I’m new to this privacy thing, besides getting a vpn and tor. With this thing of ICE deporting people for simply having differing opinions, I’m paranoid. Is there anything I can do to avoid that happening to me? I’m not an immigrant nor do I look like one or sound like one, but it could reach to other people too. I am a woman and part of the lgbtq+ community. I’ve already deleted my pronouns and bios showing support for Ukraine, Palestine, and showing hate towards N*zis, I’m now wondering if I should delete my accounts altogether. I’m not entirely sure how to use tor or of any other method, I have experience with Nord though. Thanks.
It comes down to looking at the chain they can use to link a post to you. You should be able to express yourself fully without fear of retribution.
First and most importantly, get a password manager and use unique passwords for everything, this covers the overwhelmingly likely scenarios. All your online accounts should either be ~14+ character “dl+ruHgGv6-c0$1hh7” style passwords or 4+ random word “correct horse battery staple” style passwords. The password manager should generate them for you.
Make sure your phone has a password and consider using it instead of biometrics (face/fingerprint unlock). Passwords can’t typically be compelled but they can force you to unlock things with your face/fingerprints. Enable whole disk encryption on any computers that have access to your password manager or accounts. Turn these systems off when you’re away or asleep. Enable automatic reboot on your phone if supported so it will reboot itself if not unlocked after a set amount of time, preferably 12-24 hours max. This sounds dumb but makes it 10x harder to break into if you’re taken into custody due to how phone encryption works.
If you like social media, create accounts that aren’t in your name and have no common links (different email addresses, passwords, user names, etc). Do so over a VPN or Tor, ideally with an exit node outside the country and use email aliases through proton or similar so they’re all different. Never access them from a non-VPNed connection, your IP is logged every time you connect and kept for who-knows how long on the servers. Rotate these accounts so that your opinions and posts aren’t all connected to one identity. If you accidently post something that identifies you (you will make mistakes and should plan for it), that limits the damage to only the posts associated with that account rather than all your activity on that site. Disable history on everything! Google search, Google maps, Google location history, YouTube, your browser, EVERYTHING. Most of the stuff you see in court is just “well their Google history said they searched for XYZ so clearly they’re a terrorist”.
If you’re really enterprising, setup an old computer that’s only for social media and has the VPN enabled full time. Bonus points for using Tails Linux as the operating system but if you keep to the above it’s just an added layer of safety.
Right now the stuff we’re seeing is mostly low hanging fruit, they seem to be targeting people by literally browsing Canary Mission. They’re not employing particularly sophisticated methodology yet. That may change though so the above guards against that, at least somewhat. Your mission isn’t to be able to resist the full attention of the NSA, it’s to be much more difficult than average so they turn their limited resources elsewhere because they have a quota to meet that week.