Skip to main content

Compromised Account Procedure -Rev 2 WIP

All rebels with an account on the UK Hub, UK Forum, Global Mattermost and UK Cloud which gives them access to material which either should not fall into unfriendly hands, or which may compromise themselves or others legal position - for example through providing evidence for conspiracy charges need to be aware of these procedures.

Precautions to be taken against access to an account being compromised

The steps below allow for rapid temporary suspension of the compromised account on all XRUK services, to be followed either by reinstatement of the accounts with fresh passwords, or permanent deletion of the account as appropriate.

  1. Set up, on the UK Hub, a secret codeword or phrase which you can easily remember and speak without having to spell it out or having ambiguous spelling.

    v58image1.png

    • Go to UK Hub and Login.

    • Login and click on the Set My Codeword icon

    • Enter your phrase or word in the box

    • Once set, you can find and change your codeword by clicking on the Admin button and "My Settings"

  2. Follow the advice available on links below to secure any device that you use to access XR services and email:

    Laptop Security Guide

    Phone security Guide

    This should include any desktop devices you may leave at home which could be subject to a search warrant and seizure in your absence.

    There is not yet a specific general guide to securing desktop devices against seizure - much of the Laptop advice applies. Don't forget any memory sticks or CD/Disc backups you have lying around.

  3. DO NOT take any device, which has general access to your Hub accounts, into an arrestable situation! Please use a 'burner' phone and only install and use secure apps on it. See phone advice above.

  4. If you have operational reasons for needing access to XR online services, other than Signal and Telegram and areas like the public website which do not require a login and can be viewed by anyone, then you must be especially vigilant.

Loss of your device - arrest, loss or confiscation

  1. If you are arrested, then tell your secret codeword to Arrestee Watch or a friend, ideally before your arrest, or if you are grabbed without warning as soon as possible afterwards (e.g. use one of your custody calls to tell Back Office).

  2. If you lose your device, or it is confiscated by the authorities, then immediately let your Group Admin (Tech Champion) or Group Coordinator know, so that they can inform the Hub admin team.

  3. The Back Office Volunteer, your Group Admin (Tech Champion) or Hub Admin on being told your secret phrase and that you have been arrested, or had device(s) confiscated, will cross check the secret codeword and if it is valid immediately lock all your accounts - Hub, Forum, Mattermost and Cloud - until you are cleared.

Restoring your Hub Accounts

  1. When (if) you are released then your accounts can be restored. You will need to contact your Hub Group's Coordinator(s) and/or Group Admin for them to request that a Hub Admin orrestore your Techaccount.
    2. Champion
  2. If whoany knowsof youyour todevices doare this,lost, andor thenremain need to set a fresh password. It has to be someone who knows you, otherwisewith the police might just ask a Hub Admin to re-enable your account, so they can hack into it!

If emailing to unlock your accountsauthorities, you will need to verifychange the email address you use for the Hub. This change must be done before your account is restored and it is recommended that you by emailing fromchange your ownemail even if your devices have been returned. Your new email address andshould givingbe given to the codewordHub orAdmin phrase.

via your Hub Group Coord/Group Admin. A new Hub Password will be issued as well, but you can subsequently change this, if you wish. Once the new email has been registered, and the Hub account restored, you will be able to access all your Hub Group info as before.

Non Hub Services

  1. The above ONLY applies to your Hub, UK Forum, Mattermost and UK Cloud accounts. If you have administrator or moderator access to any service which gives you visibility of others' account details or activity, then it is essential that you dofollow this.

    a

    N.B.similar Thisprocedure ONLYfor applies to your Hub, UK Forum, Mattermost and UK Cloud accounts. If you have privileged access on any otherthose services thenas youwell.

    need
    2. to put in place similar procedures for these.

  2. For social media accounts it is worth having a trusted close friend/partner who knows your password and can be instructed to change the password immediately should they hear you are arrested.

Back to top