About:

This section serves as a general outline of Opsec & Tech References. Everything related to these categories should exist here. If something is missing, feel free to add it here. It’s a living, breathing shared space.

Web/Squarespace Development:

Are you new to using Squarespace? Perfect! We have a sandbox set up specifically for you to trial learning in a safe environment that does not involve creating live pages. Follow the link >>HERE<< to access your playground. Just make sure to clean up after you’re done. If you have any questions about Squarespace, reach out to someone on the Slack Tech Committee or Mutual Aid Discord for help.

Opsec & Protest Safety:

There are great resources available to manage your general safety in public spaces. It’s best to avoid getting tech information from social media. Short-form content leads to sensationalist trash that provides little information on solving the technical problems you will face in protests or online. While we share most of our common spaces online now, it’s important to remember that this is not a “friendly space”. Anything worth risk requires trust, and anything that requires trust with action should be talked about in person, with no phones or notes. With that in mind, here are reputable references to material that will guide you through best practices.

• VPN’s that respect your privacy:

  • Mullvad

  • Riseup

• Chat/Bridges

  • Signal

  • Matrix

• Email Services

  • Proton

  • Riseup

• Private Browsing

  • Tor / TailsOS (Tails requires a Flash Drive)

  • I2P (Invisible Internet Project/MeshNetwork)

• Security Practices and Culture

  • Electronic Frontier Foundation

  • EFF: Guide to protest safety

  • EFF: Guide to social media

  • EFF: Understanding Fingerprinting

  • Burner Phone Best Practices

  • Is S/He an informant?

  • If the FBI approaches you to become an informant

  • No Trace / The Briarthorn OpSec Guide

  • Security Culture: A Handbook for Activists

• Adblocker

  • UBlock Origin

  • PiHole (requires a Raspberry Pi or some other small form [Ideally low powered], linux system and some understanding of hosting your own DNS.] )

• XSS protection

  • NoScript - This is useful for those who want to be explicit about what JavaScript is being loaded in your browser.

• General Browser tools

  • Firefox Containers

• Anti-Malware

  • MalwareBytes (Don’t pay for it and delete it after)

  • Disable WSH if you don’t need it on your home machine. A lot of Infostealer campaigns rely on you running some form of .vbs/.js/whatever and use WSH to exploit things in Windows. If you need to re-enable it, it’s easy to look up and do.

  • If you’re a Windows or Mac user and you're being asked to enter something into the Command Prompt by a friend or a web page, don’t. If you’re unsure, ask someone on the Discord server or on the tech committee Slack. We’re here to help each other be safe, even outside of an activist context. Use the sites below to check if a file or website is malicious or unsafe.

  • urlscan.io

  • VirusTotal - An online filescanner that checks against multiple Antivirus. Used for smaller individual files.

  • Any.run - requires a business email (Not outlook/gmail/so on). If you feel a file could be malware but is not popping positive on virus total, reach out to Readdesert on Slack or Discord to check it.

• Operating System Alternatives

  • Linux (easy to use/learn ones)

    • Debian

    • Ubuntu (sometimes best if you have realtek drivers)

  • Graphene OS (For google pixel phones)

  • Qubes-OS