Thislibrary of "DemTools" consists of software, approaches, toolkits and guides that DemTech regards as trusted technology-related resources for the democracy community. It is not meant to be comprehensive, but rather a curated list of tools and resources known by DemTech experts to be valuable for enabling democratic actors to conduct their work in a safe, reliable, and cost effective way.
The Handbook is an open-source resource designed to help civil society organizations develop an understandable and implementable cybersecurity plan. It includes explanations of key security topics that organizations and their staff should be aware of, essential strategies and recommended tools to limit risk, and tips and links to additional resources that can help an organization implement such recommendations. The Handbook material is also available as an online course.
The Handbook is an open-source resource designed to help political parties develop an understandable and implementable cybersecurity plan. It includes explanations of key security topics that parties and their staff should be aware of, essential strategies and recommended tools to limit risk, and tips and links to additional resources that can help a party implement such recommendations. The Handbook material is also available as an online course.
NDI's Practical Cybersecurity for Organizations Online Course provides civil society organizations, political parties, and parliaments a unique online course opportunity to develop an understandable and implementable cybersecurity plan. The course, built off the material in NDI's Cybersecurity Handbooks, includes explanations of key security topics that these organizations their staff should be aware of, essential strategies and recommended tools to limit risk, and tips and links to additional resources that can help these groups implement such recommendations. Certificates are available for successful completion of the course and development of a cybersecurity plan.
Outline is a tool created by Jigsaw, a technology incubator created by Google, that allows users to easily create their own secure, self-hosted VPN (virtual private network). A trusted Outline VPN helps users more securely avoid internet censorship and surveillance if properly used and managed. Outline itself is free, however it does require the use of a cloud server through a hosting provider such as Digital Ocean or Amazon. Such a server typically costs at least a few US dollars per month, depending upon data usage.
Deflect is a distributed denial-of-service (DDoS) and cyber-attack mitigation platform that helps protect the websites of vulnerable civic groups. The service is made free to eligible non-profit civic and human rights organizations.
Bitwarden is a digital password manager. Such systems allow you to set up secure vaults to store long, unique passwords for all your accounts without needing to remember them each individually. If properly secured and used, this allows individuals and organizations to enhance their account security by using strong passwords overall. Bitwarden is an open-source tool that has a good free-tier, but also offers paid plans with additional features for experienced users and teams/organizations.
An anti-malware software for Microsoft Windows, macOS, Android, and iOS. Bitdefender offers a free version that provides strong basic anti-virus capabilities for Windows, macOS, and Android devices. Paid versions of Bitdefender offer extra features and are also available for iPhones.
Authy is a free two-factor authentication application that works on both iPhone and Android. It allows users to generate time-based one-time passcodes, even without access to internet, that they can type into their login prompt to complete the two-factor authentication process.
A service that allows Outlook and Microsoft 365 users to adopt enhanced security settings on their accounts. Eligible global nonprofit organizations with sensitive information stored in their Microsoft accounts should strongly consider applying for AccountGuard, which can help them (at no additional cost) protect sensitive data and build trust by providing unified threat detection and notification across organizational and associated personal accounts in the event of a nation-state attack or compromise.
Tunnelbear, a trusted VPN (virtual private network), helps users avoid internet censorship and surveillance. While a for-profit tool available to paying users, Tunnelbear provides free credits to democratic actors in countries where secure communication and internet freedom is under threat. They also offer free bandwidth gifts to all users in certain countries experiencing additional heightened censorship: https://www.tunnelbear.com/bandwidth-support
Google Authenticator is a free two-factor authentication application that works on both iPhone and Android. It allows users to generate time-based one-time passcodes, even without access to internet, that they can type into their login prompt to complete the two-factor authentication process.
A free, secure communications application that provides end-to-end encrypted individual and group messages, audio, and group video calls. Available as an app on iPhones and Androids, and can be used as a desktop client as well. Signal is the best option for secure messaging and file sharing, especially in high-risk contexts.
Cloudflare is a content delivery network provider that secures websites against security breaches and distributed denial of service (DDoS) attacks. Such attacks are commonly used to make sites inaccessible to the public. Through Project Galileo, Cloudflare makes these enterprise-grade protection services available for free to at-risk public interest websites at no cost. Qualifying organizations can apply directly on the Project Galileo website, or through a sponsoring organization like NDI.
Duo mobile is a two-factor authentication application that allows users to verify their identity by approving push notifications before accessing applications. Duo also allows users to generate time-based one-time passcodes that they can type into their login prompt to complete the two-factor authentication process.
A free, security-focused operating system aimed at preserving privacy and anonymity. Tails requires advanced knowledge and proper training to be used effectively, but can be particularly useful for individuals and organizations concerned about device confiscation and/or the security of information saved on computers, among other high-risk scenarios.
An encrypted desktop-based password manager that allows users to set up a vault on their device to secure their passwords and other sensitive information, protected by one primary password. KeyPass is open-source and free to use.
A service that allows Google users (people with Gmail/Google accounts) to adopt enhanced security setting on their accounts. Users with high visibility and sensitive information stored in their Google accounts should strongly consider enrolling in Advanced Protection. Enrollment is free for any Google account, but does require the use of physical security keys.