Opsec for Noobs
Protecting your identity is crucial to ensure that leftists cannot dox you. When I refer to 'leftists', I refer to two factions: the security state (the three letter agencies) and antifa. I refer to both as leftists because they are both part of the same overarching occupational class. They both believe in Saint George Floyd and demand your pregnant wife should get the vaccine or you'll be accused of heresy.
We have seen this regime will use anything that you type that even questions their believe system to get you fired, destroy your reputation, or worse. This poast offers some ways to defend yourself against that.
It's important to know that when it comes to the security state, they have highly sophisticated methods to identify who you are. The measures they can take are more far-reaching than we'll probably ever know. If they want to find out who you are, they can.
When it comes to antifa, there are bad actors who are tracking the pages of anons for years, itching for you to release anything that can be seen as Personally Identifiable Information (PII) that they can tie together to piece together who you are.
There are probably other actors at play that we are not yet aware of.
In this article I will primarily suggest ways to not be low hanging fruit. It will range from common sense practices to what kind of information, if any, you should reveal to anyone online, to more advanced tactics like always using a VPN and preventing your iPhone from being a listening device. I will also discuss the topic of making frends online, and if and when it is ever okay to reveal information about yourself to them.
For those new to practicing OPSEC, let's get a definition out of the way. Wikipedia defines it pretty well:
Operations security (OPSEC) is a process that identifies critical information to determine if friendly actions can be observed by enemy intelligence, determines if information obtained by adversaries could be interpreted to be useful to them, and then executes selected measures that eliminate or reduce adversary exploitation of friendly critical information.
A few things worth noting before I begin:
I don't work in cryptography or have a background in privacy. However, I am someone who is extremely protective of their privacy who regularly reads about privacy practices, and have been preparing for a digital Red Scare for 3+ years.
There is a Golden Rule that must be maintained: The “Big Tech” companies should not be trusted; you should stay as far away from them as possible. They are run by shitlibs, and shitlibs should never be trusted. Yes, Apple may have turned down NSA requests but they also banned Parler from the App Store. Yes, WhatsApp runs on Signal's technology but you also can't use WhatsApp without them sharing your location data with Facebook. Take all of their claims about protecting your privacy with extreme skepticism. These companies are being used by our enemies to disseminate propaganda and they do not care about your privacy.
The tactics I recommend range from common sense practices to extreme precautions. Some recommendations require diligence and some require the sacrifice of digital luxuries (i.e., no more 'Sign in with Google'). Some recommendations require your time and organization. Apply what makes the most sense to you and helps you fall sleep easier.
This post is divided between basic data security, using a safe browser, not letting your phone spy on you and OPSEC, identity protection & not giving tech platforms any leverage against you. Some topics will overlap. I recommend incorporating the principles from both.
I operate under one assumption which sounded insane to my friends in 2020 but now seems very realistic: Big Tech companies will eventually start doxing their customers. If you use their platforms, they legally own your data. It isn't yours. Their employees hate you and you are allowing them to know many things about you. They can very easily destroy you. Whether or not they will act on this isn't the point. The point is to create a digital forcefield around yourself to protect you from shitlibs who want you dead.
This poast is intended for shitpoasters who don't want their lives destroyed by shitlibs for making obvious observations about reality. If you're looking to do things on Tor that are illegal, etc. I can't help you there.
*I use Apple products, so Android users will have to apply these principles to their devices.
Let's get down to it.
Above All: NEVER reveal information about yourself, publicly, on your anonymous account. By publicly, I mean poasting it on your timeline. Whether or not you decide to reveal information about yourself in DM's with frens is another topic entirely which I will cover in this poast.
NEVER overlap content from different platforms. Do not post the same content in your real life account that you poast in your anonymous account. This the main way we've seen people get doxed.
In general, having a real name account online should be used FOR OpSec reasons. In our world, not having a Facebook or Instagram is so rare that is can be considered suspect. Evidence of strong OpSec is that the people in your life think you are a normie and don't know your political opinions. Having a 'normie' real life account is one way to do that. Poast pictures of vacations, nights out with friends, food, etc. to make yourself blend in with the crowd. It is very rare that poasting something dissident under your real name is a good idea.
I'll make this short and sweet. If you insist on keeping it, then carefully comb through all of your comments and captions on your pictures. Look for anything that might be deemed offensive by the most ruthless of shitlibs and immediately delete them. Yes, this might take many hours, but it is necessary work. Platforms that require you to share your identity, like Facebook, have the highest amount of risk. Apply this principle to Instagram as well.
Twitter requires you to share a phone number and email address with them. Under no circumstances should you give them your real phone number or an email address that can easily be traced to your identity (such as email@example.com).
You also shouldn't give Twitter an email address that you use for services that are tied to your identity, like Amazon or your doctor's office. If you already gave them a real phone number or a standard email address, it's very likely already stored in their change logs. An extreme and precautionary move would be to delete that account and create a new one. If that's too extreme, there are other options.
Here are a few ways to protect your identity on Twitter:
If your handle, bio, or avi in the past had your real name, or any information that could be linked to your identity, delete your account and start fresh. We've seen people doxed by making this mistake. Antifa is archiving accounts more than we know. It is easy for them to search replies to your old handle and collect information from it.
Your handle, bio and avi should contain no information that can be linked to you.
Your Phone Number
One option is to get a Google Voice number. Yes, Google Voice requires you to link it to a real number and yes, we are violating the Golden Rule but this is a less risky option than handing over your real phone number as it's one extra step they would need to take in order for a rogue shitlib at Twitter to find out who you are.
A very secure option is to get a burner phone and pay for it with cash. You can walk into Best Buy/Target and get a Tracfone for less than $40. It comes with preinstalled apps like Facebook and others that you can't delete, but the point is that the phone number cannot be linked to you. To be extremely careful, keep your real phone at home while you buy the phone to eliminate risk of location tracking.
- Don't use Gmail, Yahoo, Outlook or any of the big tech platform's email services. More on that later. For now, create a ProtonMail account. It's a fully encrypted email platform and their primary focus is user privacy. Choose a username that cannot be linked to you. Use a VPN while you create the account.
- Create a ProtonMail email address that you will use on platforms that you don't want traced back to you. Never use this email for services linked to your real identity. Ideally, you can create a different ProtonMail email for each sensitive platform, but that can be hard to keep up with.
This is obvious, and should be taken extremely seriously: never facedox. If you facedox and antifa beats the shit out of you or your bank freezes your account then you have no one to blame but yourself. To state the obvious again, never post a picture of yourself and never ever reveal your real name (first, middle or last). And don't post ½ selfies either bycovering up half your face with an emoji over it. I've been seeing this a lot lately, particularly by men who want to poast fizeeq, and it's not smart. You're gambling with your life. Don't fuck around. If you want to poast physique and completely cover your face, that's less risky. Make sure to cover up tattoos if you have them, but even revealing where you have tattoos is doxable info. Regardless, poasting fizeeq is revealing your height and weight and is still PII.
Post nothing about yourself that can be easily linked to your locatation. If decide to expose to everyone that you are Norwegian, that's not a tremendous risk, as there are millions of Norwegians for them to sift through. It is still PII, nonetheless, and should be avoided. However, if you post that you're Norwegian and you're in Chicago right now, that narrows it down a bit more but it's still pretty difficult. If you post that you went to a specific restaurant in Chicago on a specific day with your girlfriend, now that's something they can work with. You get the point.
You should avoid telling anyone in your “real life” about your anon account. If you decide to share it with someone then there should be extremely strict requirements such as: you are 100% positive they are completely redpilled, they are not susceptible to leftist propaganda, they are a solid person and not the type to have a “moral revelation.” I also highly recommend you make sure they are woke to the WQ, the JQ and are willing to type the gamer word online, at a minimum. If your frend is not woke to the WQ, he is likely the type to 'tell his wife everything', and you should not tell him about your anon account.
Even if you are not overlapping content, scan through your tweets and ask yourself “Is there anything in my tweets that can be tied to anything public about me?” Again, this can take a while, but it's necessary work. Spend 30 minutes a day doing this until you've gotten through it all.
If you're feeling nervous about how risky some of your old tweets may have been, you can use tweetdelete.net and ensure they self-destruct after a set period of time. You can also nuke all of your likes there. Remember, people have lost their jobs over liking the wrong tweet. In general, there is no benefit to you to keep all tweets alive. If you have a very big account with epic takes that people go back and reference and you prefer to keep them alive then you should apply the more extreme precautions in this thread to practice strong opsec.
You should also check Archive.org to see if your tweets are being archived by someone. If they are, and you're uncomfortable with information you've revealed about yourself publicly on that account, I recommend deleting & re-spawning with a new account.
Making frends on Twitter dot com
I believe the most important part of using this site is making friends. If you are just shitpoasting into the abyss and not relating to people one on one about the experience of living under the current regime, it is not a particularly rewarding experience.
I am proud to say I've made many frends on this site, some of whom I trust more than irl frends I've known my whole life. That being said, what you reveal about yourself to them should be done with extreme precaution and should be done if and only if you have established trust with them. You should not reveal information off-the-cuff. Get to know them for a while, dissect their account physiognomy. Test them to see which ideas and topics they are comfortable talking about. I generally recommend not sharing information with anyone who shows any sympathy to leftism. If they are spiritually a leftist, they are not on firm ground and generally should be avoided.
If you do decide to share information with them, do it off-platform so it isn't stored on Twitter's servers. We know nothing about what Twitter does with DM's. It is highly likely that they are stored in the cloud forever and could be easily searched, and we know what types of employees work there. If you decide to share information about yourself, recommend they jump on Telegram or Keybase and discuss there. Remember, Signal shares your phone number, so only use Signal with another anon if you have bought a burner phone.
Meeting online friends irl. This is, in my opinion, the ideal scenario from a friendship perspective. Having frends irl is vastly more rewarding than being online only. That being said, this is the 'final boss' of good OpSec and I only recommend doing this if you've been talking to them for at least a year, can proudly say you know them very well, and are absolutely positive they are not a bad actor. When in doubt, trust your gut.
I have many racist memes on my phone. Wat do?
Adhering to the first principle, keeping your personal photos and / or racist memes on Apple and Google servers is a bad idea. A racist meme is just as risky as a racist text. If you have memes that can slightly be interpreted as racist (who would do such a thing?) and you have them stored on Apple's servers then yes, then you are technically dancing with the devil. Yes, this sounds extreme because there aren't reports of Apple telling the world what a certain individual has on their iPhone. But at this point, would you be surprised if they did it to Drumpf?
To adhere to the Golden Rule, download your photos off of their cloud and onto an external hard drive. Yes, Google Photos categorizes your photos oh so well. Don't you just love scrolling back to that trip in Amsterdam when you banged your Airbnb hostess? Maybe you do and so do I, but who cares. You look back at old photos maybe twice a year anyway. It’s not worth your livelihood.
Again, I know it sounds extreme to think that Apple will dox their customers. But Twitter just banned the President of the United States. I repeat: do not put your life and safety in the hands of the Big Tech companies.
After you put your photos onto a hard drive, put them on a very safe cloud server that prioritizes privacy. If you can build your own server, PrivacyTools.IO has some suggestions. If not, Proton has a cloud product in beta now and some email users have been given access.
To abide by the first principle, you should stop using iMessage and WhatsApp or use it only when necessary. Download Signal, Telegram or Keybase and start asking your friends to try them out. All of them are focused on privacy and have features that cause your messages to self-destruct after a period of time that you decide. Signal is my preferred app of choice. Urbit is another more extreme option, but it requires a bit of technical knowledge.
Of course, you’re not going to convince all of your friends and family to jump onto these encrypted apps that they never heard of (especially boomers). That being said, now is the best time to push for it, as Elon Musk has recently promoted Signal and it's the #1 downloaded free app on the App Store as of when this post was first published.
If and when you do use iMessage or WhatsApp, be very mindful of what you talk about there. If people bring up politics, don't engage, just say “hey sorry, you gotta watch what you say these days, happy to talk on other apps that are more protective over privacy if you don’t mind”. Ideally you won't type that and will say it in person, but it may not be an option and not replying can be awkward. This is ideal because in an extreme scenario, you can now be accused of having “something to hide.” Remember, our enemies don't have to make sense. It's always who/whom.
Handling Multiple Platforms
Ideally, you will have a different username across all of your anonymous profiles. If they're coming after User X, and User X is called “SaintFloyd” on Twitter and Gab, now they can find all of SaintFloyd's content in just a few clicks. A different username gives them more work to do. However, if you have a large following then it makes sense why you would want to keep your brand and not start from scratch. This is a best practice.
Your Alexa, Echo, Ring & Google Home Should Be Trashed & Ovened
This is stating the obvious, but if you own an Alexa, Echo or Google Home then you are willingly allowing Amazon and Google to bug your house and record everything that's going on in there. Yes, they can listen to you fuck. Yes, if you bring it in the bathroom then they are recording the kerplunk sounds as you take a shit. There is no reason to own these products.
As soon as you say “Alexa”, it starts recording. If you already own one, you can download to your Alexa archive to listen exactly what they've recorded. After that, you should go to DuckDuckGo (rarely use Google for searching anything, more on that in a future post) and search for “How to wipe my data from Alexa” and then throw it in the trash. There are many good articles on how to do wipe your data from these products. Rinse and repeat this process for your Echo and Google Home.
Amazon also owns Ring. Ring stores everything it records and can send the recordings to precincts and federal agencies. To learn more about the shady stuff Ring does and what Amazon wants to do long-term, search for “Amazon Sidewalk.” There are better (and less creepy) security camera alternatives.
Yes, it's very easy (and honestly, pretty cool) to just tell Alexa to buy your groceries then and it shows up the next day. Well, the old saying about 'if something is too good to be true' applies here. If you're comfortable with letting random pajeets at Amazon listen to what's going on your home then you are making yourself very vulnerable and don't care much about your privacy. It's also disrespectful to other people who enter your home. Imagine if when you walked into a friend's house his wife just started following you around and recording everything you were talking about (assuming her husband gave her permission to use an electronic device, of course). Anyway, just jump on your laptop and do it yourself. It isn't worth it.
Hide Your Financial Transactions
If you use a credit card for everything then it's not only possible to know what kind of things you purchase and what your habits are, but where you are, where you've been and when. Of course, the best way to avoid this is to use cold hard cash as much as you can. If you're a points/miles addict, then only use your card for the big purchases where you will get 3x+ the value in points/miles and you are comfortable with this purchasing and location behavior being on the record.
What about buying things online? Privacy.com is the answer here. It creates burner credit cards for you. You can use it for a one-time purchase if you want or for a single ongoing purchase like a monthly Netflix subscription. It's tied to your bank account, but you can mask the transaction name with something random like “H&H Hardware.” It's $10/month, which is a small cost for protecting yourself with added piece of mind.
I recommend using Privacy.com especially for services that would raise a red flag for someone looking into you. Your ProtonMail account (if you upgrade), GumRoad subscriptions, and even Substack subscriptions. Remember, we now live in a world where a gay jew like Glenn Greenwald is considered a right-wing extremist; so if you donate to him then conclusions can be made about you.
*Cryptocurrency & KYC Information
You can also use crypto for purchases but I would only do that in extreme circumstances. Many platforms like PayPal accept Bitcoin but those transactions are public on the blockchain. If you purchased your Bitcoin through an exchange that requires KYC (Know Your Customer) info, then your social security number, driver's license and other information about you is associated with your purchase of Bitcoin. There are ways to wash and there are cryptocurrencies that solve for this problem (known as privacy coins) like Monero, Dash and ZCash, but this is much more extreme.
How to buy privacy coins without a trace? For my US frends, you should create a Binance.com account...NOT Binance US. Binance US requires KYC info and Binance.com does not. It will only allow you to register and log in if you are using a VPN routed outside of the US, as they are not allowed to serve people within the US. You can buy your Bitcoin on your normal exchange that requires KYC, send it to Binance.com and then buy a privacy coin. This is not full proof and there are other ways to really wash it but that's very extreme and best kept aside for another post. Having some money set aside in privacy coins is good to do just in case you need to make a transaction online that you really don't want on the record.
BASIC DATA SECURITY
Remove Trackers From Your Phone
Chances are your iPhone is tracking every step you take, collecting your behavior and creating a profile about you and selling it. On top of that, you probably have multiple apps that are allowed to turn your camera or microphone on and record you. Let's undo this immediately.
Go to Settings –> Privacy –> Location Services –> make sure all apps are set to Never or Ask. I tend to not trust “While Using” because it's unclear if the app can keep tracking you while you aren't using the app but it's still open in the background.
Settings –> Privacy –> Tracking –> Toggle off “Allow Apps to Request to Track”
Settings –> Privacy –> Microphone –> remove access from all apps
Settings –> Privacy –> Camera –> remove access from all apps
Settings –> Privacy –> Motion & Fitness –> remove “Fitness & Tracking.” This feature literally tracks every step you take and when your body moves, as long as your phone is on you.
Settings –> Privacy –> Analytics & Improvements –> remove “Share iPhone Analytics”, “Improve Siri & Dication”, and “Share iCloud Analytics”
Settings –> Privacy –> Apple Advertising –> Untoggle “Personalized Ads.” If you want to get creeped out, click “View Ad Targeting Information” and check out the profile they made about you.
Settings –> “Siri & Search” and untoggle “Listen for “Hey Siri” and Press Slide Button for Siri. This gives Apple the ability to turn your phone into a microphone. More importantly, using Siri is extremely gay.
Protect Your Passwords
Download a secure and well-known password manager LastPass or One Password. You can install it as a browser extension and it will automatically store all of your logins and passwords there. It can also import your saved passwords from your browser. Good password managers will tell you when you are using duplicate passwords on multiple sites, rank your privacy strength, and create very long complex passwords very easily.
Use A Safe Browser
If you are using Chrome: Wipe your history from it (cookies, logins, browser history), sign out, delete it from all of your devices and never download it again. The Golden Rule has been enforced. Moving on.
Firefox is historically known as very trustworthy...but they just released a blog post saying deplatforming people isn’t enough. Tremendous red flag. I stopped using them because of this.
Download Brave. Brave is designed around protecting your privacy, has a pre-installed ad blocker, wipes your history after you close the app, and makes it easy to connect to Tor.
Use a VPN
Using a VPN scrambles your IP address, plain and simple. Knowing your IP address makes it extremely easy to know where you are and then some. I prefer Proton VPN as I tend to trust Proton with all privacy related matters. They have a “Secure Core” option which guarantees you won't connect to the internet without a VPN. So if there is a connection issue with your VPN, you'll lose Wifi until it reconnects.
Use 2FA (2 Factor Authentication) for Everything
I recommend opening all of the apps on your phone that require a login, go into their Privacy settings and see if there is an option for 2 Factor Authentication. If there is, turn it on. The app will either contact you through the phone number you gave them or an email with a numerical code. You can't login without that code. They may also offer the option to download an Authentication app like Google Authenticator or Authy to receive these codes. Which should you choose? You guessed it – Authy. Why? Because Fuck Google. That's why. I recommend using authentication apps for 2FA instead of unnecessarily giving them a phone number or an email.
2FA makes it very hard for someone to hack into your accounts unless they physically have your phone on them. What happens if you lose your phone? Well one good thing about Authy is it allows you to create a security pin just to use the app. So even if someone steals your phone and opens the app, they'll need to know that pin to access the app and it's probably something they weren't expecting. Don't use the same pin that you use for your phone either. If I stole someone's phone, that would be the first code I would try.
If you get a new phone or a new phone number, it is critical to temporarily disable your 2FA during this transition. If you don't, you very well may be fucked. Some companies will let you access your account after a long process on the phone with someone in India who shits in a river and could care less. But there are also companies who will lock you out of your account permanently, so this is important to remember.
Encrypted Email Only
Applying the Golden Rule, get off of Gmail, Yahoo, Outlook, etc. and move to ProtonMail. Again, it isn't as simple as having one ProtonMail address. Tutanota is another safe and encrypted platform as well. I recommend having one that you're going to use for every day things that are inevitably connected to your identity — your bank, Amazon, etc. You are now well aware your identity is connected to that email and it should therefore NOT be used on ANY platform where you are worried about what you're posting. As mentioned in the Twitter portion of this poast, create another ProtonMail address specifically for those platforms and ideally create one per platform. ProtonMail requires a backup email, so I recommend creating a Tutanota email first and using that as the backup. It doesn't make sense to create a secure email and then using firstname.lastname@example.org as the backup.
Google yourself. What can your enemies learn?
It's crucial to remove what is publicly searchable about you. Google your real name. See what comes up and go through it meticulously. You’re going to find yourself on those shitty scraping websites that also have your age, address and phone number. ALL of them have an option for you to request to remove yourself. Do it for every single one and check to make sure they did it. Search yourself in Google Images. If you find your pictures of you then email the site and demand they take it down.
Look up old usernames you’ve used on forums. Go back into them and delete your posts.
Make your real name on Twitter private or just delete it.
Ideally, you want to get to a place where you can A) search your name and find nothing and B) search your name and with basic info about yourself (hometown, residence, job) and nothing appears.
Protect Your Money
If you buy cryptocurrency, get a hardware wallet. A Ledger or Trezor device is best. Keeping your crypto on an exchange puts you in a vulnerable position in case the exchange is hacked or if the government seizes their assets. Your crypto, and therefore your money, will be gone forever. Once your crypto is on a wallet, the crypto is yours and is your responsibility.
You won't be able to access your crypto without knowing your passcode to the device. If you forget your passcode, then you'll need to know a long string of random words that the hardware wallet assigned when the wallet was built. It's best to store these words in a physical safe. Don't leave them around your home and never share them with anyone.
Leaving all of your cash in a savings account is generally unwise. The bank can freeze your assets and in extreme scenarios they can prevent their customers from taking out withdrawals. This happened in the US during the Great Depression. The US is currently in a horrendous financial position so it's feasible to imagine this scenario happening again, as it is surely going to get worse.
I'm not suggesting to leave no cash in the bank. If you have an emergency fund set aside (at least 3-6 months of expenses), then a bank is the most sensible place to store it. You can also keep your emergency fund in a physical safe, but I only recommend that if you are well armed and have good security on your property.
You should have a good amount of cash available in your home in the case that shit hits the fan. I keep enough on me to buy two expensive international plane tickets and enough to keep me comfortable for a few weeks once I land. Yes, in my escape plan I land in a country where the dollar goes a very long way.
I won't go into investment stuff here but owning physical gold is simply another way to protect yourself. In an extreme scenario where you can't access your cash, there isn't going to be a time where a heavy, shiny gold coin (or bar) isn't going to get you something you want. Again, physical gold is best kept in a safe and readily available if push comes to shove. Goldmoney is a good company for this. You can purchase physical gold from them they store in a BRINKS vault (that's the vault where they transfer cash from the Federal Reserve to banks). You can withdraw your physical gold and have it mailed to you whenever you want.
Physical Safes & Go Bags
Having a safe in your home is important. If someone breaks into your home of if you're traveling you'll want to know the good stuff is in a place that only you can access. Many safes come with equipment that allow you to bolt it into the floor so it can't be stolen. There are lots of good articles on what makes for a great safe.
A safe is a good place to store cash, physical gold, your crypto wallet, your passport and anything else you'd want locked away and only touch when you need it. You can probably fit that Colombian girl you met at the bar at 1am who gave you the best blowjob of your life in there, but then you'll need to feed her, maybe even shower her, etc.; it might become more of a hassle then it's worth. I recommend alphawidowing her instead; it's essentially the same thing.
Lastly, I strongly recommend having a go bag and keeping it in the safe. A go bag is what you take with you before you need to flee your home or country at a moment's notice; think cash, passports, etc. I keep enough cash in my go bag to cover two expensive international plane tickets and enough to keep me comfortable for a month once I land. Yes, in my escape plan I land in a country where the dollar goes a very long way.
I have a few scenarios where I know I will need my go bag: as soon as calls for executing whites are being seriously considered, if actual domestic terrorism starts happening around the country, or if they start cancelling flights on people for insufficient wokeness. If any of those happen, I'll grab my go bag and will be gone.
I hope you found these suggestions useful.