Your Threat Model

1 What do you want to protect?

With this threat modulator, you can create an overview of your individual digital threats and get some initial ideas for countermeasures. Please note that a threat model is a highly individual assessment. This modulator only provides the most common scenarios. It should help you to get an idea how to create your individual threat model on your own.

You can only click on one option you would like to protect. Otherwise, it would probably too complex in the next steps for you. However, you will be able to save your results and can repeat the modulator as often as you like.

2 Who are your adversaries?

Threat modeling deals with hypothetical adversaries. In this step, please define all adversaries that you think you have. You do not need to have evidence whether these adversaries effectively go after you already. It is more about an estimation which adversaries you potentially have.

3 How likely do you think is it that this adversary will attack you?

A threat model gives you an overview about your threats. It also makes for you a list of priorities: What are the most likely threats? This helps you to know where to start with your digital security concept. In this step, you should therefore define the likelihood you estimate for all your potential adversaries.

not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely
not very likely
don't know
very likely

4 I want to protect

Here is an overview about your threats. It provides you a short explanation whether your adversaries are potentially able to obtain the things you like to protect. Dependent on your estimating in the third step, your threats are prioritized in up to five groups. We also give you some basic countermeasures to protect yourself against and like to information that help you.

Please note again that a threat is highly individual. This modulator should serve as a start and hopefully motivates you to start working closer on your digital security concept.


Your less likely Adversaries are ...

Your not likely Adversaries are ...

Adversaries you don't know are ...

Your likely Adversaries are ...

Your most likely Adversaries are ...

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several authorities like the police and intelligence agencies, as well as the legal means to get data from internet service providers (ISPs), email providers and social media platforms. It is an illusion that one can stay completely anonymous online against their governments, so that they can never find out a person behind an online behaviour. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic government system this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Governments most of the times have multiple options to identify you on the internet. However, tracking you is easier for the country you are based in than for foreign countries – but not impossible, of course. They have both technical and legal ways to get your online identity, for example the name of person that uses a specific internet connection. Especially if your communication is sent over global networks which is likely on the internet, the foreign governments might have access to some of your data.

To prevent that, you should encrypt your entire communication and use tools to anonymise yourself. Your adversaries may also try to hack your accounts and search them for information about you. To prevent getting hacked, you should secure all your accounts. There might be legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms, especially if the services you use are based in the country you are concerned about. This is something you should check and based on your findings, you should limit your use of such a service and ideally, stop using it altogether if you’re sure it may be obligated to hand over your identification data.

Governments most of the times have multiple options to identify you on the internet, for example to get your name when you used a certain IP address in your home network. However, tracking you is easier for the country you are based in than for foreign countries – but not impossible, of course. They have both technical and legal ways to get your identity. Especially if your communication is sent over global networks which is likely on the internet, the foreign governments might have access to some of your data. To prevent that, you should encrypt your entire communication and use tools to anonymise yourself. Your adversaries may also try to hack your accounts and search them for information about you. To prevent getting hacked, you should secure all your accounts. There might be legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms, especially if the services you use are based in the country you are concerned about. This is something you should check and based on your findings, you should limit your use of such a service and ideally, stop using it altogether if you’re sure it may be obligated to hand over your identification data.

An internet service provider (ISP) in almost every case knows who you are, because you made a contract with your personal and banking information for the purpose of billing. Also, if you use your ISP, it will know what you do online. It is not possible to eliminate your ISP completely. However, there are ways to reduce the amount of information your ISP can gather about you. You should especially encrypt your communication and browsing behaviour and use tools like a VPN or Tor to anonymise yourself. In that case, your ISP only knows that you use these tools, but not what you do discretely. (Please note that in some countries, using VPN and Tor is illegal and can make you suspicious.)

You should also have in mind that ISPs are mostly entirely regulated by governments and are legally obligated to hand over data about their customers.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic government system this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several authorities like the police and intelligence agencies, as well as the legal means to get data from internet service providers (ISPs), email providers and social media platforms. It is an illusion that one can stay completely anonymous online against their governments, but for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts.

Trolls on social media can be very annoying, as they have time, they are many and they can be very rude and aggressive. That said, a regular troll mostly has limited technical capabilities to reveal your online identity or get at least some hints about you – if you do your homework. For that, you shouldn't reveal your real identity (name, address etc.) on your own and secure your accounts carefully.

If you have reason to suspect that the trolls are a part of a larger malicious campaign likely backed by the government, you should consider the government itself as your adversary. Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several authorities like the police and intelligence agencies, as well as the legal means to get data from internet service providers (ISPs), email providers and social media platforms. Trolls might be one part of an attack. It is an illusion that one can stay completely anonymous online against their governments, but for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your online identity might be interesting for them if it allows them to earn money with that, e.g. with your banking credentials or with information from your email inbox. However, their capabilities are mostly not comparable to those of a state. You should especially be sure that you are well protected against phishing and that your accounts are secure. You should also encrypt all your sensitive information and have regular backups of your data.

Please take into account that the power of criminals can differ as there is a wide range: from so-called scriptkiddies with limited capabilities to well organized criminal organisations, acting like a company.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic government system, this is something that a journalist can rely on – especially if they live in a state in which religion is a part of the political system. If you consider religious leaders with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several authorities like the police and intelligence agencies, as well as the legal means to get data from internet service providers (ISPs), email providers and social media platforms. It is an illusion that one can stay completely anonymous online against their governments, so that they can never find out a person behind an online behaviour. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts.

You probably spend a lot of time with your bosses and colleagues. Protection your "identiy" will probably not mean that you can hide your name against them, as you work with them. It's very likely that they know many things about you and may also have access to your personal information. For example, a colleague may take a peek at your computer when you are away for a meeting, or your boss might ask the IT department for access to your email inbox. If you have reason to suspect the people at your workplace are willing to do this, you shouldn't do activities you want to hide from them when they are around. You shouldn't do those activities using company devices either. For a start, you should think about some basic behavioural rules, your account security and tools to anonymise your online activities.

The potential of terrorist organisations threatening your digital security varies a lot depending on the kind and level of the organisation. In general, its technical capabilities should be less worrying than those of the state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. For a start, you should especially focus on phishing and account security. However, context matters a lot. If they could have physical access to your devices, you should encrypt all your data carefully and delete sensitive data that you don't necessarily need. You should secure your digital devices, for example have the latest updates installed and store all with a password. Also, if the terrorist organisation controls parts of a country, they may also control a critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terror organisation as powerful as the state itself.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has legal means to get data from companies like the internet service providers (ISPs), email providers and social media platforms.

When you want to secure your communication with sources, you should first differentiate between the content of your communication and the metadata such as who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all metadata. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts. For protecting the content, you should especially care about encryption.

>

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic government system, this is something that a journalist can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has legal means to get data from companies like internet service providers (ISPs), email providers and social media platforms.

When you want to secure your communication with sources, you should first differentiate between the content of your communication and the metadata such as who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts. For protecting the content, you should especially care about encryption.

Governments most of the times have multiple options to identify you on the internet. However, it is easier for the country that you're based in than foreign countries to track you – but not impossible, of course. Foreign governments have both technical and legal ways to get access to the communication with your sources. Especially if your communication is sent over global networks which is likely on the internet, the foreign governments might have access to some of your data and search them for information about you and your sources. To prevent that, you should encrypt your entire communication and use tools to anonymise yourself. They might also try to hack your accounts and search them for information about you. To protect yourself from getting hacked, you should secure all your accounts. There might also be legal means to get data from companies like the internet service providers (ISPs), email providers and social media platforms especially if the services you use are based in the country you are concerned about. This is something you should check and based on your findings limit your use of such platforms and stop using the ones that compromise your communication with your sources altogether.

An internet service provider (ISP) in almost every case knows who you are, because you made a contract using your personal and banking information for the purpose of billing. Also, if you use your ISP, it will know what you do online. It is not possible to eliminate your ISP completely. However, there are ways to reduce the amount of information your ISP can gather about you and your sources. You should especially only use communication services with your sources that offer end-to-end encryption, and while browsing the web have transport encryption enabled everywhere. Furthermore, you and your sources should as soon as possible use tools to anonymise yourself like VPN or Tor. In that case, your ISP only knows that you use these tools, but not what you do discretely. (Be mindful that in some countries, the use of VPN and Tor is illegal and can make you suspicious.)

You should also have in mind that ISPs are mostly entirely regulated by governments and are legally obliged to hand over data about their customers upon a government request.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that a journalist can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has the legal means to get data from companies like the internet service providers (ISPs), email providers and social media platforms.

When you want to secure your communication with sources, you should first differentiate between the content of your communication and the metadata such as who communicates with whom and when etc. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts. For protecting the content, you should especially care about encryption.

Trolls on social media can be very annoying, as they have time, they are many and they can be very rude and aggressive. However, a regular troll mostly has limited technical capabilities to get access to your communication with sources – if you do your homework. For that, you should especially take care of your account security and prevent phishing. They might want to hack your accounts and get access to the communication.

If you have reason to suspect that the trolls are part of a larger malicious campaign likely backed by the government then you should consider the government itself as your adversary. Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has the legal means to get data from companies like the internet service providers (ISPs), email providers and social media platforms.

When you want to secure your communication with sources, you should first differentiate between the content of your communication and the metadata such as who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all metadata. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts. For protecting the content, you should especially care about encryption.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your communication with sources is probably only interesting for them if it allows them to earn money with that, e.g. with your banking credentials or with information from your email inbox. However, their capabilities are mostly not comparable to those of a state. You should especially be sure that you are well protected against phishing and that your accounts are secure. You should also encrypt all your sensitive information and have regular backups of your data.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that a journalist can rely on – especially if you live in a state in which religion is a part of the political system. If you consider religious leaders with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has legal means to get access to the data from companies like internet service providers (ISPs), email providers and social media platforms.

When you want to secure your communication with sources, you should first differentiate between the content of your communication and the metadata, meaning who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For a start, you should care about encryption of your entire communication, anonymising your online behaviour and securing all your accounts. For protecting the content, you should especially care about encryption.

You probably spend a lot of time with your bosses and colleagues. It's very likely that they know many things about you and may also have access to your personal information. For example, a colleague may take a peek at your computer when you are away for a meeting, or your boss may ask the IT department to get access to your email inbox. If you have reasons to suspect the people at your workplace, you shouldn't do activities you want to hide from them in their presence. You shouldn't do those activities using devices from your company. For a start, you should think about some basic behavioural rules, your account security and tools to encrypt your communication end-to-end, so that you exclude prying eyes from it.

The potential of terrorist organisations threatening your digital security varies a lot depending on the kind and level of that organisation. In general, its technical capabilities should be less worrying than those of the state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. For a start, you should especially focus on preventing phishing attacks and account security. However, context matters a lot: having physical access to your devices for example. This is why you should encrypt all your data carefully and delete sensitive data that you do not necessarily need on devices. Some chat apps offer self-destruction of messages, which can be helpful in these situations. Also, if the terrorist organisation controls parts of a country, they may also control a critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terrorist organisation to be as powerful as the state itself.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through state institutions like the police and intelligence agencies. It also has legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms. It is an illusion to assume one can stay completely anonymous online to your government, but for specific needs there are solutions. For a start, you and your sources should care about end-to-end encryption of your entire communication, anonymising your online behaviour and securing all your accounts. It could also help if you recommend secure ways how to contact you, for example on your website.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that a journalist can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions such as the police and intelligence agencies. It also has legal means to get data from companies like the internet service providers (ISPs), email providers or social media platforms. It is an illusion to think one can stay completely anonymous online against your government, but for specific needs there are solutions. For a start, you and your sources should care about end-to-end encryption of your entire communication, anonymising your online behaviour and securing all your accounts. It could also help if you recommend secure ways how to contact you, for example on your website.

Governments most of the times have multiple options to identify your sources on the internet. However, it is easier for the country you're based in than for foreign countries to track you – but it's not impossible, of course. Foreign governments have both technical and legal ways to get access to the communication with your sources. This is especially true if your communication is sent over global networks which is likely on the internet, foreign governments might have access to some of your data. Against that, you and your source should encrypt your entire communication end-to-end and use tools to anonymise from the beginning. It could help if you recommend secure ways how to contact you, for example on your website. They might also try to hack your accounts and search them for information about you. For that, you should secure all your accounts.

There might also be legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms, especially if the services you use are based in the country you are concerned about. This is something you should check and based on your findings, you should limit your use of such a service or stop using the ones that compromise your communication with your sources altogether.

An internet service provider (ISP) in almost every case knows who you are, because you made a contract using your personal and banking information for the purpose of billing. Also, if you use your ISP, it will know what you do online. It is not possible to eliminate your ISP completely. The same is true for your source and their ISP. However, there are ways to reduce the amount of information an ISP can gather about you and your sources. You should especially only use communication services with your sources that offer end-to-end encryption and while browsing the web have transport encryption enabled everywhere. Furthermore, you and your sources should as soon as possible use tools like a VPN or Tor to anonymise yourself. In that case, your ISPs only know that you use these tools, but not what you do discretely. (Be mindful, however, that some countries make the use of VPN and Tor illegal and you're seen suspicious for using them.)

You should also have in mind that the ISPs are mostly entirely regulated by governments and are legally obliged to hand over data about their customers upon a government request.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that a journalist can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies as well as has the legal means to get the data from companies like internet service providers (ISPs), email providers and social media platforms. It is an illusion that one can stay completely anonymous online against their government, but for specific needs there are solutions. For a start, you and your sources should care about end-to-end encryption of your entire communication, anonymising your online behaviour and securing all your accounts. It could also help if you recommend secure ways how to contact you, for example on your website.

Trolls on social media can be very annoying, as they have time, they are many and they can be very rude and aggressive. However, a regular troll mostly has limited technical capabilities to get access to your communication with sources – if you do your homework. For that, you should especially take care of your account security and prevent phishing attacks. They might want to hack your accounts and get access to the communication. You should also explain your sources how to deal with trolls and potential hackers, for example on your website.

If you have reasons to suspect that the trolls are a part of a larger malicious campaign backed by the government, however, you should consider the government itself as your adversary. A government mostly has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions such as the police and intelligence agencies. It also has legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms. It is an illusion that one can stay completely anonymous online against their government, but for specific needs there are solutions. For a start, you and your sources should care about end-to-end encryption of your entire communication, anonymising your online behaviour and securing all your accounts. It could also help if you recommend secure ways how to contact you, for example on your website.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your communication with sources and their identities are probably only interesting for them if they allow them to earn money, e.g. with banking credentials or information from email inboxes. However, their capabilities are mostly not comparable to those of a state. You should especially ensure that you are well protected against phishing and that your accounts are secure. You should also encrypt all your sensitive information and have regular backups of your data. Pass these tips on to your sources and assist them if needed.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders that have good connections with your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and the intelligence agencies. They also have legal means to get data from companies such as the internet service providers (ISPs), email providers or social media platforms. It is an illusion to think one can be completely anonymous online against their governments, but solutions are available in specific scenarios.  For starters, you and your sources should care about end-to-end encryption of your entire communication, anonymising your online behaviour and securing all your accounts. It could also help if you recommend secure ways to contact you, for example, on your website.

You probably spend a lot of time with your bosses and colleagues. It's very likely that they know many things about you and may also have access to your personal information. For example, a colleague may have a peek at your computer when you are away for a meeting, or your boss might ask the IT department to get access to your email inbox. If you have reasons to suspect that people at your workplace are your adversaries, you shouldn't do activities you want to hide from them when they are around. You shouldn't do the private activities from your company devices either. Use your personal devices instead. For a start, you should think about some basic digital-behavioural rules; your account security and tools to encrypt your communication end-to-end, so that you exclude any third person from it.

The potential of terrorist organisations threatening your digital security varies a lot and depends on the kind and capability of the organisation. In general, its technical capabilities should be less worrying than those of a state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. For a start, you should especially focus on preventing phishing attacks and account security. But, the context matters a lot. For example it would be a completely different situation if they gained physical access to your devices. This is why you should encrypt all your data carefully and delete sensitive one that you do not necessarily need. Also, if the terrorist organisation controls parts of a country, they may also control a critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terrorist organisation as powerful as the state itself.

There are two ways to get data that are stored on your computer: with remote access or with physical access. Governments can do both. For remote access, they have to hack your computer and search through it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible to detect such a spyware on your computer. You should prevent yourself against it as best as possible, especially by recognising phishing links, only installing trusted software and never leaving your devices unattended. For physical access, a government has to get hands on your devices, for example, with a house search or while you are traveling. It's probably nothing you can avoid if the government wants to do it, but you can prepare for the worst case: use strong passwords for your devices, encrypt your hard disks and all sensitive data.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders that have good connections with your government as your adversaries, you should consider the government itself as your adversary.

There are two ways to get data that are stored on your computer: with remote access or with physical access. Governments can do both. For remote access, they have to hack your computer and search through it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible to detect such a spyware on your computer. You should prevent yourself against it as best as possible, especially by recognising phishing links, only installing trusted software and never leaving your devices unattended. For physical access, a government has to get hands on your devices, for example, with a house search or while you are traveling. It's probably nothing you can avoid if the government wants to do it, but you can prepare for the worst case: use strong passwords for your devices, encrypt your hard disks and all sensitive data.

There are two ways to get data that are stored on your computer: with remote access or with physical access. Foreign governments mostly can only have remote access, if you don't enter their territory. For remote access, they have to hack your computer and search through it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible to detect such a spyware on your computer. You should prevent yourself against it as best as possible, especially by recognising phishing links, only installing trusted software and never leaving your devices unattended. For physical access, your government would have to legally cooperate with a foreign government or search your devices illegally.

In general, your internet service provider (ISP) provides internet access for you. But it does not have access to the data stored on your computer, unless you send it insecurely over the internet. To prevent that, you can use encrypt files on your computer before uploading it, or avoid transferring data over unencrypted channels.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders that have good connections with your government as your adversaries, you should consider the government itself as your adversary.

There are two ways to get data that are stored on your computer: with remote access or with physical access. Governments can do both. For remote access, they have to hack your computer and search through it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible to detect such a spyware on your computer. You should prevent yourself against it as best as possible, especially by recognising phishing links, only installing trusted software and never leaving your devices unattended. For physical access, a government has to get hands on your devices, for example, with a house search or while you are traveling. It's probably nothing you can avoid if the government wants to do it, but you can prepare for the worst case: use strong passwords for your devices, encrypt your hard disks and all sensitive data.

Trolls on social media in general do not have a chance to get access to the files on your computer. They would have to hack your computer, which is not typical of an angry troll on social media.

If you have reasons to suspect that the trolls are a part of a larger campaign sponsored by the government, however, you should consider the government itself as your adversary.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Data on your computer is interesting for them if they can make money out of it. For example, because they use your banking information to buy things or they encrypt your data with a so-called ransomware. You should especially ensure that you are well protected against phishing and that your accounts are secure. You should also encrypt all your sensitive information and have it backed up regularly.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders that have good connections with your government as your adversaries, you should consider the government itself as your adversary.

There are two ways to get data that are stored on your computer: with remote access or with physical access. Governments can do both. For remote access, they have to hack your computer and search through it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible to detect such a spyware on your computer. You should prevent yourself against it as best as possible, especially by recognising phishing links, only installing trusted software and never leaving your devices unattended. For physical access, a government has to get hands on your devices, for example, with a house search or while you are traveling. It's probably nothing you can avoid if the government wants to do it, but you can prepare for the worst case: use strong passwords for your devices, encrypt your hard disks and all sensitive data.

You probably spend a lot of time with your bosses and colleagues. It's very likely that they know many things about you and may also have access to your personal information. For example, a colleague may have a peek at your computer when you are away for a meeting, or your boss might ask the IT department to get access to your data on the company's server. If you want to protect yourself against it, you should encrypt sensitive data on your computer, e.g. with VeraCrypt. You should also follow basic behavioral rules, like having a password for your computer and always lock your screen when you leave your workplace. Be also aware of should-surfing when entering your password.

The potential of terrorist organisations threatening your digital security varies a lot and depends on the kind and capability of the organisation. In general, its technical capabilities should be less worrying than those of a state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. The likelihood that they have remote access to the data on your computer is relatively little, but it's not impossible. For a start, you should especially focus on preventing phishing attacks and account security because they might want to install a spyware on your computer. But, the context matters a lot. For example it would be a completely different situation if they gained physical access to your devices. This is why you should encrypt all your data carefully and delete sensitive one that you do not necessarily need. Also, if the terrorist organisation controls parts of a country, they may also control a critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terrorist organisation as powerful as the state itself.

There are multiple ways where you leave traces – and a government can mostly track you and find out your location. This is true for both your online and offline traces. It is an illusion to think one can stay completely anoymous online against a government. However, for certain scenarios, there are tools to hide your identity and location online. For a start, you should learn about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to this data of internet or telecommunication service providers and of internet companies such as social media platforms.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders that have good connections with your government as your adversaries, you should consider the government itself as your adversary.

There are multiple ways where you leave traces – and a government can mostly track you and find out your location. This is true for both your online and offline traces. It is an illusion to think one can stay completely anoymous online against a government. However, for certain scenarios, there are tools to hide your identity and location online. For a start, you should learn about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to this data of internet or telecommunication service providers and of internet companies such as social media platforms.

Mostly, governments have multiple options to get your location. However, it is easier for the country you're based in to track you and your source than for foreign countries – but not impossible, of course. Foreign governments have both technical and legal ways to get access to the communication with your sources. This is true especially if your communication is sent over global networks – which is likely on the internet – and foreign governments might have access to some of your data. For a start, you should inform yourself about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to this data of internet and telecommunication service providers (ISPs) in their juristiction. Foreign governments might get this information through a legal cooperation with the country you're based in.

There are multiple ways where you leave online traces that may reveal your location – and your internet service provider (ISP) knows it by default. Firstly, your smartphone is a tracking device and constantly reveals your exact location to your telecommunication service provider if you are connected to its network. It has to know your location so that you can receive calls and have mobile internet. There is no way to use your ISP and hide your location data at the same time. Secondly, by connecting your computer to the internet of your ISP, your ISP most probably knows where you are at that moment. However, you might be able to hide against it what you do on the internet. For a start, you should learn more about anonymization tools. Some ISP's also sell location information to advertisers and other companies. You can have a look in your ISP's terms of service to make sure, whether this is the case.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider business people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

There are multiple ways you leave traces – and a government can mostly track you and find out your location. This is true for both your online and offline traces. It is an illusion that one can stay completely anoymous and hide all their lives to a government. However, for specific use cases, there are tools to hide your identity and therefore also to hide your location online. For a start, you should educate yourself about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to this data of internet or telecommunication service providers and of internet companies such as social media platforms.

Trolls shouldn't be able to get your current location, unless you reveal information on your own that might help them find it out. For example, adding location information to social media posts, your pictures at well known places or contact information on your website might help them find out. Make sure that you don't reveal this information inadvertently and the 'regular online troll' will likely not find out your location.

If you have reasons to suspect that the trolls are a part of a larger campaign connected to the government, however, then you should consider the government itself as your adversary. There are multiple ways you leave traces and a government can mostly track you and find out your location. This is true for both your online and offline traces. It is an illusion to assume one can stay completely anoymous online and hide from a government. However, for specific use cases, there are tools to hide your identity and therefore also to hide your location online. For a start, you should educate yourself about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to the data of the internet and telecommunication service providers.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your location is probably only interesting for them if it allows them to earn money. However, their capabilities are mostly not comparable to those of a state.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider business people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

There are multiple ways where you leave traces and a government can mostly track you and find out your location. This is true for both your online and offline traces. It is an illusion to assume one can stay completely anoymous and hide their activities from a government. However, for specific use cases, there are tools to hide your identity and therefore also to hide your location online. For a start, you should educate yourself about anonymisation tools and how to counter commercial surveillance. You should also have in mind that your smartphone is a tracking device and constantly reveals your exact location to your service provider. Governments mostly have access to this data of internet or telecommunication service providers and of internet companies such as social media platforms.

You probably spend a lot of time with your bosses and colleagues. Logically, they know your location when you are with them. However, if you are not with them, it should be hard for them to track your location online. Especially if you use your own devices and do not reveal information about your position, e.g. in a social media post. You should be careful, however, that if you use devices that are controlled by your company. They might still be able to trace you, for example if you use the VPN of your company or you have apps on your smartphone that are run by your company. Lastly, do not forget some obvious things: If you tell colleagues about your location in emails or in a shared calendar, they can trace you.

The potential of terrorist organisations threatening your digital security differs a lot from the kind and professionalism of the organisation. In general, its technical capabilities should be less worrying than those of the state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. The chance that they can track you live over the internet is relatively little, but it's not impossible. For a start, you should especially focus on preventing phishing attacks because they might want to install a spyware on your computer. However, context matters a lot: If the terrorist organisation controls parts of a country, it may also control critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terror organization as powerful as the state itself.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions such as the police and intelligence agencies. It also has legal means to get data from companies such as the internet service providers (ISPs), email providers or social media platforms.

When you want to secure your communication with your colleagues, you should first differentiate between the content and the metadata, meaning who communicates with whom and when etc. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For example, there are anonymous mailboxes in which correspondents could upload their material anonymously. Check out more information about anonymisation tools. To secure the content of your communication, you should consider encryption.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government mostly has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has legal means to get data from companies like the internet service providers (ISPs), email providers or social media platforms.

When you want to secure your communication with your colleagues, you should first differentiate between the content and the metadata, meaning who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For example, there are anonymous mailboxes, in which correspondents could upload their material anonymously. Check out more information about anonymisation tools. To secure the content of your communication, you should consider and take encryption seriously.

Mostly, governments have multiple options to identify you on the internet. However, it is easier for the country you are based in to track you than it is for a foreign country – but not impossible, of course. Foreign governments have both technical and legal ways to get access to the communication with your sources. This is especially true if your communication is sent over global networks which is likely on the internet, the foreign governments might have access to some of your data.

Against that, you should encrypt your entire communication and use tools to anonymise yourself. They might also try to hack your accounts and search them for information about you. To prevent that, you should secure all your accounts. There might also be legal ways to get data from companies like internet service providers (ISPs), email providers or social media platforms, especially if the services you use are based in the country you're concerned about. This is something you should check and based on your findings, stop using such services entirely or at least limit your use of it. If you're sure about cooperation of a certain provider with one of your adversaries, you should stop use that altogether.

An internet service provider (ISP) in almost every case knows who you are, because you made a contract using your personal and banking information for the purpose of billing. Also, if you use your ISP, it will know what you do online. The same is true for the ISPs of your colleagues. It is not possible to eliminate your ISP completely. However, there are ways to reduce the amount of information your ISP can gather about you and your colleagues. You should especially only use communication services with your colleagues that offer end-to-end encryption. Furthermore, you and your colleagues should use tools to anonymise yourselves such as a Virtual Private Network (VPN) or Tor. In that case, your ISP only knows that you use these tools, but not what you do concretely. (Keep in mind that in some countries, the use of a VPN and Tor can make you suspicious or is illegal.)

You should also have in mind that ISPs are mostly entirely regulated by governments and are legally obliged to hand over data about their customers upon a government request.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through several state institutions like the police and intelligence agencies. It also has legal means to get data from companies like internet service providers (ISPs), email providers or social media platforms.

When you want to secure your communication with your colleagues, you should first differentiate between the content and the metadata -- meaning who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all metadata. But for specific needs there are solutions. For example, there are anonymous mailboxes using which the correspondents could upload their material anonymously. Check out more information about anonymisation tools. To secure the content of your communication, you should care about encryption.

The trolls on social media can be very annoying as they have time, they are many and they can be very rude and aggressive. However, a regular troll mostly has limited technical capabilities to get access to your communication with your colleagues – if you do your homework. For that, you should especially take care of your account security and prevent phishing. They might want to hack your accounts and get access to the communication.

If you have reasons to suspect that the trolls are part of a government campaign, however, you should consider the government itself as your adversary. Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through state institutions like the police and intelligence agencies. It also has legal means to get data from companies like the internet service providers (ISPs), email providers or social media platforms.

When you want to secure your communication with your colleagues, you should first differentiate between the content of your message and the metadata, meaning who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For example, there are anonymous mailboxes, using which the correspondents can upload their material anonymously. Check out more information about anonymisation tools. To secure the content of your communication, you should consider encryption.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your communication with your colleagues is probably only interesting for them if it allows them to earn money, e.g. with your banking credentials or with information from your email inboxes. However, their capabilities are mostly not comparable to those of a state. You should especially ensure that you are well protected against phishing and that your accounts are secure. You should also encrypt all your sensitive information and have regular backups of your data.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if you live in a state in which religion is part of the political system. If you consider religious leaders with good connections to your government as your adversaries, you should consider the government itself as your adversary.

Mostly, a government has multiple options to gather information about its citizens. It has technical powers to conduct surveillance through various state institutions such as the police and intelligence agencies. It also has legal means to get data from companies like the internet service providers (ISPs), email providers or social media platforms.

When you want to secure your communication with your colleagues, you should first differentiate between the content of your communication and the metadata, meaning who communicates with whom and when. It is very hard to stay completely anonymous online against your government and hide all the metadata. But for specific needs there are solutions. For example, there are anonymous mailboxes using which the correspondents can upload their material anonymously. Check out more information about anonymisation tools. To secure the content of your communication, you should use encryption.

The potential of terrorist organisations threatening your digital security varies a lot depending on the kind and level of professionalism of the organisation. In general, its technical capabilities should be less worrying than those of a state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. For a start, you should especially focus on the account security and preventing phishing. However, context matters a lot: If they could have physical access to your devices, you should encrypt all your data carefully and delete sensitive data that you do not necessarily need. Some chat apps offer a self-destruction of messages, which can be helpful in these situations. Also, if the terrorist organisation controls parts of a country, they may also control a critical infrastructure like an internet service provider (ISP). In this situation, you should consider the terrorist organisation as powerful as the state itself.

A government generally has two options to get your passwords: It can steal it with a hacking attack or legally force a service provider to hand it over. To secure yourself against hacking, you should especially care about preventing phising and account security method such as the two-step verification. Always use different passwords for different services. A password manager can help you with that. Against a legal cooperation, you cannot really protect yourself. Many platforms, however, provide information in their transparency reports about how much they cooperate, with which countries and for what crimes specifically.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government generally has two options to get your passwords: It can steal it with a hacking attack or legally force a service provider to hand it over. To secure yourself against hacking, you should especially care about preventing phising attacks and account security methods such as the two-step verification. Always use different passwords for different services. A password manager can help you with that. Against a legal cooperation, you cannot really protect yourself. Many platforms, however, provide information in their transparency reports about how much they cooperate, with which countries and for what crimes in specific.

A foreign government has two options to get your passwords: It can steal it with a hacking attack or legally force the service provider to hand it over. To secure yourself against password hacking, you should especially care about preventing phising and using account security methods such as the two-step verification. Always use different passwords for different services. A password manager can help you with that. Against a legal cooperation, you cannot really protect yourself. Many platforms, however, provide information in their transparency reports about how much they cooperate, with which countries and for what crimes to be specific.

In general, your internet service provider (ISP) does not have access to your passwords that are not necessary for services of the ISP itself. To be absolutely sure, take care that you only enter passwords on encrypted websites with https and that your email, calendar und address book programs rely on encrypted connections as well.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government has two options to get your passwords: It can steal it with a hacking attack or legally force a service provider to hand it over. To secure yourself against hacking, you should especially care about preventing phising and using account security methods such as the two-step verification. Always use different passwords for different services. A password manager can help you with that. Against a legal cooperation, you cannot really protect yourself. Many platforms, however, provide information in their transparency reports about how much they cooperate, with which countries and for what crimes specifically.

The trolls are very interested to steal your passwords but there are some easy ways to protect you against the majority of online trolls. You should especially care about preventing phising attacks and using account security methods such as the two-step verification to prevent attacks like doxing. Always use different passwords for different services. A password manager can help you with that.

There are multiple kinds of cyber criminals. What most of them have in common is their goal: money. Your passwords are extremely interesting for them if they allow them to earn money with that, e.g. with your banking credentials or with information from your email inbox. However, their capabilities are mostly not comparable to those of a state. You should especially ensure that you are well protected against phishing and that your accounts are secure.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if you live in a state in which religion is a part of the political system. If you consider religious leaders with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government generally has two options to get your passwords: It can steal it with a hacking attack or legally force a service provider to hand it over. To secure yourself against hacking, you should especially care about preventing phising and account using security methods such as the two-step verification. Always use different passwords for different services. A password manager can help you with that. Against a legal cooperation, you cannot really do much but many platforms provide information in their transparency reports about how much they cooperate, with which countries and for what crimes to specifically.

You probably spend a lot of time with your bosses and colleagues. It's very likely that they know many things about you and may also have access to your personal information. For example, a colleague may take a peek at your computer when you are away for a meeting, or your boss asks the IT department to get access to your email inbox. If you have reason to suspect that people at your workplace are your adversaries, you shouldn't do activities you want to hide from them when they are around. You shouldn't use company devices for your discrete activities and instead, use your personal ones. For a start, you should think about some basic behavioural rules, your account security and tools to encrypt your communication end-to-end, so that you exclude third persons from it. Always use different passwords for different services. A password manager can help you with that. Be also aware of so-called shoulder-surfing, so that colleagues monitor you while typing in a password. This can be done by humans or by cameras installed in your office. Avoid typing in personal passwords on devices of your office, because they can be intercepted through a so-called keylogger.

The potential of terrorist organisations threatening your digital security varies a lot depending on the kind and level of professionalism of the organisation. Your passwords are extremely interesting for them as it allows them to hack your accounts. However, their capabilities are mostly not comparable to those of a state. You should especially ensure that you are well protected against phishing and that your accounts are secure. Always use different passwords for different services. A password manager can help you with that.

A government can breach the security of your devices especially during travelling. When you cross borders, you are maybe asked to give access to your devices. More and more countries have laws that give them the right to force you to provide your PIN codes and passwords when you try to enter. You should check that in advance. The best thing you can do against it is travelling without sensitive data. A circumvention might be to store the data encrypted in a cloud with a well secured account. In general, you should have protection of your devices with strong passwords and store your data encrypted on your computer, e.g. with Vera Crypt. Do not trust devices that either were taken away from you for some time, or that were connected to annother device – they might be infected with spyware.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government can breach the security of your devices especially while travelling. When you cross borders, you are maybe asked to give access to your devices. More and more countries have laws that give them the right to force you to provide your PIN codes and passwords when you try to enter. You should check that in advance. The best thing you can do against it is travelling without sensitive data. A circumvention might be to store the data encrypted in a cloud with a well secured account. In general, you should have protection of your devices with strong passwords and store your data encrypted on your computer, e.g. with Vera Crypt. Do not trust devices that either were taken away from you for some time, or that were connected to annother device – they might be infected with spyware.

There are two ways to weaken the security of your devices while travelling: with remote access or with physical access. Foreign governments mostly can only have remote access if you don't enter their territory. For remote access, they have to hack your computer and search it remotely. They mostly use a spyware for these actions. Without technical expertise, it is not possible for you to detect such a spyware on your computer. You should protect yourself against spyware as best as possible, especially by identifying phishing links, only installing trusted software and never leaving your devices unattended. For physical access inside their country, they may have the right to do it, for example when you cross their border. More and more countries have laws that give them the right to force you to provide your PIN codes and passwords when you want to enter. You should check that in advance. The best thing you can do against it is travelling without sensitive data. A circumvention might be to store the data encrypted in a cloud with a well secured account. In general, you should have protection of your devices with strong passwords and store your data encrypted on your computer, e.g. with Vera Crypt. For physical access outside their territory, a foreign government would have to legally cooperate with the government of your country or search your devices illegally.

In general, your internet service provider (ISP) does not have the possibility to weaken the security of your devices while travelling.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on. If you consider people with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government generally can weaken the security of your devices especially when you're travelling. When you cross borders, you are maybe asked to give access to your devices. More and more countries have laws that give them the right to force you to provide your PIN codes and passwords when you want to enter. You should check that in advance. The best thing you can do against that is travelling without sensitive data. A circumvention might be to store the data encrypted in a cloud with a well secured account. In general, you should have protection of your devices with strong passwords and store your data encrypted on your computer, e.g. with Vera Crypt. Do not trust devices that either were taken away from you for some time, or that were connected to annother device – they might be infected with spyware.

In general, online trolls shouldn't be able to weaken the security of your devices while travelling. As usual, you should protect your accounts against hacking and be able to identify phishing.

In general, cyber criminals do not have special capabilities to weaken the security of your devices when you are travelling.

Theoretically, only a limited, clearly defined number of people has access to sensitive data gathered through surveillance activities by the state. This should be guaranteed through safeguards and the rule of law. However, neither in a democracy nor in an autocratic country, this is something that journalists can rely on – especially if they live in a state in which religion is part of the political system. If you consider religious leaders with good connections to your government as your adversaries, you should consider the government itself as your adversary.

A government can weaken the security of your devices especially when you are travelling. When you cross borders, you are maybe asked to give access to your devices. More and more countries have laws in place that give them the right to force you to provide your PIN codes and passwords when you want to enter. You should check that in advance. The best thing you can do against it is travelling without sensitive data. A circumvention might be to store the data encrypted in a cloud with a well secured account. In general, you should have protection of your devices with strong passwords and store your data encrypted on your computer, e.g. with Vera Crypt. Do not trust devices that either were taken away from you for some time, or that were connected to annother device – they might be infected with spyware.

If you do not travel with people from your workplace, it might be hard for them to weaken the security of your devices. However, if you use devices that are owned by your company and controlled by the IT department, they might have remote access to your device and your accounts, and they might also be able to track you.

If you travel together with people from your workplace, they might have physical access to your devices. Make sure that you follow basic behavioural rules, especially always lock your screens. You should also encrypt sensitive information on your computer.

The potential of terrorist organisations threatening your digital security varies a lot depending on the kind and level of professionalism of the organisation. In general, its technical capabilities should be less worrying than those of the state. A terrorist organisation is a group of (maybe many) individuals, which has no access to the internet infrastructure of a country or to the servers of companies. The chance that they have remote access to your devices when you are travelling is relatively little, but it's not impossible. For a start, you should especially focus on preventing phishing, because they might want to install a spyware on your computer. However, context matters a lot: If for example they gained physical access to your devices. To prevent them from gaining access to your data, you should encrypt all youra data carefully and delete sensitive data that you do not absolutely need. In this situation, you should consider the terrorist organisation as powerful as the state itself.

to top