[REPOST] Privacy & Safety in the New Techmerican Empire
Protect yourself online and off, as WWV gets into full swing.
Note: I’m reposting this nearly as-is from when Roe was overturned; some of the information now seems quaint, as it was written before the total tech takeover that has occurred. But this weekend is still an auspicious time to republish it, with updates to follow.
Taken together, the major tech platforms represent a larger economy than all of the planet’s countries except for the United States and China. They have now melded with the Trump Government. This collusion between “the private sector” and a radicalized government is unprecedented.
So keep in mind that as robust as some of these techniques are, citizen-accessible privacy and security countermeasures are only going to be effective up to a point.
Repost follows:
Introduction
Without technical protections, everything you say or do online is captured and available for analysis by just about anyone: law enforcement, agency operatives, data brokers, and an invisible army of commercial behavior information consumers. Phones routinely report location information, text messages incriminate, social media is collected and scraped, microphones are used to eavesdrop.
The degree of information weaponization has spiked and now there is much more risk, from women who are criminalized for their health care decisions, to those targeted by the State for capture and forced deportation, to pro-social activists who would resist the newest incarnation of fascism.
This post is a partial dossier of practices that individuals can use to protect their privacy, whether posting commentary, seeking information, searching, planning, scheduling, or traveling. Some of these suggestions are “industrial grade,” suitable for support organizations to use in support of their constituents.
If you are not a “techie” then you may need to find someone to help you with some of these techniques. Given the threat level that some people may experience based on their activity, some of the necessary countermeasures require effort. Good luck, and respond with comments or questions.
Protection Techniques
Each set of suggestions has a “Basic” and an “Advanced” section, so people with varying levels of capability and need can adapt this information to their situation. Additional resources are listed at the end.
As you go about securing your sensitive activities from surveillance, make sure to keep up your normal patterns of innocuous behavior. Just because you are taking control over some aspects of your life and cloaking them for safety, doesn’t mean you can’t keep playing Wordle or watching cat videos.
Online Activity
These guidelines pertain to both phones and desktop/laptop systems.
Basic
Use the Tor Browser – maybe you have heard of it: a highly secure browser that automatically connects to websites over a very complex network of cooperating computers, making your online actions almost impossible to trace back to you. It can thwart all but very sophisticated attacks against behavior and privacy. Nobod who may be at risk should be without it now. Get it here, the installation is very straightforward and requires no special setup: https://www.torproject.org/download/
Keep all sensitive, resistance- or “undesireable activity” information and behaviors off your normal social media. Take it underground to an anonymous account, if you require social media features to navigate your needs
Create new private social media accounts (Twitter, Facebook, Instagram, etc.) and use an assumed name. Then let only trusted people in your personal network know about the account.
Do not connect any activity on the new private accounts with your current accounts. Don’t use apps’ “link accounts” features.
Follow multiple unrelated and random other accounts and get as many unrelated and random followers as possible.
Add innocuous messages and comments on other posts.
Use account and personal names that blend in, and which are used by many others.
STOP USING GMAIL. Google’s politics at one point seemed sympathetic to pro-social positions, and they have the muscle to resist law enforcement to some extent. But with the new obeisance to the incoming regime, use a secure email service. Here are a few:
Protonmail.com – Switzerland
Hushmail.com – Canadian
Tutanota.com – Germany
Swisscows.com – Switzerland
STOP USING GOOGLE docs, calendar, or account. Both Protonmail and Tutanota have or are developing competitive tools. Of course, you can continue to use Google tools normally for non-sensitive activity.
STOP USING CHROME except for “normal” non-sensitive activities. Firefox is the easiest and most painless alternative with many more additions that can be useful. Firefox Focus is helpful too. But for anything highly sensitive use Tor as described above
STOP USING GOOGLE SEARCH. Don’t use Duckduckgo either – its ownership has become somewhat suspect. Use these instead, but DO NOT install their browser extensions:
Swisscows.com
Startpage.com
The above recommendations apply to corresponding Microsoft products as well
Don’t use Amazon products for anything besides reordering dish soap and the like.
In your browser, disable “default search engine” and select your search engine manually by going to its website or use the Tor browser that allows you to set Startpage as your default search engine.
Never use your true name in any of the new accounts you create. If you can change account names, screen names, email address names that currently include your information, you should. Anything you have done using those identifiers will still be discoverable.
Get a VPN. Most people are currently using them. They are essential for day-to-day Internet use for normal activities but again the best option for very sensitive activity is Tor. Protonmail paid accounts include a VPN, and Mozilla (Firefox) has one. There are many other commercial products, as well. Using both Tor and a VPN is sometimes not as secure as using Tor alone and is not necessary. Do NOT use so-called “free” VPNs.
Privacy settings on your phone are complicated and too much to add to this post. Refer to some of the other resources at the end of the post or do your own research on privacy settings for your phone.
Advanced
For social media accounts, generate artificial profile photos using any of the myriad generative art platforms.
You can use https://simplelogin.io/ (recently bought by Protonmail and integrated with their mail platform) to create email addresses that don’t identify you and can be deleted and created at any time. Hushmail (described above) also allows you to create aliases.
If you need a phone number to register online accounts, set up an account at https://mysudo.com - their numbers work with many sites for verification. You do NOT need to provide personal information to use Mysudo for this.
You can create an anonymous credit card number (not a debit card) with Mysudo in case you need to pay for sensitive services. Be aware, though, that you must provide your identity to them to get a card, which they must provide under subpoena.
Anonymous financial transactions are extremely difficult in general because of anti-money-laundering law. Cryptocurrency can be an option though is is much more regulated, and much less anonymous, than it used to be.
Add features that block social media trackers on websites. There are many offerings that will add this security to your browser and is vital when visiting sensitive websites that may include ubiquitous social media trackers. The Planned Parenthood website contains social media trackers!
uBlock origin is excellent but can be complex
AdBlockerUltimate is a good choice
PrivacyBadger is from the Electronic Frontier Foundation, a pioneer in online privacy and freedom
Consider organizing a large group of trusted associates who all agree to browse to sensitive websites, sign up on “get more information” or “contact us” pages, and otherwise provide cover. If you can create a crowd to hide in, it makes investigation much more difficult for adversaries. This is herd behavior that hides your specific activity in a collection of many other people’s, requiring an adversary to analyze all activity to isolate a target.
Personal proxy: You can connect with a friend who is outside the danger zone and outside the reach of adversaries, to be a personal proxy. For example, use a secure messaging app (see below) to contact a friend in a foreign country or another state. This person could perform sensitive online operations on your behalf and communicate securely with you using the techniques in this blog. Consult with an attorney if you are concerned about getting others involved who are out of state or the country.
Phone, Location, & Physical Security:
These guidelines are in addition to making sure your phone’s general privacy settings are set correctly.
Basic
STOP using your phone apps for anything other than basic (or secured) communications and normal, innocuous patterns of behavior unrelated to sensitive matters. Delete ALL apps related to your sensitive activities (note – this is not sufficient, but it is necessary.)
A "burner number" using an app is easy to get and is useful for some basic anonymity. It may not be sufficient, as it has limitations and may not be as secure as some of the other recommendations here. It can help with basic needs.
DON’T text or iMessage sensitive information, or use any messaging features from Facebook, Instagram, or other apps not designed specifically for security.
Signal is the best choice for secure messaging and is simple to use; it requires both parties to be set up with it. Telegram is not as secure. Messenger is owned by Meta, enough said.
You can use Mysudo (described above) to generate a phone number to use with Signal, and not reveal your real phone number. Use secure email if you do not want to share any phone numbers.
DITCH your Android phone, or at least do not use it for anything related to sensitive issues. iPhones aren’t perfect but they are far better than standard-issue Android platforms.
DITCH your cell for sensitive travel! Mobile providers supply location data, and unless you get a totally “black” phone, this information can be captured and tied back to you. Your best option is leaving your cell phone at home when traveling to any sensitive destination.
If you MUST take your mobile phone, put it in airplane mode (not very safe) or remove the battery (possibly difficult) or try a secure phone shield (I haven’t investigated them) when you are near your location. And:
Routinely Keep Bluetooth off unless you need it.
Even in non-sensitive areas it’s a good idea to shut off your phone’s WiFi.
Be very careful about photos that could be used as evidence that you were in a sensitive location.
If you have a late model car, it is constantly sending location telemetry. Your best option is to take a cab, pay with cash, and have the cab drop you off a distance from your destination. Or use public transport if available.
Do NOT use ride-share apps any other app for arranging transportation. Call a cab.
Wear nondescript clothing with no markings of any kind. Wear a nondescript hat if possible. Assume cameras are ubiquitous and photographing you near sensitive locations. You cannot rely on legal protection to prevent footage from being used against you.
Advanced
If you try Mysudo for an anonymized SMS mobile number and a site doesn't work with the number, you can get a second text-only “burner phone” via US Mobile for about $5/month. However, you need to give them your true payment and shipping information and they will have to respond to a subpoena if it comes to that.
Your burner cell phone can be used for voice if you add a voice plan. You can churn your cell plan by canceling and then opening a new account to get a new SIM card. You can buy a phone for $20 to $50. You can consider sharing a burner phone with multiple trusted friends.
You could double up, using Mysudo to obtain a credit card number, then use the credit card number to order a mobile burner phone. This could mean two subpoenas instead of one.
There are websites that claim to provide anonymous SMS numbers, but most services know these numbers and they can’t be used. Google voice numbers can’t be used either.
However, whenever possible, only use accounts that do not require SMS verification for sensitive activity.
Consider organizing groups of trusted friends to collectively travel to sensitive locations. Authorities would have a more difficult time identifying or singling out an individual for investigation, increasing the cost and slowing any hostile proceedings
Good luck and stay safe out there! This is always a moving target, so you need to be too.
Other Resources
ACLU Activist training
Electronic Frontier Foundation
Reddit Privacy subreddit - always be skeptical and perform your due diligence on social media information, but Reddit has some good contributors.
DISCLAIMER:
This is not legal advice, nor advocacy of any specific technique where outlawed. It is a compilation of other freely available information on privacy, security, anonymity, and obfuscation.