Guide to Account Check-up
Often times, members of civil society have the more or less justified suspicion of being surveilled. Perhaps they experienced anomalies with their computers or mobile devices, or they have reasons to believe that some of their communications have been intercepted.
These attacks very often involve attacks on online accounts, such as Google, Facebook or Microsoft, because these accounts contains a lot of information and allows to communicate publicly or privately with large communities.
This guide aims at providing a methodology to check for suspicious configuration showing that an account was compromised, and its configuration potentially modified to maintain access to it. It is developed to help Human Right Defenders and people supporting them make sure that no one but themselves have access to their online account.
This guide does not aim at securing online accounts but only looking for suspicious events or configuration.
This guide is currently under development. You can contribute to this text here. It was last updated in April 2020 and may not be fully accurate when you are reading it.