About Security-in-a-Box

Security in a Box is a project of Front Line Defenders It was created in 2007 in collaboration with Tactical Technology Collective, and significantly overhauled by Front Line Defenders in 2021. Security in a Box primarily aims to help a global community of human rights defenders whose work puts them at risk. It has been recognized worldwide as a foundational resource for helping people at risk protect their digital security and privacy.

Access Security in a Box anonymously

To access Security in a Box anonymously using the Tor Browser, you can visit the onion service below:

http://lxjacvxrozjlxd7pqced7dyefnbityrwqjosuuaqponlg3v7esifrzad.onion/en/

How we choose the tools we recommend

Software is complex, and it is not all created equal when it comes to its security- and privacy-protecting properties. Different tools can be considered more or less effective depending on the jurisdiction you are in, its laws, and the adversaries you may face.

We take a number of factors into account when selecting tools to recommend in Security in a Box. Each factor is important. Because different areas have different legal requirements for technology and face different threats, it is difficult to rank the importance of each factor globally.

Below, we list what we consider the most important questions we ask when we consider which tools to recommend. When you assess the relative safety of tools we do not list, you can also make use of these criteria.

Can you trust the people who operate this tool?

  • What is the history of the development and ownership of the tool or service?
  • Have there been any security challenges? How have the owners and developers reacted to those challenges? Have they openly addressed problems, or have they tried to cover them up?

Is the tool secure?

  • Does the tool encrypt the connection between you and the people you are communicating with (end-to-end encryption), hiding your data from service providers?
  • If end-to-end encryption is not possible, prioritize tools that encrypt the data between your device and the service you are using (to-server encryption).
  • Do the default settings protect your privacy and security?

Is the code available to inspect?

  • In other words, is it open source?
  • Was the tool or service independently audited by security experts who are independent of the software development project?
  • When was the last audit?
  • What do experts say about the tool or service?

Is the tool or service mature?

  • How long has it been in operation?
  • Does it have a large community of developers who are still actively working on its development?
  • How many active users does it have?

Where are the servers?

  • Where are servers located? This can be a difficult question to answer, with more and more services in the cloud. Consut trusted partners in the digital human rights community to learn more. To start, you may want to refer to the work of [https://rankingdigitalrights.org/](Ranking Digital Rights), for comparisons of companies' or governments' support of your digital rights. You can also search the Lumen Database for the names of individual tools or services to understand what information your local jurisdiction may be asking services to take down, and how those services are responding.
  • Do your adversaries have the legal right to seize data or shut down these services because of where the servers are located?
  • In some legal jurisdictions, encryption itself is banned, and use of other tools, like VPNs or social media, may be restricted.

What personal information does it require from you?

  • How do you connect with others? Do you need to provide phone number, email or nickname?
  • Do you need to install a dedicated app/program?

What does the owner/operator have access to?

  • What is stored on the server? Do the terms and conditions give the owner the right to access your information? For what purposes?
  • What will this app/program have access to on your device: your address book, location, mic, camera, etc.?

Is it affordable?

  • In addition to up front payment, consider hosting costs, potential subscription fees, the cost of learning and implementing, possible IT support needed, additional equipment you will need, etc.

Is it available on multiple operating systems and devices?

Is it localized (translated) into languages you need?

  • What is the quality of the localization?
  • Is documentation in your language(s) also available to help you understand how to safely use it?

Does the service have the features you need for your specific tasks?

  • Does the service allow you to host your own server, if you need that protection for your data?

Is it user-friendly?

  • Is it confusing or frustrating to use safely, or is it easy to use?
  • Do you see people around you continuing to use the tool, or do they abandon it?

About Front Line Defenders

Front Line Defenders was founded with the specific aim of protecting human rights defenders at risk, people who work, non-violently, for any or all of the rights enshrined in the Universal Declaration of Human Rights (UDHR). Front Line Defenders aims to address some of the needs identified by defenders themselves, including protection, networking, training and access to international bodies that can take action on their behalf.

Funders

The development of Security in a Box has been supported by Hivos, Internews, Sida, Oak Foundation, Sigrid Rausing Fund, AJWS, Open Society Foundations, Ford Foundation, and EIDHR.¹

License

This work is licensed under a Creative Commons Attribution-Share Alike 3.0 Unported License. We strongly encourage the re-use of the material in Security in a Box.

Notes

¹ This website has been produced with the assistance of the European Union. The contents of this website are the responsibility of Front Line Defenders and can in no way be taken to reflect the views of the European Union.