Fuck The Feds

From Filtered, Archived, Gaslit Wiki
Revision as of 09:45, 21 April 2025 by 103.75.11.78 (talk)
Jump to navigation Jump to search

“Fuck the Feds” Security Guide v1.0

Why?

Well, that is question. This is a response to the continued overreach of the federal government. Including certain three letter agencies such as the: CIA, NSA, FBI, etc. There are basic ways you can protect yourself and your privacy online from state surveillance and prosecution.

Who is this for?

I am writing this from the perspective of someone has been the target of doxxing, coordinated surveillance, and law enforcement. This guide is meant to be used as a general introduction to important aspects of online security. You can freely distribute this document. It is a public work available to be edited and distributed.

Disclaimer

DISCLAIMER: I AM NOT LIABLE FOR HOW YOU USE THIS DOCUMENT. THIS IS INTENDED AS A PRIVACY AND SECURITY GUIDE. DO NOT DO ILLEGAL STUFF AND THEN BLAME ME. THIS IS NOT A GUIDE TO EVADE LAW ENFORCEMENT.

1. About Law Enforcement (USA)

Right to remain silent: Most Western countries have the concept of the right to remain silent. Essentially this is a right against self-incrimination. USE IT. 98% of people questioned in the United States do not invoke their right to remain silent because they think it will make them look more suspicious or law enforcement might “give a better deal”.

The simple fact is LAW ENFORCEMENT IS NOT YOUR FRIEND. They are building a case and anything you say can and will be used against you. Law enforcement in the United States can legally lie to you. If they promise a good deal or they will “go to bat” for you with the prosecutor it’s a lie unless you have a lawyer present to help you and a paper to sign. Do not believe it.

How to invoke your right to remain silent: In the United States it is not enough to say “I should have a lawyer”, “I don’t want to talk”, “I’m going to stay silent”. You have to specifically say something like: “I invoke my right to remain silent.” They likely WILL try to get you to talk even after this, so just don’t.

The only questions you should potentially ask: 1. Why am I here? 2. Am I being detained or under arrest? 3. (If no to both of the above) Am I free to leave? 4. (If yes to the above) LEAVE.

Biometrics are not safe from law enforcement. However, you can “forget” your password and remain silent, and your security devices can also “go missing” in an accident.

2. Passwords

Passwords should be: 1. At least 12 characters 2. A mixture of uppercase and lowercase letters 3. A mixture of letters and numbers 4. At least one special character (#, ?, @, !)

Weak passwords consist of: 1. Words that can be found in a dictionary 2. A word with some of the letters replaced with numbers 3. Repeated sets of characters 4. A series of characters such as “qwerty” 5. Personal information like SSN, birthday, etc.

If you are storing sensitive information nobody else should ever have access to the password should be far longer (mine tend to be 30+ characters). You can remember multiple sets of smaller passwords and chain them together.

I tend to use passwords in the “Fort Knox” section at https://randomkeygen.com if not generating them from within a password manager like KeePassXC.

ex. ]xH~g~@Z^8#L~XXHSUgY(O;Z=AaUes

DO NOT WRITE YOUR PASSWORDS DOWN! (unless it is to store in a remote location unknown to everyone else as a physical backup). If this is a master password or another important password DO NOT SAVE IT IN THE BROWSER.

Use a password manager like KeePassXC which is an open source password manager. The master password to this database should be 30+ characters following the guideline above and preferably other factors like Multi Factor Authentication. The database is encrypted with AES-256.

3. Multi Factor Authentication

Authentication factors include the following:

Something you know: A password you know or remember.

Something you have: A hardware security device / token.

Something you are: Biometrics (NOT generally recommended unless it becomes an option AFTER using an above factor first.)

If you are using a password storage database (or even not) I recommend the use of a hardware security device such as a YubiKey or OnlyKey. This can be done easily by setting these devices in One Time Password Mode. Combine this with something you know, and now you have 2FA.

4. Secure Encrypted Storage

YOUR SECURITY IS ONLY AS GOOD AS YOUR OS ENCRYPTION: If you do not fully encrypt your operating system drive and or leave on your computer without shutting it off when you leave, even if the drive is fully encrypted, then you are making a mistake. Law enforcement and others could access your device when you are away and plant viruses, keyloggers, remote access software, or incriminating material to frame you. I find Linux LUKS to be decently trustworthy as a full disk encryption method.

VeraCrypt: This program allows you to create encrypted volumes, or in the case of Windows you can also encrypt the entire OS. https://www.veracrypt.fr/

If you have anything extremely sensitive use an encrypted storage container. You can set and change the master password (2FA recommended) and also choose the encryption algorithms and hashing algorithm.

Encryption algorithms: AES, Camellia, Kuznyechik, Serpent, Twofish, Cascades (I use Kuznyechik-Serpent-Camellia. Each cipher in the cascade uses its own key, and all keys are mutually independent). Hash algorithms (recommended): SHA-512, Whirlpool (I use Whirlpool).

Plausible deniability: 1. Hidden volumes (one password for real data, another for fake data). 2. Until decrypted, VeraCrypt volumes have no signature. This means it cannot be proven your container is a VeraCrypt container.

5. Secure Storage and Free Space Erasing

At this point you should be using some kind of encrypted file system or container which was described above for desktops and laptops.

Simple deletion does not work: If a file at any point touches your hard drive without it being encrypted, and you delete that file, IT IS NOT ACTUALLY GONE. The data is still 100% fully retrievable which will be taken advantage.

If you are going to delete a sensitive file, or moved it to an encrypted device or volume but at one point it touched your unencrypted drive, use a free space eraser or secure eraser tool.

A popular tool for this job on windows is Eraser. https://eraser.heidi.ie/

By overwriting the free space of the drive you are making it FAR harder to ever retrieve that deleted information.

6. Mobile Secure OS, Storage and Free Space Erasing

If you use iPhone: don’t store sensitive material on that ever. If law enforcement is motivated enough they will get into it — it is not a secure device.

If you use Android, there is significantly more you can do:

1. If you can root the device: 

  The gold standard right now is an unlocked Google Pixel 6, rooted and running GrapheneOS. It sandboxes apps, limits permissions, and uses secure memory allocation to stop common attacks. Another solid privacy OS is CalyxOS.

  If you don’t have a Pixel, try LineageOS. While not privacy-focused out of the box, you can harden it with community guides.

2. Use an extra layer of encryption: 

  DroidFS creates encrypted containers with a built-in file explorer. It supports AES-GCM or XChaCha20 — use the latter for faster, strong encryption. This won’t protect you from screen recorders or root compromises, but adds strong local security.

3. Use Extripater to wipe free space: 

  If anything sensitive touched unencrypted storage, wipe free space with Extripater. Configure it to use SecureRandom in settings for reliable erasure.

Avoid sketchy apps, closed-source system tools, and unnecessary sensors. Your phone is the biggest attack surface you own. Harden it accordingly.

Retrieved from "https://wiki.fagc.live/wiki/index.php?title=Fuck_The_Feds&oldid=107"