Compromised Account Procedure
All rebels with an account on the UK Hub, UK Forum, Global Mattermost and UK Cloud – which gives them access to material which eitherthat should not fall into unfriendly hands, or whichthat may compromise themselves or othersthe legal position -of themselves or others, for exampleexample, through providing evidence for conspiracy charges - need to be aware of these procedures.
Precautions to be taken against access to an account being compromised
The steps below allow for the rapid temporary suspension of thea compromised account on all XRUK services, to be followed either by reinstatement of the accounts with fresh passwords, or permanent deletion of the account as appropriate.
-
Set up, on the UK Hub, a secret codeword or phrase which you can easily remember and speak without having to spell it
outout,orandhavingthat does not have ambiguous spelling.- Log
Gointoon the UK Hub andLogin. Login andclick on the 'Set MyCodewordCodeword'iconicon.
- Log
-
Enter your phrase or word in the
boxbox. -
Once set, you can find and change your codeword by clicking on the Admin button and
"navigating to 'MySettings"Settings'. -
Follow the advice available
onthrough the links below to secure any device that you use to access XR services and email:This should include any desktop devices you may leave at home
whichthat could be subject to a search warrant and seizure in your absence.There is not yet a specific general guide to securing desktop devices against seizure
-– much of theLaptoplaptop advice applies. Don't forget any memory sticks or CD/Discdisc backups you may have lying around. -
DO NOT take any device, which has general access to your Hub accounts, into an arrestable situation! Please use a 'burner' phone and only install and use secure apps on it. See
phonetheadvicePhone Security Guide above. -
If you have operational reasons for needing access to XR online
services,services (other than Signal and Telegram and areas like the public websitewhichthat do not require a login and can be viewed by anyone),thenyou must be especially careful to ensureyouthat your device is secure and that you don't lose it.
Loss of your device -– arrest, loss or confiscation
-
If you are arrested,
thentell your secret codeword to Back Office (Arrestee Watch) or a friend, ideally before your arrest, or if you aregrabbedarrested without warning, as soon as possible afterwards (e.g. use one of your custody calls to tell Back Office). -
If you lose your device, or if it is confiscated by the authorities,
thenimmediately let your Group Admin or Interal/External Coordinator know, so that they can inform the HubadminAdmin team. -
The Back Office Volunteer, your Group Admin or Hub Admin on being told your secret phrase and that you have been arrested, or had a device(s) confiscated, will
crosscross-check the secret codeword and if it isvalidvalid, immediately lock all of your accounts-– the Hub, Forum, Mattermost and Cloud-– until you are cleared. For Group Admins, here is how to deactivate and reactivate someone.
Restoring your Hub Accounts
- When (if) you are
released thenreleased, your accounts can be restored. You will need to contact your Group's Coordinator(s) and/or Group Admin for them to restore your account. - If any of your devices are
lost,lost or remain with the authorities, you will need to change the email address you use for the Hub. This change must be done before your account is restored and it is recommended that you change your email even if your devices have been returned. Your new email address should be given to the Hub Admin via your Hub GroupCoord/Coordinator/Group Admin. A new Hub Password will also beissued as well,issued, and you should subsequently change this. Once the new email has beenregistered,registered and the Hub account restored, you will be able to access all of your Hub Groupinfoinformation as before. - If you are a member of Mattermost channels
whichthat the Hub does not know about, your membership of those channels will not be restored automatically. You will need to rejointhem "by hand",these by asking people in them tojoininvite you again.
Non Non-Hub Services
-
The above ONLY applies to your Hub, UK Forum, Mattermost, UK Cloud and Vault accounts. If you have administrator or moderator access to any service
whichthat gives you visibility of others' account details or activity, then it is essential that you follow a similar procedure for those services as well. -
For social media accounts, it is worth having a trusted close friend/partner who knows your password and can be instructed to change the password immediately should they hear you
arehave been arrested.