IT Security and Privacy for the rebellions around the world
Some helpful and short tips how to stay secure and protect your privacy for all those who do not really care about privacy or security. For the fine people of the Extinction Rebellion and for the rebels fighting government injustice in Hong Kong and for the many rebels fighting around the world for freedom: Take 5 minutes and follow these simple steps. Your rebellion might depend on it.
Over the last 35 years four of our twelve members got arrested. Twice have we been visited by the Secret Service. We have been intimidated and blackmailed by the government countless times: Learn from our mistakes. We have made them all.
This essay is split into 3 parts (Tier1, Tier 2 and Tier 3). Tier 1 is for rebels who are new to Privacy and IT Security. Tier 2 is for those who care a bit more and Tier 3 is what we use now.
This is an ongoing effort. I will change any recommendations and remove any tips that are no longer valid. Contact me if you have comments or know better.
Tier 1
Read this if you do not really care about security but somehow feel that risking the success of the rebellion due to your bad security would suck.
Tip A: Use WhatsApp. Use nick names and fake names. Keep your group small. Disable Chat-Backup (Settings -> Chats -> Chat Backup ->AutoBackup to OFF). Delete your chat history regularly: Click on the group name at the top. Scroll all the way to the bottom. Select “Clear Chat”. Also enable ‘Disappearing messages’ (click on the contact name or group name at the top and select ‘Disappearing messages’). Remind everyone else to do the same. Make it a habit to clear your data. Do it on the 1st of every month.
…or use Signal (Tier 2) or even better, use Signal with an anonymous phone number (Tier 3). Do not ever use Skype, FB messenger, Telegram, twitter, Threema or any other messaging app to share operational information.
Tip B: Delete E-mails after you have read them…or do not use E-mails at all.
Tip C: Encrypt your computer hard drive. This options comes for free with your computer — all you need is to enable it: Apple Mac users can use FileVault and Windows users can use Device Encryption.
Tip D: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).
Tier 2
Read this if you care a bit more about your privacy. Perhaps you have a critical role and people depend on you.
Tip A: Use Signal. Drop WhatsApp. Signal automatically clears your chat history and has many other features. Enable ‘Disappearing Messages’ for all chats: Click on your user in the top left corner, select ‘Privacy’ and then ‘Disappearing Messages’.
Tip B: Use Dashlane as a password manager. Pay for the premium. Never type passwords: Copy & Paste them. Always let the computer generate passwords for you (min length 12 characters):
Tip C: Use Chrome. Drop any other browser. Use ‘Incognito Window’ under File -> New Incognito Window. (Tier 3: Use Brave).
Tip D: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).
Tier 3
Read this and follow it as if your life depends on it. Chances are it does.
Tip A: Use Signal with an anonymous phone number or (even better) use Simplex Chat to communicate securely and to share files. Use Rocket Chat to work in teams (if you must). Drop WhatsApp (it is not secure by default).
Tip B: Use Brave. It’s an enhanced version of Google’s Chrome. It comes with TOR built-in (File -> New Private Window with TOR) or use the TOR Browser. Drop any other browser. Or go all the way and try Whonix or Tails.
Tip C: Use Virtual Box and run a separate Operating System (OS) inside your existing OS. Do all your rebellious activity from inside that guest OS. It’s like a second secret Desktop. Do not confuse your two Desktops: Use a different colour scheme for each Desktop: My ‘rebellious’ Desktop runs a bright pink colour scheme with Disney background and Donald Duck as a mouse cursor and a funky font. Make your ‘rebel Desktop’ as different as you can to your normal Desktop.
Tip D: Use Monero (or Bitcoin and Wasabi Wallet) to anonymise your funds.
Tip E: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).
You made it! You are a Tier 3 rebel now. I salute you. The best of luck to you! Convince others. Stay safe.
Remember: Under ‘Tier 1’ it says ‘use fake names’. Do so. In every single Tier it says “Do not talk”. It’s repeated three times for a good reason. Become the ninja and do what you have to do without bragging about it.
There is an awful lot of tips out there on the Internet. From totally useless to not practical for the average citizen. The Electronic Frontier Foundation is a rare exception (Go there and read Know Your Rights and many other articles).
If you like to go all the way down the rabbit hole then look into: EFF SSD, DDosecrets, Surveillance Bible, 2FA/Yubi, MullvadVPN, BitWarden, Proton Mail, RiseUp, tuta, drop facebook, drop WhatsApp, Burner Phones, GlobalLeak, cleanse all Cloud backup and storage, use Public WiFi, read our Tips & Tricks and read Phrack Magazine Issue #57-#69.
Enjoy,
John D. (fake name, obviously) / The Hacker’s Choice
Shoutz to: oldschoolz
