Security in a Box (SiaB) is a project of Front Line Defenders.
Created in 2005 (as NGO in a Box - Security edition) in collaboration with Tactical Technology Collective and then renamed to its current title in 2009, it was significantly overhauled by Front Line Defenders in 2021 and is undergoing a continuous update process.
Security in a Box primarily aims to help a global community of human rights defenders whose work puts them at risk. It has been recognized worldwide as a foundational resource for helping people at risk protect their digital security and privacy.
Security in a Box is a free and open-source tool hosted on Gitlab.com.
If you would like to give us feedback or contribute to Security in a Box, please follow the instructions in the Readme file of the SiaB project on Gitlab.
If you would like to send us an email, you can write to siab @ frontlinedefenders . org.
To encrypt your message, you can use our GnuPG public key.
Access Security in a Box anonymously
To access Security in a Box anonymously using the Tor Browser, you can visit the onion service below:
http://lxjacvxrozjlxd7pqced7dyefnbityrwqjosuuaqponlg3v7esifrzad.onion/en/
About Front Line Defenders
Front Line Defenders was founded with the specific aim of protecting human rights defenders at risk, people who work, non-violently, for any or all of the rights enshrined in the Universal Declaration of Human Rights (UDHR). Front Line Defenders aims to address some of the needs identified by defenders themselves, including protection, networking, training and access to international bodies that can take action on their behalf.
SiaB is a resource any organization can use to discuss, plan and implement changes to make their use of the internet more secure.
For the purposes of digital sovereignty, I recommend in particular the Protect the privacy of your online communications page. There’s alot to consider!
Focusing on email:
Use email more safely
Although many people use email only rarely, and prefer to use encrypted chat apps or video calls for their everyday communications, we still use email for many different reasons, for example to create other online accounts and to organize our work and conversations.
By default, email is not the most secure method of online communication, since it is not encrypted, carries a lot of metadata, persists on the providers’ servers and can expose you to phishing, malware infections and other attacks. Still, it is a resilient technology that will ensure the continuity of communications even if servers stop functioning for a while, so it’s worth learning how to use it in the safest way possible.
That link to secure your email communications is also worth a careful reading. For digital sovereignty, you (or someone in your organization) should become intimately familiar with everything on this page. It will help you understand how email works and why self-hosting is a good idea. It will also help you decide how you want to set up and use your email so you and the people you are using email to communicate with are as secure as possible.
An email is a text message (which can be accompanied by file attachments) that you send through the browser or using a mail client app installed on your device (for example Thunderbird or K-9 Mail). When you click the Send button, your message reaches your email provider’s servers, where it is stored (usually in your Sent folder) and can also be backed up. Your provider then forwards it to the server of the provider used by your recipients, where it is stored (and can be backed up again). Finally, the email is delivered to your recipients, who read it through their browsers or mail clients of choice. At this point recipients can decide to either keep the email stored online or download it to their devices and delete it from their provider’s servers.
Nowadays many people use email only rarely, and prefer to use encrypted chat apps or video calls for their everyday communications. However, we still use email for many different reasons, especially to create other online accounts and to organize our work and conversations based on different parameters.
By default, email is not the most secure method of online communication, since it is not encrypted, carries a lot of metadata, persists on the providers’ servers and can expose you to phishing, malware infections and other attacks. Still, it is a resilient technology that will ensure the continuity of communications even if servers stop functioning for a while, and as explained in this guide, there are ways of making it more secure.
Not explicitly mentioned but important to keep in mind is that big tech email providers like gmail work exactly the same as self-hosted email. The only difference is that they are accessing and using your data to make money in various ways, including by selling it.