Yeah, that's been my best guess for where to go next as well. If anyone reading this has experience preparing a site to support right-to-left (RTL) text and wants to reach out, please hit us up!
What languages should we translate Activist Checklist to next?
Haven't heard of it. It's not end-to-end encrypted, so it has all the same risks as any other cloud video conference provider: The government can request the data, or it can leak. It being in Germany only helps US activists slightly, because Germany will still turn over data if they receive an MLAT
These are machine translations and we need help approving them. If you know Spanish-speakers who are also familiar with technology/security, we'd love their help improving the translation. Anyone can make an account and use our online system to edit/approve the text: activistchecklist.org/contribute
ActivistChecklist.org homepage in Spanish!
Big update: We just released a full Spanish translation of Activist Checklist!
activistchecklist.org/es/
Spanish translation has been the #1 request we've received since the site launched. Please help us spread the word!
(Also, we need help proofreading the translation. See thread.)
Everything I understand about the implementation of end-to-end encryption indicates that it was slapped together really quickly and hasn't been audited and rigorously tested. If you're self-hosting Jitsi (and therefore don't care as much about E2EE) then it's probably fine to use.
Yep there's a difference between "notifications are still on for Signal, but only badges" (which lets calls through, it seems!) and "notifications are entirely off" (which won't let calls through). Glad to know!
You'll notice that all of our main checklists have a step for "disabling advertising ID" -- That's because of the reporting that's come out about #Webloc from @citizenlab.ca and others. Cops and ICE can look up your data because some random apps you have are selling your data to make a buck.
Has anyone tried Proton Meet yet? I haven't trusted Jitsi for activist meetings for a long time. Zoom has end-to-end encryption which I trust fairly well, but I'd much rather have non-US infrastructure. Looks like it supports up to 50 participants, and you don't need an account to start a meeting.
Oh interesting. I hadn't tested it with just badges on.
I do think it's true that if you fully disable notifications, calls won't come through though.
Thanks for sharing, as always.
Important to also:
• Disable this on Signal desktop, if you use that
• Make sure you have disappearing messages on
• And follow the other steps on the guide about securing your device and other signal settings
One of the trends we're always tracking is the increase in state repression. This use of grand juries to try to silence dissent is concerning. If you don't know, federal grand juries happen with a lot of secrecy. The govt appears to be using them to try to unmask online dissenters.
The only downside to turning off all notifications is that you won't receive incoming Signal calls. Which is why just disabling "name and content" in previews is a helpful option to have.
And if you prefer video, here's the @404media.co explainer video on the situation. bsky.app/profile/404m...
Full checklist on our site here:
activistchecklist.org/signal/
Security is a team sport. Share this thread and get your people to lock down their Signal too.
GROUP HYGIENE: If your phone is seized, group memberships map your entire network.
Before anything risky, leave AND delete groups you don't need. Write down who can re-add you later.
REGISTRATION LOCK: Prevents account hijacking via SIM swap.
Signal > Settings > Account > enable "Registration Lock"
While you're there, upgrade your PIN to 8+ random digits. Save it in your password manager.
LINK PREVIEWS: Disable them. A 2025 attack showed they can reveal your approximate location (~250 mi).
Signal > Settings > Chats > disable "Generate Link Previews"
An attacker could also use this preview to target you by only sending you a link and seeing what IP address loads the image.
SCREEN LOCK + APP SWITCHER: Extra protection if someone handles your unlocked phone.
• iPhone: Signal > Settings > Privacy > enable "Screen Lock" then "Hide Screen in App Switcher"
• Android: Same path, enable "Screen Lock" then "Screen Security"
CALL PRIVACY: Signal calls can expose your IP by default.
Signal > Settings > Privacy > Advanced > toggle on "Always Relay Calls"
iPhone only: also disable "Show Calls in Recents" under Settings > Privacy > Calling
HIDE YOUR IDENTITY: Use a fake name and non-face photo.
Signal > Settings > tap your name/icon > edit display name and photo
Hide your number: Signal > Settings > Privacy > Phone Number > Who Can See My Number > "Nobody"
DISAPPEARING MESSAGES: Set a default so you don't forget.
Signal > Settings > Privacy > Disappearing Messages > pick a time (1 week is solid for most organizing)
Check existing threads too. If you didn't start the thread, the other person might not have this setting on!
NOTIFICATIONS: This is the big one given the 404 Media report.
Signal > Settings > Notifications > Notification Content > select "No Name or Content"
Also disable AI summaries: iPhone Settings > Notifications > Summarize Notifications > toggle off Signal
Let's use this article as a chance to talk about all the other Signal security settings you might want to update if you're worried about the cops getting your data.
See thread 🧵
(Full guide at: activistchecklist.org/signal/)
#signal #activism #digitalsecurity
We've got a guide here on this and a few other signal "gotcha" security features that most folks don't think about (always relay calls, iOS hide calls in "recents" list)
activistchecklist.org/signal
Glad to see this covered by 404 Media so it reaches a wider audience.
WHAT YOU CAN DO: Tell folks to "hide name and content" for their Signal notifications so it's not logged.
See our full Signal security guide here: activistchecklist.org/signal
The other reason to disable message previews: if the cops confiscate your phone, they can just see notifications as they come in right on the home screen. That doesn't even require a forensic search of the device.
FYI - In the Prairieland case, iOS notifications revealed the contents of some Signal messages. This only applied to incoming messages, not outgoing ones.
Yet another reason to disable notification previews in Signal messages.
Signal security guide: activistchecklist.org/signal
Preview of coming attractions: We're very close to releasing Spanish translations on Activist Checklist!
It's been at the top of our priority list for a while. And it took a huge amount of work: We had to get off of the CMS we were on and move all the content into the code.
Should be ready soon!
