Compromised Account Procedure

All rebels with an account on the UK Hub, UK Forum, Global Mattermost and UK Cloud which gives them access to material which either should not fall into unfriendly hands, or which may compromise themselves or others legal position - for example through providing evidence for conspiracy charges need to be aware of these procedures.

Precautions to be taken against access to an account being compromised

The steps below allow for rapid temporary suspension of the compromised account on all XRUK services, to be followed either by reinstatement of the accounts with fresh passwords, or permanent deletion of the account as appropriate.

  1. Set up, on the UK Hub, a secret codeword or phrase which you can easily remember and speak without having to spell it out or having ambiguous spelling.

    v58image1.png

    • Go to UK Hub and Login.

    • Login and click on the Set My Codeword icon

    • Enter your phrase or word in the box

    • Once set, you can find and change your codeword by clicking on the Admin button and "My Settings"

  2. Follow the advice available on links below to secure any device that you use to access XR services and email:

    Laptop Security Guide

    Phone security Guide

    This should include any desktop devices you may leave at home which could be subject to a search warrant and seizure in your absence.

    There is not yet a specific general guide to securing desktop devices against seizure - much of the Laptop advice applies. Don't forget any memory sticks or CD/Disc backups you have lying around.

  3. DO NOT take any device, which has general access to your Hub accounts, into an arrestable situation! Please use a 'burner' phone and only install and use secure apps on it. See phone advice above.

  4. If you have operational reasons for needing access to XR online services, (other than Signal and Telegram and areas like the public website which do not require a login and can be viewed by anyone), then you must be especially careful to ensure you device is secure and you don't lose it.

Loss of your device - arrest, loss or confiscation

  1. If you are arrested, then tell your secret codeword to Back Office (Arrestee Watch) or a friend, ideally before your arrest, or if you are grabbed without warning, as soon as possible afterwards (e.g. use one of your custody calls to tell Back Office).

  2. If you lose your device, or it is confiscated by the authorities, then immediately let your Group Admin or Interal/External Coordinator know, so that they can inform the Hub admin team.

  3. The Back Office Volunteer, your Group Admin or Hub Admin on being told your secret phrase and that you have been arrested, or had device(s) confiscated, will cross check the secret codeword and if it is valid immediately lock all your accounts - Hub, Forum, Mattermost and Cloud - until you are cleared. For Group Admins, here is how to deactivate and reactivate someone.

Restoring your Hub Accounts

  1. When (if) you are released then your accounts can be restored. You will need to contact your Group's Coordinator(s) and/or Group Admin for them to restore your account.
  2. If any of your devices are lost, or remain with the authorities, you will need to change the email address you use for the Hub. This change must be done before your account is restored and it is recommended that you change your email even if your devices have been returned. Your new email address should be given to the Hub Admin via your Hub Group Coord/Group Admin. A new Hub Password will be issued as well, and you should subsequently change this. Once the new email has been registered, and the Hub account restored, you will be able to access all your Hub Group info as before.
  3. If you are a member of Mattermost channels which the Hub does not know about, your membership of those channels will not be restored automatically. You need to rejoin them "by hand", by asking people in them to join you again.

Non Hub Services

  1. The above ONLY applies to your Hub, UK Forum, Mattermost, UK Cloud and Vault accounts. If you have administrator or moderator access to any service which gives you visibility of others' account details or activity, then it is essential that you follow a similar procedure for those services as well.

  2. For social media accounts it is worth having a trusted close friend/partner who knows your password and can be instructed to change the password immediately should they hear you are arrested.