Infosec 101 for Activists
43 comments
·February 4, 2025mastazi
More resources on this topic:
Activist or Protester? by EFF's Surveillance Self Defense https://ssd.eff.org/playlist/activist-or-protester
The Protester's Guide to Smartphone Security by Privacy Guides https://www.privacyguides.org/articles/2025/01/23/activists-...
jmbwell
Is it correct that iCloud backups can lead to officials being able to unlock your physical device? That’s not consistent with my understanding of Apple’s circle of trust implementation.
I get that the backups can potentially be compromised, and of course having the backup means having most of what would be on the phone, but I would love to know more about how having a copy of a backup can compromise the physical device via iCloud.
tillulen
How much does a Firefox 0-day cost these days on the grey market compared to a Chrome 0-day with sandbox escape?
FrustratedMonky
Is DuckDuckGo really secure? It's just Bing re-skinned. Makes me question the rest of the list.
mbrubeck
Yes, they use Bing’s search index, but the relevant difference is that they promise not to retain logs of your searches associated with your IP address or other identifying data: https://duckduckgo.com/privacy
sitkack
National Lawyers Guild Know Your Rights reminder: Shut the f** up! https://www.youtube.com/watch?v=nWEpW6KOZDs
KennyBlanken
That video, unfortunately, is out of date. The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
I wish I were making that up. You now have to repeatedly state it.
The USSC has been off the rails for at least ten years.
sitkack
Not a lawyer, but the advice they give is still good opsec. Don't talk to anyone except your lawyer.
If you are arrested, then yes you do have to assert your right to remain silent.
https://www.justia.com/criminal/procedure/miranda-rights/rig...
Invoke the right and stay silent.
Do not answer the obvious bullshit questions, those are used as bait, once you start answering any questions, you lose your 5th amendment protection.
snypher
My understanding is you can stop answering at any time and invoke, but of course this is used by police to start you talking in the first place.
s1mplicissimus
getting you to answer easy questions is the first psychological step in the door. salesmen (and amusingly enough many activists) know this
WaitWaitWha
> if you are merely silent that means you waive your right to remain silent.
This is not my reading. For those who want to read the actual details: https://supreme.justia.com/cases/federal/us/560/370/
Here are some nuggets from the case:
"At no point during the interrogation did Thompkins say that he wanted to remain silent, that he did not want to talk with the police, or that he wanted an attorney."
"Thompkins did not say that he wanted to remain silent or that he did not want to talk with the police. Had he made either of these simple, unambiguous statements, he would have invoked his “ ‘right to cut off questioning.’ ” Mosley, supra, at 103 (quoting Miranda, supra, at 474). Here he did neither, so he did not invoke his right to remain silent."
Omitting pertinent information is the tool of debate not of discourse.
8note
whats the part youre disagreeing with?
the context to me still says that remaining silent does not invoke the right to silence.
unless tou break your silence to aay that you intend to be silent, yiu will be prosecuted for your silence
wtfwhateven
https://en.wikipedia.org/wiki/Berghuis_v._Thompkins for the curious
Terr_
Not only that, but do not say say "Gimme a lawyer, dawg" or else corrupt police will maliciously pretend you were merely asking for a legally trained canine, and another incompetent judge might let them get away with it.
https://slate.com/news-and-politics/2017/10/suspect-asks-for...
But in all seriousness: Do not be afraid to sound like a fool making short, unambiguous, and repeated requests for a lawyer if you have to.
layman51
Just playing devil’s advocate here, but this idea of having to invoke your fifth amendment rights reminds me of a “Silent Man” (David Hampson) in the UK who would be arrested multiple times for blocking traffic by standing in the middle of the road. I’m not sure of the details, but in the process he would never speak to anyone at all (not even to his lawyer or psychiatrists, or just to confirm his name). It does seem problematic because what happens if the person arrested is actually mute?
jfengel
Also note that repeatedly invoking your right to remain silent is going to be considered "resisting arrest" and you're going to get the shit kicked out of you.
And then they send you the bill for shoe polish.
riffic
the standard abbreviation is SCOTUS
monero-xmr
Remember when the FBI and NSA were trying to outlaw encryption? Like a couple years ago? How the turn tables!
redeux
I’m not sure I understand why the tables are turned now.
some_furry
That they recommend a VPN and not Tor in their first table immediately makes me suspicious.
TheCraiggers
Why? I've personally seen more news articles about Tor users getting de-anonymized than I have VPN users. Purely anecdotal, I know, but the point being Tor is obviously not foolproof, so I am curious why recommending one over the other is apparently enough for you to call the entire article into question.
some_furry
> Why?
Because if I was running SIGINT at the NSA and collaborating with the FBI to arrest activists, the very first thing I would do is start up a bunch of VPN providers that bill themselves as "private" and then log everything aggressively.
The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes about Tor users being "de-anonymized" when VPN users are never "anonymized" to begin with. I would make sure these anecdotes never clarify whether it's "Tor users accessing Hidden Services and getting popped by a Firefox exploit" or "network attack that enables traffic correlation" so everyone fills in the blanks and assumes Tor is dangerous, when it isn't, thereby pushing activists to my VPN services.
After all. There is no real enforcement mechanism if a "private" VPN lies.
https://www.theregister.com/2011/09/26/hidemyass_lulzsec_con...
flashman
That's funny because if I was running SIGINT at the NSA I would do all of the above, and also compromise Tor
giantg2
Or you spin up a bunch of Tor nodes to de-anonymize user on that system.
roenxi
> The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes
An unfortunate factor at play in these matters (and that I note in the article) is that the intelligence services are known to run the occasional shell company [0]. It seems likely that some privacy-oriented providers are actually intelligence fronts - because if you were running an intelligence collection agency an obvious thing to try would be a privacy-focused email company or something.
If it isn't built on a trustless model it isn't trustworthy.
pstuart
A bit of a tangent, but modern protests are subject to hijacking from agents provocateur and general shit stirrers -- it's been quite effective in delegitimizing public protests. It would be nice to find ways to counter that.
Case in point: how BLM protests were turned into riots by antagonistic forces: https://abcnews.go.com/US/man-helped-ignite-george-floyd-rio...
protocolture
Interesting. I read an article stating the opposite.
That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
In particular it was stated that part of those particular riots were a distraction to (successfully iirc) lure the cops away from the police station.
youainti
I think this was the whole point of the "self purification" process that Dr ML King Jr describes in his Letter from Birmingham Jail [0], where they had workshops on non-violence etc.
blackeyeblitzar
This feels like revisionism. The vast majority of BLM riots were riots as intended, not some kind of conspiracy to undermine an otherwise peaceful protest. Near me, I would say all of them that were riots were that way on purpose. There’s no accident or agent provocateur in hundreds of people blocking highways for example. Especially when they brag about it in their group’s social media, because many faced no consequences.
RajT88
Blocking a highway is not an act of violence, it is a form of peaceful protest.
Like a diner sit-in.
You are free to correct your post to explain all the acts of violence you saw which justify the term "riot".
pstuart
I'm not at all a fan of the tactic of blocking highways as a protest move, I think that's not the same thing as a riot -- it's civil disobedience.
The link that I shared explicitly pointed out that the riot was started by a white supremacist. It's documented and a fact. So were dealing with 1+N cases here.
> Near me, I would say all of them that were riots were that way on purpose.
Look, it worked. It has framed BLM in millions of peoples minds as just black people rioting, and who wants to support riots eh?
Edit: research proving the peaceful intent of protests: https://acleddata.com/2020/09/03/demonstrations-political-vi...
t4throwaway
[dead]
globalnode
This is ridiculous, just don't use a network of any kind or you'll be tracked by someone somewhere. Simple as that. Misleading people into thinking they can use these tools and be safe is dangerous. I suppose the only way to be safe is to assume you're being tracked somehow and use burners or throw aways that don't matter.
d4mi3n
While you’re not wrong, there’s a trade off between communication needs and security guarantees. Activism and protesting requires organization, which is effectively hampered by the inability to quickly and efficiently disseminate information.
I’ve read the EFF’s guide and it seemed reasonable for a layman. What caveats or disclaimers would you include that they haven’t already? What more do you feel could be done to make people with these needs safer while helping them pursue their goals?
jfengel
You need to coordinate with people. It could be as simple and necessary as getting your ride back home after the protest.
Yes, any use of the network is a risk. You take a risk just showing up. This is about mitigating risk, not eliminating it. You have to decide if it's a risk worth taking.
calt
This advice is unhelpful. Don't let the perfect be the enemy of the good. Cell phones are a useful tool for coordinating and communicating.
numpad0
Yeah, the reality of amateur clandestine operations is that you have to put down your phone.
Hesitant to recommend proton since they can't stay out of politics, I don't think mullvad has any similar slipups: https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...