Opsec for Noobs
Now that the digital Red Scare has begun, protecting your identity is crucial to ensure your life does not get destroyed. At the rate the regime is moving, poor opsec could lead to much worse things. This is the first of a series of poasts about ways to protect yourself.
In this poast I'll go through some basic ways to protect yourself and to not be low hanging fruit. This will range from security basics like using a VPN and using encrypted chats to more advanced tactics like making sure your iPhone won't turn into a listening device and getting your racist memes off of Apple's servers.
Since this is intended for very noobie noobs, let me note the definition of OPSEC. Wikipedia defines it pretty well:
Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
A few things worth noting before I begin:
I don't work in cryptography or have a background in privacy. I’ve just been preparing for a digital Red Scare for 2+ years and am someone who is extremely protective of their privacy. I also use Apple products, so Android users will have to apply these principles to their devices.
There is a Golden Rule that must be maintained: The Big Tech companies should not be trusted and you should stay as far away from them as possible. Yes, Apple may have turned down NSA requests but they also just banned Parler from the App Store. Yes, WhatsApp runs on Signal's tech but you also are not allowed to use the app without allowing them to share your location data with Facebook. Take everything they claim about protecting your privacy with extreme skepticism. They are being used by our enemies to disseminate their propaganda and don't care about your privacy.
The tactics I recommend range from common sense to extreme. Some require diligence and some require sacrifice of digital luxuries (i.e. No more 'Sign in with Google' everywhere). Some require your time and organization. Apply what makes the most sense to you and makes you rest easier at night.
This post is divided between basic data security (using a safe browser, not letting your phone spy on you) and OPSEC (identity protection & not giving tech platforms any leverage against you). Some topics will overlap. I recommend incorporating the principles from both.
I operate under one assumption which sounded extreme a week ago but now seems very realistic: Big Tech companies will eventually start doxing their customers. If you operate under their roof then they know everything about you. They can very easily destroy you. Whether or not they act on this isn't the point. The point is to create a forcefield around yourself to protect you from shitlibs who want you dead.
This poast is intended for shitpoasters who don't want their lives destroyed by shitlibs. If you're looking to do things on Tor that are illegal, etc. I can't help you there. If the NSA or any of the Five Eyes want to see what you're doing, they can and they will. These tactics are suggestions to protect yourself from being low hanging fruit for shitlibs looking to doxx and not giving your data to Big Tech platforms who can't be trusted. The wind is blowing very fast in one direction.
Let's get down to it.
I'll make this short and sweet. Delete Facebook. Now. If you insist on keeping it, carefully comb through your profile and comments and look for anything that might be deemed as offensive by the most ruthless of shitlibs and delete them. Platforms that require you to share your identity, like Facebook, have the highest amount of risk. Apply this principle to Instagram as well.
Twitter requires you to share a phone number and email address with them. Under no circumstances should you give them your real phone number or an email address that can easily be traced to your identity (think email@example.com). You also shouldn't give them an email address that you use for services that are tied to your identity, like Amazon or your doctor's office. If you already gave them a real phone number or a standard email address, it's very likely already stored in their change logs. An extreme and precautionary move would be to delete that account and create a new one.
Here are different ways to protect yourself on Twitter:
Your Phone Number
One option is to get a Google Voice number. Google Voice does require you to link it to a real number and yes, we are violating the Golden Rule, but it is a less risky option than handing over your real number as it's one extra step they would need to take in order to find out who you are.
Another more secure option is to get a burner phone and pay with cash. You can go to Target or CVS and get a Tracfone for less than $40. It comes with preinstalled apps like Facebook and others that you can't delete, but the point is that the phone number cannot be linked to you. To be extremely careful, keep your real phone at home while you buy the phone to eliminate risk of location tracking.
- Don't use Gmail, Yahoo, Outlook or any of the big tech platform's email services. More on that later. For now, create a ProtonMail account. It's a fully encrypted email platform and their primary focus is user privacy.
- Create a ProtonMail email address that you will use on platforms that you don't want traced back to you. Never use this email for services linked to your real identity. Ideally, you can create a different ProtonMail email for each sensitive platform, but that can be hard to keep up with.
Post nothing about yourself that can be easily linked to you or where you are located. If you want to tell everyone you're Norwegian, fine, there's millions of Norwegians for them to sift through. If you post that you're Norwegian and you're in Chicago right now, that narrows it down a bit more but still pretty difficult. If you post that you went to a specific restaurant in Chicago on a specific day with your girlfriend, now that's something they can work with. You get the point.
Never overlap content. Don't post the same thing in your Twitter account and your Facebook account. That's how Orwelle & Good got doxxed. Also don't say the same things word-for-word on Twitter that you say with your normie friends who don't know about your account.
This is obvious, and should have been said first, but don't be a facefag. If you facefag and your life is ruined, you have no one to blame but yourself. To state the obvious again, never post a picture of yourself and never reveal your real name. And don't post ½ selfies either....covering up half your face with an emoji over it. I've been seeing this a lot lately and it's very gay. You're gambling with your life. Don't fuck around. If you want to poast physique and completely cover your face, that's a different story. Just make sure to cover up tattoos if you have them, but even revealing where you have tattoos is doxable info.
Tell absolutely no one in your real life about your anon account. Doing so should have extremely strict requirements such as: you are 100% positive they are completely redpilled, they are not susceptible to leftist propaganda, they are a solid person and not the type to have a “moral revelation.” I also highly recommend you make sure they are woke to the WQ, the JQ and are willing to type the gamer word online, at a minimum.
One last note about Twitter. If you're feeling nervous about how bad some of your old tweets may have been, you can use tweetdelete.net and nuke them. You can also nuke all of your likes (remember, people have lost their jobs over liking the wrong tweet). I recently did both after the most recent purge. You can also set tweetdelete.net to auto-delete tweets older than a week, a month, etc.
I have many racist memes on my phone. Wat do?
Adhering to the first principle, keeping your personal photos and / or racist memes on Apple and Google servers is a bad idea. A racist meme is just as risky as a racist text. If you have memes that can slightly be interpreted as racist (who would do such a thing?) and have them on Apple's servers than yes, then you are dancing with the devil. Download your photos off their cloud and onto an external hard drive. Yes, Google Photos categorizes your photos oh so well. Don't you just love scrolling back to that trip in Amsterdam when you banged your Airbnb hostess? Maybe you do, but who cares. People look back at old photos maybe twice a year anyway. It’s not worth your livelihood.
Again, I know it sounds crazy to think that Apple will dox their customers. But Twitter just banned Donald Trump. I repeat: trusting the Big Tech companies is not wise.
After you put your photos onto a hard drive, put them on a very safe cloud server that prioritizes privacy. If you can build your own server, PrivacyTools.IO has some suggestions. If not, Proton has a cloud product in beta now and some email users have been given access.
To abide by the first principle, stop using iMessage and WhatsApp. Download Signal, Telegram or Keybase and start asking your friends to try them. All of them are focused on privacy and have features that cause your messages to self-destruct after a period of time that you decide. Signal is my preferred app of choice. Urbit is another more extreme option, but it requires a bit of technical knowledge.
Of course, you’re not going to convince all of your friends and family to jump onto these encrypted apps they never heard of. That being said, now is the best time to push for it, as Elon Musk has recently promoted Signal and it's the #1 downloaded free app on the App Store as of today.
If and when you do have to use iMessage or WhatsApp, be very mindful of what you talk about there. If people bring up politics, don't engage, just say “hey sorry, you gotta watch what you say these days, happy to talk on other apps that are more protective over privacy if you don’t mind”. Ideally you won't type that and will say it in person, but it may not be an option and not replying can be awkward. This is ideal because in an extreme scenario, you can now be accused of having “something to hide.” Remember, our enemies don't have to make sense.
Handling Multiple Platforms
Ideally, you will have a different username across all of your anonymous profiles. If they're coming after User X, and User X is called “SaintFloyd” on Twitter, Gab and Parlor, now they can find all of their content in just a few clicks. If you have a big following it makes sense why you would want to keep your brand and not start from scratch. This is a best practice.
BASIC DATA SECURITY
Remove Trackers From Your Phone
Chances are your iPhone is tracking every step you take, collecting your behavior and creating a profile about you and selling it. On top of that, you probably have multiple apps that are allowed to turn your camera or microphone on and record you. Let's undo this immediately.
Go to Settings –> Privacy –> Location Services –> make sure all apps are set to Never or Ask. I tend to not trust “While Using” because it's unclear if the app can keep tracking you while you aren't using the app but it's still open in the background.
Settings –> Privacy –> Tracking –> Toggle off “Allow Apps to Request to Track”
Settings –> Privacy –> Microphone –> remove access from all apps
Settings –> Privacy –> Camera –> remove access from all apps
Settings –> Privacy –> Motion & Fitness –> remove “Fitness & Tracking.” This feature literally tracks every step you take and when your body moves, as long as your phone is on you.
Settings –> Privacy –> Analytics & Improvements –> remove “Share iPhone Analytics”, “Improve Siri & Dication”, and “Share iCloud Analytics”
Settings –> Privacy –> Apple Advertising –> Untoggle “Personalized Ads.” If you want to get creeped out, click “View Ad Targeting Information” and check out the profile they made about you.
Settings –> “Siri & Search” and untoggle “Listen for “Hey Siri” and Press Slide Button for Siri. This gives Apple the ability to turn your phone into a microphone. More importantly, using Siri is extremely gay.
Protect Your Passwords
Download a secure and well-known password manager LastPass or One Password. You can install it as a browser extension and it will automatically store all of your logins and passwords there. It can also import your saved passwords from your browser. Good password managers will tell you when you are using duplicate passwords on multiple sites, rank your privacy strength, and create very long complex passwords very easily.
Use A Safe Browser
If you are using Chrome: Wipe your history from it (cookies, logins, browser history), sign out, delete it from all of your devices and never download it again. The Golden Rule has been enforced. Moving on.
Firefox is historically known as very trustworthy but they just released a blog post saying deplatforming people isn’t enough. Tremendous red flag. I stopped using them because of this.
Download Brave. Brave is designed around protecting privacy, has a pre-installed ad blocker, wipes your history after you close the app, and makes it easy to connect to Tor.
Use a VPN
Using a VPN scrambles your IP address, plain and simple. Knowing your IP address makes it extremely easy to know where you are and then some. I prefer Proton VPN as I tend to trust Proton with all privacy related matters. They have a “Secure Core” option which guarantees you won't connect to the internet without a VPN. So if there is a connection issue with your VPN, you'll lose Wifi until it reconnects.
Encrypted Email Only
Applying the Golden Rule, get off of Gmail, Yahoo, Outlook, etc. and move to ProtonMail. Again, it isn't as simple as having one ProtonMail address. Tutanota is another safe and encrypted platform as well. I recommend having one that you're going to use for every day things that are inevitably connected to your identity — your bank, Amazon, etc. You are now well aware your identity is connected to that email and it should therefore NOT be used on ANY platform where you are worried about what you're posting. As mentioned in the Twitter portion of this poast, create another ProtonMail address specifically for those platforms and ideally create one per platform. ProtonMail requires a backup email, so I recommend creating a Tutanota email first and using that as the backup. It doesn't make sense to create a secure email and then using firstname.lastname@example.org as the backup.
Google yourself. What can your enemies learn?
It's crucial to remove what is searchable about you publicly. Google your real name. See what comes up and go through it meticulously. You’re going to find yourself on those shitty scraping websites that also have your age and address. ALL of them have an option for you to request to remove yourself. Do it for every single one. Look up old usernames you’ve used on forums. Go back into them and delete your posts. Make your real name on Twitter private or just delete it. Use Google Images too. If you find your picture on sites, email the company and demand they take it down. Ideally, you want to get to a place where you can search for yourself and then again with basic info (hometown, residence) about you and nothing appears.
That's it for this poast. On my next poast I will go through more tactics like:
- Taking encrypted notes
- How to use burner credit cards
- What to do when you inevitably use Google apps like Maps & Translator
- Throwing Alexa & Google Home in the garbage (and then burning it)
- How to handle the most sensitive conversations in person
- Using 2FA (2 Factor Authentication) everywhere
- Getting your favorite books & podcasts onto an external hard drive before they become illegal
I hope this was helpful. If you have questions, message me on Keybase @medgold or on Telegram @TuddyCicero