IT Security and Privacy for the rebellions of the world

Image for post
Image for post
Short URL to this article: https://tiny.cc/thcstfu

Some helpful and short tips how to stay secure and protect your privacy for all those who do not really care about privacy or security. For the fine people of the Extinction Rebellion and for the rebels fighting government injustice in Hong Kong and for the many rebels fighting around the world for freedom: Take 5 minutes and follow these simple steps. Your rebellion might depend on it.

Over the last 35 years four of our twelve members got arrested. Twice have we been visited by the Secret Service. We have been intimidated and blackmailed by the government countless times: Learn from our mistakes. We have made them all.

This essay is split into 3 parts (Tier1, Tier 2 and Tier 3). Tier 1 is for rebels who are new to Privacy and IT Security. Tier 2 is for those who care a bit more and Tier 3 is what we should have been doing.

This is an ongoing effort. I will change any recommendations and remove any tips that are no longer valid. Contact me if you have comments or know better.


Tier 1

Read this if you do not really care about security but somehow feel that risking the success of the rebellion due to your bad security would suck as well.

Tip A: Use WhatsApp. Use nick names and fake names. Keep your group small. Delete your chat history regularly: Click on the group name at the top. Scroll all the way to the bottom. Select “Clear Chat”. Remind everyone else to do the same. Make it a habit to clear your data. Do it on the 1st of every month.

Image for post
Image for post
Clear your Chat History

…or use Signal (Tier 2) or even better, use Threema (Tier 3). Do not ever use Skype, FB messenger, twitter or any other messaging app to share operational information.

Tip B: Delete E-mails after you have read them…or do not use E-mails at all.

Tip C: Encrypt your computer hard drive. This options comes for free with your computer — all you need is to enable it: Apple Mac users can use FileVault and Windows users can use Device Encryption.

Tip D: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).


Tier 2

Read this if you care a bit more about your privacy. Perhaps you have a critical role and people depend on you.

Tip A: Use Signal. Drop WhatsApp. Signal automatically clears your chat history and has many other features.

Tip B: Use Dashlane as a password manager. Pay for the premium. Never type passwords: Copy & Paste them. Always let the computer generate passwords for you (min length 12 characters):

Image for post
Image for post

Tip C: Use Chrome. Drop any other browser. Use ‘Incognito Window’ under File -> New Incognito Window. (Tier 3: Use TOR Browser).

Tip D: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).


Tier 3

Read this and follow it as if your life depends on it. Chances are it does.

Tip A: Use Threema for anonymity. Threema does not require an E-mail address or phone number to work. Use Signal for confidentiality. Use Rocket Chat to work in teams. Drop WhatsApp.

Tip B: Use Brave. It’s an enhanced version of Google’s Chrome. It comes with TOR built-in (File -> New Private Window with TOR) or use the TOR Browser. Drop any other browser. Or go all the way and try Whonix or Tails.

Image for post
Image for post

Tip C: Use Virtual Box and run a separate Operating System (OS) inside your existing OS. Do all your rebellious activity from inside that guest OS. It’s like a second secret Desktop. Do not confuse your two Desktops: Use a different color scheme for each Desktop: My ‘rebellious’ Desktop runs a bright pink color scheme with Disney background and Donald Duck as a mouse cursor and a funky font. Make your ‘rebel Desktop’ as different as you can to your normal Desktop.

Tip D: Use Bitcoin and Wasabi Wallet to anonymise your funds.

Tip E: Do not talk. Keep your mouth shut. Do not brag. Do not trust friends. Friends change. Especially when they get arrested and get offered a reduced prison sentence in exchange for further information. You would not believe how willing an arrestee will turn into a snitch. Do not share information that does not need to be shared (share on a “Need to know” basis).


You made it! You are a Tier 3 rebel now. I salute you. The best of luck to you! Convince others. Stay safe.

Remember: Under ‘Tier 1’ it says ‘use fake names’. Do so. In every single Tier it says “Do not talk”. It’s repeated three times for a reason. Become the ninja and do what you have to do without bragging about it.

There is an awful lot of tips out there on the Internet. From totally useless to not practical for the average citizen. The Electronic Frontier Foundation is a rare exception (Go there and read Know Your Rights and many other articles).

If you like to go all the way down the rabbit hole then look into: EFF SSD, 2FA, Proton Mail, Wire, NordVPN, drop facebook, Burner Phones, GlobalLeak, Public WiFi and read Phrack Magazine Issue #57-#69.

Enjoy,

John D. (fake name, obviously) / The Hacker’s Choice

Shoutz to: oldschoolz / OSCAR2020

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store