14

For those who haven't been taking opsec seriously.

Submitted by aiwendil in Anarchism (edited )

People assume that there is nothing they can do to protect themselves and that is creating this dangerous situation, where the government, now in the hands of despotic tyrants is going to subpoena information that will allow them to spend millions or even billions infiltrating, investigating and attacking political dissidents(keep in mind, one way to increase your approval rating as a tyrant is to imprison dissidents, if they are in prison they cannot vote against you). You don't have to be one of those people worrying about whether or not your whole life is about to be scrutinized by the fascist pigs, you can start protecting yourself with tor, however it should be noted that if they do get your IP address from Dream Host, you can guarantee that you will now be targeted for traffic analysis through Tor. This is very expensive, especially to do on such a grand scale(1.3 million people potentially). However you are dealing with an adversary that can just steal more money from you to pour into investigation of your comrades. It is an adversary with a lot of resources that we don't have, which means our survival now depends on our resourcefulness.

You should have been using tor already, but you'd better start now. Do not go to political websites without it or you will be targeted. I have a presentation that covers all of the basic necessities as far as opsec goes. I would be happy to distribute that information. I was trying to do seminars months ago, but nobody seemed too interested. Now it is clear that the state is going to be cracking down on dissidents just like every oppressive fascist regime you can think of. Tor is a reality of how we must operate and taking that basic step is really the least you can and should be doing.

Additionally, we need to start developing tools for communicating anonymously and through hidden channels that will require lots of money in cryptanalysis. Forcing the state to spend resources is in itself a tactic and one that is really worth while. If we can keep them in a process of continuously having to innovate spy tactics to infiltrate, we can essentially waste large amounts of their time and money on largely fruitless investigations of people who are in effect not doing anything discernibly illegal.

It is clear that white supremacist groups, despite acts of actual violence and not just property damage will not be subject to this level of government scrutiny. In some senses that is going to provide a leg up over them, in that by using technology that protects our identities, we protect our actions from Nazi infiltration as well as state infiltration, neither of which white supremacists currently take advantage of on a large scale. Should the government actually target their organizations, which is not likely, they would be totally unprepared. We will be well versed in these tools and it will protect us from any adversary not just a governmental adversary.

This witch hunt is clearly unconstitutional. Lets see if that actually means anything. If you are relying on any branch of government to save you, your trust model is already broken. We live under a hostile fascist regime in the US and we need to start living in a way that is consistent with resistance under such an oppressive regime. I think a lot of this bluster about collecting voting data is leading to the final conclusion of our sense of democracy. I don't think Trump will relinquish power even if voted out, but obviously mass suppression of dissent is on the table now. Since he has not yet refused to leave office, we cannot legally attack his legitimacy as president(aside from the fact that he actually lost the election). He has not broken our election laws yet and when he does it is doubtful that the current political apparatus of the US has any desire to go after him. In fact he may even be protected legally in ways that leave it up to our now conservative controlled supreme court. There is no branch of government willing to go up against him currently and that may hold true should he refuse to leave office. We need to start preparing for this inevitability now, because by all metrics, Trump already is preparing. Lets start making it a little harder, okay?

Comments

You must log in or register to comment.

6

Tequila_Wolf wrote

Seems to me that this is a very important conversation.

As an individual who is not nearly as tech savvy as the average commenter on this site, I hope that some individuals here might take it upon themselves to help make general opsec stuff more accessible to those of us for whom it doesn't come naturally and who may not have people around who could show them in person.

Also, I wouldn't mind seeing the existence of a f/opsec

4

ziq wrote (edited )

I think we're spreading things too thin by making a new sub-forum for every topic, it can be discussed on f/tech or f/privacy or f/hackbloc or just here on this sub.

3

Tequila_Wolf wrote

I see! I had been going with a kind of "if you build it, they will come" approach to creating forums. Especially under the assumption that cross-posts would eventually become a thing.

3

aiwendil wrote

Tequila_Wolf: I think that is a good idea. Starting a new forum for opsec discussion. I have a lot of information that I could personally share and there are a lot of good talks from DEFCON on the topic. I am sure there are others that have a lot to contribute also.

1

Tequila_Wolf wrote

f/privacy will do the job, I think, as ziq says.

4

aiwendil wrote

I started it, before reading all of this. I guess I kind of agree and disagree and you guys can all shoot me down and take down the forum, but I think opsec is a very rich topic on it's own and it is probably worth consolidating posts into one place. If that is not something anybody else sees the value in, then I'll take it down, but it might be difficult trying to go through all the different places trying to find information. I would say that it is different enough from privacy, though privacy is one aspect of it. Let me know what you guys think.

4

ziq_postcivver wrote

It's fine, it will be a good resource having it all in one place. It's not like this site supports tags, so going to a dedicated sub is the only way to find the info you're looking for.

2

Tequila_Wolf wrote (edited )

I think it's cool and would personally encourage people to go where their desire and energy takes them. That said I'm not a founder of this site or an admin and am not sure what the people here had in mind when they started this thing.

I am not super familiar with your username so in case you aren't aware check out f/newforums if you want to announce it there.

3

ziq wrote (edited )

I don't want anyone to feel discouraged from creating new forums, sorry if I gave that impression, was just my opinion that it would limit exposure.

New forums will have far less eyeballs on them, so be prepared to promote them elsewhere if you want to reach any kind of an audience - most people are only subscribed to f/anarchism, f/socialism, f/acab, f/capitalismindecay and f/antifa, which is frustrating. I don't think many casual visitors know to check /all.

2

autonomous_hippopotamus wrote

Glad this conversation is taking place. I've been pretty frustrated myself over the lefts refusal to even attempt to protect themselves: bring up the most basic cryptography or try and tell people about distrubuted darknets they think you've lost it. Think we just gotta promote it as much as possible until it's just an unquestioned aspect of culture.

There was a bit of a toss-up on here about there being too many tech related forums already. No one mentioned my crypto-anarchism sub /crypto (ahem PLUG) Should maybe have a discussion about either consolidating some of these subs, or maybe drawing some clear distinction. Like /freeasinfreedom is clearly about open source software specifically, /tech is about tech in general, /hackbloc is about hacking as in offensive action, then /privacy and now /opsec ...

My problem with this that there are alot of subs about tech security but, unless i've overlooked one, there isn't a sub dedicated to security culture in general, so maybe /opsec can do that? just a thought.

3

aiwendil wrote

Absolutely. I think opsec is more than just digital footprint/privacy. Even things like how we dress when we go to protests and such. Opsec I hope will cover all aspects of security culture and How the left can engage with tactics that protect our own long term viability.

I totally get you on this though, I think talks about crypto tend to really put people off for some reason, but we do need to make this part of the culture. I am trying to get a few of my more tech savvy comrades on here to discuss areas of opsec that they are familiar with. We are all willing to accept masking up as a reality, but we seem unwilling to do the digital equivalent, even though there are some clear cases of our digital footprint being linked to our physical activities and used to prosecute comrades. I think it is a very important part of opsec, but so is learning hand to hand combat skills or masking up or many other things we need to do on a much more regular basis to obscure out identities from authorities.

2

autonomous_hippopotamus wrote

Yeah there is a disturbing and self-defeating attitude out there that 'The Government knows everything anyway there's no point in encryption etc.' At best this is a strategy people use to avoid paranoia. At worst it is justiification for willfull ignorance; we're going to have to deal with computers, and so cyber-security, for the rest of our lives. It is something we have to be careful aboiut though: I think alot of people have a fear of computers, rooted in some deep seated insecurities that go back to their early experiences; the fear and helplessness that comes from not knowing how something works, the panic when you accidentally fuck everything up.

There is also the convenience factor: google and facebook make everything so easy, and they are omnipresent: everyone is on facebook/google. To leave these sites is social suicide for many people. It will take considerable effort, concious effort to get people off facebook/google, and onto platforms that respect people's privacy.

In My Opinion, The best way to get around this is two fold

  1. Make cyber security easier: most of this is done on the development side of course but we on our side we can seek out and inform people about software that's out there and how to use it. Likewise we need to promote apps or websites other than fb/google etc. that are user controlled and security conscious.
  1. Proliferating secure software: Normalizing linux (and so full disk encryption etc.) and getting as many people as possible using apps like Signal or Tox... creating leftist spaces on Tor and i2p... making all these things more omnipresent will socially push people into using secure apps and thinking about cybersecurity in general. We have to make these things not seem paranoid, but standar and ordinary.
1

autonomous_hippopotamus wrote

Not to be too technical, but i would differentiate between 'opsec' and 'security culture', as there is, i think, an important distinction.

  • Opsec refers to actions, to protests, to organizing, generally it is about engaging in political practice in a way that protects the safety and privacy of every involved. Opsec means, masking up when it's called for, communicating via secure channels, not inviting shady people to the meeting etc.

  • Security Culture goes above and beyond a protest or organizations and refers to how we protect ourselves and our friends on a day to day basis. It extends for example, to not leaving a drunk friend alone with a creepy scumbag, not tolerating racists or mysogynists in our social networks and everything that goes along with created safer spaces... along with basic cyber security on a personal level like having a firewall, using strong passwords etc.

2

ziq wrote

I'm not an American, but as an outsider looking in, America's gov scares the living shit out of me. I value my privacy above all else, and idk how you can all stand to live right in the heart of the empire.

2

tnstaec wrote

I left. May relocate permanently. Things are getting worse and worse. Even on a practical level, it's too expensive to live there any more.

1

BlackFlagged wrote

A guide for comrades on getting the hell out of Dodge would be invaluable.

2

tnstaec wrote

Work or student visas are the typical routes. There's a lot of differing specifics depending on your education and work background. The archives of r/IWantOut is a good place to start.

2

aiwendil wrote

Sorry, didn't see this article got posted already. I'll leave it here for now unless people think I should move what I wrote as a comment other the original article, but I think(maybe egotistically so), that there are some points in what I wrote that are worth the community taking note of.

2

ziq wrote

You could always edit the link out and make it just a self post, because it's a great post. More people will see it that way.