I’m new to this privacy thing, besides getting a vpn and tor. With this thing of ICE deporting people for simply having differing opinions, I’m paranoid. Is there anything I can do to avoid that happening to me? I’m not an immigrant nor do I look like one or sound like one, but it could reach to other people too. I am a woman and part of the lgbtq+ community. I’ve already deleted my pronouns and bios showing support for Ukraine, Palestine, and showing hate towards N*zis, I’m now wondering if I should delete my accounts altogether. I’m not entirely sure how to use tor or of any other method, I have experience with Nord though. Thanks.
lol
If you’re new to the privacy thing, it might be too late. However, that’s not a reason to not try.
I’m not just saying this because you said you’re a woman but I liked https://nostarch.com/smartgirlsguide
For my friends with kids about to use the internet without restriction I’ve been getting them copies so they have something to refer to if they need it. It’s a good overview and leads to books better suited for specific topics.
The books from this guy have also been pretty helpful: https://inteltechniques.com/books.html
Don’t talk to anyone about your politics. You’re a quiet, hardworking shut-in who feels like nothing can be done to fight this.
Reality is, 10 million people organized against the US government is peanuts. They can track 10 million people. They can lock up, deport and enslave 10 million people.
10 million “lone wolfs” with no connections or communications? That shit is more than enough to cripple the country.
Stay in Canada and out of the US. I know this is not an option everyone. Do stay safe and do anything you can to protect yourself online and physically as well. Just wanted to add my support to those in the US who didn’t ask for this.
I’ve already deleted my pronouns and bios showing support for Ukraine, Palestine, and showing hate towards N*zis, I’m now wondering if I should delete my accounts altogether.
Totally get why you’re doing that but you’re also giving them exactly what they want.
Plus they absolutely had the contents that’s been deleted anyway. See PRISM.
Sure, but speaking as someone with a lot of knowledge of IT systems, RPO, RTO, etc., I can say that the RPO of deleting your accounts gets worse and worse for the NSA or whoever to keep track of as time goes on.
They’re not the internet archive where they’ve got snapshots of all text ever said on the web. They’ve got crawlers and systems and storage tiers same as anyone else. They have to cycle those backups of their snapshots at some point, and that’s when you can eventually slide your way out of their window as long as the things you’ve said or done are no longer on the internet anywhere. They will eventually disappear from databases and systems like PRISM.
Start by understanding what Tor and onion routing do in general, especially compared to a VPN. Read through this: https://support.torproject.org/about/ at the minimum. Also, understand that using these tools won’t keep you safe or anonymous if your intention is to log into any of your existing accounts. The goal should be to separate what you want to do anonymously and make sure to not have any overlap with whatever your existing accounts are since those are already very much tied to you.
To actually use Tor I’d recommend starting with Tails: https://tails.net/about/index.en.html on a USB stick. If eventually you want to have a laptop or similar device that can persist some data maybe checkout Whonix: https://www.whonix.org/. The best setup would honestly be Qubes OS, but it’s definitely not a good starting point for anyone not already familiar with unix-ish systems.
anonymity is hard and easily broken by human mistakes, but parents comment is absolutely on point.
the methods and tools you use depend on your threat model, but now is always a good time to begin getting more comfortable and improving your digital hygiene. as parent points out, while privacy (like security) really cant come in a box, tails is a great start.
It comes down to looking at the chain they can use to link a post to you. You should be able to express yourself fully without fear of retribution.
First and most importantly, get a password manager and use unique passwords for everything, this covers the overwhelmingly likely scenarios. All your online accounts should either be ~14+ character “dl+ruHgGv6-c0$1hh7” style passwords or 4+ random word “correct horse battery staple” style passwords. The password manager should generate them for you.
Make sure your phone has a password and consider using it instead of biometrics (face/fingerprint unlock). Passwords can’t typically be compelled but they can force you to unlock things with your face/fingerprints. Enable whole disk encryption on any computers that have access to your password manager or accounts. Turn these systems off when you’re away or asleep. Enable automatic reboot on your phone if supported so it will reboot itself if not unlocked after a set amount of time, preferably 12-24 hours max. This sounds dumb but makes it 10x harder to break into if you’re taken into custody due to how phone encryption works.
If you like social media, create accounts that aren’t in your name and have no common links (different email addresses, passwords, user names, etc). Do so over a VPN or Tor, ideally with an exit node outside the country and use email aliases through proton or similar so they’re all different. Never access them from a non-VPNed connection, your IP is logged every time you connect and kept for who-knows how long on the servers. Rotate these accounts so that your opinions and posts aren’t all connected to one identity. If you accidently post something that identifies you (you will make mistakes and should plan for it), that limits the damage to only the posts associated with that account rather than all your activity on that site. Disable history on everything! Google search, Google maps, Google location history, YouTube, your browser, EVERYTHING. Most of the stuff you see in court is just “well their Google history said they searched for XYZ so clearly they’re a terrorist”.
If you’re really enterprising, setup an old computer that’s only for social media and has the VPN enabled full time. Bonus points for using Tails Linux as the operating system but if you keep to the above it’s just an added layer of safety.
Right now the stuff we’re seeing is mostly low hanging fruit, they seem to be targeting people by literally browsing Canary Mission. They’re not employing particularly sophisticated methodology yet. That may change though so the above guards against that, at least somewhat. Your mission isn’t to be able to resist the full attention of the NSA, it’s to be much more difficult than average so they turn their limited resources elsewhere because they have a quota to meet that week.
Stop using the internet. You will literally never be safe online. If a fascist regime like the US wants to find you it will.
