FM-R1: FM-R1: Secure Communication Networks for Decentralized Resistance
UNCLASSIFIED
Section 7-1 to 7-6
Chapter 7: Digital Hygiene and Privacy
Chapter Overview
This chapter provides comprehensive guidance for maintaining digital hygiene and privacy in resistance operations. Digital hygiene encompasses all practices related to managing your online presence, protecting personal information, and minimizing digital footprints that could compromise operational security. Unlike hardware security which focuses on physical devices, digital hygiene addresses the behavioral and procedural aspects of online activities.
Sections in this chapter:
- 7-1: Browser Security Configuration
- 7-2: Search Engine Privacy
- 7-3: VPN and Tor Usage
- 7-4: Social Media Operational Security
- 7-5: Email Security and Anonymous Accounts
- 7-6: Digital Footprint Minimization
Section 7-1: Browser Security Configuration
Overview
Web browsers are the primary interface for online activities and represent a significant attack surface for surveillance and compromise. Proper browser configuration is essential for maintaining privacy and security during research, communication, and operational activities. This section provides comprehensive browser hardening procedures for resistance operations.
Browser Selection and Evaluation
Security-Focused Browser Options
Browser Security Comparison:
Browser Security Assessment:
1. Tor Browser:
- Advantages: Built-in Tor integration, maximum anonymity
- Disadvantages: Slower performance, limited functionality
- Use Case: High-risk operations requiring maximum anonymity
- Security Level: Maximum
2. Firefox with Hardening:
- Advantages: Open source, extensive customization options
- Disadvantages: Requires manual configuration
- Use Case: Research and medium-security operations
- Security Level: High (when properly configured)
3. Brave Browser:
- Advantages: Built-in ad blocking and privacy features
- Disadvantages: Chromium-based, limited anonymity
- Use Case: Daily browsing with enhanced privacy
- Security Level: Medium-High
4. Ungoogled Chromium:
- Advantages: Chrome compatibility without Google tracking
- Disadvantages: Manual updates, limited support
- Use Case: Compatibility requirements with privacy focus
- Security Level: Medium
Tor Browser Configuration
Tor Browser Security Settings
Security Level Configuration:
Tor Browser Security Levels:
1. Standard (Default):
- JavaScript enabled for all sites
- Audio and video enabled
- Some fonts and math symbols allowed
- Use for: Low-risk browsing and research
2. Safer:
- JavaScript disabled on non-HTTPS sites
- Some fonts and symbols disabled
- Audio and video click-to-play
- Use for: Medium-risk operational activities
3. Safest:
- JavaScript disabled on all sites
- Images, media, and fonts disabled
- Maximum security with reduced functionality
- Use for: High-risk operations and sensitive activities
Advanced Tor Browser Configuration:
// about:config security settings for Tor Browser
// Access via about:config in address bar
// Disable WebRTC to prevent IP leaks
media.peerconnection.enabled = false
// Disable geolocation services
geo.enabled = false
// Disable camera and microphone access
media.navigator.enabled = false
// Disable WebGL for fingerprinting protection
webgl.disabled = true
// Disable battery API
dom.battery.enabled = false
// Disable clipboard events
dom.event.clipboardevents.enabled = false
Tor Browser Operational Security
Tor Browser Usage Procedures:
Tor Browser OpSec Guidelines:
1. Session Management:
- Use New Identity for different activities
- Clear cookies and site data between sessions
- Avoid logging into personal accounts
- Use different circuits for different purposes
2. JavaScript and Plugin Management:
- Disable JavaScript for sensitive activities
- Never install browser plugins or extensions
- Avoid sites requiring Flash or Java
- Use NoScript for granular script control
3. Download Security:
- Avoid downloading files through Tor Browser
- Scan all downloads with antivirus software
- Open downloads in isolated environments
- Verify file integrity and authenticity
4. Browsing Behavior:
- Avoid unique browsing patterns
- Don't resize browser window
- Use standard screen resolution
- Avoid enabling full-screen mode
Firefox Hardening
Privacy and Security Configuration
Firefox Privacy Settings:
// Firefox about:config privacy hardening
// Essential privacy and security configurations
// Disable telemetry and data collection
toolkit.telemetry.enabled = false
datareporting.healthreport.uploadEnabled = false
datareporting.policy.dataSubmissionEnabled = false
// Enhanced tracking protection
privacy.trackingprotection.enabled = true
privacy.trackingprotection.socialtracking.enabled = true
privacy.trackingprotection.cryptomining.enabled = true
// DNS over HTTPS configuration
network.trr.mode = 2
network.trr.uri = "https://mozilla.cloudflare-dns.com/dns-query"
// Disable WebRTC IP leak
media.peerconnection.enabled = false
media.peerconnection.ice.default_address_only = true
// Fingerprinting protection
privacy.resistFingerprinting = true
privacy.firstparty.isolate = true
// Cookie and storage settings
network.cookie.cookieBehavior = 1
network.cookie.lifetimePolicy = 2
dom.storage.enabled = false
Extension Security
Recommended Firefox Extensions:
Security-Focused Extensions:
1. uBlock Origin:
- Advanced ad and tracker blocking
- Custom filter lists and rules
- JavaScript blocking capabilities
- Resource usage monitoring
2. NoScript:
- Granular script execution control
- XSS and clickjacking protection
- Application boundary enforcement
- Whitelist-based security model
3. HTTPS Everywhere:
- Automatic HTTPS upgrades
- SSL/TLS connection enforcement
- Certificate validation enhancement
- Mixed content protection
4. ClearURLs:
- URL parameter cleaning
- Tracking parameter removal
- Link sanitization
- Privacy-focused URL handling
5. Decentraleyes:
- CDN emulation for privacy
- Third-party resource blocking
- Local resource serving
- Tracking prevention
Browser Operational Security
Session Isolation and Management
Browser Session Security:
Session Management Procedures:
1. Role-Based Browsing:
- Separate browser profiles for different roles
- Different browsers for different activities
- Isolated browsing environments
- Clear separation between operational and personal browsing
2. Session Cleanup:
- Clear browsing data after each session
- Delete cookies, cache, and history
- Clear form data and passwords
- Restart browser between different activities
3. Incognito/Private Browsing:
- Use private browsing for sensitive activities
- Understand limitations of private browsing
- Combine with other privacy measures
- Clear data even in private mode
4. Browser Fingerprinting Protection:
- Use common browser configurations
- Avoid unique extensions and settings
- Disable fingerprinting vectors
- Regularly test fingerprinting resistance
Download and File Handling Security
Secure Download Procedures:
Download Security Framework:
1. Download Source Verification:
- Verify download source authenticity
- Check file hashes and signatures
- Use official download channels only
- Avoid suspicious or modified files
2. Download Isolation:
- Download to isolated directories
- Scan files with antivirus software
- Open files in sandboxed environments
- Avoid executing downloaded files directly
3. File Type Security:
- Avoid executable file downloads
- Be cautious with document files
- Verify file types and extensions
- Use safe file viewers when possible
4. Post-Download Security:
- Clear download history
- Securely delete temporary files
- Monitor system for changes
- Document downloaded files for security review
Browser Testing and Verification
Privacy and Security Testing
Browser Security Verification:
Browser Security Testing:
1. IP Address Leaks:
- Test for WebRTC IP leaks
- Check DNS leak protection
- Verify proxy/VPN integration
- Monitor for IPv6 leaks
2. Fingerprinting Resistance:
- Test browser fingerprinting uniqueness
- Verify JavaScript fingerprinting protection
- Check canvas and WebGL fingerprinting
- Monitor for tracking pixel detection
3. Cookie and Storage Testing:
- Verify cookie blocking and deletion
- Test local storage isolation
- Check session storage handling
- Monitor for tracking cookie persistence
4. Network Security Testing:
- Verify HTTPS enforcement
- Test certificate validation
- Check mixed content handling
- Monitor for insecure connections
Testing Tools and Resources:
# Browser security testing tools
# Use these tools to verify browser security configuration
# IP leak testing
curl -s https://ipinfo.io/ip # Check current IP
# Visit: https://ipleak.net/ for comprehensive leak testing
# DNS leak testing
# Visit: https://www.dnsleaktest.com/
# Browser fingerprinting testing
# Visit: https://panopticlick.eff.org/
# Visit: https://amiunique.org/
# WebRTC leak testing
# Visit: https://browserleaks.com/webrtc
# JavaScript security testing
# Visit: https://browserleaks.com/javascript
Browser Security Limitations
Browser security configurations provide significant protection but cannot eliminate all risks. JavaScript, plugins, and browser vulnerabilities can still compromise security. Use browsers as part of a comprehensive security strategy, not as standalone protection.
Section 7-2: Search Engine Privacy
Overview
Search engines collect vast amounts of data about user interests, activities, and intentions. This data can be used to build detailed profiles for surveillance and targeting. Privacy-focused search strategies are essential for resistance operations to prevent intelligence gathering through search activities and to maintain operational security during research.
Search Engine Threat Model
Search-Based Intelligence Gathering
Search Surveillance Capabilities:
Search Engine Surveillance Risks:
1. Query Logging and Analysis:
- Complete search history and query logs
- Temporal analysis of search patterns
- Correlation with other user activities
- Behavioral profiling and interest mapping
2. Result Click Tracking:
- Monitoring of clicked search results
- Time spent on linked websites
- Follow-up searches and research patterns
- Cross-site tracking and correlation
3. Location and Context Correlation:
- IP address and geographic location tracking
- Device and browser fingerprinting
- Time-based activity correlation
- Social network and contact analysis
4. Predictive Analysis:
- Intent prediction based on search patterns
- Risk assessment and threat scoring
- Automated flagging and alerting
- Integration with surveillance databases
Privacy-Focused Search Engines
Alternative Search Engine Options
Privacy Search Engine Comparison:
Privacy Search Engine Assessment:
1. DuckDuckGo:
- Advantages: No tracking, good results, Tor support
- Disadvantages: US-based, limited advanced features
- Use Case: General research and daily searching
- Privacy Level: High
2. Startpage:
- Advantages: Google results without tracking
- Disadvantages: Netherlands-based, limited customization
- Use Case: Google-quality results with privacy
- Privacy Level: High
3. Searx:
- Advantages: Open source, self-hostable, aggregated results
- Disadvantages: Variable result quality, setup complexity
- Use Case: Maximum privacy and control
- Privacy Level: Maximum (when self-hosted)
4. Yandex (with precautions):
- Advantages: Good for non-Western perspectives
- Disadvantages: Russian-based, potential surveillance
- Use Case: Specific research requiring diverse sources
- Privacy Level: Low (use with Tor/VPN only)
Self-Hosted Search Solutions
Searx Installation and Configuration:
# Install Searx for private search engine
# Requires Docker for easy deployment
# Clone Searx repository
git clone https://github.com/searx/searx-docker.git
cd searx-docker
# Configure Searx settings
cp .env.example .env
# Edit .env file with custom settings
# Start Searx instance
docker-compose up -d
# Access Searx at http://localhost:8080
# Configure search engines and preferences
Searx Security Configuration:
# searx/settings.yml security configuration
general:
debug: false
instance_name: "Private Search"
contact_url: false
enable_stats: false
server:
port: 8080
bind_address: "127.0.0.1"
secret_key: "generate_random_secret_key"
base_url: false
image_proxy: true
search:
safe_search: 0
autocomplete: ""
default_lang: ""
ban_time_on_fail: 5
max_ban_time_on_fail: 120
outgoing:
request_timeout: 3.0
useragent_suffix: ""
pool_connections: 100
pool_maxsize: 20
enable_http2: true
Search Operational Security
Anonymous Search Procedures
Search OpSec Framework:
Anonymous Search Procedures:
1. Network Anonymity:
- Use Tor Browser for all sensitive searches
- Route searches through VPN when appropriate
- Use different exit nodes for different topics
- Avoid searching from personal network connections
2. Query Obfuscation:
- Use generic terms instead of specific queries
- Break complex searches into multiple simple queries
- Use synonyms and alternative terminology
- Add noise queries to mask real interests
3. Temporal Separation:
- Spread related searches across time
- Use different search sessions for different topics
- Vary search timing to avoid pattern recognition
- Clear search history between sessions
4. Search Engine Rotation:
- Use different search engines for different purposes
- Rotate between privacy-focused search engines
- Avoid consistent search engine preferences
- Test search engines for result bias and filtering
Research Methodology
Secure Research Techniques:
Research Security Procedures:
1. Research Planning:
- Plan research objectives and scope
- Identify information sources and methods
- Assess research risks and security requirements
- Develop research timeline and milestones
2. Information Gathering:
- Use multiple independent sources
- Cross-reference information for accuracy
- Document sources and methodology
- Verify information through alternative channels
3. Source Protection:
- Protect source identity and location
- Use secure communication for source contact
- Implement source verification procedures
- Maintain source confidentiality and security
4. Information Security:
- Encrypt and protect research data
- Use secure storage and backup procedures
- Implement access controls and permissions
- Plan for information sanitization and disposal
Advanced Search Techniques
Search Query Optimization
Advanced Search Operators:
Search Operator Security Usage:
1. Site-Specific Searches:
- site:example.com "search term"
- Use to limit searches to trusted sources
- Avoid revealing specific site interests
- Combine with other operators for precision
2. File Type Searches:
- filetype:pdf "search term"
- Use to find specific document types
- Be cautious with executable file searches
- Verify file safety before downloading
3. Time-Based Searches:
- Use date ranges to limit search scope
- Focus on recent information when relevant
- Avoid time patterns that reveal interests
- Use historical searches for context
4. Exclusion Searches:
- -"unwanted term" to exclude results
- Use to filter out irrelevant information
- Avoid revealing what you want to exclude
- Combine with inclusion terms for precision
Specialized Search Resources
Alternative Information Sources:
Specialized Search Resources:
1. Academic Databases:
- Google Scholar for academic papers
- JSTOR for academic journals
- arXiv for preprint papers
- Use institutional access when available
2. Government Databases:
- FOIA reading rooms and databases
- Government transparency portals
- Legislative and regulatory databases
- Court records and legal databases
3. News and Media Archives:
- Internet Archive Wayback Machine
- Newspaper archives and databases
- Broadcast news archives
- Social media archives and tools
4. Technical Resources:
- GitHub for code and technical documentation
- Stack Overflow for technical questions
- Technical forums and communities
- Vendor documentation and resources
Search Result Verification
Information Verification Procedures
Source Verification Framework:
Information Verification Process:
1. Source Credibility Assessment:
- Evaluate source reputation and expertise
- Check source funding and potential bias
- Verify source contact information and legitimacy
- Cross-reference with other credible sources
2. Information Accuracy Verification:
- Compare information across multiple sources
- Check for factual errors and inconsistencies
- Verify dates, names, and specific details
- Look for primary source documentation
3. Currency and Relevance Check:
- Verify information publication and update dates
- Check for more recent information or updates
- Assess relevance to current situation
- Consider information lifecycle and validity
4. Bias and Perspective Analysis:
- Identify potential source bias and agenda
- Seek diverse perspectives and viewpoints
- Analyze language and presentation for bias
- Consider cultural and political context
Fact-Checking Resources
Verification Tools and Techniques:
# Information verification tools and techniques
# Reverse image search for image verification
# Use TinEye or Google Images (through Tor)
# Website verification tools
whois example.com # Check domain registration
dig example.com # Check DNS information
# Archive verification
# Use Internet Archive Wayback Machine
# Check for historical versions of information
# Social media verification
# Cross-reference social media posts
# Check account verification and history
# Look for original sources and context
Search Privacy Benefits
Privacy-focused search practices significantly reduce surveillance exposure and protect research activities. Combined with proper browser security and network anonymity, private search engines provide effective protection for intelligence gathering and research operations.
Section 7-3: VPN and Tor Usage
Overview
Virtual Private Networks (VPNs) and The Onion Router (Tor) are essential tools for network anonymity and privacy protection. While both provide network-level protection, they serve different purposes and have different security characteristics. This section provides comprehensive guidance for selecting, configuring, and using VPNs and Tor for resistance operations.
VPN vs. Tor Comparison
Technology Comparison
VPN and Tor Characteristics:
VPN vs. Tor Analysis:
1. VPN Characteristics:
- Advantages: Fast speeds, easy setup, full device protection
- Disadvantages: Single point of trust, potential logging
- Use Case: General privacy and geo-blocking circumvention
- Anonymity Level: Medium (depends on provider)
2. Tor Characteristics:
- Advantages: Strong anonymity, no single point of trust
- Disadvantages: Slower speeds, limited protocol support
- Use Case: High-risk activities requiring maximum anonymity
- Anonymity Level: High (when properly used)
3. VPN + Tor Combination:
- Advantages: Enhanced anonymity and protection
- Disadvantages: Complex setup, potential performance issues
- Use Case: Maximum security for critical operations
- Anonymity Level: Maximum
VPN Selection and Configuration
VPN Provider Evaluation
VPN Security Assessment Criteria:
VPN Provider Evaluation Framework:
1. Privacy Policy and Jurisdiction:
- Verified no-logs policy with independent audits
- Jurisdiction outside surveillance alliances (5/9/14 Eyes)
- Transparent privacy practices and warrant canaries
- No data retention requirements or legal obligations
2. Technical Security Features:
- Strong encryption protocols (OpenVPN, WireGuard, IKEv2)
- Perfect forward secrecy and secure key exchange
- DNS leak protection and IPv6 support
- Kill switch and connection monitoring
3. Infrastructure and Performance:
- Large server network with diverse locations
- High-speed connections and unlimited bandwidth
- Multiple protocol options and port configurations
- Reliable uptime and connection stability
4. Payment and Account Security:
- Anonymous payment options (cryptocurrency, cash)
- No personal information requirements
- Secure account management and authentication
- Regular security updates and maintenance
VPN Configuration Best Practices
OpenVPN Configuration:
# Secure OpenVPN client configuration
# /etc/openvpn/client.conf
client
dev tun
proto udp
remote vpn-server.example.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
# Authentication
ca ca.crt
cert client.crt
key client.key
tls-auth ta.key 1
# Security settings
cipher AES-256-GCM
auth SHA256
key-direction 1
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
# DNS and routing
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
redirect-gateway def1 bypass-dhcp
dhcp-option DNS 1.1.1.1
dhcp-option DNS 1.0.0.1
# Connection monitoring
ping 15
ping-restart 0
ping-timer-rem
persist-tun
persist-key
# Logging
verb 3
mute 20
WireGuard Configuration:
# WireGuard client configuration
# /etc/wireguard/wg0.conf
[Interface]
PrivateKey = CLIENT_PRIVATE_KEY
Address = 10.0.0.2/32
DNS = 1.1.1.1, 1.0.0.1
# Kill switch using iptables
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
PublicKey = SERVER_PUBLIC_KEY
Endpoint = vpn-server.example.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Tor Network Usage
Tor Browser and Network Configuration
Tor Network Security:
Tor Usage Best Practices:
1. Tor Browser Usage:
- Use official Tor Browser for web browsing
- Never install additional plugins or extensions
- Use highest security level for sensitive activities
- Clear browser data between different activities
2. Tor Network Configuration:
- Use bridges for censorship circumvention
- Configure entry and exit node preferences
- Monitor circuit paths and exit node countries
- Use new circuits for different activities
3. Application Integration:
- Configure applications to use Tor SOCKS proxy
- Use Tor-specific versions of applications when available
- Avoid applications that bypass Tor proxy
- Monitor for DNS and IP leaks
4. Operational Security:
- Never download files through Tor Browser
- Avoid logging into personal accounts over Tor
- Use different circuits for different identities
- Monitor for traffic analysis attacks
Tor Bridge Configuration
Bridge Setup for Censorship Circumvention:
# Tor bridge configuration
# /etc/tor/torrc
# Use bridges for censorship circumvention
UseBridges 1
ClientTransportPlugin obfs4 exec /usr/bin/obfs4proxy
# Bridge configurations (obtain from https://bridges.torproject.org/)
Bridge obfs4 192.0.2.1:443 cert=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA iat-mode=0
Bridge obfs4 192.0.2.2:443 cert=BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB iat-mode=0
# Additional security settings
ExitPolicy reject *:*
DisableNetwork 0
ControlPort 9051
CookieAuthentication 1
Advanced Anonymity Configurations
VPN + Tor Combinations
Layered Anonymity Setups:
VPN + Tor Configuration Options:
1. VPN → Tor (VPN first, then Tor):
- Advantages: Hides Tor usage from ISP
- Disadvantages: VPN provider can see real IP
- Setup: Connect to VPN, then use Tor Browser
- Use Case: Tor censorship circumvention
2. Tor → VPN (Tor first, then VPN):
- Advantages: VPN doesn't see real IP
- Disadvantages: Complex setup, potential correlation
- Setup: Route Tor traffic through VPN
- Use Case: Accessing VPN-only services anonymously
3. VPN → Tor → VPN (Double VPN with Tor):
- Advantages: Maximum anonymity layers
- Disadvantages: Very slow, complex configuration
- Setup: VPN1 → Tor → VPN2
- Use Case: Extreme security requirements
Multi-Hop VPN Configurations
Cascading VPN Connections:
# Multi-hop VPN setup using multiple providers
# Requires careful configuration to avoid leaks
# First VPN connection
openvpn --config provider1.ovpn --daemon
# Second VPN connection through first
openvpn --config provider2.ovpn --route-gateway 10.0.0.1 --daemon
# Verify connection chain
curl -s https://ipinfo.io/ip
# Should show second VPN provider's IP
Network Monitoring and Verification
Connection Verification Procedures
Network Security Testing:
# Network security verification scripts
# Check current IP address
check_ip() {
echo "Current IP: $(curl -s https://ipinfo.io/ip)"
echo "Location: $(curl -s https://ipinfo.io/city)"
echo "ISP: $(curl -s https://ipinfo.io/org)"
}
# DNS leak testing
check_dns_leaks() {
echo "DNS servers in use:"
nslookup google.com | grep Server
# Test for DNS leaks
curl -s https://www.dnsleaktest.com/results.php
}
# WebRTC leak testing
check_webrtc_leaks() {
echo "Testing for WebRTC leaks..."
# Use browser-based testing at browserleaks.com/webrtc
}
# Tor circuit information
check_tor_circuit() {
if command -v tor &> /dev/null; then
echo "Tor circuit information:"
echo 'GETINFO circuit-status' | nc 127.0.0.1 9051
fi
}
Performance Monitoring
Network Performance Assessment:
# Network performance monitoring
# Speed testing through anonymity network
test_speed() {
echo "Testing connection speed..."
curl -o /dev/null -s -w "Speed: %{speed_download} bytes/sec\n" \
http://speedtest.wdc01.softlayer.com/downloads/test100.zip
}
# Latency testing
test_latency() {
echo "Testing network latency..."
ping -c 5 8.8.8.8 | tail -1 | awk '{print $4}' | cut -d '/' -f 2
}
# Connection stability monitoring
monitor_connection() {
while true; do
if ! curl -s --max-time 10 https://check.torproject.org/ > /dev/null; then
echo "$(date): Connection lost"
# Implement reconnection logic
fi
sleep 60
done
}
Operational Procedures
Network Access Protocols
Secure Network Usage Framework:
Network Access Procedures:
1. Pre-Connection Security:
- Verify network security configuration
- Check for DNS and IP leak protection
- Test kill switch functionality
- Document network access plan
2. Connection Establishment:
- Connect to VPN/Tor using secure procedures
- Verify anonymity and security status
- Test connection performance and stability
- Monitor for security warnings or alerts
3. Operational Usage:
- Follow role-based network access policies
- Monitor connection status continuously
- Use appropriate security levels for activities
- Document network usage for security review
4. Disconnection Security:
- Clear browser data and temporary files
- Verify secure disconnection procedures
- Check for data leaks or security issues
- Document session activities and outcomes
Network Anonymity Limitations
VPNs and Tor provide strong network-level protection but cannot protect against all surveillance methods. Behavioral analysis, timing correlation, and application-level attacks can still compromise anonymity. Use network anonymity tools as part of comprehensive operational security.
Section 7-4: Social Media Operational Security
Overview
Social media platforms present significant operational security challenges for resistance operations. These platforms collect vast amounts of personal data, track user behavior, and can be used for surveillance and intelligence gathering. This section provides comprehensive guidance for managing social media presence while maintaining operational security.
Social Media Threat Model
Platform Surveillance Capabilities
Social Media Intelligence Gathering:
Social Media Surveillance Risks:
1. Data Collection and Profiling:
- Complete activity logs and behavioral patterns
- Social network mapping and relationship analysis
- Location tracking and movement patterns
- Interest profiling and predictive analysis
2. Content Analysis:
- Automated content scanning and keyword detection
- Image and video analysis with facial recognition
- Sentiment analysis and political profiling
- Cross-platform content correlation
3. Network Analysis:
- Social graph mapping and relationship tracking
- Communication pattern analysis
- Influence network identification
- Group membership and activity monitoring
4. Real-Time Monitoring:
- Live activity tracking and alerting
- Location-based surveillance and targeting
- Event coordination and protest monitoring
- Emergency response and law enforcement coordination
Platform-Specific Security Considerations
Major Platform Analysis
Platform Security Assessment:
Social Media Platform Risks:
1. Facebook/Meta Platforms:
- Extensive data collection and profiling
- Real-name policy and identity verification
- Cross-platform tracking and correlation
- Government cooperation and data sharing
2. Twitter/X:
- Public content and searchable archives
- Real-time monitoring and trending analysis
- Government censorship and content removal
- Account suspension and deplatforming risks
3. Instagram:
- Image metadata and location tracking
- Facial recognition and tagging
- Story and activity monitoring
- Integration with Facebook surveillance
4. TikTok:
- Extensive device permissions and data access
- Content recommendation algorithm analysis
- International data sharing concerns
- Real-time location and activity tracking
5. LinkedIn:
- Professional network and employment tracking
- Skill and interest profiling
- Company and organization monitoring
- Career progression and relationship analysis
Anonymous Social Media Usage
Account Creation and Management
Anonymous Account Procedures:
Anonymous Social Media Account Setup:
1. Account Creation Security:
- Use Tor Browser for account registration
- Create accounts from public WiFi locations
- Use temporary email addresses for registration
- Provide minimal or false personal information
2. Identity Development:
- Create consistent but fictional persona
- Develop believable background and interests
- Use AI-generated profile photos
- Maintain consistent posting patterns and voice
3. Account Security:
- Use strong, unique passwords
- Enable two-factor authentication with anonymous phone numbers
- Regularly review and update privacy settings
- Monitor account for suspicious activity
4. Operational Separation:
- Never link anonymous accounts to real identity
- Use different devices for different accounts
- Maintain separate browser profiles and sessions
- Avoid cross-contamination between accounts
Content Security Guidelines
Secure Content Practices:
Social Media Content Security:
1. Content Creation:
- Remove metadata from all images and videos
- Avoid location-specific references or landmarks
- Use generic language and avoid unique phrases
- Consider time zone implications for posting times
2. Image and Video Security:
- Strip EXIF data from all media files
- Avoid reflective surfaces showing surroundings
- Use image editing to remove identifying features
- Consider reverse image search implications
3. Language and Communication:
- Use coded language for sensitive topics
- Avoid specific names, dates, and locations
- Maintain consistent persona voice and style
- Consider linguistic analysis and fingerprinting
4. Interaction Security:
- Limit interactions with known associates
- Avoid liking or sharing personal content
- Use private messaging sparingly and securely
- Monitor follower lists for suspicious accounts
Privacy Settings and Configuration
Platform Privacy Hardening
Privacy Settings Optimization:
Social Media Privacy Configuration:
1. Profile Privacy:
- Set profile to private/protected mode
- Limit profile information visibility
- Disable people discovery features
- Turn off activity status indicators
2. Content Privacy:
- Limit post visibility to followers only
- Disable content indexing by search engines
- Turn off location services and geotagging
- Disable automatic photo tagging and recognition
3. Communication Privacy:
- Restrict direct message permissions
- Disable read receipts and typing indicators
- Limit who can find you by contact information
- Turn off online status and last seen indicators
4. Data and Advertising:
- Opt out of data collection and sharing
- Disable personalized advertising
- Limit third-party app permissions
- Turn off cross-platform tracking
Mobile App Security
Social Media App Hardening:
# Mobile app permission management
# Disable unnecessary permissions for social media apps
# Android permission management
adb shell pm revoke com.facebook.katana android.permission.ACCESS_FINE_LOCATION
adb shell pm revoke com.facebook.katana android.permission.CAMERA
adb shell pm revoke com.facebook.katana android.permission.RECORD_AUDIO
# iOS permission management (through Settings)
# Settings > Privacy & Security > Location Services > [App] > Never
# Settings > Privacy & Security > Camera > [App] > Off
# Settings > Privacy & Security > Microphone > [App] > Off
Social Media Intelligence Gathering
Open Source Intelligence (OSINT)
Social Media Research Techniques:
OSINT Social Media Research:
1. Profile Investigation:
- Analyze public profile information and history
- Map social connections and relationships
- Identify patterns in posting behavior
- Cross-reference information across platforms
2. Content Analysis:
- Search for specific keywords and hashtags
- Analyze image and video content for intelligence
- Track location data and movement patterns
- Monitor real-time activity and updates
3. Network Mapping:
- Identify key influencers and network nodes
- Map organizational structures and hierarchies
- Track communication patterns and relationships
- Analyze group membership and affiliations
4. Temporal Analysis:
- Track activity patterns over time
- Identify routine behaviors and schedules
- Correlate activities with external events
- Predict future activities and locations
Counter-Intelligence Measures
Social Media Counter-Intelligence:
Counter-Intelligence Procedures:
1. Disinformation and Misdirection:
- Post misleading information about activities
- Create false patterns and routines
- Use decoy accounts and personas
- Implement noise generation strategies
2. Surveillance Detection:
- Monitor for unusual follower activity
- Track suspicious engagement patterns
- Identify potential surveillance accounts
- Document and report suspicious activity
3. Operational Security:
- Compartmentalize social media activities
- Use different platforms for different purposes
- Implement temporal and geographic separation
- Maintain plausible deniability for activities
4. Network Protection:
- Protect associate identities and activities
- Avoid tagging or mentioning operational contacts
- Use coded communication for coordination
- Implement group security protocols
Crisis Communication and Emergency Procedures
Emergency Social Media Protocols
Crisis Communication Framework:
Emergency Social Media Procedures:
1. Account Compromise Response:
- Immediately change passwords and enable 2FA
- Review account activity and unauthorized access
- Notify contacts through alternative channels
- Document compromise for security analysis
2. Content Removal and Damage Control:
- Identify and remove compromising content
- Contact platform support for content removal
- Implement damage assessment procedures
- Coordinate response with network members
3. Emergency Communication:
- Use predetermined emergency communication codes
- Activate alternative communication channels
- Coordinate with network emergency procedures
- Monitor for law enforcement or surveillance response
4. Account Abandonment:
- Implement secure account deletion procedures
- Transfer important information to secure channels
- Notify trusted contacts of account changes
- Create new accounts with enhanced security
Legal and Compliance Considerations
Legal Risk Management:
Social Media Legal Considerations:
1. Content Liability:
- Understand platform terms of service
- Consider legal implications of posted content
- Implement content review and approval procedures
- Document content for legal protection
2. Data Protection and Privacy:
- Comply with applicable privacy regulations
- Understand data retention and deletion policies
- Implement data protection procedures
- Consider cross-border data transfer implications
3. Law Enforcement Cooperation:
- Understand platform cooperation with authorities
- Consider warrant and subpoena implications
- Implement legal response procedures
- Maintain legal counsel and support resources
4. International Considerations:
- Consider jurisdiction and applicable laws
- Understand international cooperation agreements
- Implement location-specific security measures
- Consider diplomatic and political implications
Social Media Risks
Social media platforms pose significant risks to operational security through extensive data collection, surveillance capabilities, and government cooperation. Use social media sparingly and with comprehensive security measures, or avoid entirely for high-risk operations.
Section 7-5: Email Security and Anonymous Accounts
Overview
Email remains a critical communication channel for many activities, but traditional email services pose significant security and privacy risks. This section covers secure email practices, anonymous account creation, and email security measures for resistance operations.
Email Threat Model
Email Security Vulnerabilities
Email-Based Surveillance Risks:
Email Security Threats:
1. Content Surveillance:
- Unencrypted email content scanning
- Keyword detection and automated analysis
- Attachment scanning and malware detection
- Cross-reference with other intelligence sources
2. Metadata Collection:
- Email headers and routing information
- Sender and recipient relationship mapping
- Timestamp and frequency analysis
- IP address and location tracking
3. Account Compromise:
- Password attacks and credential theft
- Account takeover and impersonation
- Email forwarding and redirection
- Access to email history and contacts
4. Provider Cooperation:
- Government data requests and subpoenas
- Real-time monitoring and interception
- Data retention and historical access
- Cross-border data sharing agreements
Secure Email Service Selection
Privacy-Focused Email Providers
Secure Email Provider Comparison:
Secure Email Provider Assessment:
1. ProtonMail:
- Advantages: End-to-end encryption, Swiss jurisdiction
- Disadvantages: Limited free tier, requires JavaScript
- Use Case: General secure email with good usability
- Security Level: High
2. Tutanota:
- Advantages: Full encryption, open source client
- Disadvantages: Limited third-party client support
- Use Case: Maximum encryption with calendar integration
- Security Level: High
3. Guerrilla Mail:
- Advantages: Temporary email, no registration required
- Disadvantages: No encryption, temporary nature
- Use Case: Disposable email for account registration
- Security Level: Low (anonymity only)
4. Cock.li:
- Advantages: Anonymous registration, Tor-friendly
- Disadvantages: Reliability concerns, limited features
- Use Case: Anonymous email with minimal requirements
- Security Level: Medium
5. Self-Hosted Email:
- Advantages: Complete control, custom security
- Disadvantages: Technical complexity, maintenance burden
- Use Case: Maximum control and customization
- Security Level: Maximum (when properly configured)
Anonymous Email Account Creation
Account Registration Security
Anonymous Account Setup Procedures:
Anonymous Email Account Creation:
1. Network Anonymity:
- Use Tor Browser for account registration
- Connect from public WiFi locations
- Use different exit nodes for different accounts
- Avoid patterns in registration timing and location
2. Identity Protection:
- Use temporary or anonymous contact information
- Provide minimal required information only
- Use password managers for unique, strong passwords
- Enable two-factor authentication with anonymous methods
3. Payment Security (for paid services):
- Use cryptocurrency for anonymous payments
- Purchase prepaid cards with cash
- Use gift cards obtained anonymously
- Avoid linking to personal financial accounts
4. Account Verification:
- Use anonymous phone numbers for SMS verification
- Use temporary email addresses for email verification
- Avoid social media or identity verification
- Complete verification from same anonymous network
Multiple Account Management
Account Compartmentalization Strategy:
Email Account Compartmentalization:
1. Role-Based Accounts:
- Personal/cover identity accounts
- Research and intelligence gathering accounts
- Operational communication accounts
- Emergency and backup accounts
2. Account Isolation:
- Different email providers for different roles
- Separate devices or browser profiles for each account
- Different network access methods for each account
- Independent password and security management
3. Account Rotation:
- Regular account replacement and renewal
- Secure migration of important communications
- Proper disposal of obsolete accounts
- Documentation of account lifecycle and usage
4. Cross-Contamination Prevention:
- Never link accounts to each other
- Avoid similar usernames or patterns
- Use different writing styles and languages
- Maintain separate contact lists and communications
Email Encryption and Security
PGP/GPG Email Encryption
Email Encryption Setup:
# GPG key generation for email encryption
gpg --full-generate-key
# Select key type: RSA and RSA (default)
# Key size: 4096 bits
# Key expiration: 2 years (recommended)
# Real name: Use operational pseudonym
# Email: Use secure email address
# Passphrase: Strong, unique passphrase
# Export public key for sharing
gpg --armor --export user@example.com > public_key.asc
# Import recipient's public key
gpg --import recipient_public_key.asc
# Encrypt email message
echo "Secret message" | gpg --armor --encrypt --recipient recipient@example.com
# Decrypt received message
gpg --decrypt encrypted_message.asc
Thunderbird with Enigmail Configuration:
Thunderbird Email Security Setup:
1. Thunderbird Installation:
- Download from official Mozilla website
- Verify download integrity and signatures
- Install with minimal permissions and features
- Configure for maximum privacy and security
2. Account Configuration:
- Use secure email provider settings
- Enable SSL/TLS for all connections
- Disable automatic content loading
- Configure secure authentication methods
3. Enigmail/OpenPGP Integration:
- Install Enigmail extension or use built-in OpenPGP
- Import or generate PGP keys
- Configure automatic encryption and signing
- Test encryption with trusted contacts
4. Security Hardening:
- Disable remote content and tracking
- Configure secure deletion of messages
- Enable message encryption by default
- Regular backup of keys and configuration
Email Operational Security
Secure Email Practices:
Email OpSec Procedures:
1. Message Security:
- Encrypt all sensitive email messages
- Use coded language even in encrypted messages
- Avoid specific names, dates, and locations
- Implement message retention and deletion policies
2. Attachment Security:
- Encrypt all email attachments separately
- Remove metadata from attached files
- Use secure file formats and avoid executables
- Verify attachment integrity and authenticity
3. Communication Protocols:
- Establish secure communication procedures with contacts
- Use predetermined code words and phrases
- Implement message authentication and verification
- Plan for emergency communication procedures
4. Account Security:
- Regular password changes and security updates
- Monitor account activity for suspicious behavior
- Use secure devices and networks for email access
- Implement account backup and recovery procedures
Temporary and Disposable Email
Disposable Email Services
Temporary Email Usage:
Disposable Email Services:
1. Guerrilla Mail:
- No registration required
- Temporary inbox with configurable duration
- Basic spam filtering and security
- Tor-friendly access and usage
2. 10 Minute Mail:
- Automatic expiration after 10 minutes
- Extendable duration if needed
- No registration or personal information
- Good for one-time account verification
3. TempMail:
- Multiple domain options
- Mobile app availability
- Basic security features
- API access for automation
4. ProtonMail Aliases:
- Temporary aliases for ProtonMail accounts
- Full encryption and security features
- Integrated with main account management
- Professional appearance and reliability
Automated Email Management
Email Automation and Filtering:
# Email filtering and automation scripts
# Automatic email deletion script
#!/bin/bash
# Delete emails older than 30 days
find ~/Mail -name "*.eml" -mtime +30 -delete
# Encrypted email backup script
#!/bin/bash
# Backup and encrypt email archive
tar -czf email_backup.tar.gz ~/Mail
gpg --cipher-algo AES256 --compress-algo 1 --s2k-mode 3 \
--s2k-digest-algo SHA512 --s2k-count 65536 --symmetric \
--output email_backup.tar.gz.gpg email_backup.tar.gz
rm email_backup.tar.gz
# Email security monitoring script
#!/bin/bash
# Monitor for suspicious email activity
grep -i "failed login" /var/log/mail.log | tail -10
Self-Hosted Email Security
Mail Server Setup and Hardening
Secure Mail Server Configuration:
# Basic mail server security setup (Postfix + Dovecot)
# Install mail server components
sudo apt update
sudo apt install postfix dovecot-imapd dovecot-pop3d
# Configure Postfix for security
sudo postconf -e 'smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem'
sudo postconf -e 'smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key'
sudo postconf -e 'smtpd_use_tls=yes'
sudo postconf -e 'smtpd_tls_security_level=may'
sudo postconf -e 'smtp_tls_security_level=may'
# Configure authentication and security
sudo postconf -e 'smtpd_sasl_auth_enable=yes'
sudo postconf -e 'smtpd_sasl_security_options=noanonymous'
sudo postconf -e 'smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
# Enable and start services
sudo systemctl enable postfix dovecot
sudo systemctl start postfix dovecot
Email Server Security Hardening:
Mail Server Security Checklist:
□ Enable SSL/TLS encryption for all connections
□ Configure strong authentication mechanisms
□ Implement spam and malware filtering
□ Set up proper DNS records (SPF, DKIM, DMARC)
□ Configure firewall rules for mail services
□ Enable logging and monitoring
□ Implement backup and recovery procedures
□ Regular security updates and maintenance
Email Security Layering
Effective email security requires multiple layers including secure providers, encryption, operational security, and proper account management. No single measure provides complete protection against all email-based threats.
Section 7-6: Digital Footprint Minimization
Overview
Digital footprint minimization involves reducing and managing the traces of online activity that can be used for surveillance, profiling, and tracking. Every online interaction creates data that can be collected, analyzed, and used to build detailed profiles of individuals and their activities. This section provides comprehensive strategies for minimizing digital exposure while maintaining operational effectiveness.
Digital Footprint Assessment
Types of Digital Traces
Digital Footprint Categories:
Digital Trace Classification:
1. Active Digital Footprints:
- Social media posts and interactions
- Email communications and subscriptions
- Online purchases and financial transactions
- Website registrations and account creation
2. Passive Digital Footprints:
- Website visit logs and tracking cookies
- Search engine queries and results
- Location data from mobile devices
- Network traffic and connection logs
3. Behavioral Digital Footprints:
- Typing patterns and linguistic analysis
- Mouse movement and click patterns
- Application usage and timing patterns
- Device and browser fingerprinting
4. Metadata Digital Footprints:
- File creation and modification timestamps
- Image EXIF data and location information
- Document metadata and version history
- Communication timing and frequency patterns
Footprint Discovery and Analysis
Digital Footprint Audit Procedures:
# Digital footprint discovery tools and techniques
# Search for personal information online
# Use search engines with your name and associated information
google_search() {
echo "Searching for: $1"
curl -s "https://www.google.com/search?q=$1" | grep -o '<h3.*</h3>'
}
# Check data broker sites
# Use services like Have I Been Pwned to check for data breaches
check_breaches() {
curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/$1" \
-H "hibp-api-key: YOUR_API_KEY"
}
# Reverse image search for profile photos
# Use TinEye or Google Images to find where images appear
# Check social media presence across platforms
# Use tools like Sherlock to find usernames across platforms
python3 sherlock.py username
# DNS and WHOIS lookups for owned domains
whois example.com
dig example.com ANY
Data Minimization Strategies
Information Reduction Techniques
Data Minimization Framework:
Data Reduction Strategies:
1. Account Consolidation and Deletion:
- Identify and catalog all online accounts
- Delete unnecessary and obsolete accounts
- Consolidate similar services and accounts
- Implement regular account review and cleanup
2. Information Sanitization:
- Remove personal information from public profiles
- Delete historical posts and content
- Clear search and browsing history
- Remove metadata from files and documents
3. Service Substitution:
- Replace tracking services with privacy-focused alternatives
- Use anonymous services where possible
- Implement self-hosted solutions for critical services
- Reduce dependency on data-collecting platforms
4. Communication Minimization:
- Reduce email subscriptions and newsletters
- Limit social media interactions and posts
- Use ephemeral communication methods
- Implement communication retention policies
Privacy-Focused Service Alternatives
Service Replacement Matrix:
Privacy Service Alternatives:
Service Type | Standard Option | Privacy Alternative | Security Level
--------------------|-----------------|--------------------|-----------------
Search Engine | Google | DuckDuckGo/Searx | High
Email Service | Gmail | ProtonMail/Tutanota| High
Cloud Storage | Google Drive | Mega/Tresorit | Medium-High
Maps/Navigation | Google Maps | OpenStreetMap | Medium
Social Media | Facebook | Mastodon/Diaspora | Medium
Video Platform | YouTube | PeerTube/Odysee | Medium
Messaging | WhatsApp | Signal/Session | High
Web Browser | Chrome | Firefox/Tor Browser| High
Operating System | Windows | Linux/Tails | High
Online Presence Management
Identity Compartmentalization
Digital Identity Separation:
Identity Management Strategy:
1. Personal Identity:
- Real name and authentic information
- Normal social media and online presence
- Standard privacy settings and practices
- Minimal operational security measures
2. Professional Identity:
- Work-related accounts and profiles
- Industry-specific social media presence
- Professional networking and communications
- Enhanced privacy settings and awareness
3. Research Identity:
- Anonymous or pseudonymous accounts
- Privacy-focused services and tools
- Enhanced operational security measures
- Compartmentalized from other identities
4. Operational Identity:
- Completely anonymous accounts and services
- Maximum security and privacy measures
- Ephemeral and disposable accounts
- No connection to other identities
Content Management and Curation
Digital Content Strategy:
Content Management Procedures:
1. Content Creation:
- Consider long-term implications of all content
- Remove identifying information and metadata
- Use generic language and avoid unique phrases
- Implement content review and approval processes
2. Content Distribution:
- Control content sharing and redistribution
- Use appropriate platforms for different content types
- Implement access controls and permissions
- Monitor content usage and sharing
3. Content Maintenance:
- Regular review and update of published content
- Remove outdated or compromising content
- Update privacy settings and access controls
- Archive important content securely
4. Content Deletion:
- Implement secure deletion procedures
- Verify content removal from all platforms
- Consider cached and archived versions
- Document deletion for compliance and security
Technical Footprint Reduction
Browser and Device Configuration
Technical Privacy Hardening:
// Browser privacy configuration
// Disable tracking and fingerprinting vectors
// Firefox privacy settings
user_pref("privacy.trackingprotection.enabled", true);
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.resistFingerprinting", true);
user_pref("privacy.firstparty.isolate", true);
// Disable WebRTC IP leaks
user_pref("media.peerconnection.enabled", false);
// Disable geolocation
user_pref("geo.enabled", false);
// Disable battery API
user_pref("dom.battery.enabled", false);
// Clear data on shutdown
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("privacy.clearOnShutdown.cache", true);
user_pref("privacy.clearOnShutdown.cookies", true);
user_pref("privacy.clearOnShutdown.history", true);
Network-Level Privacy
Network Privacy Configuration:
# Network privacy and anonymity measures
# MAC address randomization (Linux)
sudo macchanger -r wlan0
# DNS privacy configuration
# Use DNS over HTTPS or DNS over TLS
echo "nameserver 1.1.1.1" | sudo tee /etc/resolv.conf
echo "nameserver 1.0.0.1" | sudo tee -a /etc/resolv.conf
# Firewall configuration for privacy
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw enable
# Disable IPv6 if not needed (can leak information)
echo "net.ipv6.conf.all.disable_ipv6 = 1" | sudo tee -a /etc/sysctl.conf
Monitoring and Maintenance
Digital Footprint Monitoring
Ongoing Footprint Assessment:
# Automated digital footprint monitoring
# Google Alerts for name and associated information
# Set up alerts for your name, usernames, and associated information
# Regular search engine monitoring
monitor_footprint() {
SEARCH_TERMS=("your name" "username" "email address")
for term in "${SEARCH_TERMS[@]}"; do
echo "Searching for: $term"
# Perform searches and log results
curl -s "https://www.google.com/search?q=$term" > "search_results_$(date +%Y%m%d).html"
done
}
# Data breach monitoring
check_breaches_automated() {
EMAIL_ADDRESSES=("email1@example.com" "email2@example.com")
for email in "${EMAIL_ADDRESSES[@]}"; do
echo "Checking breaches for: $email"
# Check Have I Been Pwned API
curl -s "https://haveibeenpwned.com/api/v3/breachedaccount/$email"
done
}
# Social media monitoring
monitor_social_media() {
# Use tools like Social Searcher or mention.com
# Monitor for mentions across social media platforms
echo "Monitoring social media mentions..."
}
Cleanup and Maintenance Procedures
Regular Maintenance Tasks:
Digital Hygiene Maintenance Schedule:
1. Weekly Tasks:
- Clear browser data and cookies
- Review and delete unnecessary files
- Check privacy settings on active accounts
- Monitor for new digital traces
2. Monthly Tasks:
- Comprehensive search engine footprint check
- Review and update account privacy settings
- Delete obsolete accounts and services
- Update passwords and security settings
3. Quarterly Tasks:
- Complete digital footprint audit
- Review and update privacy policies
- Assess new services and privacy implications
- Update security tools and configurations
4. Annual Tasks:
- Comprehensive security and privacy review
- Update threat model and risk assessment
- Review and update operational procedures
- Plan for emerging threats and technologies
Legal and Compliance Considerations
Data Protection Rights
Privacy Rights and Regulations:
Data Protection Framework:
1. GDPR Rights (EU):
- Right to access personal data
- Right to rectification of inaccurate data
- Right to erasure ("right to be forgotten")
- Right to data portability
2. CCPA Rights (California):
- Right to know about personal information collection
- Right to delete personal information
- Right to opt-out of sale of personal information
- Right to non-discrimination for exercising rights
3. Data Subject Requests:
- Submit formal data deletion requests
- Request copies of collected personal data
- Challenge inaccurate or outdated information
- Monitor compliance with deletion requests
4. Legal Documentation:
- Document all data protection requests
- Maintain records of compliance efforts
- Consider legal representation for complex cases
- Understand limitations and exceptions
Footprint Minimization Benefits
Digital footprint minimization significantly reduces surveillance exposure and protects privacy, but requires ongoing effort and vigilance. Complete elimination of digital traces is impossible in modern society, so focus on reducing the most sensitive and identifying information.
Chapter Summary
Chapter 7 has provided comprehensive guidance for maintaining digital hygiene and privacy in resistance operations:
Section 7-1 covered browser security configuration including Tor Browser setup, Firefox hardening, and operational security procedures.
Section 7-2 detailed search engine privacy strategies including alternative search engines, anonymous search procedures, and research methodology.
Section 7-3 explained VPN and Tor usage including service selection, configuration, and advanced anonymity techniques.
Section 7-4 covered social media operational security including platform analysis, anonymous usage, and crisis communication procedures.
Section 7-5 detailed email security including secure providers, encryption, anonymous accounts, and self-hosted solutions.
Section 7-6 provided digital footprint minimization strategies including assessment, reduction techniques, and ongoing monitoring.
Implementation Strategy
For resistance networks implementing digital hygiene:
- Start with Browser Security: Implement secure browser configuration and usage procedures
- Add Search Privacy: Deploy privacy-focused search engines and research methodology
- Implement Network Anonymity: Configure VPN and Tor for network-level protection
- Secure Communications: Establish secure email and minimize social media exposure
- Monitor and Maintain: Implement ongoing digital footprint monitoring and reduction
Integration with Operational Procedures
The digital hygiene practices covered in this chapter provide the foundation for the operational procedures covered in Chapter 8. Proper digital hygiene is essential for maintaining security throughout all resistance activities.