As I pointed out they also route all of their traffic through Cloudflare. They also have been caught red-handed logging the IP of an activist despite having previously advertised that they didn't keep any logs.
Now they are using misleading terms such as "privacy by default" which according to them means that by default they won't log you but that they can be "forced" to log a user if a law enforcement agency asks them to do so...
Yup. Unless you're providing a truly zero-access encrypted service such as chat (e.g. Signal), there truly is no way of avoiding it while staying afloat as a private company. It seems people don't understand that email, which is Proton's bread and butter, CAN'T be fully anonymous and private in relation to the provider unless the provider severely limits functionality by only allowing PGP.
Framing the question a bit differently could help: The aim should be to engineer the system so that you don't (and can't) have access to the information, so you minimize vulnerability to legal attacks.
A strawman mod to protonmail could be to mandate the use of a VPN
> The aim should be to engineer the system so that you don't (and can't) have access to the information
So when law enforcement and/or a three-letter agency rocks up with the legal paperwork (whether it be a National Security Letter or a local equivalent) and demands that "the system" be changed to start collecting the information they require, how should managers and engineers respond?
Generally, in my experience, people want to help "catch the criminal" -- note these are usually the worst of the worst at first. Then you start getting less and less information and starts becoming a process rather than an event/discussion.
In a perfect world? The same way Apple did in ~2015. Argue that code is equivalent to speech, compelling them to write code to change the way the system works is compelling speech, and making that demand is unconstitutional.
Apple gets lots of shit for a multitude of reasons, but their stance of "We built it to be securely encrypted from everyone but the owner; if you want to change that then fuck you, make me" is something everyone involved with should be proud of
Realistically, we can't all be one of the richest companies in the modern era. Not every corporation has both morals, and pockets deep enough to pick a fight with not just a government, but the government of the country they're headquartered in. Frankly, shutting down like Lavabit is one of the better realistic scenarios if you're making promises of guaranteed privacy
I think this is easier: there isn't a single corporation on the earth with morals. Morality and profit-chasing are not generally coherent principles. Nobody doing any good on this earth has a need for an LLC.
I generally agree with your posts/comments, but anyone trying to "do good" in the USA absolutely needs to have liability protection, such as an LLC or a corporation shell of some kind. The moment one starts to make a difference in this corporate controlled nation, the full legal power of both the corporations and their owned government minions will rain down on you. I've seen it. If you're trying to make any kind of a difference, get liability shells around your activities, or you'll be ended the moment you gain traction.
Calling them "morals" was meant flippantly, though I suspect should have used quotation marks to call that out a bit more. "Multiple ad campaigns and a marketing posture based around privacy" is probably better.
The aim should be to engineer the system so that you had over every piece of information that you have and that it is totally useless to anyone, either through encryption (that you don't have access to) or through not collecting it in the first place.
Proton also suffers from a pathology similar to the LavaBit problem. Better off using some other email service that doesn't insist on keeping GPG keys on its servers and using something like Mega instead.
One of the first things you can do with any of these kinds of lists is to see if they recommend Firefox over Chrome. It's an excellent shibboleth, because Firefox codes (rhetorically) profoundly more activist- and privacy- friendly than Chrome does, but Chrome has much more sophisticated and better tested runtime protections. Firefox seems like it would be the better recommendation, but if what you care about is not being easily (==cheaply) targeted by exploits, it's not.
This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently. Shouts to the heroes on the inside, but what did I just hear about an AI removal pledge?
See, this is what I'm talking about. If you're trying to protect activists from threats, protect them from threats. Making a political statement about commercial surveillance isn't doing that. A lot of these guides are LARPs.
How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)
Commercial surveillance enables government surveillance. If an app constantly sends my location to a corporation by default, a government-level adversary can just demand it from that corporation, no need to burn a 0-day on me.
This is a complex thing. Don't give your location to the app. Turn off GPS, use VPN and don't use any apps/sites that linked with your real identity on the same device. Most of the other parameters in the commercial surveillance are too common to ID someone with a good probability.
Exploits, on other hand, can leak your full environment, including a photo from the cam.
Let the kids LARP resistance. If you are in the west you are absolutely safe if leaning left-ish - the only people that had the book thrown at them were the Jan 6 protesters. Not many were prosecuted or convicted for the mostly peaceful BLM riots in summer of 2020.
If you are in a third world country - they don't have the capacity for sophisticated attacks. And will probably just move to beating the shit out of you instead of dealing with investigations anyway. Pliers are quite efficient way to make someone disclose things.
If you are in a second world - you are fucked unless you really take the opsec seriously, but anyone doing something dangerous wouldn't be using those guides anyway. And they can still use the pliers.
They've already said they're going to deport pro-Palestine protesters with student visas who attended protests in the past, and are opening up 15,000 units at Guantanamo Bay for other immigrants to avoid us mainland law, along with an offering for units in an El Salvador concentration camp like megaprison.
You're right, I went back and read and it looks like the officer who died had their stroke ruled as their cause of death, not the blunt force injuries they received, though it was ruled contributing to his cause of death.
Upon further reading it looks like they only intended to murder a bunch of people and were prevented from doing so while invading the capitol buildings holding nooses, a completely blameless activity.
Something like 170 officers were injured, 15 hospitalozed, and at least one suicide in the aftermath. Several gun charges.
An insurrectionist climbing through a window busted out with an American flag pole was shot for almost getting into a holed up area of law makers. Police and Secret Service warned "Get back! Get down! Get out of the way!"
The point isn't that Firefox is less exploitable it's that it has less blatant tracking than alternatives like Chrome. If you're an activist I'd imagine that exploits are a scary thought but the more direct threat is the tracking we (un)knowingly succumb to every day.
I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor. We know that modern phones are full of proprietary firmware with swiss cheese tier security which allow for 0 day remote code execution exploits [1]. The operating systems, although better, also have been targeted by RCE exploits [2].
Not to mention even turning a phone off does not guarantee it goes silent. Apple's Find My network works even for turned off devices. Now of course you can turn that feature off, but once the capability to track a turned off device is there, we have to assume that a nation state actor has exploits/backdoors that allow agencies to bypass basic software switches.
You have to assume everything you do on a mobile phone will end up in law enforcement/intelligence agency databases if you're put on a watch list.
Since the mid-2010s Apple has put every baseband / WiFi / Bluetooth radio either on USB or PCIe with an IOMMU that restricts access to only the pages required for networking and packet management.
I can't speak to when Android started doing this, but I know the common chipsets (Qualcomm, Exynos, Mediatek) also do this.
>I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor.
The majority of activists are not worth the effort or expense. And for the ones that are worth - those guides make no difference since they don't harden as much. If you want real security - then the least you must do is have two devices. One used for hotspot only.
This page says it was last updated a few weeks ago, but the recommendation against iCloud backups seems to have glaring errors and omissions.
> Keys to unlock the phone’s full-disk encryption are also stored in the iCloud backup. This arrangement allows law enforcement to request the backup data from Apple and use the key to unlock the entire phone. It also offers a convenience, where if the user forgets their unlock code, Apple can still recover the device.
This is not true. Even if it were, the advice to activists should in all cases be to enable Advanced Data Protection so that almost everything (except iCloud mail, contacts and calendar) are end-to-end encrypted (including iCloud phone backups). Apple cannot access the data or help in any kind of recovery when Advanced Data Protection is enabled. It is up to the user to set up recovery contacts and recovery key (and keep this safe).
Is it correct that iCloud backups can lead to officials being able to unlock your physical device? That’s not consistent with my understanding of Apple’s circle of trust implementation.
I get that the backups can potentially be compromised, and of course having the backup means having most of what would be on the phone, but I would love to know more about how having a copy of a backup can compromise the physical device via iCloud.
I am really struggling to find ways to approve anything if you don't have 100% control over it. Signal seems to be a solid choice generally and I do believe they are doing their absolute best to keep it airtight but this is software and some obscene, tiny little hole may very well exist.
Generally speaking, with people like comrade elon having so much say into everything, people rushing to pump out new features daily, most often not putting too much effort into security, I've been making a hard push to cut myself off cloud services and self-host everything I can myself.
Disproportionally more if you divide it on the user base to get the cost of targeting 1 user when you want them all (and most of evildoers want that exactly).
Signal leads to metadata by virtue of demanding a phone number. Use the fork Session instead that doesn't have this vulnerability. Or Mega, which does audio and video calls, chat, and file storage and transfer.
This is pretty much the 101 on how to get "caught". It is laughable that they recommend using ProtonMail and ProtonVPN and that there is not a single mention of things such as TOR.
Regarding Proton specifically:
- Proton has been lying about them not logging their users IP and other information in the past. It got caught red-handed in 2021 when they transmitted the data of a user to a french intelligence agency called DGSI. Source(s): https://therecord.media/protonmail-forced-to-collect-an-acti...
- Now they say: "Privacy by default", what they mean by it that by default they do not log the user's information but if an agency asks them to log then they "are required by law" to log the user's data. But the user has no way to know if he is still in the "privacy mode" or has switched to the "surveillance mode".
- It is actually possible that they log everything and use the "by default" wording as a "plausible denial". By saying that your account had been flagged earlier by law enforcement or an intelligence agency.
- All Proton mail traffic goes through Cloudflare. Let that sink in. Yes, they says that the traffic is encrypted using https and that Cloudflare can't see it's content, which might be true. But even if it is true Cloudflare gets to see a ton of interesting meta data, such as the end user's IP, the exact time and the length of what the user is being sending or receiving. Source:
So even if you are in Switzerland and you use ProtonMail which is in Switzerland too, your connection still gets tunneled through an American company.
Source: https://x.com/andyyen/status/1884907496705339544
I've had the opportunity to work with the safari team in the past. I can't say a lot due to an NDA, but lets just say there is a good reason to prefer Firefox.
Why? I've personally seen more news articles about Tor users getting de-anonymized than I have VPN users. Purely anecdotal, I know, but the point being Tor is obviously not foolproof, so I am curious why recommending one over the other is apparently enough for you to call the entire article into question.
Because if I was running SIGINT at the NSA and collaborating with the FBI to arrest activists, the very first thing I would do is start up a bunch of VPN providers that bill themselves as "private" and then log everything aggressively.
The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes about Tor users being "de-anonymized" when VPN users are never "anonymized" to begin with. I would make sure these anecdotes never clarify whether it's "Tor users accessing Hidden Services and getting popped by a Firefox exploit" or "network attack that enables traffic correlation" so everyone fills in the blanks and assumes Tor is dangerous, when it isn't, thereby pushing activists to my VPN services.
After all. There is no real enforcement mechanism if a "private" VPN lies.
You mean the Silk Road which exposed the real IP of the web server due to misconfiguration? Tor can be compromised (run a bunch of exit nodes and do traffic correlation) but Silk Road made pretty basic mistakes.
A more constructive response is to explain why it won't work, rather than telling me to explain why it won't work.
My first post in this thread has a link that explains why VPN services aren't trustworthy.
But the thing I took more issue with is that Tor is omitted entirely. Tor is at least as safe as a VPN.
Trying to attack Tor users by registering exit nodes (a Sybil attack) is way more expensive than convincing users to simply not use Tor.
The fact that more effort is spent attacking Firefox (i.e., the Tor Browser) than the network is a data point worth considering when deciding your threat model.
Meanwhile, if you want to do traffic correlation against a VPN service that you don't already own, just pwn the datacenter that the VPN company is hosted in and watch packets coming in/out of the VPN.
If you want to try to reframe the conversation to be about defending Tor, you can have that conversation without me. I'm not here to defend Tor, I'm here to advise against using VPN services especially if you have a threat model where Tor is more appropriate.
Recommending ProtonVPN over Tor to motherfucking activists is an act of malfeasance that makes me distrust anything coming from this webpage.
> The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes
An unfortunate factor at play in these matters (and that I note in the article) is that the intelligence services are known to run the occasional shell company [0]. It seems likely that some privacy-oriented providers are actually intelligence fronts - because if you were running an intelligence collection agency an obvious thing to try would be a privacy-focused email company or something.
If it isn't built on a trustless model it isn't trustworthy.
Can't speak for OP's link, but as a contrast No Trace Project's resources contain lots of advice from people who actually routinely face state repression, with in-depth analysis of specific cases. The scope is international (though focused on the North Atlantic region) rather than english- & u.s.-exclusive. There are plenty of references to Tor+Tails.
"At no point during the interrogation did Thompkins say that he wanted to remain silent, that he did not want to talk with the police, or that he wanted an attorney."
"Thompkins did not say that he wanted to remain silent or that he did not want to talk with the police. Had he made either of these simple, unambiguous statements, he would have invoked his “ ‘right to cut off questioning.’ ” Mosley, supra, at 103 (quoting Miranda, supra, at 474). Here he did neither, so he did not invoke his right to remain silent."
Omitting pertinent information is the tool of debate not of discourse.
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
I cannot seem to find any supporting text in the SCOTUS text that merely being silent waives rights. Quite the contrary, my quote indicates it that as soon as the I would assert my rights, even in the middle of the interrogation, the interrogation would have to halt. (Additionally, the interrogated Thompkins did speak and answer, it was just terce.)
>I wish I were making that up. You now have to repeatedly state it.
Again, I can find no evidence in the SCOTUS opinion that once I assert my right, I have to repeatedly re-assert it.
From your note:
> unless tou break your silence to aay that you intend to be silent, yiu will be prosecuted for your silence
I find nothing of sort in this case. I can remain truly silent, and my silence cannot be used as evidence of guilt. Of course I can still be prosecuted with other evidence. Griffin v. California (1965) , Doyle v. Ohio (1976), and Salinas v. Texas (2013) just to name a few.
If I missed these, please point me to it so I can correct myself.
Just playing devil’s advocate here, but this idea of having to invoke your fifth amendment rights reminds me of a “Silent Man” (David Hampson) in the UK who would be arrested multiple times for blocking traffic by standing in the middle of the road. I’m not sure of the details, but in the process he would never speak to anyone at all (not even to his lawyer or psychiatrists, or just to confirm his name). It does seem problematic because what happens if the person arrested is actually mute?
Not only that, but do not say say "Gimme a lawyer, dawg" or else corrupt police will maliciously pretend you were merely asking for a legally trained canine, and another incompetent judge might let them get away with it.
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
No. Based on the opinion linked in one of the other comments, there are these possibilities:
- explicitly say you are invoking your right to remain silent -- the have to stop asking you questions
- say nothing -- you're fine, your right to remain silent means they can't use this against you
- answer questions (without being coerced) -- if they read you your rights properly and confirmed you understood, this waives your right to not do what you just did; if they messed up, then you can get your answers thrown out
Also note that repeatedly invoking your right to remain silent is going to be considered "resisting arrest" and you're going to get the shit kicked out of you.
Telling people how violent the police are tends to get applause in some circles online, but spreading misinformation that you can't get away with exercising your rights is pretty straightforwardly pro-police propaganda. The vast majority of police officers in the US will not kick you if you say you don't want to talk to them.
Yes, they use Bing’s search index, but the relevant difference is that they promise not to retain logs of your searches associated with your IP address or other identifying data: https://duckduckgo.com/privacy
This is ridiculous, just don't use a network of any kind or you'll be tracked by someone somewhere. Simple as that. Misleading people into thinking they can use these tools and be safe is dangerous. I suppose the only way to be safe is to assume you're being tracked somehow and use burners or throw aways that don't matter.
While you’re not wrong, there’s a trade off between communication needs and security guarantees. Activism and protesting requires organization, which is effectively hampered by the inability to quickly and efficiently disseminate information.
I’ve read the EFF’s guide and it seemed reasonable for a layman. What caveats or disclaimers would you include that they haven’t already? What more do you feel could be done to make people with these needs safer while helping them pursue their goals?
You need to coordinate with people. It could be as simple and necessary as getting your ride back home after the protest.
Yes, any use of the network is a risk. You take a risk just showing up. This is about mitigating risk, not eliminating it. You have to decide if it's a risk worth taking.
It's complicated to explain, but in the republican(/conservative/trump supporter) mind "activists" are (in support of) "far-left marxist communist liberal extremists" like Biden, Obama or Harris, so the FBI/CIA/NSA under the Biden administration were protecting them and calls for making encryption illegal only targeted "the republican" so activists supported ending encryption because it benefited them in their unjust war against republicans. So if they now see activists discussing opsec, they view it as liberals being "scared" at the righteous Trump administration coming for them.
Yeah, don't use Proton, they're several types of shady. If you can figure out running Matrix, that's better. Email isn't built for security, don't treat it as if it was. Use PGP on the body if you want, but the metadata will still be very talkative.
The Grugq has complementary advice which arguably is more important, regarding foundational principles, personas and so on:
A bit of a tangent, but modern protests are subject to hijacking from agents provocateur and general shit stirrers -- it's been quite effective in delegitimizing public protests. It would be nice to find ways to counter that.
I think this was the whole point of the "self purification" process that Dr ML King Jr describes in his Letter from Birmingham Jail [0], where they had workshops on non-violence etc.
Interesting. I read an article stating the opposite.
That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
In particular it was stated that part of those particular riots were a distraction to (successfully iirc) lure the cops away from the police station.
> That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
There's a lot to be unpacked there, but I'm not sure about what you think is "effective action" and why peaceful demonstrators are a bad thing.
There are multiple documented cases where emergency vehicles are blocked by "blocking a highway" as a "peaceful protest" that resulted in deaths. e.g., London (2022) - Mark Heap and Lisa Webber.
It is still a peaceful protest, whether you like it or not, contingent on the definition of "peaceful" being the absence of violence.
You do not have to like the outcome of a protest, but if it is not a violent one, you are expected here to describe it in accurate language.
You are not doing that.
To illustrate my point: your logic dictates that not pulling over for an emergency vehicle is tantamount to assault. It is not, and should never be in any rational society. Agree? Disagree?
I was responding to your note that it is peaceful, not that is or is not a riot.
A gathering where someone dies because of the gathering it is no longer undisturbed by strife, turmoil, calm, and tranquil. It is no longer peaceful.
> ... contingent on the definition of "peaceful" being the absence of violence.
The breaking of peaceful to me is not absence of violence. It is no longer peaceful because force was used to stop the emergency vehicles. Force is one way to be no longer peaceful. In this context, when force is used it implies resistance from someone that was forced to do something they did not want to do (emergency vehicle did not want to stop). It is no longer peaceful; yet no direct "violence" was used.[1]
I can fathom where your response comes and grasp your interpretation, but I disagree.
That's what makes it effective. That's the point. A protest that doesn't affect anyone is just performative. Protests aren't to spread the word. It's to jam up the gears, aka, sabotage, to make leaders act. "You're just making us late to work, it's not causing us to join your side!" Jamming up commerce and the functions of a city is how you get people to act. Not by filling out a permit to have a block party in a park. That's a rally, not a protest.
Unfortunately our leaders have successfully convinced the masses that it's only acceptable to protest as long as they do it at a scheduled time and place, without disrupting or offending anyone, and without any implicit threats of escalation and violence if the protestors' grievances aren't heard and rectified. That way people can vent to temporarily release frustration but we're powerless to effect any meaningful change, by design.
A physical action (like occupying infrastructure) that limits other people’s freedom to move, or brings harm to them or their property, is a violent act to most people. The only people that would claim otherwise are those who want to downplay illegal acts that align with their own politics.
Here’s a definition for ‘violence’, so you’re clear on how blocking highways is violence:
> violence: an unjust or unwarranted exertion of force or power, as against rights or laws
Here’s a definition for riot, so you’re clear on how a violent takeover of public infrastructure constitutes a riot:
I'm not at all a fan of the tactic of blocking highways as a protest move, I think that's not the same thing as a riot -- it's civil disobedience.
The link that I shared explicitly pointed out that the riot was started by a white supremacist. It's documented and a fact. So were dealing with 1+N cases here.
> Near me, I would say all of them that were riots were that way on purpose.
Look, it worked. It has framed BLM in millions of peoples minds as just black people rioting, and who wants to support riots eh?
I feel that the label of “civil disobedience” is misused as a tactic to justify illegal acts. Infrastructure is not there to serve as anyone’s political platform, and it is built with taxpayers’ money for other purposes. If the gathering does not have a permit, it is illegal, and therefore a disturbance of the peace - in other words, a riot.
> If the gathering does not have a permit, it is illegal
This is not true, unless it is in a public forum limited in “time, place, and manner”. The first amendment grants freedom of assembly. You do not need a permit to meet up with (dozens of) your friends any more than you need a permit to write in a journal.
Just checking in - y'all aren't planning on violating any laws around here are you? I'll have you remember the backdoored basebands, the Intel Management Engines, and the like weren't just invented to catch racist chuds you know.
Consider yourselves on notice. Because we've noticed you.
Hesitant to recommend proton since they can't stay out of politics, I don't think mullvad has any similar slipups: https://theintercept.com/2025/01/28/proton-mail-andy-yen-tru...
As I pointed out they also route all of their traffic through Cloudflare. They also have been caught red-handed logging the IP of an activist despite having previously advertised that they didn't keep any logs. Now they are using misleading terms such as "privacy by default" which according to them means that by default they won't log you but that they can be "forced" to log a user if a law enforcement agency asks them to do so...
Sources: https://therecord.media/protonmail-forced-to-collect-an-acti... https://x.com/andyyen/status/1884907496705339544
> by default they won't log you but that they can be "forced" to log a user if a law enforcement agency asks them to do so
Not wishing to be negative, but how (or more specifically for how long) can any provider refuse to cooperate with law enforcement/the legal system?
Yup. Unless you're providing a truly zero-access encrypted service such as chat (e.g. Signal), there truly is no way of avoiding it while staying afloat as a private company. It seems people don't understand that email, which is Proton's bread and butter, CAN'T be fully anonymous and private in relation to the provider unless the provider severely limits functionality by only allowing PGP.
The ones that don't end up shut down, in legal trouble or in jail.
See Lavabit, Tor Mail, Telegram, EncroChat, Sky ECC and others.
> Telegram
You know that Telegram is giving plenty much of information in these days?
They even changed the privacy policy.
https://techstartups.com/2024/09/06/telegram-silently-update...
Seems like they didn't give enough.
https://edition.cnn.com/2024/09/23/tech/telegram-ceo-durov-a...
Yeah, after they got into trouble with the law
In trouble.. France keeps the CEO hostage and blackmails him with decades of jail for numerous crimes committed over Telegram.
Framing the question a bit differently could help: The aim should be to engineer the system so that you don't (and can't) have access to the information, so you minimize vulnerability to legal attacks.
A strawman mod to protonmail could be to mandate the use of a VPN
> The aim should be to engineer the system so that you don't (and can't) have access to the information
So when law enforcement and/or a three-letter agency rocks up with the legal paperwork (whether it be a National Security Letter or a local equivalent) and demands that "the system" be changed to start collecting the information they require, how should managers and engineers respond?
Generally, in my experience, people want to help "catch the criminal" -- note these are usually the worst of the worst at first. Then you start getting less and less information and starts becoming a process rather than an event/discussion.
At least, that was my experience.
https://signal.org/bigbrother/
In a perfect world? The same way Apple did in ~2015. Argue that code is equivalent to speech, compelling them to write code to change the way the system works is compelling speech, and making that demand is unconstitutional.
Apple gets lots of shit for a multitude of reasons, but their stance of "We built it to be securely encrypted from everyone but the owner; if you want to change that then fuck you, make me" is something everyone involved with should be proud of
Realistically, we can't all be one of the richest companies in the modern era. Not every corporation has both morals, and pockets deep enough to pick a fight with not just a government, but the government of the country they're headquartered in. Frankly, shutting down like Lavabit is one of the better realistic scenarios if you're making promises of guaranteed privacy
> Not every corporation has both morals
I think this is easier: there isn't a single corporation on the earth with morals. Morality and profit-chasing are not generally coherent principles. Nobody doing any good on this earth has a need for an LLC.
I generally agree with your posts/comments, but anyone trying to "do good" in the USA absolutely needs to have liability protection, such as an LLC or a corporation shell of some kind. The moment one starts to make a difference in this corporate controlled nation, the full legal power of both the corporations and their owned government minions will rain down on you. I've seen it. If you're trying to make any kind of a difference, get liability shells around your activities, or you'll be ended the moment you gain traction.
Calling them "morals" was meant flippantly, though I suspect should have used quotation marks to call that out a bit more. "Multiple ad campaigns and a marketing posture based around privacy" is probably better.
The aim should be to engineer the system so that you had over every piece of information that you have and that it is totally useless to anyone, either through encryption (that you don't have access to) or through not collecting it in the first place.
Asking them to is different than a warrant, they are free to refuse without one.
https://xcancel.com/andyyen/status/1884907496705339544
Proton also suffers from a pathology similar to the LavaBit problem. Better off using some other email service that doesn't insist on keeping GPG keys on its servers and using something like Mega instead.
More resources on this topic:
Activist or Protester? by EFF's Surveillance Self Defense https://ssd.eff.org/playlist/activist-or-protester
The Protester's Guide to Smartphone Security by Privacy Guides https://www.privacyguides.org/articles/2025/01/23/activists-...
eff's a good source for most people on most occasions
for everything else read material from anarchists. ex: https://opsec.riotmedicine.net/downloads#mobile-phone-securi...
Step 1: Determine your threat model.
Step 2: Realize that none of these measures are adequate for that threat model, in the current environment. (For pretty much any threat model.)
Step 3: Realize that some of these measures draw attention to yourself, however.
One of the first things you can do with any of these kinds of lists is to see if they recommend Firefox over Chrome. It's an excellent shibboleth, because Firefox codes (rhetorically) profoundly more activist- and privacy- friendly than Chrome does, but Chrome has much more sophisticated and better tested runtime protections. Firefox seems like it would be the better recommendation, but if what you care about is not being easily (==cheaply) targeted by exploits, it's not.
This is not smart. It's entirely reasonable that Chrome may be better on top of its exploit game; but this absolutely pales in comparison to the threat of universal surveillance that Google hits us with frequently. Shouts to the heroes on the inside, but what did I just hear about an AI removal pledge?
See, this is what I'm talking about. If you're trying to protect activists from threats, protect them from threats. Making a political statement about commercial surveillance isn't doing that. A lot of these guides are LARPs.
How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)
>commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages
Is Firefox more susceptible to RCE exploits?
Commercial surveillance enables government surveillance. If an app constantly sends my location to a corporation by default, a government-level adversary can just demand it from that corporation, no need to burn a 0-day on me.
This is a complex thing. Don't give your location to the app. Turn off GPS, use VPN and don't use any apps/sites that linked with your real identity on the same device. Most of the other parameters in the commercial surveillance are too common to ID someone with a good probability.
Exploits, on other hand, can leak your full environment, including a photo from the cam.
Does the same apply for Chromium or does Chrome specifically have better runtime protection than Chromium? Why not mention Chromium?
You lose auto-update, right? The only concern I have off the top of my head.
Let the kids LARP resistance. If you are in the west you are absolutely safe if leaning left-ish - the only people that had the book thrown at them were the Jan 6 protesters. Not many were prosecuted or convicted for the mostly peaceful BLM riots in summer of 2020.
If you are in a third world country - they don't have the capacity for sophisticated attacks. And will probably just move to beating the shit out of you instead of dealing with investigations anyway. Pliers are quite efficient way to make someone disclose things.
If you are in a second world - you are fucked unless you really take the opsec seriously, but anyone doing something dangerous wouldn't be using those guides anyway. And they can still use the pliers.
They've already said they're going to deport pro-Palestine protesters with student visas who attended protests in the past, and are opening up 15,000 units at Guantanamo Bay for other immigrants to avoid us mainland law, along with an offering for units in an El Salvador concentration camp like megaprison.
They literally got a pardons for murdering people. Please check your priors.
The only people who died were some of the jan 6 protestors. Check your priors.
You're right, I went back and read and it looks like the officer who died had their stroke ruled as their cause of death, not the blunt force injuries they received, though it was ruled contributing to his cause of death.
Upon further reading it looks like they only intended to murder a bunch of people and were prevented from doing so while invading the capitol buildings holding nooses, a completely blameless activity.
How's your priors doing btw?
Something like 170 officers were injured, 15 hospitalozed, and at least one suicide in the aftermath. Several gun charges.
An insurrectionist climbing through a window busted out with an American flag pole was shot for almost getting into a holed up area of law makers. Police and Secret Service warned "Get back! Get down! Get out of the way!"
The point isn't that Firefox is less exploitable it's that it has less blatant tracking than alternatives like Chrome. If you're an activist I'd imagine that exploits are a scary thought but the more direct threat is the tracking we (un)knowingly succumb to every day.
I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor. We know that modern phones are full of proprietary firmware with swiss cheese tier security which allow for 0 day remote code execution exploits [1]. The operating systems, although better, also have been targeted by RCE exploits [2].
Not to mention even turning a phone off does not guarantee it goes silent. Apple's Find My network works even for turned off devices. Now of course you can turn that feature off, but once the capability to track a turned off device is there, we have to assume that a nation state actor has exploits/backdoors that allow agencies to bypass basic software switches.
You have to assume everything you do on a mobile phone will end up in law enforcement/intelligence agency databases if you're put on a watch list.
[1] https://googleprojectzero.blogspot.com/2023/03/multiple-inte...
[2] https://en.m.wikipedia.org/wiki/Pegasus_(spyware)
Agreed, when they can own the baseband, you're kinda screwed.
edit: my knowledge is clearly out of date.
Since the mid-2010s Apple has put every baseband / WiFi / Bluetooth radio either on USB or PCIe with an IOMMU that restricts access to only the pages required for networking and packet management.
I can't speak to when Android started doing this, but I know the common chipsets (Qualcomm, Exynos, Mediatek) also do this.
>I personally don't believe basic measures like turning off location services as suggested by the article will make a difference against a sophisticated adversary like a state actor.
The majority of activists are not worth the effort or expense. And for the ones that are worth - those guides make no difference since they don't harden as much. If you want real security - then the least you must do is have two devices. One used for hotspot only.
This page says it was last updated a few weeks ago, but the recommendation against iCloud backups seems to have glaring errors and omissions.
> Keys to unlock the phone’s full-disk encryption are also stored in the iCloud backup. This arrangement allows law enforcement to request the backup data from Apple and use the key to unlock the entire phone. It also offers a convenience, where if the user forgets their unlock code, Apple can still recover the device.
This is not true. Even if it were, the advice to activists should in all cases be to enable Advanced Data Protection so that almost everything (except iCloud mail, contacts and calendar) are end-to-end encrypted (including iCloud phone backups). Apple cannot access the data or help in any kind of recovery when Advanced Data Protection is enabled. It is up to the user to set up recovery contacts and recovery key (and keep this safe).
great! here are the github issues for the repo so you can make that change: https://github.com/InfosecForActivistsTeam/infosec-activists...
Rule 0: DO NOT BRING YOUR PHONE TO PROTESTS.
I cannot stress this enough. We survived protests without them in the past. There will be plenty of professionals filming anything going on.
Coordination needs to be zero tech.
Some of the crowd here is already aware of the issues with these recommendations, so let's take things up a level.
https://www.notrace.how/ / http://i4pd4zpyhrojnyx5l3d2siauy4almteocqow4bp2lqxyocrfy6pry...
https://www.anarsec.guide/
Is it correct that iCloud backups can lead to officials being able to unlock your physical device? That’s not consistent with my understanding of Apple’s circle of trust implementation.
I get that the backups can potentially be compromised, and of course having the backup means having most of what would be on the phone, but I would love to know more about how having a copy of a backup can compromise the physical device via iCloud.
I am really struggling to find ways to approve anything if you don't have 100% control over it. Signal seems to be a solid choice generally and I do believe they are doing their absolute best to keep it airtight but this is software and some obscene, tiny little hole may very well exist.
Generally speaking, with people like comrade elon having so much say into everything, people rushing to pump out new features daily, most often not putting too much effort into security, I've been making a hard push to cut myself off cloud services and self-host everything I can myself.
How much does a Firefox 0-day cost these days on the grey market compared to a Chrome 0-day with sandbox escape?
Disproportionally more if you divide it on the user base to get the cost of targeting 1 user when you want them all (and most of evildoers want that exactly).
Not sure how reliable this information is [1], but apparently, 200k vs 500k. Another [2] organization states 350k vs 1.5M (including LPE).
[1] https://opzero.ru/en/prices/
[2] https://www.crowdfense.com/exploit-acquisition-program/
Drastically less.
all yall HN "well actually" MF missing the point. this is meant for non-technical people
Signal leads to metadata by virtue of demanding a phone number. Use the fork Session instead that doesn't have this vulnerability. Or Mega, which does audio and video calls, chat, and file storage and transfer.
This is pretty much the 101 on how to get "caught". It is laughable that they recommend using ProtonMail and ProtonVPN and that there is not a single mention of things such as TOR.
Regarding Proton specifically:
- Proton has been lying about them not logging their users IP and other information in the past. It got caught red-handed in 2021 when they transmitted the data of a user to a french intelligence agency called DGSI. Source(s): https://therecord.media/protonmail-forced-to-collect-an-acti...
- Now they say: "Privacy by default", what they mean by it that by default they do not log the user's information but if an agency asks them to log then they "are required by law" to log the user's data. But the user has no way to know if he is still in the "privacy mode" or has switched to the "surveillance mode".
- It is actually possible that they log everything and use the "by default" wording as a "plausible denial". By saying that your account had been flagged earlier by law enforcement or an intelligence agency.
- All Proton mail traffic goes through Cloudflare. Let that sink in. Yes, they says that the traffic is encrypted using https and that Cloudflare can't see it's content, which might be true. But even if it is true Cloudflare gets to see a ton of interesting meta data, such as the end user's IP, the exact time and the length of what the user is being sending or receiving. Source: So even if you are in Switzerland and you use ProtonMail which is in Switzerland too, your connection still gets tunneled through an American company. Source: https://x.com/andyyen/status/1884907496705339544
Serious question: what are the reasons for Firefox over Safari?
I'm currently a Firefox user at home and work, but thinking about going back to Safari in the near future...
I've had the opportunity to work with the safari team in the past. I can't say a lot due to an NDA, but lets just say there is a good reason to prefer Firefox.
Firefox is open source.
You don't have to build it yourself, but other people do and deterministic builds can provide collective assurance the code is what it claims to be.
That they recommend a VPN and not Tor in their first table immediately makes me suspicious.
https://gist.github.com/joepie91/5a9909939e6ce7d09e29
Why? I've personally seen more news articles about Tor users getting de-anonymized than I have VPN users. Purely anecdotal, I know, but the point being Tor is obviously not foolproof, so I am curious why recommending one over the other is apparently enough for you to call the entire article into question.
Probably because deanonymizing VPN users isn't news.
> Why?
Because if I was running SIGINT at the NSA and collaborating with the FBI to arrest activists, the very first thing I would do is start up a bunch of VPN providers that bill themselves as "private" and then log everything aggressively.
The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes about Tor users being "de-anonymized" when VPN users are never "anonymized" to begin with. I would make sure these anecdotes never clarify whether it's "Tor users accessing Hidden Services and getting popped by a Firefox exploit" or "network attack that enables traffic correlation" so everyone fills in the blanks and assumes Tor is dangerous, when it isn't, thereby pushing activists to my VPN services.
After all. There is no real enforcement mechanism if a "private" VPN lies.
https://www.theregister.com/2011/09/26/hidemyass_lulzsec_con...
That's funny because if I was running SIGINT at the NSA I would do all of the above, and also compromise Tor
As if compromising Tor in the long-term is that simple.
Remember when every major player involved with The silk road got raided and the CIA ended up controlling 2/3 of every Bitcoin in circulation?
You mean the Silk Road which exposed the real IP of the web server due to misconfiguration? Tor can be compromised (run a bunch of exit nodes and do traffic correlation) but Silk Road made pretty basic mistakes.
https://krebsonsecurity.com/2014/09/dread-pirate-sunk-by-lea...
Or you spin up a bunch of Tor nodes to de-anonymize user on that system.
Why don't you try that and report back?
https://news.ycombinator.com/item?id=41583847
A more constructive response is to explain why it won't work.
Burden of proof is on the proponent.
A more constructive response is to explain why it won't work, rather than telling me to explain why it won't work.
My first post in this thread has a link that explains why VPN services aren't trustworthy.
But the thing I took more issue with is that Tor is omitted entirely. Tor is at least as safe as a VPN.
Trying to attack Tor users by registering exit nodes (a Sybil attack) is way more expensive than convincing users to simply not use Tor.
The fact that more effort is spent attacking Firefox (i.e., the Tor Browser) than the network is a data point worth considering when deciding your threat model.
https://www.malwarebytes.com/blog/news/2024/10/tor-browser-a...
Meanwhile, if you want to do traffic correlation against a VPN service that you don't already own, just pwn the datacenter that the VPN company is hosted in and watch packets coming in/out of the VPN.
If you want to try to reframe the conversation to be about defending Tor, you can have that conversation without me. I'm not here to defend Tor, I'm here to advise against using VPN services especially if you have a threat model where Tor is more appropriate.
Recommending ProtonVPN over Tor to motherfucking activists is an act of malfeasance that makes me distrust anything coming from this webpage.
> The second thing I would do is have useful idiots (i.e., influencers) spread vague anecdotes
An unfortunate factor at play in these matters (and that I note in the article) is that the intelligence services are known to run the occasional shell company [0]. It seems likely that some privacy-oriented providers are actually intelligence fronts - because if you were running an intelligence collection agency an obvious thing to try would be a privacy-focused email company or something.
If it isn't built on a trustless model it isn't trustworthy.
[0] https://en.wikipedia.org/wiki/Crypto_AG
For someone in the know: what's the credibility of the authors on this topic?
I see https://infosecforactivists.org/#acknowledgments and https://github.com/InfosecForActivistsTeam/infosec-activists... but I don't see their experience following their own advice.
The document by itself looks unpolished. Tor, for example, should be at least referenced once, even if they recommend against it.
Can't speak for OP's link, but as a contrast No Trace Project's resources contain lots of advice from people who actually routinely face state repression, with in-depth analysis of specific cases. The scope is international (though focused on the North Atlantic region) rather than english- & u.s.-exclusive. There are plenty of references to Tor+Tails.
https://www.notrace.how/
http://i4pd4zpyhrojnyx5l3d2siauy4almteocqow4bp2lqxyocrfy6pry...
National Lawyers Guild Know Your Rights reminder: Shut the f** up! https://www.youtube.com/watch?v=nWEpW6KOZDs
https://www.aclu.org/know-your-rights/stopped-by-police
That video, unfortunately, is out of date. The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
I wish I were making that up. You now have to repeatedly state it.
The USSC has been off the rails for at least ten years.
Not a lawyer, but the advice they give is still good opsec. Don't talk to anyone except your lawyer.
If you are arrested, then yes you do have to assert your right to remain silent.
https://www.justia.com/criminal/procedure/miranda-rights/rig...
Invoke the right and stay silent.
Do not answer the obvious bullshit questions, those are used as bait, once you start answering any questions, you lose your 5th amendment protection.
My understanding is you can stop answering at any time and invoke, but of course this is used by police to start you talking in the first place.
getting you to answer easy questions is the first psychological step in the door. salesmen (and amusingly enough many activists) know this
> if you are merely silent that means you waive your right to remain silent.
This is not my reading. For those who want to read the actual details: https://supreme.justia.com/cases/federal/us/560/370/
Here are some nuggets from the case:
"At no point during the interrogation did Thompkins say that he wanted to remain silent, that he did not want to talk with the police, or that he wanted an attorney."
"Thompkins did not say that he wanted to remain silent or that he did not want to talk with the police. Had he made either of these simple, unambiguous statements, he would have invoked his “ ‘right to cut off questioning.’ ” Mosley, supra, at 103 (quoting Miranda, supra, at 474). Here he did neither, so he did not invoke his right to remain silent."
Omitting pertinent information is the tool of debate not of discourse.
whats the part youre disagreeing with?
the context to me still says that remaining silent does not invoke the right to silence.
unless tou break your silence to aay that you intend to be silent, yiu will be prosecuted for your silence
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
I cannot seem to find any supporting text in the SCOTUS text that merely being silent waives rights. Quite the contrary, my quote indicates it that as soon as the I would assert my rights, even in the middle of the interrogation, the interrogation would have to halt. (Additionally, the interrogated Thompkins did speak and answer, it was just terce.)
>I wish I were making that up. You now have to repeatedly state it.
Again, I can find no evidence in the SCOTUS opinion that once I assert my right, I have to repeatedly re-assert it.
From your note:
> unless tou break your silence to aay that you intend to be silent, yiu will be prosecuted for your silence
I find nothing of sort in this case. I can remain truly silent, and my silence cannot be used as evidence of guilt. Of course I can still be prosecuted with other evidence. Griffin v. California (1965) , Doyle v. Ohio (1976), and Salinas v. Texas (2013) just to name a few.
If I missed these, please point me to it so I can correct myself.
https://en.wikipedia.org/wiki/Berghuis_v._Thompkins for the curious
Just playing devil’s advocate here, but this idea of having to invoke your fifth amendment rights reminds me of a “Silent Man” (David Hampson) in the UK who would be arrested multiple times for blocking traffic by standing in the middle of the road. I’m not sure of the details, but in the process he would never speak to anyone at all (not even to his lawyer or psychiatrists, or just to confirm his name). It does seem problematic because what happens if the person arrested is actually mute?
Speech doesn’t have to be verbal.
Not only that, but do not say say "Gimme a lawyer, dawg" or else corrupt police will maliciously pretend you were merely asking for a legally trained canine, and another incompetent judge might let them get away with it.
https://slate.com/news-and-politics/2017/10/suspect-asks-for...
But in all seriousness: Do not be afraid to sound like a fool making short, unambiguous, and repeated requests for a lawyer if you have to.
> The USSC recently decided that if you are merely silent that means you waive your right to remain silent.
No. Based on the opinion linked in one of the other comments, there are these possibilities:
- explicitly say you are invoking your right to remain silent -- the have to stop asking you questions
- say nothing -- you're fine, your right to remain silent means they can't use this against you
- answer questions (without being coerced) -- if they read you your rights properly and confirmed you understood, this waives your right to not do what you just did; if they messed up, then you can get your answers thrown out
the standard abbreviation is SCOTUS
Also note that repeatedly invoking your right to remain silent is going to be considered "resisting arrest" and you're going to get the shit kicked out of you.
And then they send you the bill for shoe polish.
Telling people how violent the police are tends to get applause in some circles online, but spreading misinformation that you can't get away with exercising your rights is pretty straightforwardly pro-police propaganda. The vast majority of police officers in the US will not kick you if you say you don't want to talk to them.
Is DuckDuckGo really secure? It's just Bing re-skinned. Makes me question the rest of the list.
Yes, they use Bing’s search index, but the relevant difference is that they promise not to retain logs of your searches associated with your IP address or other identifying data: https://duckduckgo.com/privacy
This is ridiculous, just don't use a network of any kind or you'll be tracked by someone somewhere. Simple as that. Misleading people into thinking they can use these tools and be safe is dangerous. I suppose the only way to be safe is to assume you're being tracked somehow and use burners or throw aways that don't matter.
While you’re not wrong, there’s a trade off between communication needs and security guarantees. Activism and protesting requires organization, which is effectively hampered by the inability to quickly and efficiently disseminate information.
I’ve read the EFF’s guide and it seemed reasonable for a layman. What caveats or disclaimers would you include that they haven’t already? What more do you feel could be done to make people with these needs safer while helping them pursue their goals?
This advice is unhelpful. Don't let the perfect be the enemy of the good. Cell phones are a useful tool for coordinating and communicating.
You need to coordinate with people. It could be as simple and necessary as getting your ride back home after the protest.
Yes, any use of the network is a risk. You take a risk just showing up. This is about mitigating risk, not eliminating it. You have to decide if it's a risk worth taking.
The only secure computer is one that's been sealed in concrete without ever being powered on?
Yeah, the reality of amateur clandestine operations is that you have to put down your phone.
Remember when the FBI and NSA were trying to outlaw encryption? Like a couple years ago? How the turn tables!
I’m not sure I understand why the tables are turned now.
It's complicated to explain, but in the republican(/conservative/trump supporter) mind "activists" are (in support of) "far-left marxist communist liberal extremists" like Biden, Obama or Harris, so the FBI/CIA/NSA under the Biden administration were protecting them and calls for making encryption illegal only targeted "the republican" so activists supported ending encryption because it benefited them in their unjust war against republicans. So if they now see activists discussing opsec, they view it as liberals being "scared" at the righteous Trump administration coming for them.
[dead]
Yeah, don't use Proton, they're several types of shady. If you can figure out running Matrix, that's better. Email isn't built for security, don't treat it as if it was. Use PGP on the body if you want, but the metadata will still be very talkative.
The Grugq has complementary advice which arguably is more important, regarding foundational principles, personas and so on:
https://www.youtube.com/watch?v=L3j1AhS0iKI
https://www.youtube.com/watch?v=3w7E4Hhtubw (there's a bit of presentation and ceremony before they get into the relevant parts)
[dead]
A bit of a tangent, but modern protests are subject to hijacking from agents provocateur and general shit stirrers -- it's been quite effective in delegitimizing public protests. It would be nice to find ways to counter that.
Case in point: how BLM protests were turned into riots by antagonistic forces: https://abcnews.go.com/US/man-helped-ignite-george-floyd-rio...
What actually happened at 2020's protests & riots in the u.s., in the words of those who were there:
https://paper.wf/downas/partisan-accounts-of-the-george-floy...
Why delegitimizing those who don't abide by the rules of “peaceful protest” amounts to defense of the status quo:
https://north-shore.info/2024/10/04/not-liking-someone-doesn...
I think this was the whole point of the "self purification" process that Dr ML King Jr describes in his Letter from Birmingham Jail [0], where they had workshops on non-violence etc.
[0] https://letterfromjail.com/
Interesting. I read an article stating the opposite.
That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
In particular it was stated that part of those particular riots were a distraction to (successfully iirc) lure the cops away from the police station.
> I read an article stating the opposite.
Please share a link then.
> That to organise effective action on the ground, smart protesters were distracting the anti violence bleeding hearts while discussing and implementing more effective actions.
There's a lot to be unpacked there, but I'm not sure about what you think is "effective action" and why peaceful demonstrators are a bad thing.
Here's a study that backs up my initial statement: https://acleddata.com/2020/09/03/demonstrations-political-vi...
[flagged]
Blocking a highway is not an act of violence, it is a form of peaceful protest.
Like a diner sit-in.
You are free to correct your post to explain all the acts of violence you saw which justify the term "riot".
There are multiple documented cases where emergency vehicles are blocked by "blocking a highway" as a "peaceful protest" that resulted in deaths. e.g., London (2022) - Mark Heap and Lisa Webber.
That does not a riot make.
It is still a peaceful protest, whether you like it or not, contingent on the definition of "peaceful" being the absence of violence.
You do not have to like the outcome of a protest, but if it is not a violent one, you are expected here to describe it in accurate language.
You are not doing that.
To illustrate my point: your logic dictates that not pulling over for an emergency vehicle is tantamount to assault. It is not, and should never be in any rational society. Agree? Disagree?
I was responding to your note that it is peaceful, not that is or is not a riot.
A gathering where someone dies because of the gathering it is no longer undisturbed by strife, turmoil, calm, and tranquil. It is no longer peaceful.
> ... contingent on the definition of "peaceful" being the absence of violence.
The breaking of peaceful to me is not absence of violence. It is no longer peaceful because force was used to stop the emergency vehicles. Force is one way to be no longer peaceful. In this context, when force is used it implies resistance from someone that was forced to do something they did not want to do (emergency vehicle did not want to stop). It is no longer peaceful; yet no direct "violence" was used.[1]
I can fathom where your response comes and grasp your interpretation, but I disagree.
[1] https://help.unhcr.org/iran/en/more-information/what-is-viol...
> The breaking of peaceful to me is not absence of violence
Thank you for acknowledging the use of your own definition instead of the common one.
This is not a credible definition. By this standard a traffic jam is a human rights violation.
That's what makes it effective. That's the point. A protest that doesn't affect anyone is just performative. Protests aren't to spread the word. It's to jam up the gears, aka, sabotage, to make leaders act. "You're just making us late to work, it's not causing us to join your side!" Jamming up commerce and the functions of a city is how you get people to act. Not by filling out a permit to have a block party in a park. That's a rally, not a protest.
Unfortunately our leaders have successfully convinced the masses that it's only acceptable to protest as long as they do it at a scheduled time and place, without disrupting or offending anyone, and without any implicit threats of escalation and violence if the protestors' grievances aren't heard and rectified. That way people can vent to temporarily release frustration but we're powerless to effect any meaningful change, by design.
A physical action (like occupying infrastructure) that limits other people’s freedom to move, or brings harm to them or their property, is a violent act to most people. The only people that would claim otherwise are those who want to downplay illegal acts that align with their own politics.
Here’s a definition for ‘violence’, so you’re clear on how blocking highways is violence:
> violence: an unjust or unwarranted exertion of force or power, as against rights or laws
Here’s a definition for riot, so you’re clear on how a violent takeover of public infrastructure constitutes a riot:
> riot: “public violence, tumult, or disorder“
I'm not at all a fan of the tactic of blocking highways as a protest move, I think that's not the same thing as a riot -- it's civil disobedience.
The link that I shared explicitly pointed out that the riot was started by a white supremacist. It's documented and a fact. So were dealing with 1+N cases here.
> Near me, I would say all of them that were riots were that way on purpose.
Look, it worked. It has framed BLM in millions of peoples minds as just black people rioting, and who wants to support riots eh?
Edit: research proving the peaceful intent of protests: https://acleddata.com/2020/09/03/demonstrations-political-vi...
I feel that the label of “civil disobedience” is misused as a tactic to justify illegal acts. Infrastructure is not there to serve as anyone’s political platform, and it is built with taxpayers’ money for other purposes. If the gathering does not have a permit, it is illegal, and therefore a disturbance of the peace - in other words, a riot.
> If the gathering does not have a permit, it is illegal
This is not true, unless it is in a public forum limited in “time, place, and manner”. The first amendment grants freedom of assembly. You do not need a permit to meet up with (dozens of) your friends any more than you need a permit to write in a journal.
Just checking in - y'all aren't planning on violating any laws around here are you? I'll have you remember the backdoored basebands, the Intel Management Engines, and the like weren't just invented to catch racist chuds you know.
Consider yourselves on notice. Because we've noticed you.
What... like downloading an LLM. Or jaywalking. Or keeping a feather. Hell no!
[dead]