Opsec for Noobs

Protecting your identity is crucial to ensure the leftist regime does not dox you. We have seen they will use anything that you type that even questions the progressive religion to get you fired, destroy your reputation, or worse. This post offers some ways to defend yourself against that scenario.

I will mainly suggest ways to not be low hanging fruit. This will range from security basics like using a VPN and encrypted chats to more advanced tactics like making sure your iPhone won't turn into a listening device and getting your memes off of Apple's servers.

For those new to practicing OPSEC, let's get a definition out of the way. Wikipedia defines it pretty well:

Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.

A few things worth noting before I begin:

*I use Apple products, so Android users will have to apply these principles to their devices.

Let's get down to it.

OPSEC

Above All: NEVER overlap content. Do not post the same content in your anonymous account and your real life account. This the main way we've seen people get doxed. I suggest not having in real life accounts at all; there is little to no benefit to you if you're posting risky content on an anon account. Be careful about what you say to IRL friends and what you post on your anon account also. Linking timestamps is not hard to do.

Facebook

I'll make this short and sweet. Delete your Facebook account. Now. If you insist on keeping it, then carefully comb through all of your comments and captions on your pictures. Look for anything that might be deemed offensive by the most ruthless of shitlibs and immediately delete them. Yes, this might take many hours. Platforms that require you to share your identity, like Facebook, have the highest amount of risk. Apply this principle to Instagram as well.

Twitter

Twitter requires you to share a phone number and email address with them. Under no circumstances should you give them your real phone number or an email address that can easily be traced to your identity (such as yourrealname@gmail.com).

You also shouldn't give Twitter an email address that you use for services that are tied to your identity, like Amazon or your doctor's office. If you already gave them a real phone number or a standard email address, it's very likely already stored in their change logs. An extreme and precautionary move would be to delete that account and create a new one. If that's too extreme, there are other options.

Here are a few ways to protect your identity on Twitter:

One last note about Twitter. If you're feeling nervous about how bad some of your old tweets may have been, you can use tweetdelete.net and ensure they self-destruct after a set period of time. You can also nuke all of your likes; remember, people have lost their jobs over liking the wrong tweet. In general, there is no benefit to you to keep all tweets alive. If you have a very big account with epic takes that people go back and reference and you prefer to keep them alive then you should apply the more extreme precautions in this thread to practice strong opsec.

Moving on...

I have many racist memes on my phone. Wat do?

Adhering to the first principle, keeping your personal photos and / or racist memes on Apple and Google servers is a bad idea. A racist meme is just as risky as a racist text. If you have memes that can slightly be interpreted as racist (who would do such a thing?) and you have them stored on Apple's servers then yes, then you are technically dancing with the devil. Yes, this sounds extreme because there aren't reports of Apple telling the world what a certain individual has on their iPhone. But at this point, would you be surprised if they did it to Drumpf?

To adhere to the Golden Rule, download your photos off of their cloud and onto an external hard drive. Yes, Google Photos categorizes your photos oh so well. Don't you just love scrolling back to that trip in Amsterdam when you banged your Airbnb hostess? Maybe you do and so do I, but who cares. You look back at old photos maybe twice a year anyway. It’s not worth your livelihood.

Again, I know it sounds extreme to think that Apple will dox their customers. But Twitter just banned the President of the United States. I repeat: do not put your life and safety in the hands of the Big Tech companies.

After you put your photos onto a hard drive, put them on a very safe cloud server that prioritizes privacy. If you can build your own server, PrivacyTools.IO has some suggestions. If not, Proton has a cloud product in beta now and some email users have been given access.

Messaging Apps

To abide by the first principle, you should stop using iMessage and WhatsApp or use it only when necessary. Download Signal, Telegram or Keybase and start asking your friends to try them out. All of them are focused on privacy and have features that cause your messages to self-destruct after a period of time that you decide. Signal is my preferred app of choice. Urbit is another more extreme option, but it requires a bit of technical knowledge.

Of course, you’re not going to convince all of your friends and family to jump onto these encrypted apps that they never heard of (especially boomers). That being said, now is the best time to push for it, as Elon Musk has recently promoted Signal and it's the #1 downloaded free app on the App Store as of when this post was first published.

If and when you do use iMessage or WhatsApp, be very mindful of what you talk about there. If people bring up politics, don't engage, just say “hey sorry, you gotta watch what you say these days, happy to talk on other apps that are more protective over privacy if you don’t mind”. Ideally you won't type that and will say it in person, but it may not be an option and not replying can be awkward. This is ideal because in an extreme scenario, you can now be accused of having “something to hide.” Remember, our enemies don't have to make sense. It's always who/whom.

Handling Multiple Platforms

Ideally, you will have a different username across all of your anonymous profiles. If they're coming after User X, and User X is called “SaintFloyd” on Twitter and Gab, now they can find all of SaintFloyd's content in just a few clicks. A different username gives them more work to do. However, if you have a large following then it makes sense why you would want to keep your brand and not start from scratch. This is a best practice.

Your Alexa, Echo, Ring & Google Home Should Be Trashed & Ovened

This is stating the obvious, but if you own an Alexa, Echo or Google Home then you are willingly allowing Amazon and Google to bug your house and record everything that's going on in there. Yes, they can listen to you fuck. Yes, if you bring it in the bathroom then they are recording the kerplunk sounds as you take a shit. There is no reason to own these products.

As soon as you say “Alexa”, it starts recording. If you already own one, you can download to your Alexa archive to listen exactly what they've recorded. After that, you should use go to DuckDuckGo (rarely use Google for searching anything, more on that in a future post) and search for “How to wipe my data from Alexa” and then throw it in the trash. There are many good articles on how to do wipe your data from these products. Rinse and repeat this process for your Echo and Google Home.

Amazon also owns Ring. Ring stores everything it records and can send the recordings to precincts and federal agencies. To learn more about the the shady stuff Ring does and what Amazon wants to do long-term, search for “Amazon Sidewalk.” There are better (and less creepy) security camera alternatives.

Yes, it's very easy (and honestly, pretty cool) to just tell Alexa to buy your groceries then and it shows up in 1 day. Well, the old saying about 'if something is too good to be true' applies here. If you're comfortable with letting random pajeets at Amazon listen to what's going on your home then you are making yourself very vulnerable and don't care much about your privacy. It's also disrespectful to other people who enter your home. Imagine if when you walked into a friend's house his wife just started following you around and recording everything you were talking about (assuming her husband gave her permission to use an electronic device, of course). Anyway, just jump on your laptop and do it yourself. It isn't worth it.

Hide Your Financial Transactions

If you use a credit card for everything then it's not only possible to know what kind of things you purchase and what your habits are, but where you are, where you've been and when. Of course, the best way to avoid this is to use cold hard cash as much as you can. If you're a points/miles addict, then only use your card for the big purchases where you will get 3x+ the value in points/miles and you are comfortable with this purchasing and location behavior being on the record.

What about buying things online? Privacy.com is the answer here. It creates burner credit cards for you. You can use it for a one-time purchase if you want or for a single ongoing purchase like a monthly Netflix subscription. It's tied to your bank account, but you can mask the transaction name with something random like “H&H Hardware.” It's $10/month, which is a small cost for protecting yourself with added piece of mind.

I recommend using Privacy.com especially for services that would raise a red flag for someone looking into you. Your ProtonMail account (if you upgrade), GumRoad subscriptions, and even Substack subscriptions. Remember, we now live in a world where a gay jew like Glenn Greenwald is considered a right-wing extremist; so if you donate to him then conclusions can be made about you.

*Cryptocurrency & KYC Information

You can also use crypto for purchases but I would only do that in extreme circumstances. Many platforms like PayPal accept Bitcoin but those transactions are public on the blockchain. If you purchased your Bitcoin through an exchange that requires KYC (Know Your Customer) info, then your social security number, driver's license and other information about you is associated with your purchase of Bitcoin. There are ways to wash and there are cryptocurrencies that solve for this problem (known as privacy coins) like Monero, Dash and ZCash, but this is much more extreme.

How to buy privacy coins without a trace? For my US frends, you should create a Binance.com account...NOT Binance US. Binance US requires KYC info and Binance.com does not. It will only allow you to register and log in if you are using a VPN routed outside of the US, as they are not allowed to serve people within the US. You can buy your Bitcoin on your normal exchange that requires KYC, send it to Binance.com and then buy a privacy coin. This is not full proof and there are other ways to really wash it but that's very extreme and best kept aside for another post. Having some money set aside in privacy coins is good to do just in case you need to make a transaction online that you really don't want on the record.

BASIC DATA SECURITY

Remove Trackers From Your Phone

Chances are your iPhone is tracking every step you take, collecting your behavior and creating a profile about you and selling it. On top of that, you probably have multiple apps that are allowed to turn your camera or microphone on and record you. Let's undo this immediately.

Protect Your Passwords

Download a secure and well-known password manager LastPass or One Password. You can install it as a browser extension and it will automatically store all of your logins and passwords there. It can also import your saved passwords from your browser. Good password managers will tell you when you are using duplicate passwords on multiple sites, rank your privacy strength, and create very long complex passwords very easily.

Use A Safe Browser

If you are using Chrome: Wipe your history from it (cookies, logins, browser history), sign out, delete it from all of your devices and never download it again. The Golden Rule has been enforced. Moving on.

Firefox is historically known as very trustworthy...but they just released a blog post saying deplatforming people isn’t enough. Tremendous red flag. I stopped using them because of this.

Download Brave. Brave is designed around protecting your privacy, has a pre-installed ad blocker, wipes your history after you close the app, and makes it easy to connect to Tor.

Use a VPN

Using a VPN scrambles your IP address, plain and simple. Knowing your IP address makes it extremely easy to know where you are and then some. I prefer Proton VPN as I tend to trust Proton with all privacy related matters. They have a “Secure Core” option which guarantees you won't connect to the internet without a VPN. So if there is a connection issue with your VPN, you'll lose Wifi until it reconnects.

Use 2FA (2 Factor Authentication) for Everything

I recommend opening all of the apps on your phone that require a login, go into their Privacy settings and see if there is an option for 2 Factor Authentication. If there is, turn it on. The app will either contact you through the phone number you gave them or an email with a numerical code. You can't login without that code. They may also offer the option to download an Authentication app like Google Authenticator or Authy to receive these codes. Which should you choose? You guessed it – Authy. Why? Because Fuck Google. That's why. I recommend using authentication apps for 2FA instead of unnecessarily giving them a phone number or an email.

2FA makes it very hard for someone to hack into your accounts unless they physically have your phone on them. What happens if you lose your phone? Well one good thing about Authy is it allows you to create a security pin just to use the app. So even if someone steals your phone and opens the app, they'll need to know that pin to access the app and it's probably something they weren't expecting. Don't use the same pin that you use for your phone either. If I stole someone's phone, that would be the first code I would try.

If you get a new phone or a new phone number, it is critical to temporarily disable your 2FA during this transition. If you don't, you very well may be fucked. Some companies will let you access your account after a long process on the phone with someone in India who shits in a river and could care less. But there are also companies who will lock you out of your account permanently, so this is important to remember.

Encrypted Email Only

Applying the Golden Rule, get off of Gmail, Yahoo, Outlook, etc. and move to ProtonMail. Again, it isn't as simple as having one ProtonMail address. Tutanota is another safe and encrypted platform as well. I recommend having one that you're going to use for every day things that are inevitably connected to your identity — your bank, Amazon, etc. You are now well aware your identity is connected to that email and it should therefore NOT be used on ANY platform where you are worried about what you're posting. As mentioned in the Twitter portion of this poast, create another ProtonMail address specifically for those platforms and ideally create one per platform. ProtonMail requires a backup email, so I recommend creating a Tutanota email first and using that as the backup. It doesn't make sense to create a secure email and then using yourrealname@gmail.com as the backup.

Google yourself. What can your enemies learn?

It's crucial to remove what is publicly searchable about you. Google your real name. See what comes up and go through it meticulously. You’re going to find yourself on those shitty scraping websites that also have your age, address and phone number. ALL of them have an option for you to request to remove yourself. Do it for every single one and check to make sure they did it. Search yourself in Google Images. If you find your pictures of you then email the site and demand they take it down.

Look up old usernames you’ve used on forums. Go back into them and delete your posts.

Make your real name on Twitter private or just delete it.

Ideally, you want to get to a place where you can A) search your name and find nothing and B) search your name and with basic info about yourself (hometown, residence, job) and nothing appears.

Protect Your Money

Cryptocurrency

If you buy cryptocurrency, get a hardware wallet. A Ledger or Trezor device is best. Keeping your crypto on an exchange puts you in a vulnerable position in case the exchange is hacked or if the government seizes their assets. Your crypto, and therefore your money, will be gone forever. Once your crypto is on a wallet, the crypto is yours and is your responsibility.

You won't be able to access your crypto without knowing your passcode to the device. If you forget your passcode, then you'll need to know a long string of random words that the hardware wallet assigned when the wallet was built. It's best to store these words in a physical safe. Don't leave them around your home and never share them with anyone.

Cash

Leaving all of your cash in a savings account is generally unwise. The bank can freeze your assets and in extreme scenarios they can prevent their customers from taking out withdrawals. This happened in the US during the Great Depression. The US is currently in a horrendous financial position so it's feasible to imagine this scenario happening again, as it is surely going to get worse.

I'm not suggesting to leave no cash in the bank. If you have an emergency fund set aside (at least 3-6 months of expenses), then a bank is the most sensible place to store it. You can also keep your emergency fund in a physical safe, but I only recommend that if you are well armed and have good security on your property.

You should have a good amount of cash available in your home in the case that shit hits the fan. I keep enough on me to buy two expensive international plane tickets and enough to keep me comfortable for a few weeks once I land. Yes, in my escape plan I land in a country where the dollar goes a very long way.

Physical Gold

I won't go into investment stuff here but owning physical gold is simply another way to protect yourself. In an extreme scenario where you can't access your cash, there isn't going to be a time where a heavy, shiny gold coin (or bar) isn't going to get you something you want. Again, physical gold is best kept in a safe and readily available if push comes to shove. Goldmoney is a good company for this. You can purchase physical gold from them they store in a BRINKS vault (that's the vault where they transfer cash from the Federal Reserve to banks). You can withdraw your physical gold and have it mailed to you whenever you want.

Physical Safes & Go Bags

Having a safe in your home is important. If someone breaks into your home of if you're traveling you'll want to know the good stuff is in a place that only you can access. Many safes come with equipment that allow you to bolt it into the floor so it can't be stolen. There are lots of good articles on what makes for a great safe.

A safe is a good place to store cash, physical gold, your crypto wallet, your passport and anything else you'd want locked away and only touch when you need it. You can probably fit that Colombian girl you met at the bar at 1am who gave you the best blowjob of your life in there, but then you'll need to feed her, maybe even shower her, etc.; it might become more of a hassle then it's worth. I recommend alphawidowing her instead; it's essentially the same thing.

Lastly, I strongly recommend having a go bag and keeping it in the safe. A go bag is what you take with you before you need to flee your home or country at a moment's notice; think cash, passports, etc. I keep enough cash in my go bag to cover two expensive international plane tickets and enough to keep me comfortable for a month once I land. Yes, in my escape plan I land in a country where the dollar goes a very long way.

I have a few scenarios where I know I will need my go bag: as soon as calls for executing whites are being seriously considered, if actual domestic terrorism starts happening around the country, or if they start cancelling flights on people for insufficient wokeness. If any of those happen, I'll grab my go bag and will be gone. More on having an escape plan in my next post.

If you have questions, message me on Keybase @medgold or on Telegram @TuddyCicero.