Difference between revisions of "Fuck The Feds"
(Created page with "= “Fuck the Feds” Security Guide v1.0 = == Why? == Well, that is question. This is a response to the continued overreach of the federal government. Including certain thre...") |
|||
| Line 45: | Line 45: | ||
The only questions you should potentially ask: | The only questions you should potentially ask: | ||
| − | + | 1. Why am I here? | |
| − | Why am I here? | + | 2. Am I being detained or under arrest? |
| − | + | 3. (If no to both of the above) Am I free to leave? | |
| − | Am I being detained or under arrest? | + | 4. (If yes to the above) LEAVE. |
| − | |||
| − | (If no to both of the above) Am I free to leave? | ||
| − | |||
| − | (If yes to the above) LEAVE. | ||
Biometrics are not safe from law enforcement. However, you can | Biometrics are not safe from law enforcement. However, you can | ||
| Line 60: | Line 56: | ||
== 2. Passwords == | == 2. Passwords == | ||
Passwords should be: | Passwords should be: | ||
| − | + | 1. At least 12 characters | |
| − | At least 12 characters | + | 2. A mixture of uppercase and lowercase letters |
| − | + | 3. A mixture of letters and numbers | |
| − | A mixture of uppercase and lowercase letters | + | 4. At least one special character (#, ?, @, !) |
| − | |||
| − | A mixture of letters and numbers | ||
| − | |||
| − | At least one special character (#, ?, @, !) | ||
Weak passwords consist of: | Weak passwords consist of: | ||
| − | + | 1. Words that can be found in a dictionary | |
| − | Words that can be found in a dictionary | + | 2. A word with some of the letters replaced with numbers |
| − | + | 3. Repeated sets of characters | |
| − | A word with some of the letters replaced with numbers | + | 4. A series of characters such as “qwerty” |
| − | + | 5. Personal information like SSN, birthday, etc. | |
| − | Repeated sets of characters | ||
| − | |||
| − | A series of characters such as “qwerty” | ||
| − | |||
| − | Personal information like SSN, birthday, etc. | ||
If you are storing sensitive information nobody else should ever have | If you are storing sensitive information nobody else should ever have | ||
| Line 90: | Line 77: | ||
password manager like KeePassXC. | password manager like KeePassXC. | ||
| − | ex. ] | + | ex. ]xH~g~@Z^8#L~XXHSUgY(O;Z=AaUes |
DO NOT WRITE YOUR PASSWORDS DOWN! (unless it is to store in | DO NOT WRITE YOUR PASSWORDS DOWN! (unless it is to store in | ||
| Line 106: | Line 93: | ||
Authentication factors include the following: | Authentication factors include the following: | ||
| − | Something you know: | + | Something you know: A password you know or remember. |
| − | A password you know or | + | |
| + | Something you have: A hardware security device / token. | ||
| + | |||
| + | Something you are: Biometrics (NOT generally recommended unless it becomes an option AFTER using an above factor first.) | ||
| + | |||
| + | If you are using a password storage database (or even not) I recommend the use of a hardware security device such as a YubiKey or OnlyKey. This can be done easily by setting these devices in One Time Password Mode. Combine this with something you know, and now you have 2FA. | ||
| + | |||
| + | == 4. Secure Encrypted Storage == | ||
| + | YOUR SECURITY IS ONLY AS GOOD AS YOUR OS ENCRYPTION: | ||
| + | If you do not fully encrypt your operating system drive and or leave on | ||
| + | your computer without shutting it off when you leave, even if the drive | ||
| + | is fully encrypted, then you are making a mistake. Law enforcement | ||
| + | and others could access your device when you are away and plant | ||
| + | viruses, keyloggers, remote access software, or incriminating material | ||
| + | to frame you. I find Linux LUKS to be decently trustworthy as a full | ||
| + | disk encryption method. | ||
| + | |||
| + | VeraCrypt: | ||
| + | This program allows you to create encrypted volumes, or in the case | ||
| + | of Windows you can also encrypt the entire OS. | ||
| + | https://www.veracrypt.fr/ | ||
| + | |||
| + | If you have anything extremely sensitive use an encrypted storage | ||
| + | container. You can set and change the master password (2FA | ||
| + | recommended) and also choose the encryption algorithms and | ||
| + | hashing algorithm. | ||
| + | |||
| + | Encryption algorithms: AES, Camellia, Kuznyechik, Serpent, Twofish, | ||
| + | Cascades (I use Kuznyechik-Serpent-Camellia. Each cipher in the | ||
| + | cascade uses its own key, and all keys are mutually independent). | ||
| + | Hash algorithms (recommended): SHA-512, Whirlpool (I use | ||
| + | Whirlpool). | ||
| + | |||
| + | Plausible deniability: | ||
| + | 1. Hidden volumes (one password for real data, another for fake data). | ||
| + | 2. Until decrypted, VeraCrypt volumes have no signature. This | ||
| + | means it cannot be proven your container is a VeraCrypt container. | ||
| + | |||
| + | == 5. Secure Storage and Free Space Erasing == | ||
| + | At this point you should be using some kind of encrypted file system | ||
| + | or container which was described above for desktops and laptops. | ||
| + | |||
| + | Simple deletion does not work: | ||
| + | If a file at any point touches your hard drive without it being encrypted, | ||
| + | and you delete that file, IT IS NOT ACTUALLY GONE. The data is still | ||
| + | 100% fully retrievable which will be taken advantage. | ||
| − | + | If you are going to delete a sensitive file, or moved it to an encrypted | |
| − | + | device or volume but at one point it touched your unencrypted drive, | |
| + | use a free space eraser or secure eraser tool. | ||
| − | + | A popular tool for this job on windows is Eraser. https://eraser.heidi.ie/ | |
| − | |||
| − | |||
| − | + | By overwriting the free space of the drive you are making it FAR | |
| − | + | harder to ever retrieve that deleted information. | |
| − | |||
| − | |||
| − | |||
Revision as of 09:44, 21 April 2025
“Fuck the Feds” Security Guide v1.0
Why?
Well, that is question. This is a response to the continued overreach of the federal government. Including certain three letter agencies such as the: CIA, NSA, FBI, etc. There are basic ways you can protect yourself and your privacy online from state surveillance and prosecution.
Who is this for?
I am writing this from the perspective of someone has been the target of doxxing, coordinated surveillance, and law enforcement. This guide is meant to be used as a general introduction to important aspects of online security. You can freely distribute this document. It is a public work available to be edited and distributed.
Disclaimer
DISCLAIMER: I AM NOT LIABLE FOR HOW YOU USE THIS DOCUMENT. THIS IS INTENDED AS A PRIVACY AND SECURITY GUIDE. DO NOT DO ILLEGAL STUFF AND THEN BLAME ME. THIS IS NOT A GUIDE TO EVADE LAW ENFORCEMENT.
1. About Law Enforcement (USA)
Right to remain silent: Most Western countries have the concept of the right to remain silent. Essentially this is a right against self-incrimination. USE IT. 98% of people questioned in the United States do not invoke their right to remain silent because they think it will make them look more suspicious or law enforcement might “give a better deal”.
The simple fact is LAW ENFORCEMENT IS NOT YOUR FRIEND. They are building a case and anything you say can and will be used against you. Law enforcement in the United States can legally lie to you. If they promise a good deal or they will “go to bat” for you with the prosecutor it’s a lie unless you have a lawyer present to help you and a paper to sign. Do not believe it.
How to invoke your right to remain silent: In the United States it is not enough to say “I should have a lawyer”, “I don’t want to talk”, “I’m going to stay silent”. You have to specifically say something like: “I invoke my right to remain silent.” They likely WILL try to get you to talk even after this, so just don’t.
The only questions you should potentially ask: 1. Why am I here? 2. Am I being detained or under arrest? 3. (If no to both of the above) Am I free to leave? 4. (If yes to the above) LEAVE.
Biometrics are not safe from law enforcement. However, you can “forget” your password and remain silent, and your security devices can also “go missing” in an accident.
2. Passwords
Passwords should be: 1. At least 12 characters 2. A mixture of uppercase and lowercase letters 3. A mixture of letters and numbers 4. At least one special character (#, ?, @, !)
Weak passwords consist of: 1. Words that can be found in a dictionary 2. A word with some of the letters replaced with numbers 3. Repeated sets of characters 4. A series of characters such as “qwerty” 5. Personal information like SSN, birthday, etc.
If you are storing sensitive information nobody else should ever have access to the password should be far longer (mine tend to be 30+ characters). You can remember multiple sets of smaller passwords and chain them together.
I tend to use passwords in the “Fort Knox” section at https://randomkeygen.com if not generating them from within a password manager like KeePassXC.
ex. ]xH~g~@Z^8#L~XXHSUgY(O;Z=AaUes
DO NOT WRITE YOUR PASSWORDS DOWN! (unless it is to store in a remote location unknown to everyone else as a physical backup). If this is a master password or another important password DO NOT SAVE IT IN THE BROWSER.
Use a password manager like KeePassXC which is an open source password manager. The master password to this database should be 30+ characters following the guideline above and preferably other factors like Multi Factor Authentication. The database is encrypted with AES-256.
3. Multi Factor Authentication
Authentication factors include the following:
Something you know: A password you know or remember.
Something you have: A hardware security device / token.
Something you are: Biometrics (NOT generally recommended unless it becomes an option AFTER using an above factor first.)
If you are using a password storage database (or even not) I recommend the use of a hardware security device such as a YubiKey or OnlyKey. This can be done easily by setting these devices in One Time Password Mode. Combine this with something you know, and now you have 2FA.
4. Secure Encrypted Storage
YOUR SECURITY IS ONLY AS GOOD AS YOUR OS ENCRYPTION: If you do not fully encrypt your operating system drive and or leave on your computer without shutting it off when you leave, even if the drive is fully encrypted, then you are making a mistake. Law enforcement and others could access your device when you are away and plant viruses, keyloggers, remote access software, or incriminating material to frame you. I find Linux LUKS to be decently trustworthy as a full disk encryption method.
VeraCrypt: This program allows you to create encrypted volumes, or in the case of Windows you can also encrypt the entire OS. https://www.veracrypt.fr/
If you have anything extremely sensitive use an encrypted storage container. You can set and change the master password (2FA recommended) and also choose the encryption algorithms and hashing algorithm.
Encryption algorithms: AES, Camellia, Kuznyechik, Serpent, Twofish, Cascades (I use Kuznyechik-Serpent-Camellia. Each cipher in the cascade uses its own key, and all keys are mutually independent). Hash algorithms (recommended): SHA-512, Whirlpool (I use Whirlpool).
Plausible deniability: 1. Hidden volumes (one password for real data, another for fake data). 2. Until decrypted, VeraCrypt volumes have no signature. This means it cannot be proven your container is a VeraCrypt container.
5. Secure Storage and Free Space Erasing
At this point you should be using some kind of encrypted file system or container which was described above for desktops and laptops.
Simple deletion does not work: If a file at any point touches your hard drive without it being encrypted, and you delete that file, IT IS NOT ACTUALLY GONE. The data is still 100% fully retrievable which will be taken advantage.
If you are going to delete a sensitive file, or moved it to an encrypted device or volume but at one point it touched your unencrypted drive, use a free space eraser or secure eraser tool.
A popular tool for this job on windows is Eraser. https://eraser.heidi.ie/
By overwriting the free space of the drive you are making it FAR harder to ever retrieve that deleted information.