have chosen this platform for their work.

Using Tor? - OnionShare

OnionShare is an open source tool for securely and anonymously sending and receiving files using Tor onion services. TorBrowser acts like the Firefox internet browser but hides your location from sites you’re visiting. It does this by concealing your IP address through a series of virtual tunnels.

Too difficult to switch platforms? -> CryptoMator

This is a secure solution if you have to use Google Drive or DropBox. It encrypts folders with a password. That way, it provides transparent document protection from unauthorized access. It’s free and open source. You can test it out with one folder in the cloud and have people try out CryptoMator while the rest of the drive stays untouched.

Calenders

Etesync

Etesync offers private encrypted calendars and contacts. It uses end-to-end encryption for syncing your contacts, calendars and tasks.

Passwords

KeePassXC

The problem with many password managers are that they are proprietary and closed source; there’s no guarantee the company has not put in a back door allowing them access to your passwords. When it comes to a master place that stores your passwords, it’s important that this is secure. The full code of KeePassXC is is open for public review. It stores the passwords encrypted and the app works on many different platforms. That’s it for now. This list will get updated as new as I conduct more research.

Last but not least, while the topic of financial privacy is beyond the scope of this article, I’ll briefly mention an alternative and private way to exchange currency in a world this is going cashless.

Cryptocurrency

A good way to keep a level of financial privacy is to use cash. While companies are moving away from cash and the pandemic is accelerating that, there are many online and technical servies that accept cryptocurrency.

Cryptocurrency - Monero

Monero is a cryptocurrency that solves many of the privacy and security issues of Bitcoin.

Cryptocurrency exchange network - Bisq

Banks and governments have forced many companies to undo security for Bitcoin and Litecoin trading. For example, while cryptocurrency solves the privacy problem, many organizations are requiring government ID and photographs to do purchases or exchanges. Bisq is the opposite of that. It’s a private exchange network that does not not require you to submit your personal information to do exchanges and transactions.

Bitcoin ATMs

One way to obtain cryptocurrency with a degree of privacy is through a bitcoin ATM, however some regions have specific laws which require identification or have limits. You can find the specific regulations and ATMs near you. The know-your-customer measures are set by the provider so it’s ultimately up to them how strict the identification settings are. Many of the ATM listings are starting to put that information in the description for the location so that you don’t waste travel time.

Where To Go From Here

That’s it for now. For more information about security and privacy, see the suggestions in my Privacy Tips for Investigators article.

If you have any questions, feel free to contact me through any of the contact options at the top of this page. Last but not least, stay safe during COVID-19.