if you're like me, you live in a surveillance state and are looking to make a few changes to your local and national governments. this guide is designed to help you organize and thrive without exposing yourself to unnessicary risk
introduction to opsec
Maybe you live in a country that made HRT illegal and you need to buy estradiol or testosterone in a secure and safe manner. Maybe your country is deporting your friends and sending them to concentration camps.
There are a million reasons to maintain online security. In fact, I consider it a foundational building block in democratic societies. People MUST have a way to organize and communicate in a surveillance state.
This guide is focused on US surveillance countermeasures, but applies in general to other oppressed areas. This is written in a semi-technical way to get the information out but not overwhelm you with jargon. I'm going to start by explaining the known US surveillance programs and their capabilities and then get into countermeasures at the bottom.
If you take ANYTHING from this guide, I want it to be a healthy sense of paranoia. Being paranoid is how you're going to stay safe.
known US surveillance programs and security threats
In the late 1990s, the US began building the most sophisticated digital surveillance apparatus in the world. Where we saw the beauty of being able to share ideas and communicate with anyone in the world, they saw a new way to enforce and control US interests.
Here's what we know they have:
PRISM (2007-Present)
PRISM is a program established under the "Protect America Act of 2007" that collects emails, chats, videos, photos, stored data, VoIP info, file transfers, and login data directly from the servers of companies like Google, Apple, Facebook, Twitter, Facebook, etc.
Companies do not have a choice on whether or not to comply with these requests. The NSA is authorized by law to do as they wish. Certain parts of this program can be executed without warrant and it has very little judicial oversight.
The law was intended to only collect data on non-US citizens, but it was later shown that they collect data on citizens as well.
XKeyscore (2008-Present)
XKeyscore collects realtime internet activity including searches, emails, browsing history and VPN usage. This data is collected from global internet chokepoints and analyzed without warrant. The existence of this program was known well before generative AI became commonplace. It was originally a google-like search function that indexed vast databases of internet traffic, browsing histories, and social media activity of certain people.
It is most likely being monitored with the use of AI tools now, making it much scarier and more effective at pinpointing dissent.
Upstream Collection (2003-Present)
Upsteam collection is a general term used by the NSA for intercepting phone and internet traffic from major pieces of the internet background, foreign and domestic.
There are four major surveillance programs that we know about:
Fairview
• The NSA is partnered with AT&T
• This program taps into major fiber internet backbone access points
• Provides data for other surveillance programs
Blarney
• The NSA is partnered with Verizon for this one
• Focused on data collection, primarily through metadata (not content)
Stormbrew
• The NSA is partnered with Verizon
• Again, this program taps into major fiber internet backbone access points
Oakstar
• Foreign data collection through partnership with several smaller international telecoms
Stingray/Halestorm Devices (1990s-Present)
Stingray devices, also known as IMSI catchers or cell-site simulators, operate by impersonating legitimate cell towers, causing nearby cellphones to automatically connect to them without the user's knowledge. These devices have been deployed by numerous federal agencies including the FBI, DEA, ICE, and U.S. Marshals, and have also been used by state and local police departments across the United States.
According to the American Civil Liberties Union (ACLU), at least 75 law enforcement agencies in over 27 states have used or purchased Stingray technology. Their use has been verified not only in criminal investigations but also during protests.
Many law enforcement agencies have entered into non-disclosure agreements (NDAs) with the FBI, which required them to withhold details of Stingray usage from courts or risk losing access to the technology.
Advanced models of these devices are capable of more than just location tracking; they can intercept phone calls, text messages, and data, and may also force phones to downgrade to less secure encryption protocols or even inject malicious content. The devices can be deployed via van or even low-flying aircraft.
Facial Recognition Networks (2010s-Present)
Facial recognition is widely deployed in the US. It's so good that your face is essentially a barcode that is scanned dozens of times a day by public (and private) CCTV cameras.
Major vendors are Clearview AI, NEC, Cognitec, Idemia, Amazon Rekognition
Data Broker Partnerships (2010s-Present)
(not done yet)
Fusion Centers (2001-Present)
(not done yet)
What the government collects
list the surveillance programs in the US and the type of surveillance that they are capable of
Password security
explain how hash cracking works
explain why every password EVER leaked is no longer secure
Apps/Guides
VPNs
not secure enough generally
Signal
Pros and known limitations
Tor
Pros and known limitations
Tails
Secure Tails Setup Guide