Edited to add, again, that there’s a pretty good blog post by Nadim Kobeissi about how Software Does Not Answer a Trump Election which thorougly and somewhat deservedly criticizes the kind of advice I’m giving here. I hope you, dear reader, will of course understand I don’t think mass adoption of HTTPS and Signal will halt encroacing fascism. My goal is to offer a nascent resistance advice (or reminders) about some tools and practices which will help it operate if dissident is furter criminalized. Seasoned activists will already know most of what’s below, but people joining their first protests might need this information before things get even more serious.
There’s a lot of “get Tor, get Signal” type advice floating around the internets in these first days after the US presidential elections. While some, probably not without reason, think this is a bit early and alarmist, I happen to have spent some time working with human rights defenders of various kinds in countries where the proverbial shit was looking like it would drop onto the fan at any moment. So I don’t think it’s too far out to give security advice to people who contemplate opposing their newly elected president. I’ve so to speak been there before.
First and foremost you must understand this: a US president going full fascist (and getting the intelligence community and law enforcement on board with this, which is somewhat unlikely) is probably the worst situation imaginable for anyone using digital technology to organize resistance. Remember how many of the Snowden docs are like five years old. What did Twitter look like in 2011? Facebook? Smartphones? We’ve come a long way since then. A very long way. So has the NSA, I’d wager.
Resisting a US president going full fascist is not going to happen online in any meaningful way. No, not even if you get a ThinkPad and install Qubes and follow the grugq on Twitter. You’re better off studying How to Master Secret Work and investing in a good gas mask.
With that out of the way, this is my attempt at a few simple suggestions which I hope can be useful if opposing the president is your goal and you’re more worried about his fascist followers or the local/regional police. It’s not exacly comprehensive nor authoritative. It’s written from my experiences of context other than the US, and what (non-native and admittedly limited) knowledge I have of the country, its laws and other factors at pla.
With the below technological advice, we’re trying to achieve a few things:
- Avoiding leaving too many traces of our online communications which would be easily accessible to law enforcement and courts.
- Reclaiming a bit of privacy online, both from advertisers and from possible government surveillance.
- Protecting our stored data in phones and computers from search and seizure.
- Protecting online accounts from hacking and phishing by non-state actors (state actors have other means of attack in these cases.)
Here is my checklist of tools and practices you should get acquainted with before you need them:
- A secure messenger like Wire or Signal which isn’t directly linked to a large US corporation. Some of these received US government funding at one point or another. That’s not a problem—the likelihood of there being backdoors in these particlular applications is negligible.
- The Tor Browser Bundle which lets you surf the internet very anonymously, but may be susceptible to attacks available to US law enforcement (it has been, historically, but I still recommend it with confidence.)
- A VPN service like Freedome which runs from outside US jurisdiction. While Finland are chummy with the US today, that may change with a Putin-aligned US administration.
- Veracrypt or the macOS built-in FileVault or, if you’re lucky enough to have a computer with a TPM and Windows 7/8.1/10 Pro, BitLocker (you can enable BitLocker withou a TPM, but it’s a bit tricky.). All of these can encrypt both your internal hard drive and exernal drives, protecting your files from search and seizure.
- Set your phone’s lock code to at least six digits, preferably a password that you need a keyboard to enter. Disable fingerprint unlock. This is because, from my understanding, compelling someone to unlock their phone using biometrics is not considered compelled speech in many parts of the US.
- On the subject of mobiles, considering getting a burner phone or at least a second (pre-paid) SIM and a button phone. This will also be worth its weight in gold if your smartphone is seized. Make sure to set a PIN on the SIM to defend against recovery of contacts and stored text messages.
- If you have an Android phone, make sure it’s encrypted. Check the security settings. If you are unsure of how to do it, find someone who knows or google for advice or your specific model of phone.
- If you are a Gmail user, seriously consider switching to email provided by a non-US company. At least if you use email for activism-realated communication. I’d say it’s safe to forego PGP/GPG, but if you must then please take a look at the Operational PGP guide.
- Get a grip on two-factor authentication. Totally worth it even if Trump turns out to be a middle-of-the-road Republican. There will still be cybercrime in the world regardless.
- Get a password manager and get to know and love it. My favorites are KeePassX and LastPass but there are a bunch of others out there too. This, just like two-factor authentication, will protect you more from criminals and government-supporting thugs than from the government itself, but it is generally considered best practice these days.
Finally, some words of advice on psychosocial care for self and others:
- If you learn one of the above tools, try to pass the knowledge on to at least one other person.
- It is perfectly all right to be sad and scared and angry. While I think striving to keep a level head is always a good idea, it shouldn’t be seen as a marker of good character.
- A corollary: anyone calling sadness, fear or anger “counter-revolutionary” or “weak” should be summarily excluded from your circles. The person is either a snitch, a plant, or a general liability.
- Find a peer group. Fellow hackers, fellow activists, neighbors, friends. Interact. Share stories and food and pet each others’ dogs. Talk about things that are not politics.
- Let’s call this “The Fällman Test”, in referece to Alison Bechdel’s famous test: two or more activists talking about other things than activism.
- Never, ever, hesitate to share your feelings with your peer group. If you feel this is socially awkward, find one or a few people you trust and share with them. If you bottle things up, you’ll burn out quickly.
- Snitches get stitches. As in, snitches have to treat the psychological wounds of being excluded both from activism and from friendship. No exceptions.
- Anyone boasting about being surveilled should be avoided; they are either liars for attention or will draw heat to the rest of your group.
There are certain things I will not cover, due to lack of experience:
- Protest tactics
- First aid
- Organizing protests, rallies and meetings
- Strategy beyond tech and self-care
I hope you all understand this document is at best provisional, and written by someone with no experience in political organization in the US. But I hope it gives a couple of pointers to people who are worried right now.
Stay together, stay strong, and love one another.
With solidarity from Stockholm!