Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
OpSec guide for protesters

1. Introduction

Hello,

this guide is aimed at people who are currently going out to protest in the US. It contains tips and advice on how to communicate securely and avoid surveillance during the demonstrations. It contains proven techniques from Hong Kong mixed with general security advice. This guide is aimed to be easy to understand, there is no explanation of the underlying technologies. If you are a technologist and you want to have a discussion or advice on how to improve the guide presented here, write me an e-mail: b6461bd246843f70ac1328401405b2b4e725994d@protonmail.com.

2. Communication

The most important step is to make sure you can communicate securely without being surveilled. You need a way to communicate privately with your peer group and a way to stay up to date with what's happening around you and where demonstrations are taking place. For that, it's recommended to use two apps: Telegram and Signal. You can find them on either Google's Play Store if you're on Android or Apple's Appstore if you have iOS. Signal and Telegram have different use cases:

  • You should use Telegram groups and channels to stay up to date and alert about what's going down in your surroundings.
  • You should use Signal to communicate with your peer group.

2.1 Signal

You might be familiar with Signal, especially if you have been into organizing before. It's a messaging app that deploys strong end-to-end encryption. You should use Signal to communicate with your peer group. The pros of using Signal:

  • encrypted group chats
  • encrypted phone calls
  • disappearing message feature.

Cons:

  • requires phone number

Turning on the disappearing message feature so that your phone never contains indicting information is very important, but this will be explained later in this guide. As with all communication, even if Signal has end-to-end encryption, the golden rule still applies: loose lips sink ships. Never admit to doing something unlawful on a messaging app.

2.2 Telegram

Let's start off with the most important points:

  • Telegram group chats are not encrypted.
  • Telegram channels are not encrypted.
  • normal chats are not encrypted by default
  • the secure chat feature is fishy.

Use Telegram to follow channels from your city to stay up to date about what's going down. You can find these channels on social media. Don't write anything there that you wouldn't post on twitter or instagram. If you can read it, so can the police. To keep your phone number private, go to the privacy settings and disallow your phone number from being displayed.

3. Securing your smartphone

There is a high chance that you will carry your smartphone with you during the protest, if it is to document what's happening, to keep in touch with your peer group or to find out where something is going down. Your smartphone normally contains a lot of sensitive information that, in case that you get arrested, would fall into the hands of the police. You may be thinking, well they can't force me to unlock my phone ? They will. Even if you remove biometric unlocking so that they can't force your finger on the fingerprint scanner, there are ways they can get to you. For example, police refused to let people go to the bathroom if they don't unlock their phone. Your goal must always be: "When the police arrests me and unlocks my phone, there must be no evidence on it that I've done something illegal."

As a general advice: If you don't need to carry your smartphone with you, leave it at home. The police actively uses stingrays to gather information about the smartphones that are present at protesting sites.

If you have the ability, before you go to a protest you should follow these steps:

  • backup your phone data on your personal computer
  • reset it to factory
  • set it up as a new phone
  • don't use biometrics, use a passphrase that is both strong but not too complicated.
  • Turn off your WiFi and bluetooth

Use the disappearing messages feature in Signal so that your phone is clear. Check that you don't have any evidence for whatever you may have done on your phone before attending a protest.

3.1 Burner Phone or not ?

If you can, get a burner phone and a prepaid sim. Get a phone with a removable battery, only turn it on when you're at the protests. If you take your burner phone to your home when it's turned on you can just not bother with it in the first place.

4. VPN

To safely look up information while protesting you should use a VPN. There will be no recommendation for a certain provider here but if a company spends a lot of money on YouTube advertisements you should stay away from them.

Many "tech" people will tell you to use Tor: Don't do that. Use a VPN instead. Tor will put a big crosshair on your back. To quote the security researcher thegrugq about Tor:

“Download and run this and you get a free proxy / VPN; oh, yeah, but you’ll stand out like a fucking glow stick and you have no good reason to use it except as an evasion tool against state authorities. Good luck explaining that when they ask uncomfortable questions.”

5. Facial recognition and cameras

A big part of surveillance at protests stems from CCTVs or mobile camera checkpoints. Don't forget that there's a pandemic going on: mask up! It's the thing that you can easily do that will you protect you from this surveillance (and a deadly virus).

6. Sharing content on social media

Social media plays a vital role in these protests. If you share videos or photos made there, please always censor the faces of the people involved, or even better - censor their whole bodies. There are easy to use apps for that, you don't want to get someone locked up in a few months after the authorities scraped social media and analyzed the pictures.

@dimethyltriptamine
Copy link

dimethyltriptamine commented Jun 5, 2020

Signal kinda requires the Google Play Services. Maybe you should add that.

@b6461bd246843f70ac1328401405b2b4e72599d

Signal kinda requires the Google Play Services. Maybe you should add that.

I will add that. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment