This page is intended to be used as a guide for comrades who are trying to practice good operations security (opsec). Opsec usually entails practices to make sure that private information stays appropriately private, and that those involved have their private & personal information protected.
The info in this document is adapted from various sources: (1) (2) (3)
- Update all applications and your phone's operating system to their latest versions (to make sure all security patches are applied)
- Use a password manager and two factor authentication (see the anti-doxxing page for more thorough information: /mutual-aid/anti-dox)
- It is encouraged to use a multi-word password for greatest entropy (see this helpful comic)
- Do not use common words like “ACAB”, “1312”, or “antifa”
- Most password managers have a password generator that can be used to make a unique password
- Use encrypted communication apps (e.g. Telegram or Signal)
- On these apps, it is recommended not to use your full name, and use an alternate name where possible
- Turn on at-rest encryption on your device (Android, iPhone, Windows, Ubuntu, OSX). This will make your devices significantly more difficult to break into.
- Consider using a VPN (virtual private network). This will obfuscate your network usage, and make it more difficult to track your internet footprint.
The most important step is to make sure you can communicate securely without being surveilled. You need a way to communicate privately with your peer group and a way to stay up to date with what's happening around you and where demonstrations are taking place. For that, it's recommended to use two apps: Telegram and Signal. You can find them on either Google's Play Store if you're on Android or Apple's Appstore if you have iOS. Signal and Telegram have different use cases:
- You should use Telegram groups and channels to stay up to date and alert about what's going down in your surroundings.
- You should use Signal to communicate with your peer group.
You might be familiar with Signal, especially if you have been into organizing before. It's a messaging app that deploys strong end-to-end encryption. You should use Signal to communicate with your peer group. The pros of using Signal:
- encrypted group chats
- encrypted phone calls
- disappearing message feature
- automatic scrubbing of image/video metadata
Cons:
Turning on the disappearing message feature so that your phone never contains indicting information is very important, but this will be explained later in this guide. As with all communication, even if Signal has end-to-end encryption, the golden rule still applies: loose lips sink ships. Never admit to doing something unlawful on a messaging app.
Let's start off with the most important points:
- Telegram group chats are not encrypted
- Telegram channels are not encrypted
- normal chats are not encrypted by default
- the secure chat feature is fishy
Use Telegram to follow channels from your city to stay up to date about what's going down. You can find these channels on social media. Don't write anything there that you wouldn't post on twitter or instagram. If you can read it, so can the police. To keep your phone number private, go to the privacy settings and disallow your phone number from being displayed.
- Content that is discussed within a Signal group should be considered confidential and should not be shared elsewhere unless specifically stated (or by asking permission).
- Do not livestream events without the express permission of the organizers. If you are asked to stop, do so. Focus on police movements & faces, and avoid filming protesters.
- If you intend to share videos or photos, always censor the faces of the people involved, or even better - censor their whole bodies. There are easy to use apps for that, you don't want to get someone locked up in a few months after the authorities scraped social media and analyzed the pictures.
- If you are unsure whether to share something (whether someone else posted it or you took it), it's always a good idea to ask.
For other modes of communication and collaboration, there are secure (often community-run) tools that are recommended.
- Proton - secure, encrypted email. Company run, free to sign up (more features with pro version)
- RiseUp - secure email, community run, invite only
- RiseUp Pad - community-run instance of etherpad, secure and collaborative document editing
- CryptPad - end-to-end encrypted and open-source collaboration suite, beyond documents (spreadsheets, diagrams, presentations)
- Signal - offers a video call option within the app
- Jitsi (Tech Bloc) - community run (by us) instance of Jitsi, a end-to-end encrypted video conferencing platform
- Jitsi (primary) - Jitsi instance hosted by the creators of the platform
If possible, it is advised to purchase a burner phone with a prepaid sim when attending protests. Get a phone with a removable battery, only turn it on when you're at the protests. If you take your burner phone to your home when it's turned on you can just not bother with it in the first place.
A big part of surveillance at protests stems from CCTVs or mobile camera checkpoints. Don't forget that there's a pandemic going on: mask up! It's the thing that you can easily do that will you protect you from this surveillance (and a deadly virus).