Skip to content

Security training: Targeted Activists versus Random Assholes

Jump to bottom
Kelly edited this page Nov 2, 2017 · 4 revisions

WikiSecurity culturePersona-based training matrixSecurity training: Targeted Activists versus Random Assholes

How to use this persona-based threat modeling matrix:

  1. You are a "defender" (a given row). Find yourself there.
  2. Your concern(s) map to a given "attacker" (a given column). Find your attacker.
  3. Find the cell at which these two personas intersect. Everything listed in the cells above and to the left of your cell applies to you, too.
  4. Start at the top-left cell and read the advice from left-to-right, top-to-bottom, until you reach your cell. Then stop worrying. :)
Attackers
Random Assholes Assholes with Resources The State
Defenders Individuals Individuals vs Random Assholes Individuals vs Assholes with Resources Individuals vs The State
Organizers and Journalists Organizers & Journalists vs Random Assholes Organizers & Journalists vs Assholes with Resources Organizers & Journalists vs The State
Targeted Activists Targeted Activists vs Random Assholes Targeted Activists vs Assholes with Resources Targeted Activists vs The State

Targeted Activists versus Random Assholes

Prerequisites

Before you dive too deeply into this practice material, you should first explore the following lower-hanging fruit in the following order:

  1. Security training: Individuals versus Random Assholes
  2. Security training: Organizers and Journalists versus Random Assholes

Practices

  • Use a data broker scrubbing service. They cost money, which sucks, but if you are busy and stressed out you may not be able to go through the arduous process of really thoroughly opting out of every data broker. The best service we can recommend is Privacy Duck, which is a reasonably ethical company that activists we know have had good experiences with. Reach out to your community (especially to privileged allies) for financial support. You deserve it.
  • If you have to mobilize people on major social networks like Facebook and Twitter, lock down your accounts and use separate activism accounts whenever possible. If you have a personal / family Facebook account, note that Facebook will expose your family connections and often photos, so make sure that you lock it down or ideally get off Facebook entirely.
  • Don't work under your legal / government name. For many activists, it's too late for this, but if your name is not widely publicized yet, working under a name which is not your government name will make it much harder to find information about you in data brokers. Even just altering the spelling of your name or adding a false middle name or initial can help (this may be easier than a full-on name change if your trust network already knows your name and changing it would be problematic).
  • Don't put your birthday on the public internet. If you have a common name, your birthday is a great way to verify that data broker information is in fact you. Consistently using a false birthday or using random birthdays on social media can help make it harder to pinpoint you in data brokers.
  • Compartmentalize your identity. This takes some creativity and diligence, but doing everything you can to keep your activism identity separate from your professional and personal identities will make it harder for attackers to get at you and the people you love.
    • Alter your name and birth date consistently or use a separate but consistent social media handle for activism work.
    • Use a separate email for high risk activism work. Although this can be a hassle to keep up, it is safer. You can use SMTP to send and receive email from several addresses all from one account. This is not currently possible with encrypted email, but is a useful convenience for unencrypted email. Be careful though, because some email providers (like gmail) will still show the address you're sending from which can lead to cross-contaminating your identities. Make sure you use an email service that will not do this. 🚧 TK-TODO: do we have recommendations for email services like this?
    • Not everyone has the logistical capacity to separate your friends, family, fellow activists, and co-workers, especially because there is often overlap between these groups. Pick the connection that is the most high-risk for you (Want to protect your kids? Need to keep your activism secret from your employer?) and focus on separating those two identities.

The NYC chapter of the Anarcho-Tech Collective provides technological and digital infrastructure support services to anti-fascist, anti-racist, and anti-capitalist organizations in New York City. See our Activities and events page for details. Read our Welcome guides to get involved.

We appreciate your support to help us do what we do. If you have the means, please donate BitCoin to 17ByVbkM6mf7bytqWRFwzjqradBkmVh4Tr.

Found an error in these pages? Please let us know by submitting a new issue ticket.

Clone this wiki locally