[[50501 How to INFOSEC & OPSEC Handbook v1.6.3-1.pdf]] Attending large events always comes with risks to your digital security. Law enforcement agencies routinely monitor political rallies, exploiting legal loopholes and using tools like IMSI catchers (fake cell towers) to intercept large amounts of communication data. You can mitigate these risks by taking a few precautionary steps before the event. Mostly, you guys need some training and education about how to stay more anonymous when working on and publishing this work. # Security Links (OpSec, InfoSec, CyberSec, etc) ### General Infosec and Cybersecurity: - [EFF’s Surveillance Self-Defense Project](https://ssd.eff.org/): A bunch of guides on how to protect yourself from surveillance. Start here. - [Privacy Guide](https://www.privacyguides.org/en/): A not-for-profit, volunteer-run project that hosts online communities and publishes news and recommendations surrounding privacy and security tools, services, and knowledge. Includes [Email Services](https://www.privacyguides.org/en/email/), [Privacy Tools](https://www.privacyguides.org/en/tools/), [Data and Metadata Redaction](https://www.privacyguides.org/en/data-redaction/) - [Hitchhiker’s Guide](https://anonymousplanet.org/): Huge guide on how to be anonymous online, or even offline/IRL. Covers many things. If you want to participate anonymously, or do any kind of activist or whistleblower work, this is worth a read. - [Practical Privacy](https://disint.org/main.html): Choose your privacy goal path, and follow the card’s instructions. Each card has resources. - [Digital Defense](https://digital-defense.io/): Your own interactable privacy checklist. - [50501 Digital Safety](https://fiftyfifty.one/digital-safety): "How to Infosec" basics. Old documents but more soon. - [Activist Checklist](https://activistchecklist.org/): Digital Security Checklists for Activists. Plain language steps for digital security. Because protecting yourself helps keep your whole community safer. - [Digital Security Guide](https://codingatnight.notion.site/Digital-Security-Tips-1b791ef6b07880a9974be336f16eb3ef): Here's a short guide, including some links to helpful security apps and additional resources about police surveillance. - [Digital Self-Defense: Cybersecurity for Activists/Educators](https://drive.proton.me/urls/TMTQNP3QWG#eiDWsa963mOM) - [Digital security for activists](https://activisthandbook.org/tools/security) Part of the Activist Handbook. Explains why you need security, and how to do it. - [Intel Techniques Workbook](https://inteltechniques.com/workbook.html) and [Intel Techniques Index](https://inteltechniques.com/index.html) have some free PDFs in the Resources section, and some Tools. Use this workbook to document your progress! - [The Free Software Foundation](https://www.fsf.org/): FSF is a nonprofit with a worldwide mission to promote computer user freedom. - [Security Education Companion](https://www.securityeducationcompanion.org/): A free resource for digital security educators - [Digital Security and Cyber Hygiene for Activists](https://classroom.google.com/c/NzY3MjU4NjkzNjE5?cjc=q7yg4nz6): Class code: q7yg4nz6 A free cybersecurity course for activists, educators, and organizers hosted on Google Classroom. This course was co-created by members of AI for Justice—a group of educators, developers, and organizers working together to make digital safety tools more accessible to those on the front lines. It reflects the collective effort of people committed to justice, privacy, and mutual protection. You’ll learn: • How to assess your own risk level • What metadata is and why it matters • Encrypted messaging, secure browsing, burner devices • Tools and tactics organized by your specific threat level ### Additional trainings: - [https://www.youtube.com/watch?v=NOr08MMtc2I] — a very important watch, talk by Devient about risk preparedness - [https://www.frontlinedefenders.org/en/programme/risk-analysis-protection-training] - [https://www.frontlinedefenders.org/en/resource-publication/workbook-security-practical-steps-human-rights-defenders-risk] — actionable steps to keep you safe - [https://drive.proton.me/urls/TMTQNP3QWG#eiDWsa963mOM] — digital privacy guide for activists ### Deleting Your Online Data - [https://easyoptouts.com/] — recommended cheap paid option to get you started - Having a lawyer assist with DMCA data takedown requests will give you the best results if you are a public figure or dealing with tricky sites. - If you have to get a news article taken down and they do not have a process posted, ask the tech team then ask the journalist. - [https://support.google.com/websearch/answer/9673730?hl=en] - [https://justdeleteme.xyz/] — easy account deletion Paid Options: (these are all mostly effective, but are expensive) * [Delete Me](https://joindeleteme.com/) - Paid service, most thorough, slightly slower than Incogni * [Incogni](https://incogni.com/) - Paid service, quickest, thorough but less than DeleteMe or DIY DIY option (use both) - Free services, slowest option, most manual work: - [Visible Labs](https://remover.visiblelabs.org/): Put your email on there, and this tool will tell many data brokers to stop selling your data and remove it. - Optry.com - Privacybee.com If you don't think this is important, type the following into the search engine of your choice: "your FirstName your LastName your City your State" ### Finance - [https://www.privacyguides.org/en/financial-services/] — obfuscation tools - Pay cash for a pre-paid visa gift card — one of the more anonymous options - [https://anonymousplanet.org/guide/#appendix-z-online-anonymous-payments-using-cryptocurrencies] — Cryptocurrencies are tricky. Avoid these unless you know what you're doing. - Pay cash! — Near anonymity. Exchange fresh bills to avoid serial number tracking ### General Software, links to more pages: - [https://opensourcealternative.to] - [https://awesome-privacy.xyz/] - [https://sandlab.cs.uchicago.edu/fawkes/] ### Password Managers: - [https://bitwarden.com/] — cloud based, free option - [https://1password.com/] — cloud based, paid - [https://keepassxc.org/] — locally stored (PC/ MacOS) - [https://www.keepassdx.com/] — locally stored (android) - [https://psono.com/] — free cross platform option - Apple's default Passwords app is a "bare minimum" easy option for iOS on your personal device - avoid Google passwords ### Multi-Factor Authentication (2FA / MFA) to use instead of your phone number: - [https://getaegis.app/] (Android) - Many password managers have these features built in. ### Secure Communications - [Signal](https://signal.org): very encrypted, locally stored messages, almost no metadata or logs - https://briarproject.org/ — similar to signal but android only - https://simplex.chat/ — cross platform, does not require a phone number - https://telegram.org/ - https://securedrop.org/ — the best option for a tip line - https://matrix.org/ecosystem/clients/ — host a forum on your private server. - [Proton Mail](https://mail.proton.me/): Free encrypted email, and many other services similar to google suite. - https://mail.tutanota.com/ — another encrypted email option - https://meshnet.nordvpn.com/ — connect your devices directly and securely with e2e encryption, no middle man. - https://meshtastic.org/ — build an off grid network using low power radio devices. - [Modoboa](https://modoboa.org/en/): an email system ### VoIP and Call Forwarding (digital phone systems) - https://talkroute.com/ - https://www.ringcentral.com/ - https://www.asterisk.org/ - https://www.cisco.com/c/en/us/products/unified-communications/jabber/index.html - https://jmp.chat/ ### File Sharing: - [Cryptpad](https://cryptpad.fr/): Collaborative/ cloud based, no account needed - [Proton Drive](https://proton.me/drive): Collaborative/ cloud based, google drive alternative - [https://wormhole.app]— share your files quickly and easily - https://onionshare.org — share your files on tor network - [https://securedrop.org] — very secure file sharing with more set up - [https://syncthing.net] — sync files between two trusted devices through the blockchain ### File + Link Scanning - https://www.virustotal.com/gui/ — scan your file/ link ### Removing Metadata from Files: - [https://exifcleaner.com] — for desktop - [https://www.privacyguides.org/en/data-redaction/] — mobile options here - [https://www.virustotal.com/gui/home/upload] — scan a file for malware ### Cleaning Links - [https://urlexpander.net/] — see in side of shortened links - [Link Cleaner](https://linkcleaner.app/): A web app that removes unnecessary junk from web links in one click. The result can then be copied to the device clipboard, shared to another app or service, or displayed as a QR code for easy scanning. - [https://www.virustotal.com/gui/home/url] — make sure a link is safe - [https://radar.cloudflare.com/scan] — make sure a link is safe - or manually fix it by deleting the end of the tracking link until it stops working then go back one character ### Web Browsers: - [https://torproject.org] — the most anonymous browser - [Mullvad](https://mullvad.net/en/browser): The second most anonymous browser - [Brave](https://brave.com/download/): Still a very private browser that you may like better - [Ungoogled chromium](https://github.com/ungoogled-software/ungoogled-chromium) - Librewolf with cookies ENABLED ### Browser Testing: - [https://amiunique.org/fingerprint] - [https://browserleaks.com] - [https://browseraudit.com/] ### Browser Addons (Tor or Brave do not need): - [https://decentraleyes.org] - [https://github.com/gorhill/uBlock#readme] - [https://adguard.com/en/adguard-ios/overview.html] - Ublock origin - Privacy badger - Canvasblocker Avoid addons whenever possible. ### Default Search Engine: - [DuckDuckGo](https://duckduckgo.com/) - Startpage - [Intelligence X](https://intelx.io/) OSINT search engine. [/tools](https://intelx.io/tools) is also worth a try. ### VPNs: - [Proton VPN](https://protonvpn.com): Best free option, allows throwaway accounts - [Mullvad VPN](https://mullvad.net/en/vpn): Best paid option, no logs and anonymous payment options - [https://www.safetydetectives.com/best-vpns/] - [https://github.com/doxx/doxx.net] ### File Encryption: - [https://veracrypt.eu/en/Downloads.html] - https://www.bouncycastle.org/ ### Secure File Deletion (system trash isn't good enough): - https://dban.org/ (PC) - https://www.disk-drill.com/ (MacOS) ### Operating Systems: - https://grapheneos.org (recommended android phone OS ) - https://tails.net (PC use for serious security, check compatibility) - [HARDNED](https://simeononsecurity.com/github/optimizing-and-hardening-windows10-deployments/) - [Linux Mint](https://www.linuxmint.com/) ### Crowd Size Estimation: - https://www.mapchecking.com - https://www.yeschat.ai/gpts-2OToO2tgbp-HowManyPeopleInPicture — be careful with your metadata, use tor. ### Gps and Navigation: - https://highwayradar.com/ - https://wzsabre.rocks/ - https://randpublishing.com/road-maps/us-maps - https://osmand.net/ ### Firewalls and Monitoring: - [https://www.pfsense.org/] - [https://opnsense.org/] - [https://objective-see.org/products/lulu.html] (MacOS) - [https://www.obdev.at/products/littlesnitch/download.html] (MacOS) - [https://github.com/evilsocket/opensnitch] (Linux) - [https://lockdownprivacy.com/] (iOS) - [https://netguard.me/] (Android) - [https://www.fing.com/] mobile ### Basic Open Source Intelligence (OSINT) tools: - [The Ultimate OSINT Collection](https://start.me/p/DPYPMz/the-ultimate-osint-collection) - [https://intelx.io/tools] - [https://osintframework.com/] - [https://start.me/p/L1rEYQ/osint4all] - [https://osint4all.github.io/] - [https://ohshint.gitbook.io/oh-shint-its-a-blog/osint/osint-wtf] - [BellingCat](https://www.bellingcat.com/): Bellingcat is an independent investigative collective of researchers, investigators and citizen journalists brought together by a passion for open source research. We design and share verifiable methods of ethical digital investigation. By publishing walkthroughs to open source research methods and holding tailored training sessions on their use for journalists, human rights activists and members of the public, we’re broadening the scope and application of open source research. ### Forensic tools: - https://docs.mvt.re/en/latest/ — for pegasus and other spyware - [OSINT Framework](https://osintframework.com/) Big tree of resources for searching and gathering public data for intelligence. Also includes some privacy stuff. - [Fast People Search](https://www.fastpeoplesearch.com/): “Find People Fast & Free! Find a person by name, phone number, or street address.” ### Faraday Bags: - [https://mosequipment.com/collections/all-products/products/mission-darkness-non-window-faraday-bag-for-phones] - [https://slnt.com/collections/faraday-phone-sleeves/products/waterproof-faraday-phone-bag-2024] - [https://simketrunninggear.shop/product/faraday-bags-for-phones-laptops-tablets-and-car-keys-rfid-blocker-fireproof-bag-B0C3PRHV4M70] - a galvanized trashcan + lid, lined with cardboard - wrap device in cloth, then many (5+) layers of tinfoil ### DOs and DON'Ts - DO NOT under any circumstances use your real name in any of these chats. It is not difficult to find someone's place of work with a name and a search engine. - ️DO NOT livestream or post media of you at the protest. This is a safety risk to everyone involved. Wait to post photos and videos after everyone is home safe. - ️DO NOT post media from the protest without ensuring the faces of others are blurred. IF THEY DID NOT CONSENT TO THE PHOTO, BLOCK THEIR FACE. - ️DO NOT attend a protest in federally issued uniform, this is a surefire way to lose your job as a federal employee. - ️DO cover your face, tattoos, colored hair, and other identifiable traits. Wear plain clothes. The goal is to remain unidentifiable. - ️DO be mindful of your comrades privacy. One wrong camera shot on an unmasked individual could irreparably damage their life. Just because you don't care about of sanctity of your identify does not mean the people around you don't care. - ️DO leave your phones behind. I know there's a lot of controversy with this for some reason, whether you want to believe it or not, your phone can be incriminating. Get a burner phone, or a faraday bag ### Misc links for the nerds: - [https://pi-hole.net] — cheap ad tracking reduction - Rayhunter — string ray detection device, help us collect data at protests ([https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying?language=en]) - Google Pixel phones — the best option for a secure phone. Use Graphene OS. - [https://shop.nitrokey.com/shop] — the expensive private phone - [https://system76.com/] — privacy focused PC hardware - [https://github.com/motioneye-project/motioneye/wiki] — for your cameras - https://codeberg.org/50501-US/TheITRapidResponseManual — set up secure comms in 15 minutes - [Shotcut](https://www.shotcut.org/): Shotcut is a free, open source, cross-platform video editor. - [How to Distribute Radical Shit](https://www.revoluciana.net/how-to-distribute-radical-stuff/): Don't Trust Your Printer - [50501 Face Blurring Tool](https://blur.50501.chat/) - [Face Replacement](https://huggingface.co/spaces/model2/advanceblur) - Tools from [The Guardian Project](https://guardianproject.info/): A global team who builds and designs easy to use secure apps, open-source software libraries, and customized solutions that can be used around the world by any person or organization looking to protect their communications and data from unjust intrusion, interception and monitoring. - [ObscuraCam: The Privacy Camera]( https://guardianproject.info/apps/org.witness.sscphase1/): Photo app with built in blur. Not as good as our web hosted one, but it happens on the device in case stolen / confiscated. - [Ripple](https://guardianproject.info/apps/info.guardianproject.ripple/): Respond when panicking. A PanicButton app that can be used to wipe apps like Signal with a button swipe. You can map the app to a Nova Launcher gesture to bring it up with a tap+swipe on your homescreen. - [Wasted](https://f-droid.org/en/packages/me.lucky.wasted/): A great app that allows MANY different ways to trigger a phone wipe. Including the "Ripple" app above. - [Duress](https://f-droid.org/en/packages/me.lucky.duress/): Set a dummy phone pin that immediately wipes the phone when entered. - [Atlas of Surveillance](https://atlasofsurveillance.org/atlas): Documenting Police Tech in Our Communities with Open Source Research