You’ve maybe heard the term OpSec before, and it might sound very cloak and dagger to you, but it’s not as sinister or secretive as all that. It stands for Operational Security, and it’s a systematic process for protecting and controlling sensitive information. If you want to organize direct action in your community and you don’t want to pull up to discover a preemptive police response, then you need OpSec.
This post is….not all that sophisticated, as far as operational security goes. For the people doing the big stuff or organizing at scale, I imagine they will be using more sophisticated, more rigid protocols than I’ll even get close to talking about here. This post is for small time, every day resistance. It’s for driving your friend across state lines to get an abortion, or coordinating hiding your undocumented neighbor from the state. This post is also for keeping yourself off the radar in general. If you want to act in opposition to an oppressive state or even just avoid being fired or harassed because of your politics, being a person of interest because you posted about how fun it would be to key a cop car doesn’t do you any favors. One of our best tools for direct action is being beneath notice and being underestimated.
This post is just a loose collection of suggestions and recommendations, and is not intended to be some be-all-end-all resource for digital OpSec. I am not a professional, nor an expert. I’m just a person with the time and interest to put this all into one place. If you intend to do a lot of work with sensitive communications, especially if you live in a more hostile area, make sure you are doing more than reading my blog.
The Basics
The Golden Rule: When in doubt, shut the fuck up. If you are not confident that your communication is secure and private, keep shit to yourself – this means Facebook, Twitter, Discord, Snapchat, Tiktok, whatever. Don’t talk about where you’ve been, don’t talk about your trip to the doctor, don’t talk about upcoming protests or drag story hours, or how you stand with (oppressed group), or anything like that. If someone could use it against you or your loved ones, shut the fuck up.
In fact, if you think there are posts from your past that could come back to bite you in the ass, I recommend looking into a service like Redact, which can either delete or anonymize (replace with gibberish and remove any connection to you) your messages, likes, comments, posts on various social media.
Okay, so how DO you talk about this stuff safely and securely? How do you spread the word, disseminate information, etc? Well, the name of the game is E2EE, or End-to-End Encryption. You PROBABLY already at least have an idea of what that means, but the simplest explanation is that it’s a tunnel where only the person sending a message and a person receiving a message can see it. Anyone else (even the platform itself) trying to read the message gets worthless garbage.
The undisputed GOLD STANDARD for encrypted text and calls is Signal. I strongly recommend you download this app and USE IT. If you want to tell someone when to meet for a protest PUT IT IN SIGNAL. If you want to accompany someone to Planned Parenthood PUT IT IN SIGNAL. Get the pattern? There are many platforms that will advertise encryption like Facebook Messenger, Whatsapp, and iMessage. This is…..not lying exactly, but also not the same thing. They still store the information and in many cases CAN access the data if necessary (or, importantly, if subpoenaed or served a warrant!).
Some other E2EE services which I strongly recommend you investigate if you expect to communicate or act in opposition to a repressive, authoritarian regime:
Proton – and FREE E2EE email client, which also includes a fully encrypted drive and calendar, and paid plans also include a password manager and a VPN with broadly positive reviews.
Cryptgeon– free website to create and share encrypted notes or files
Jitsi Meet– free website for encrypted video calls
ChatCrypt or ChatStep – free encrypted burner chat rooms, can be password protected
Ente – free encrypted photo and video storage, similar to Google Photos – and this is as good a place as any to remind you not to take pictures at protests, unless it’s pictures of cops
Matrix/Element – free encrypted chat/forum platform, extremely similar to Discord
And you know what CAN’T get hacked? Paper, or talking face to face. If it’s truly sensitive, take it offline.
Other Considerations
Your GPS software is probably tracking you, and that information can be acquired by pretty much anyone, or subpoenaed by the state. Your phone itself is probably (read: definitely) tracking you, so whenever possible just leave it at home, ESPECIALLY if you’re going somewhere sensitive like a planned parenthood, a political gathering, or a protest! But I understand the world we live in, so I recommend as an alternative to Google Maps or Apple Maps OSMand, which is powered by the open sourced OpenStreetMaps project. This app works offline with downloaded maps, so it’s not sending your info anywhere.
With the prevalence and easy access to trackers like AirTags or Tiles, it will behoove you to install AirGuard, which is a free app that passively looks for potential trackers that are on your person or following you around and alerts you to them. Fair warning that it is constantly using your phones location services.
You should turn off FaceID and biometrics to access your phone or sensitive apps! Thus far it has been ruled that cops MAY NOT require you to input a password to unlock your phone, but they MAY require a fingerprint or put the phone in front of your face to get access to it.
Websites track you all the time! And that information can be used against you! Browsers like Firefox allow you to create “container” tabs, which prevent cross-site trackers and other similar security leaks. Consider opening ANY social media platforms or other “public digital spaces” in container tabs.
With so many people (correctly) leaving Twitter, may I recommend migrating to Mastodon. I am HAPPY to talk your ear off about federation and why that should be the future of digital communication (and maybe I will in a future post), but suffice it to say that you have a lot more control over who has access to your data. Mastodon IS NOT E2EE, but it does employ basic transport-level encryption, and because you can choose the instance you join, you get to choose who has direct access to your data, as any federated platform is by its very nature decentralized. You can even host your OWN instance if you have the hardware and the know-how.
If you are making purchases online that you would like to be harder to track, then my top suggestion for you is Privacy (the company, not the concept). You can link your bank account to it, and create virtual credit cards that burn after use to avoid purchasing patterns. When you checkout with these cards you still need to put in your actual information, and your bank statements will still show “Privacy — (Vendor name)”, but having an extra layer of obfuscation is always good. You can also take steps to distance your name from purchases by going in to a convenience store or pharmacy, buying a prepaid visa card with cash, and then making an online purchase with that. Cryptocurrency is an option some of the time, but it’s also not as anonymous as you think, and for various other reasons crypto is a scam. I’m not going to say don’t use it, just be conscientious about it.
Like I said up top, this is just meant to be a resource to help average do-gooders or people just starting out in the resistance movement avoid getting scrutinized, harassed, or worse as they begin to navigate the incipient hellscape of life under the American government. There will almost certainly be rollbacks of regulation and restriction on how companies and agencies can acquire and use your data online, and while the best time to prepare was yesterday, the second best time is today.
I hope to continue to put out posts like these delving further into this sort of stuff, and I also want to create a running list of external resources like books, podcasts, and websites as well. Keep an eye out, and keep up the good work.
~ Inchoate Clay
Leave a Reply