This guide aims to be a concise overview on informationsecurity for anyone in emancipatory struggles againststructures of power. It represents assembled knowledgeand best practices from personal experience, conversationswith hackers and fellow activists, hacker conferences, anduniversity courses on computer security and cryptography.Nonetheless, the best security is sharing skills with trustedpeople.Guide Written in October 2016 by Anarchist Black Cross DresdenAN ACTIVIST’S GUIDE TOINFORMATIONSECURITY

Text originally published by the Anarchist Black Cross - Dresden in October 2016.Layout and minor typographical edits by Sprout Distro in November 2016.For more zines and pamphlets, visit

This guide aims to be a concise overview on information security for anyonein emancipatory struggles against structures of power. It represents assembledknowledge and best practices from personal experience, conversations withhackers and fellow activists, hacker conferences, and university courses oncomputer security and cryptography. Nonetheless, the best security is sharingskills with trusted people.If you have any corrections, questions or additions, please contact us at abcdd(a) riseup.netIntroductionTechnological progress has made it next to impossible to defend against asufficiently powerful attacker (see this1 for a scary example). Fortunately, mostof us don’t have the NSA hard on our heals, and local authorities are usuallylimited in their possibilities. The trick is to be sufficiently careful while stayingfunctional.This guide tries to point out the possibilities and their trade-offs. It is split intothe following sections: Security Culture introduces the social side of things Physical security describes securing physical access to information Traditional communication is about the pre-Internet kind Digital base security discusses building a digital base to communicatefrom Internet services points out problems with and alternatives tocommon Internet communications servicesSecurity Culture The need to know principle: share information only with those whoneed it. Establish a culture where people realize when not to ask curiousquestions and don’t take offense when information is not shared withthem. It is not necessary to know who is in which group and participated inwhich action – don’t brag about it and stop others if they do. You can’taccidentally reveal something you don’t know.3

Do not keep unnecessary information (e.g. meeting minutes) and keepyour house clean of incriminating material (also: do not make pictureson action, not even pixelated ones2). Do not connect pseudonyms with their public information (e.g., ifpossible, do not store people’s activist email addresses with their nameor group). Don’t let paranoia paralyze you: try to keep a realistic assessmentof the threat model and don’t suspect people to be snitches just becausethey don’t conform to subcultural stereotypes.Physical SecurityWhile few of our homes can successfully resist a police raid, measures can betaken to fend off fascist thugs or rouge state agents.Obscurity: It can be useful to live at a place not registered as your official address,and without obvious subcultural symbols on the outside. Still, be prepared forsufficiently motivated forces of darkness to find and attack your home.Passive defense: Protecting a home from the evils on the outside necessarilymeans forming an in-group. A reasonable front door and handpicked distributionof keys go a long way. Barred ground level and basement windows and antisplinter films on the glass offer additional reinforcement.Active defense: An alarm horn and a lighting system on the outside may mainlyhelp against physical attacks, but they can also buy valuable time in case of apolice raid.Process: Have a short guide on dealing with police raids and your lawyers’(mobile) numbers on the inside of the front door and next to the landline phone.In some jurisdictions, having people’s private rooms marked with their namemay help to argue against a search when it is only against one person. However, itobviously also reveals the inhabitants’ names to visitors and does only point outthe existing legal situation to police who often ignore it Skype security#Eavesdropping by :// 1050018857. packages apps of VoIP Active Management Endnote “A” 02/booting-a-self-signed-linux-kernel/17

Links Mentioned in the TextTraditional ow/3. . TDOA9. Message Service#Silent ing-tool/13. second operating system hidingin every mobile ell-phone15. Endnote “A” :// in/ wikipage?title Beginner%27s%20Tutorial27.See Endnote “B” our-android-phone-andwhy-you-might-want-to/30.See Endnote “C” tor-mac-os-xWith a reasonably safe home, let’s relax and see what our comrades were up to,shall we?16Face to Face CommunicationModern technology enables the surveillance of the spoken word from far awayand even microphone-unfriendly places such as swimming pools and concerthalls can theoretically be surveyed with modern noise-canceling technology.However, taking a walk is still a fairly secure way of communication, when it isreasonably unlikely that hidden microphones are placed in clothes and accessories(that means no mobile phones, too!). If more security is needed, one can resort towriting on paper in a sight-protected place (e.g. under a blanket).Closed rooms can be monitored even more easily, thus sensitive meetings inestablished autonomous centers, alternative house projects, lefty bars and the likeare strongly discouraged!LettersHopefully you already figured that relying on the confidentiality of snail mail isa gamble at best. Code words are a last refuge for the imprisoned and desperate,but history has shown that relying on a secret method (e.g. swapping letters)alone to hide information is easily broken.(Mobile) PhonesMost importantly, all information (calls, texts, mobile Internet) exchanged viathe (mobile) phone network should be considered captured by state agencies andpotentially other enemies. They use ETSI wiretapping interfaces mandatory inall mobile network equipment sold in the EU (and thus available everywhere)(source3), but on top of that, other motivated actors can capture data in a local cellwith a few hundred Euros worth of equipment (source4).Phones Themselves are Identifiable!The second most important thing to know is that mobile phones have a uniqueIMEI number, that identifies it in the mobile network. Normally the informationabout your IMEI is registered in operator network together with SIM card, thatmeans when you put a new SIM card into your old phone, it can be easily linkedto your old SIM card. So for a safe phone, both SIM cards and phones need to beacquired and swapped in a way that does not link them to any other information,i.e. by buying phones with cash and getting pre-registered SIM cards or registering5

them anonymously in the network, for example via TOR (see below). have meetings in inconspicuous locations without mobile phonesLocation Tracking put Linux on your computer and encrypt your data, learn to use PGPfor inter-group email and build a network of Jabber contacts with verifiedOTR encryption for ad hoc chatsTo work, mobile phones regularly contact the base station they are booked into,which locates the phone within a minimum of about 400m from the cell towerin urban areas (source5). This information is routinely stored by mobile carriersand therefore available without prior targeted surveillance (source6). For usersof centralized location services (like Google Maps), the police may be able toobtain extremely accurate long time location profiles from the provider (source7).With targeted surveillance, triangulation and querying data from the phonecan locate it down to 50m (source8), or even 5m with a GPS-equipped phone(source7). To get a more time-accurate location profile, state agencies may use socalled stealth pings / silent SMS to make a mobile phone contact its base stationmore often (source9).As a last resort, police can use so-called IMSI-catchers which pretend to be thestrongest network cell available, and then record what phones book into them,potentially even recording calls and text messages (source10, some real-worldexamples11).Police have been known to use geodata on all kinds of incidents and extendedcell phone surveillance of 10s of people on the most ridiculous accusations, oreven deploying IMSI-catchers on sit-ins against fascist marches, so the technicalpossibilities are not to be taken lightly.Room Surveillance / “Silent Calls” learn to use TOR safely share skills, teach each other and don’t panicEndnotesA) Technical background: most Intel-based computers run a software thatcan control the system remotely in parallel to the normal Operating System(AMT69), which can be “disabled” in the manufacturer’s firmware but that isclosed source, and modern Intel Processors only boot with signed firmware(Intel Boot Guard70), so you will never be able to use alternative firmware likeLibreboot71, and even if you could, there would still be things in your computerthat you do not have the source code for72.B) This security analysis74 illustrates quite well that even without anymalicious intend, mobile devices as commonly used are just not very secure.C) The only way to prevent this to sign the unencrypted data and let sometrusted part check the signature. This can either be done using a TPM, or morereadily by using SecureBoot and trusting your manufacturer’s firmware (whichis what modern Linux distributions do). Some pointers: 175, 276Much controversy exists as to whether it is possible to tap mobile microphoneseven when no calls are going on. This12 article hints the FBI has done it, whilethis13 research hints it would be built-in functionality. Our guess is that this atmaximum used against high profile targets, because if any hicksville cop shopwas able to use that, the evidence of it would be better known by now. Besidessneaky network attacks, smartphones have been surveyed by malicious apps(source14).Open source mobile OSes (like Replicant15 for Android devices) offer noprotection against those attacks, because there is usually a direct connection fromthe microphone to the (always closed source, as to comply with regulations)baseband firmware and it can not reliably be powered off. To make matters worse,mobile phones without SIM card might still pre-register to the strongest network(for emergency services), and there is no way to check if “offline/airplane mode”is actually what it promises to be.To err on the side of caution, it is advisable to leave your phone at home when615

exists as a pretty okay encryption method. However, some caveats apply:1. The fact that two people are communicating is not concealed,therefore use pseudonyms not linked to other activities.2. OTR commonly uses an authentication system based on things onlythe other person knows. It is important to make use of it to be sure you’reactually talking to the right person. Otherwise if the dark side manages tointimidate your Jabber provider they could pose as your friend/comrade.3. Files sent via Jabber are not encrypted with OTR.4. Audio and video chats in Jabber clients are not encrypted by default.einfachJabber.de59 has an elaborate German introduction and guides for all kindsof devices and operating systems. English language tutorials can be found at theEFF’s Surveillance Self-Defence guide (Linux60, Mac OS38, Windows37).Voice / VideochatThere are several solutions that are Open Source software, available for multiplecomputing platforms and offer end to end encryption of audio and video(overview61). If you can live with the disadvantages, Signal50 seems to be themost practical solution for mobile platforms.On laptop/desktop computers, if you can get it to work, Tox62 is a pretty amazing,high security and low effort alternative. More traditionally, Jitsi63 enablesencrypted calls via either a SIP or better yet, a Jabber/XMPP (see above) account.Ring64 seems to be another promising alternative (that we haven’t tried yet), andWire65, while also centralized, seems to offer an alternative to Signal that does notneed phone numbers or Google services and makes some bold privacy claims66.A more ad-hoc method involves a technology called WebRTC just requires amodern web browser like Firefox or Chrome, with the caveat of trusting somecentral web site to not be malicious (and the connection to that network not tobe manipulated). pavala.tv67 and meet.jit.si68 are two open source based webservices for that.Wrapping it upIf this has gotten your head spinning, here is the bottom line.TL;DR: do actions with people you trust, be honest with them but don’t gossipand brag and don’t keep more information than necessary separate your activist and your bourgeois life’s Internet identities asmuch as possible14visiting a sensitive meeting, or at least take out your phone’s battery a goodcouple of km from the meeting point, because the attendants, (cell tower)location, time and duration of a sensitive meeting can easily be spotted by 30people switching off their phones simultaneously. Especially when meeting withsmall groups in densely populated areas, it might be as good to simply put thepowered on mobiles in a location outside hearing distance (the fridge two roomsaway, for instance).It should be noted that mobile phones transmit power status (idle, running) duringoperation and send goodbye messages to the network when powered off properly(so that creates a different pattern than just ripping out the battery).Digital Base SecurityTraditional means of communication don’t feel so good anymore, so what aboutthe Internet? First we need to find a secure device that we can use it with. When itis about information, security is classically divided into integrity, confidentialityand availability. Let’s see what they mean.Chose your Computing Device (integrity)None of today’s common devices are completely under your control. Laptops anddesktop computers come with obscure low level software (“firmware“) that iscontrolled by the manufacturer. (A)The same is true for tablets; and smartphones are even worse, because theyare always also controlled from the mobile network (source13). On top of that,smartphones are complex computers which often are not treated to securityupdates by their manufacturers, making them an easy target for attacks (source17).Moreover, they are designed to collect crazy amounts of information on peopleby default – information that is more often than not readily available to stateagencies with or without request.Therefore the use of smartphones for activist work is strongly discouraged,as even the security of alternative Internet services like Jabber/XMPP is greatlydiminished on the vast majority of mobile devices.But don’t despair, running as much Free and Open Source Software as possible onyour computer gives you a good deal of control back. With proprietary softwarelike Microsoft Windows or Apple’s Mac OS, chances are they will support lawenforcement in their effort to “fight crime” and break into your computer. With7

Linux or any other open alternative, the program code is exposed to a wholecommunity, making it much harder to mess with.There are many different bundles of the Linux core with various open sourcesoftware called distributions, of which we recommend two specifically: Linux Mint18 offers one of the most painless ways to get an opensystem with many probably familiar software like Firefox, VLC player,LibreOffice etc. They offer different Editions of which XFCE is a simple,fast desktop that still runs well on old computers and Cinnamon is a bitmore fancy. Ubuntu Linux19 is the base for Linux Mint and a company effort tobuild a user friendly version of Linux. It is itself based on one of theoldest community distributions, Debian20. While the company behind itdecides its direction, it still has a very strong community around it. Installation: Make sure to save all your important data on someexternal medium (hard drive or stick) and get support from a computergeek if you can. It is usually possible to install Linux next to Windows,but expect the installation to overwrite everything. To get you startedhere is a guide to install Ubuntu from a USB drive21 that should alsowork with Linux Mint if you just download their files, and here is a videohow to to install Linux Mint22 But first read the next paragraph Storage Encryption (confidentiality)Encrypt your computer! All further advices for software and communicationmeans are not safe if your computer is not safe.The encryption is intended against offline attacks only, if the police capturesyour computer unlocked, they will just copy your data. A screen lock orsuspend mode with a decent password is better than nothing, but the deviceshould be powered down whenever possible.So if the police knocks your door, first run to your computer and press thepower button until it switches off.There are three major ways to encrypt your data:Encrypt your Home FolderUse this if unsure: only your personal data gets encrypted (including FirefoxBookmarks etc.), but the rest is not.8In order to figure out who of your contacts uses the same application, the appsgenerally require uploading information on all of them to their servers (source47),but they do so in various degrees from grabbing the whole address book to justuploading an obscured form of the phone numbers. The privacy implicationsof this for activist are huge, because one person uploading an anonymousnumber with the person’s real name will ruin their effort.WHATSAPP is by far the most successful mobile messenger to date, and recentlythey too claim to support “end to end” encryption (everything is encryptedbetween you and the people you talk to). However, because the source code totheir programs is not open, there is no way to check if there is a secret masterkey for law enforcement. Even if there is not, they can still disclose who you arecommunicating with and when.Basically the same holds for THREEMA, as their software is not Open Sourceeither.TELEGRAM has convinced many boasting with their altruism. They do providethe source code of their client, but their encryption is outdated techniques fromthe 70ies (source48), needs to be enabled manually and does not work for groupchats. On the other hand, they do go all inclusive when they just grab your addressbook, unlike others not just number but with names (source49).Now, SIGNAL50. They are a lot more privacy minded than the rest of the phonenumber based messenger crowd. Whilst they still technically get to see all thepatterns of communication (but not the content) (source51), at least their foundercomes from a more trustworthy background (source52; and he has some prettyfunny stories53, too). Still, the system is centralized and while the clients are OpenSource, they maintain tight control over their network. Signal is only availableon Android with Google Services / Google Play and iOS and Signal’s inventoractively asks alternative software to leave the network (source54). People findelaborate ways to get around the need for a phone number (guide55) and makeSignal work without Google Services (156, 257, 358). Altogether this makes Signala good choice for people who use Google-enabled Android or Apple smartphonesanyway, but better tools exist for people who need more security than mobileplatforms provide.Jabber / XMPPEnter Jabber / XMPP. Finally, you made it! This is what we currentlyrecommend for sensitive real-time communication.Similarly to email, people from many different service providers (see thealternative tech collectives above) can talk to each other. Also similarly to email,per default Jabber offers only very weak encryption. For actual messages, OTR13

EmailEmail is like postcards, assume it is read by transport providers and state agencies.PGP is a way to encrypt (wrap your postcard) email contents, but be aware thatthe email subject and the fact who is communicating when, with whom and fromwhich computer, are not has is a nice German introduction into how PGP works here39.PGP depends on keys (special files that are protected with a password) that, likephysical keys, should restrict access to information. Therefore PGP’s securitydepends on a safe key exchange; so make sure you got the right key, e.g. bygetting it in person from the recipient.The Electronic Frontier Foundation’s Surveillance Self-Defence guide has apretty good howto for using PGP (Linux40, Windows41, Mac OS X42).Mailing ListsNow if PGP encrypts messages between two people, what about mailinglists? If there is just a small group, people can exchange PGP public keys andthen everybody can encrypt their message so that every recipient can read it.Unfortunately, this gets messy quickly if new people join the list. Therefore,people came up with a solution that is not as secure, but better than nothing:Schleuder43 is a mailing list software that gets its own PGP pair. Everybodythen encrypts email to Schleuder’s mailing list key and Schleuder decrypts themessage, and encrypts and sends it to each list member separately. Of course thedownside is that whoever is running Schleuder could get hold of Schleuder’sPGP private key and read the encrypted messages. Yet, as Schleuder is a complexbeast, it is recommended to use it from a tech collective you trust, like for exampleImmerda.ch44.Messengers / ChatTL;DR: don’t use the rest and skip down to Jabber belowSKYPE has a reputation for being encrypted, however they have publicly statedtheir ability and willingness to hand out information to law enforcement, whichthey do in required cases. All your written text are stored on the servers of Skypeand can be accessed by police (source45).For quite awhile, mobile messenger apps based on phone numbers have beengaining popularity. If you consider using any “secure” messenger on a mobiledevice, be reminded46 that communication through the mobile network isvulnerable to eavesdropping and manipulation.12Advantages: The computer pretty much works as normal and your personal filesare still very safe.Disadvantages: You should use a long user password, which you will need to typeeach time the screen is locked It is possible to manipulate your programs (e.g. Firefox, GPG) so theyreveal your passwords etc. How to: during Linux installation, select “Encrypt my home folder”when creating your userEncrypt the Whole SystemThis means that only a tiny part of your hard drive remains unencrypted andeverything else – your programs, etc. – is.Advantages: It makes it harder e.g. to put a bad version of Firefox or GPG on yourcomputer You can use one long strong password just for starting the computerand a shorter for your screen lockDisadvantages: You need to start the computer, put in the password and then wait forit to come up You need to remember two passwords, and the disk encryptionpassword is harder to change How to: during Linux installation, at Installation type select “Encryptthe new (Linux Mint/Ubuntu) installation for security”Use an Encrypted ContainerAn external drive or a very big file (“container”) is encrypted and you need tounlock / put files in and out / lock the encryption separately9

Advantages: Can be used to transfer files between encrypted computers Can be used on external hard drives Can be used on Windows and Mac OS Can be used as additional secure place that is normally closed on analready encrypted Linux Has special features to so that a fake password can show fake files, ifyou are forced to give a passwordDisadvantages: All kinds of temporary files from LibreOffice, Thunderbird email,Firefox surfing profiles etc. are not encrypted Needs to be opened and closed separatelyHow to: get Truecrypt23 (Linux install24) or Veracrypt25 and follow the howto26Android and iOSWhile mobile platforms are still not recommended for sensitive data (B), someprotection is better than none, and turning on encryption for your personal datawill at slow down the cops (but remember FBI vs. Apple28 and especially theirgeneral cooperation). Howto for Android29LimitationsYour password prompt must come from somewhere and so there’s alwaysunencrypted data on your device, data that can be messed with (e.g. replacingyour Linux’ password prompt with one that sends the password to the police).This can be made harder with some tricks (C), but remember that the mostrealistic scenario is a simple police raid.Backup your Data (availability)If it comes to a police raid (or a simple break-in), an oh-so-amazingly encrypteddevice will still be taken by the police. To take some of the pressure off yourself,regularly stash encrypted copies of your data outside your home, ideally withpeople that are not relatives nor active in the same groups.Internet ServicesSo by now we can use a well-secured Laptop behind our locked door to writelengthy security guides, but how do we actually talk to people in a secure way?Besides the technical aspects below, using alternative service providers offers anadditional degree of protection, such as storing data encrypted and refusing tocooperate with the police. A list of alternative tech collectives can be found here32and even more here33.A word about Web BrowsersWeb browsers like Mozilla Firefox or Google Chrome are complex monstersand a lot of web sites out there track their visitors. The Riseup Collective has acompact guide34 how to use a browser more securely.AnonymityThe whole point of the Internet is to connect two computers, like yours with say Youtube. Now for the cat videos to find their way back to you, obviouslythe computers on the way (routers) need to know the Internet address of yourconnection. The trouble is that if any computer on the way is surveyed by thestate or you access an evil web site like e.g. that of the police, they could trackthat Internet address back to your physical place, or connect it with other onlineactivity you were doing (like accessing your web mail). There are two ways toavoid this, which for additional security should ideally be combined with eachother:The first is simply to use public wifi in places where there are no surveillancecameras. Unfortunately, your computer’s wifi has a unique MAC address. It canbe changed with

police raid. Process : Have a short guide on dealing with police raids and your lawyers' (mobile) numbers on the inside of the front door and next to the landline phone.