Basic Rules


1) Hide in the network. Implement hidden services. Use Tor, I2P, Freenet, and VPNs to anonymize yourself. The less obvious you are, the safer you are. Blend in with the crowd, disperse into the stream. Keep a low profile. Don't try to be special. Remember, when in Rome, do as Romans do. Don't try to be a smart ass. Feds are many, Anonymous is Legion, but you are only one.

2) Encrypt your communications. Use TLS. Use IPsec. While it's true that some agencies target encrypted connections - and may have explicit exploits against these protocols - you're much better protected than if you communicate in the clear. Woe betide anyone who transmits plaintext. Use as many security layers as possible. The question is not whether you are paranoid, but whether you are paranoid enough?

3) Assume that while your computer can be compromised, it would take work and risk to do so - so it probably isn't. Still physical security is important and should be included in your overall personal security plan.

4) Be suspicious of commercial encryption software, especially from large vendors. It is likely that most encryption products from large US companies have back doors, and many foreign ones probably do as well. It's prudent to assume that foreign products also have foreign-installed backdoors. Closed-source software is easier to backdoor than open-source software. Systems relying on master secrets are vulnerable to adversaries, through either legal or more clandestine means.

5) Use public-domain encryption that has to be compatible with other implementations. For example, it's harder to backdoor TLS than BitLocker, because any vendor's TLS has to be compatible with every other vendor's TLS, while BitLocker only has to be compatible with itself, giving an adversary a lot more freedom to make changes. And because BitLocker is proprietary, it's far less likely those changes will be discovered. Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that governments influence when they can.

6) Security is a continuing process, not a state. Never become complacent! Do security audits on a regular basis. And do encrypted backups. Backups are important, as there are two types of people, those who have backups and those who have lost their data.

7) Always browse in "Private Mode" so that fewer traces of your web history remain on your HDD. Opera, Chrome, Firefox, Safari, and Internet Explorer all include a form of Private Browsing. Regularly clean your computer using programs such as CCleaner, BleachBit, Stacer, or Glary Utilities.

8) Do NOT tell anyone anything that could get you in trouble. Assume anything can get you in trouble, because it probably will, especially with any government official. Remember anyone looking to gain a favor with the state can and will snitch on you. Don't Talk to the Police - Ever! "Any lawyer worth his salt will tell the suspect in no uncertain terms to make no statement to police under any circumstances." (U.S. Supreme Court Justice Robert H. Jackson writing in Watts v. Indiana, 338 U.S. 49 (1949))

9) Do NOT keep anything that can be used as evidence against you. Even the most truthful and innocent statement can be used to bring criminal charges against you. “The complexity of modern federal criminal law, codified in several thousand sections of the United States Code and the virtually infinite variety of factual circumstances that might trigger an investigation into a possible violation of the law, make it difficult for anyone to know, in advance, just when a particular set of statements might later appear (to a prosecutor) to be relevant to some such investigation.” (U.S. Supreme Court Justice Stephen Breyer, writing in Rubin v. United States 524 U.S. 1301 (1998))

10) Know where the cameras are and how to avoid them. Know who patrols where, and what routine they follow so as to avoid contact. Find ways around checkpoints; use side streets, forest paths, neighbors' yards, railroad tracks, tunnels; whatever route is necessary to getting from point A to point B without a pack of government agents searching you, checking your ID, or having your image recorded by Big Brother.

11) Do the unexpected. Do not settle into a routine that invites easy attack or allows anticipation of your aims and activities.

12) Don't talk to strangers! Beware of Infiltrators, Informers and Grasses. The more you post on-line, the easier you are to target.

13) Mistrust authority — promote decentralization. The majority of people in developed countries spend at least some time interacting with the Internet, and hostile Governments are abusing that necessity in secret to extend their powers beyond what is necessary and appropriate. Even if you’re not doing anything wrong, you’re being watched and recorded... it has reached the point where you don’t have to have done anything wrong, you simply have to eventually fall under suspicion from somebody, even by a wrong call, and then they can use this system to go back in time and scrutinize every decision you’ve ever made, every friend you’ve ever discussed something with, and attack you on that basis, to sort of derive suspicion from an innocent life.

14) Never leave things lying about unattended or lay them down where you are liable to forget them. Learn to write lightly; the "blank" page underneath has often been read. If you have to destroy a document, do so thoroughly. Carry as little written matter as possible, and for the shortest possible time. Never carry names or addresses en clair. If you cannot carry them for the time being in your head, put them in a species of personal code, which only you understand.

15) Make as many of your difficult appointments as you can after dark. Turn the night to good use. If you cannot make it after dark, make it very early morning when people are only half awake and not on the lookout for strange goings-on.

Comments

Popular Posts