We recommend that you educate yourself on good digital security practices and learn to anonymize yourself as much as possible when using digital means of communication. Putting good digital security into a daily practice will help to keep you and your friends safe. Ideally you should look into threat modeling and other holistic methods for better security, but if you take away nothing else, use the TOR Browser to be more secure in online browsing, also to access deep web .onion sites designed with relative threat models in mind, and use the Tails operating system that can be run from a USB for another layer of protection. In your daily life please use, and get your friends and family to use, the Signal encrypted messaging app for a use-case like everyday texting. PGP email is also something to look into for certain use cases like publicly run anonymous projects. At the very least using a commercial encrypted email like Proton Mail, with the caveat they will hand over metadata and preemptively shut down activist accounts. Please don’t bring your phone to things you shouldn’t. Also, you probably shouldn’t be planning anything risky over the internet. And don’t forget to use strong passphrases.
Ways you could be identified
Computers have several main ways of identifying themselves; IP addresses, MAC addresses, and useragents are a few common ways. There are also others like monitoring a specific homes or businesses internet activity to check internet usage to activity against the timing of activity on a particular website so bear that in mind.
IP address
Every computer is assigned an IP address when connected to the internet. Using https/ssl encryption is a good start to safe browsing, but that only attempts to encrypt your web traffic. This means that when you go to a site that keeps logs, you will leave a fingerprint that identifies the internet connection you are using which could be easily used to identify your computer.
MAC address
A MAC address (Media Access Control Address) is 12 digits long and uniquely identifies a computer connected to the Internet. The address encodes the manufacturer’s registered identification number. This means that if the network you are using is keeping logs, someone may be able to determine roughly what type of computer was in use at what time. If you are posting or viewing sensitive information you should be aware that you are leaving this type of identifying data behind.
Useragent
A user agent is a string of code that websites use to determine how to display content. This code contains information such as your web browser, web browser version, and operating system. Websites will send a request that your computer will happily answer with this info.
Solution!
Use the Tor Browser to obscure your IP and Useragent as well as other digital finger printing measures. For more everyday uses of the internet a VPN will work, but keep in mind it’s on a similar risk level as filtering all your internet traffic through a cafe’s wifi and only really protects against IP tracking. You can also use Tails, which comes with Tor already on it, to obscure your MAC address and give you an extra layer of protection with its live-booted and amnesic nature hardly leaving a trace and not exposing a good portion of the devices normal OS and memory, etc. (Note if you’re using a computer hooked up to an institutional network, like a college or library or office, to boot Tails it may be best NOT to spoof the MAC address, proceed with caution.) Also, make sure that the https of a website is functioning, should say https instead of http, before you enter information like passwords or usernames.
Writing Style
Do you frequently use or misuse a type of punctuation, a phrase, or even just a word in your writing? These kinds of things can be cross reference by AI or adversaries to get a clue to who wrote certain pieces. Be aware of the is and try to keep this in mind and if possible have a trusted comrade help edit your writing with this in mind.
Metadata
One common example of metadata is EXIF data common on photos and videos that can include camera/device information as well as image creation date, time, and location information, you can remove this data by using programs like Exif Purge and some apps like Signal automatically remove this kind of EXIF data. That’s not the only kind of metadata though. It may be obvious that the actual content of a message may be revealing. It is also true that even if the content is encrypted where and when something was sent and to whom it was sent and the frequency of the messaging can be revealing. This is how adversaries can map a group of people and also how contemporary spy agencies and military forces use AI to create target lists and find target. Apps like Signal limit and mitigate leagues beyond plain texting this information, but even then some activity like voice or video calls creates more meta-data than text communication on the same platform. Where apps like Cwtch have higher protection, PGP email has lower protection. Also, important to note that on corporate operating systems like iOS on iPhone or the Android operating system by Google, and now Windows and Mac operating systems as well, location data may be being sent out without you knowing.
Other Tools
Cwtch is a peer-to-peer messaging app that uses Tor Onion Services (v3) + Tapir for encryption a great option for sending text based messages especially as redundant communications if Signal goes down.
SimpleX is an audited encrypted text and calling app that doesn’t require a smart phone or a phone number, and though those things can help in verifying who you’re talking to and for spam reduction, this app is a good alternative for voice and video calls if not as good as Cwtch for text messaging.
Anonymouse email is good instances where you want to send a message anonymously and only your metadata matters in terms of security and you don’t mind if anyone can see the content of your message.
Additional Reading
Riseup.net Security Primer
Riseup has a lot of information on their site, including several tutorials on pgp encryption, password security, as well as other things.
EFF Surveillance Self-Defense
Tips, Tools and How-tos for Safer Online Communications by the experts at the Electronic Frontier Foundation
No Trace
No Trace is a on-going and updated project that details surveillance, forensic, and repression related measures and counter-measures.
AnarSec
A site dedicated to digital security for anarchists with lots of excellent guides.