Fuck The Feds
“Fuck the Feds” Security Guide v1.0
Why?
Well, that is question. This is a response to the continued overreach of the federal government. Including certain three letter agencies such as the: CIA, NSA, FBI, etc. There are basic ways you can protect yourself and your privacy online from state surveillance and prosecution.
Who is this for?
I am writing this from the perspective of someone has been the target of doxxing, coordinated surveillance, and law enforcement. This guide is meant to be used as a general introduction to important aspects of online security. You can freely distribute this document. It is a public work available to be edited and distributed.
Disclaimer
DISCLAIMER: I AM NOT LIABLE FOR HOW YOU USE THIS DOCUMENT. THIS IS INTENDED AS A PRIVACY AND SECURITY GUIDE. DO NOT DO ILLEGAL STUFF AND THEN BLAME ME. THIS IS NOT A GUIDE TO EVADE LAW ENFORCEMENT.
1. About Law Enforcement (USA)
Right to remain silent: Most Western countries have the concept of the right to remain silent. Essentially this is a right against self-incrimination. USE IT. 98% of people questioned in the United States do not invoke their right to remain silent because they think it will make them look more suspicious or law enforcement might “give a better deal”.
The simple fact is LAW ENFORCEMENT IS NOT YOUR FRIEND. They are building a case and anything you say can and will be used against you. Law enforcement in the United States can legally lie to you. If they promise a good deal or they will “go to bat” for you with the prosecutor it’s a lie unless you have a lawyer present to help you and a paper to sign. Do not believe it.
How to invoke your right to remain silent: In the United States it is not enough to say “I should have a lawyer”, “I don’t want to talk”, “I’m going to stay silent”. You have to specifically say something like: “I invoke my right to remain silent.” They likely WILL try to get you to talk even after this, so just don’t.
The only questions you should potentially ask:
Why am I here?
Am I being detained or under arrest?
(If no to both of the above) Am I free to leave?
(If yes to the above) LEAVE.
Biometrics are not safe from law enforcement. However, you can “forget” your password and remain silent, and your security devices can also “go missing” in an accident.
2. Passwords
Passwords should be:
At least 12 characters
A mixture of uppercase and lowercase letters
A mixture of letters and numbers
At least one special character (#, ?, @, !)
Weak passwords consist of:
Words that can be found in a dictionary
A word with some of the letters replaced with numbers
Repeated sets of characters
A series of characters such as “qwerty”
Personal information like SSN, birthday, etc.
If you are storing sensitive information nobody else should ever have access to the password should be far longer (mine tend to be 30+ characters). You can remember multiple sets of smaller passwords and chain them together.
I tend to use passwords in the “Fort Knox” section at https://randomkeygen.com if not generating them from within a password manager like KeePassXC.
ex. ]xHg@Z^8#L~XXHSUgY(O;Z=AaUes
DO NOT WRITE YOUR PASSWORDS DOWN! (unless it is to store in a remote location unknown to everyone else as a physical backup). If this is a master password or another important password DO NOT SAVE IT IN THE BROWSER.
Use a password manager like KeePassXC which is an open source password manager. The master password to this database should be 30+ characters following the guideline above and preferably other factors like Multi Factor Authentication. The database is encrypted with AES-256.
3. Multi Factor Authentication
Authentication factors include the following:
Something you know: A password you know or remember.
Something you have: A hardware security device / token.
Something you are: Biometrics (NOT generally recommended unless it becomes an option AFTER using an above factor first.)
If you are using a password storage database (or even not) I recommend the use of a hardware security device such as a YubiKey or OnlyKey. This can be done easily by setting these devices in One Time Password Mode. Combine this with something you know, and now you have 2FA.