5.4 KiB
+++
title = "Recommendations"
sort_by = "date"
paginate_by = 5
+++
These recommendations are intended for all anarchists and are accompanied by tutorials to put them into practice. They are informed by a threat model protecting against government security forces and equivalent adversaries that are trying to achieve targeted digital surveillance for incrimination or network mapping. The goal is to obscure the visibility of our enemies into our lives and projects, and to leave no traces when this is relevant. Technology is hostile terrain.
Phones
Operating system: GrapheneOS is the only reasonably secure choice for cellphones. See GrapheneOS for Anarchists. Better yet, don't have a phone.
Google Pixel phones are the only devices that currently meet GrapheneOS's hardware security requirements. If this is not possible for you, DivestOS has more supported devices and it is significantly better than stock Android.
Computers
Operating system: Tails is unparalleled for sensitive computer use (writing and sending communiques, moderating a sketchy website, research for actions, reading articles that may be criminalized, etc.). Tails runs from a USB drive, and is designed with the anti-forensic property of leaving no trace of your activity on your computer, as well as to force all Internet connections through the Tor network. See Tails for Anarchists and Tails Best Practices.
Operating system: Qubes OS has better security than Tails for many use cases, but has more of a learning curve and no anti-forensic properties. It is nonetheless accessible enough for journalists and other non-technical users. Fundamental knowledge of using Linux is required - see Linux Essentials. Qubes OS can even run Windows programs like Adobe InDesign, although much more securely than a standard Windows computer. See Qubes OS for Anarchists.
See When to Use Tails vs Qubes OS
We do not offer "harm reduction" advice for Windows or macOS computers, because this is already prevalent and gives a false sense of privacy and security. If you need to use one of these Operating Systems, see The Hitchhiker’s Guide to Online Anonymity for tutorials on Windows and macOS.
Home Network
Operating system (router): OpenWrt. GL-iNet sells affordable OpenWrt routers that are user friendly - the 'Travel' models are sufficient for an apartment-sized residence.
Operating system (hardware firewall): OPNsense. Although you can get by with only a router, a hardware firewall allows you to further segment your network, and other security upgrades.
If an adversary compromises your router, they can then compromise all devices connecting to it, so it's important to not use the closed-source router your Internet Service Provider gives you. Guide forthcoming.
Encrypted Messaging
See Encrypted Messaging for Anarchists
Storing Electronic Devices
See Making Your Electronics Tamper-Evident.
A Note On Borders
If you risk bringing the phone or computer you use in daily life with you across a border (not recommended), ensure that Full Disk Encryption is enabled, it is powered down, and be prepared to refuse password access along with the implications that will have on your border crossing. It is not sufficient to delete files (or messages, etc.) prior to crossing and then unlock your device. In fact, recently deleted files or messages is the first place a border team will look. To prevent data recovery, you must do a Factory Reset and then reinstall the operating system.
A better approach is to have a device dedicated to travel which you can unlock for border agents, because you always cross with a fresh operating system installation. Stock Android can be easily installed (flashed) to certain phone models, after a Factory Reset. The fresh phone can be populated with benign contacts like family. Once you are across, you can use the phone normally, but redo the flashing before another border crossing. If the device is taken out of your sight at any point don’t even turn it on again before trashing it, as it may now send your password to the agency and be infected with spyware.