Compromised Account Procedure

All rebels with an account on the UK Hub, UK Forum, Global Mattermost and UK Cloud which gives them access to material which either should not fall into unfriendly hands, or which may compromise themselves or others legal position - for example through providing evidence for conspiracy charges need to be aware of these procedures.

Precautions to be taken against access to an account being compromised

The steps below allow for rapid temporary suspension of the compromised account on all XRUK services, to be followed either by reinstatement of the accounts with fresh passwords, or permanent deletion of the account as appropriate.

  1. Set up, on the UK Hub, a secret codeword or phrase which you can easily remember and speak without having to spell it out or having ambiguous spelling.

    v58image1.png

    • Go to UK Hub and Login.

    • Login and click on the Set My Codeword icon

    • Enter your phrase or word in the box

    • Once set, you can find and change your codeword by clicking on the Admin button and "My Settings"

  2. Follow the advice available on links below to secure any device that you use to access XR services and email:

    Laptop Security Guide

    Phone security Guide

    This should include any desktop devices you may leave at home which could be subject to a search warrant and seizure in your absence.

    There is not yet a specific general guide to securing desktop devices against seizure - much of the Laptop advice applies. Don't forget any memory sticks or CD/Disc backups you have lying around.

  3. DO NOT take any device into an arrestable situation which has general access to your accounts - use a 'burner' phone and only install secure apps on it. See phone advice above.

    If you have operational reasons for needing access to XR online services, other than Signal and Telegram and areas like the public website which do not require a login and can be viewed by anyone, then you must be especially vigilant.

  4. If you are arrested or lose your device then tell your secret codeword to Arrestee Watch or a friend, ideally before your arrest, or if you are grabbed without warning as soon as possible afterwards (e.g. use one of your custody calls to tell Back Office).

  5. The Back Office Volunteer or a Tech Champion or Hub Admin on being told your secret phrase and that you have been arrested or had device(s) confiscated will cross check the secret codeword and if it is valid immediately lock all your accounts - Hub, Forum, Mattermost and Cloud - until you are cleared.

  6. When (if) you are released then your accounts can be restored. You need to request a Hub Admin or your Tech Champion who knows you to do this, and then need to set a fresh password. It has to be someone who knows you, otherwise the police might just ask a Hub Admin to re-enable your account, so they can hack into it!

If emailing to unlock your accounts you will need to verify it is you by emailing from your own address and giving the codeword or phrase.

If you have administrator or moderator access to any service which gives you visibility of others' account details or activity, then it is essential that you do this.

N.B. This ONLY applies to your Hub, Forum, Mattermost and Cloud accounts. If you have privileged access on any other services then you need to put in place similar procedures for these.

For social media accounts it is worth having a trusted close friend/partner who knows your password and can be instructed to change the password immediately should they hear you are arrested.