The Truth About Anonymous Accounts Online

The absolute first two things you need to ask yourself before trying to make an anonymous Facebook account are why do you want one and who are you hiding from? In fact, these two questions drive even the feasibility of your exercise.

A few months ago we published the beginning of what was meant to be a primer on making anonymous accounts on Facebook. For the next few months, we were besieged by people who wanted the second half of that process and thought we were holding out on them. We weren’t; the information is constantly changing, constantly moving and morphing into something even more shadowy than the personalities people wanted to make online. Part of the thing we accept in order to play in this particular section of the pool is the need to learn, to constantly watch for new information that forces a change in how we think, how we act, how we teach. The members of TOWR talk a great deal amongst themselves, about what information we are learning, how it fits into the bigger picture, what the best way to teach it is. Through it all, we have sought to answer one question every single time: Is the information we are teaching correct? If we aren’t going to teach the correct information, if people cannot trust the information we give them, then we shouldn’t be teaching at all.  And while we’d have loved to come out with the second part of the Facebook series immediately, we learned a great deal of information that not only made writing the second piece problematic, but made the first one obsolete.

Sometimes it happens where we all endorse a skill, a device, even a person, and we later find out we were wrong. What should we do? Correct the record? Simply stop teaching the wrong info and hope people figure it out? Make a Facebook group plastering that person’s name all over the place? While social media groups “calling out” people seem to be popular these days, that’s not effective, and it’s not how we work. Those who need to know information we have are given it, using the appropriate channels and the correct process. When it comes to the idea of making anonymous social media accounts, this article is what I’d consider the correct process. So let’s get started.  First of all: ignore the previous article on this subject because it is obsolete.

The absolute first two things you need to ask yourself before trying to make an anonymous Facebook account are why do you want one and who are you hiding from? In fact, these two questions drive even the feasibility of your exercise. Let’s take a look at various purposes for anonymous accounts.

  1. “I run my mouth a lot on Facebook, or I like to talk trash to certain people, and I don’t want them knowing it’s me.” If this is your purpose, you don’t need an anonymous account. You need testicular fortitude, which is outside our wheelhouse, sorry.  If you were sitting across a table from me and actually said this was your purpose, I would get up and leave.
  2. “I want to join patriot groups as a fake name because OPSEC.” Again, this is very high on the list of reasons that should disqualify you from getting taught how to do this for one reason that will become very obvious later.
  3. “I don’t want the government knowing that I’m in patriot groups on Facebook.” This is not possible. In fact, I’ll say it again: It is not possible to hide from the government on Facebook, and I’ll explain this more in a moment because it needs clarification.
  4. “I want to use Facebook without giving up my privacy.” Nope, sorry — if you have a Facebook account, you do not have privacy. It’s that simple.
  5. “I want a second account to use on my phone for patriot activity coordination.” No. Even if you did make a second account and only accessed it from your phone, you’d be dead in the water BECAUSE you accessed it from your phone, and you’d screw every other person you talked to, whether or not you were coordinating with them.

If any of those reasons are why you want an anonymous account, then walk away now because they are not feasible.  Now let’s look at the reasons and ways you can have an anonymous Facebook account.

  1. You want to use Facebook but aren’t comfortable with your boss or coworkers seeing it, or you’re interviewing for a job. This is a perfectly good reason to have an anonymous account. Keep in mind that it will not work if this is a second account; it defeats the purpose. Your best bet, if you really need to do this, is to deactivate your current account and make a fake account with a fake name that sounds reasonable (Jack McCoy, for instance, not Shiggy Sugarbottom or Jane BenghaziJones). The caveat to this is…you guessed it…no politics. Nothing. Puppy videos and likes on food posts. In fact, keep in mind that making that fake account and then adding your family and friends, by nature of the data machine, will automatically identify you anyway, as will using any device or wifi you’re already associated with to access it. You can see the issues already, right?
  2. You want to use the account to infiltrate a leftist group, such as a semi-local Antifa group. Now THIS is doable — but it requires some caveats as well. The people you’re up against often have skills you don’t. If you so much as make the slightest mistake, you’re identified, and then you’re toast.  I say semi-local (or even far off) as opposed to very local because if you join the local group, you may be expected to actually show up in person at an event.  If you have other photos of yourself on the internet (and who really doesn’t at this point) then you are easy to identify as well. This is possibly best done with a two-man team; you get into his local group and he gets into yours, and you never talk on FB, you never talk at all unless you can pull off meatspace or a message drop on some Tor-based or i2p-based message service that follows the protocols below.
  3. You want to use the account to use Facebook without the government knowing what you’re doing. Here’s the problem. Every single device you own, every wifi you have ever connected to with one of those devices OR done any of your normal routines on, every page you’ve ever visited, every like, comment and share you’ve ever done is part of the data package that is you. That means, if you want to be able to use Facebook while hiding from the government, you need to strictly adhere to the following:
    1. Never use a device you have ever used before. Any device you choose MUST only be used for that particular account. So you’re literally talking about purchasing a laptop (has to be a laptop, and a specific kind of laptop, like an old refurb, that’s also been altered for this purpose) just so you can have a Facebook account on it.  Is that worth it to you?

    2. Never use an internet connection you’ve used before. That means every time you log into that account, it needs to be from a new place. This is true for tradecraft reasons as well as technical. You don’t want to get on a first name basis with the barista at the Starbucks two blocks from your house.

    3. Never drive your own vehicle to your connection point. Also, don’t take any means that can be tracked back to you. That means, don’t get in an Uber, etc.

    4. Never take a phone with you of any kind. No burners, no flip phone, no smartphone, nothing. Don’t wear your Apple watch or FitBit (why do you have either of those anyway, if you care about privacy so much that you need an anonymous Facebook account?)

    5. Never dress in a way that will stand out in the specific venue and area that you’re choosing for that particular outing. In fact, put some thought into your choices of venue. If you’re 50 years old, 300 pounds, and bearded in a non-hipster way, don’t choose a venue in a trendy millennial area because you WILL stick out no matter what you wear. Be honest with yourself about what you can pull off.

    6. Never use your debit card on these trips. In fact, I wouldn’t even take them — or anything else that can identify you.

    7. Never connect without a VPN. We’ve covered those elsewhere; if you’re not already familiar, you’re sorely behind.

    8. Never connect to anything you normally look at. Don’t check your email. Don’t check the hits on your website. Don’t go to websites you normally frequent. And for the love of all that’s holy, don’t sign into your regular Facebook account. There is no such thing as “just doing one thing quick.” You’re done.

    9. Never join Facebook groups or like pages that your regular account is associated with. And while it should be freaking obvious, don’t go to that group and announce to everyone that this is your new account. Don’t message people, don’t do anything but lurk.

    10. Never tell anyone that you have another account. For any reason, at any time. No one needs to know about it.

    11. Never use that Facebook account to coordinate any activity, mention any areas, or mention any fact about yourself. If you need to use the internet to coordinate activity, then you are working with people who are too far away — and you don’t know them well enough to do anything with them.

    12. Never visit any websites AT ALL while logged in to your Facebook. Don’t keep it open in a tab while you surf.

    13. Never use a browser that is not set up to block scripts, etc. Tor is good, if you’re already following the rest of these protocols.

    14. Never stay online any longer than you absolutely have to, in order to do the things you signed in to do.

You’ve probably read through this list and thought, “Man, what a pain!” Yup. It is a pain. If you had some idea that you could sit in your recliner naked while eating cheetos and wreak havoc on the enemy, then I’m glad I could burst your bubble, because anyone who is making Facebook accounts and has violated even one of the precepts above has not only identified himself, he’s also endangered everyone he talks to. I mentioned earlier that it’s impossible to hide on Facebook from the government. That’s true. It is, however, possible to become someone else, if you are willing to put the work in and can compartmentalize to the extent necessary.  We cover this in the Internet Privacy webinar, and to some extent I’ve just explained it above.

While the list above may seem overly paranoid, it’s not. If you’ve read the Vault7 disclosures (and actually read THEM, not just read the quick summaries the establishment ‘media’ put out), or if you’ve read the rest of the Wikileaks information on the subject, then you should already be aware that the list above is the bare minimum. In fact, I wouldn’t even guarantee your anonymity if you follow the list exactly, because their capability is always changing, new surveillance cameras are always going up, and depending on where you live, you can be seen on camera more than sixty times a day. That’s not counting license plate readers, facial recognition, touch DNA, or anything else. Like it or not, the surveillance state is total, and it is oppressive, and unless you are willing to do the work, you won’t get anywhere.

In short, the question isn’t really how to set up an anonymous Facebook account; it’s whether your particular purpose is worth the money, time, and aggravation of doing it. I can’t make that decision for you; if you’ve read through this list and you are willing to make that commitment, then more power to you. If you think you can do some of the list and ignore others, then God help whoever you’re talking to, because you just put your own laziness above their safety.

If you’ve gotten all the way through and are still wondering how to make yourself an anonymous account, read it again. The “how” is in there.

The Argument Against Patriot Rallies

It’s almost amusing to watch the same people who argued in favor of mass surveillance (for safety reasons of course), suddenly argue against it because Trump is President-elect. Slate opened their recent article with the statement “Donald Trump has shown he’ll stop at nothing to humiliate and intimidate his critics,” blissfully gliding over the part where the intelligence community has actually been used to identify, track and even punish people it deemed politically undesirable (they mentioned it back in January, but believed it was only against ‘people of color’).

Now EFF has come out with a list of digital security tips for protestors. While EFF’s been against mass surveillance since Day 1, their article contains a very clear warning that people seem unwilling to wrap their heads around–especially those in the patriot movement who love to go to rallies.

Many protesters may not be aware of the unfortunate fact that exercising their First Amendment rights may open themselves up to certain risks. Those engaging in peaceful protest may be subject to search or arrest, have their movements and associations mapped, or otherwise become targets of surveillance and repression.

With this statement, EFF is literally voicing something that we all know is unconstitutional. This is not how it’s supposed to be. Going to a protest or rally (a peaceful one, not the idiotic, violent events going on now) should not be cause for anything to happen to you. The fact that EFF can say this so plainly, as a matter of fact, should bother you to your core. It should leave you with no doubt that you do not live in a free country. Let me say that again in an even clearer way:

You do not have freedom of speech, and you do not have freedom to protest. To anyone who says differently, I point to the 70+ years of proven government action against those with ‘dissenting’ political views. The viewpoint targeted has changed depending on the administration and the decade, but the result is the same: 1) identify group, 2) engage in propaganda efforts to ‘prove’ to the populace that they are a menace because of their beliefs, 3) maybe toss up a false flag or two to drive home the point, 4) infiltrate and entrap, 5)  ad nauseum. Just because they haven’t actually hauled YOU away yet doesn’t mean a thing. You need to understand that right now, YOU, as a believer in freedom and limited government, are the target. I don’t care who the President-elect is, I don’t care what his promises are, I don’t care how much you think the tide is turning. I don’t even care how many rallies you’ve gone to or organized that went just fine. It only takes a single second for it to all go wrong.

If that still doesn’t convince you, consider this: The JTTF is actively investigating people in the patriot movement. Think about what JTTF stands for: Joint Terrorism Task Force. A unit made up of people from every level of law enforcement, tasked with finding terrorists, is what’s investigating the movement you are claiming membership in. Do the math. If you need an idea of what JTTF does, take a gander:

Police collected names, home addresses, personal descriptions, and other information on individuals, including writing down license plates of vehicles used by those attending peaceful protests. This appeared to be in violation of a city policy prohibiting the collection of intelligence “unless such information directly relates to criminal conduct or activity and there is reasonable suspicion that the subject of the information may be involved in criminal conduct or activity.”

Some of the targets were designated in the records as “criminal extremists” despite being clearly nonviolent. The records also showed that an FBI Joint Terrorism Task Force collected information and created files “on the activities of peaceful protesters who have no connection to terrorism or any other criminal activity,” according to the ACLU.

You might be thinking “so what—they can come and get me if they’re feeling froggy,” but you’d be missing the point; actually, you’d be missing several of them.

  1. Subject to search and arrest means exactly that. Getting searched means they go through every single inch of your house, your garage, your shed, your desk, etc. Maybe you don’t care about your own info. What about the list of group members you have? The list of frequencies your group uses? The list of critical information you made as a part of your OPSEC setup? How many people are put in danger if you get searched? If you’re not thinking in those terms, quite frankly, someone in your group should throat punch you.
  2. And what about the arrest part? As I’ve mentioned about a hundred times, if you get arrested, three things happen:
    • You’re out of the fight
    • You’re now in THEIR world, forced to play by THEIR rules, and subject to all manner of physical, emotional and mental torment from guards and other inmates alike.
    • You’re now forced to use whatever resources you have for your defense, plus now you’re asking for others to donate THEIR hard-earned resources they need for their families. Good job. If there is any possible way for you to NOT get arrested, you need to consider doing that.
  3. Having your associations and movements mapped is not a good thing either. Sure, we’re all being surveilled. But you don’t want the extra special attention of targeted surveillance. What do your associations and movements have in common? Yup…they both mean putting others in danger. If they’re tracking where you go and who you associate with, specifically, then everyone who works with you or associates with you is now fair game.
  4. One more thing…are you willing to bet your life that none of them, if approached, would flip on you? Are you willing to wager your kids growing up with their parent in prison?

This isn’t saying that civil disobedience is always a bad thing. I’ve done it. There are plenty of pictures of me doing it. Lots of us have, probably including you. I’m saying before you do it publicly, do the risk assessment. Game out the possibles. If you don’t have the resources to fight any charges, if your kids are still little and need their parents, if you’re the primary breadwinner for your family, you might want to rethink your desire to go be loud and proud.

There are a hundred things you can do that are arguably far more effective in the bigger picture than planting your face all over their surveillance. Of course, that would also require you to not care if you get ‘credit’ for it. It would require you to be okay with certain folks calling into question your “commitment” because you’re not “standing.” I know how that goes, because I used to be one of the folks calling out those who didn’t go to rallies. I was absolutely, completely wrong, and I say that as clearly as I can.

If you want to go to rallies, I understand that, and I respect that. It’s theoretically your right to do so, even if that right isn’t truly respected by government. If you do choose that route, however, take the necessary precautions. Have money set aside for your bail and defense so you aren’t dependent on others if you get nailed. Have a plan for how your family will be cared for. And in the meantime, learn to protect yourself. Follow the list of steps to take to secure your information as much as you can. Practice need to know.

And don’t be like I was. If people don’t want to go to your rally, let them be. You have no idea what they’re already involved in; they might just be doing far more than you are. If they’re doing it right, you’ll never know.

Signal Vulnerabilities Found: Update Immediately

One of the things we consistently teach in classes is that what is a good solution today may not be tomorrow. The tech landscape—and by default, the threat landscape within it—is constantly changing. It’s our job to stay on top of those changes, so we can make the necessary adjustments to how we operate and stay ahead of the curve. Today it was announced that Signal, one of the best apps out there for ‘secure comms’ (nothing is completely secure) has been found to have certain vulnerabilities in it. For the detailed techie description of those vulnerabilities and how they were found, you can look at this article. For the basics, read on:

Before you run to Google Play and update, however, note that the update isn’t available anywhere but Github at the moment. The developers are working on getting it into the Google Play store, and it should be available soon. Meanwhile, Open Whisper Systems—the company who makes Signal—had this to say:

“This was a really great bug report, but we consider its impact to be low severity at this time. It does not allow an attacker who has compromised the server to read or modify attachments, only to append a *minimum* of 4GB of unpredictable random data to the end of an attachment in transmit,” Moxie Marlinspike, Founder of Open Whisper System said.

“While that causes a denial of service, effectively corrupting a file in an unpredictable way and making it too large to open on any Android device, an attacker that has compromised the server could more easily deny service just by blocking your request for the attachment.”

The good news is that the problems are fixable (and if you know how to use Github, you can get the patch), and as the researchers who found the problems stated:

What does this mean to you, the Signal user? Here’s what you need to do:

  • If you don’t understand Github and you are using Android, then stop using Signal for sensitive communications until there is an update on the Google Play store. (Maybe use Unseen instead.)
  • Read the technical description of the vulnerabilities. If you find a word you don’t understand, look it up. You’re not going to learn or get any better unless you get WHY and HOW things work.
  • Pay attention to when that update drops. I would guess it’ll be within the next week or so. When it does drop, get on it. Immediately.
  • Moving forward, consistently pay attention to what you’re using for digital communications. What is its state? Is it safe? What are the reported issues with it? Use best practices.

Signal is still one of the best solutions out there. We just need to stay on top of things so that when it changes, we can adapt.

Are There Informants in Your Group?

[et_pb_section admin_label=”section” transparent_background=”off” background_color=”#ffffff” allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”||0px|”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”off” custom_padding=”||0px|” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#ffffff” show_divider=”off” height=”110″ divider_style=”solid” divider_position=”top” hide_on_mobile=”on”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#bcbcbc” use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_letter_spacing=”2px” custom_margin=”||0px|” custom_padding=”||0px|”]

RESISTANCE GROUPS

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” max_width=”660px” text_font=”PT Sans||||” text_font_size=”72″ text_text_color=”#1d1d1d” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”18px||80px|” text_line_height=”1.1em” text_font_size_last_edited=”on|desktop” text_font_size_tablet=”52″]

Are There Informants in Your Group?

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section][et_pb_section admin_label=”Section” fullwidth=”off” specialty=”off” transparent_background=”off” background_color=”#f7f7f4″ allow_player_pause=”off” inner_shadow=”off” parallax=”off” parallax_method=”off” padding_mobile=”on” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” make_equal=”off” use_custom_gutter=”off” custom_padding=”0px|||”][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans||||” text_font_size=”18″ text_text_color=”#323232″ text_line_height=”1.4em” use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”14px||0px|”]

TOWR Staff

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”center” text_font=”PT Sans|on|||” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”0px|||”]

30 August 2016

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”24″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”40px||0px|” text_line_height=”1.4em” text_font_size_last_edited=”on|tablet”]

It’s the nightmare of any resistance group: a government agent or informant in their ranks.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

You might look at the members of your group and think of them as family. You may even be willing to lay down your life for them. But would they do the same? And how do you know they’re not reporting on every move you make?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”3_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/spokesman.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid” alt=”The Malheur Wildlife Refuge sign during the occupation in January.”] [/et_pb_image][/et_pb_column][et_pb_column type=”1_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off” custom_css_main_element=”width:130px;”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|” max_width=”130px”]

The Malheur Wildlife Refuge sign during the occupation in January.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||” max_width=”130px”]

Photograph credit The Spokesman

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”0px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”46px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Like it or not, the concept of infiltration is one that people should be concerned about. It often seems that people in resistance/patriot groups are on one end or the other in terms of spectrum: They either engage shoddy vetting practices and assume their own group is clean, or they think everyone who disagrees with them or questions them is a fed. Neither of these is a healthy or good way to operate.

There are several myths about informants that seem to circulate around the various groups as well. Passed around via word of mouth by people who claim connection to shadowy figures who must remain unnamed (“my dad’s uncle’s co-worker’s dad’s daughter works at the Pentagon”), these myths suck people in because they appeal to people’s desire to believe certain things. People want to feel safe; they also want to feel as though they’re better/faster/smarter than the forces aligned against them. Unfortunately, in most cases they aren’t–not because they can’t be, but because they don’t try to be.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_font=”PT Serif||||” text_font_size=”32″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”16px||30px|” text_line_height=”1.3em” text_font_size_last_edited=”on|tablet” max_width=”900px”]

People need to understand that there are highly trained people out there whose entire job is finding, infiltrating, and entrapping them and their people.

[/et_pb_text][et_pb_divider admin_label=”Divider” color=”#aeaeac” show_divider=”on” divider_style=”solid” divider_position=”top” hide_on_mobile=”off”] [/et_pb_divider][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

One major myth that I’ve heard from people over and over is that “informants won’t break the law.” These folks figure that if they can get their group members to do some illegal thing together, that is an effective vetting technique–and if someone refuses, that’s a sure sign that they’re a fed. This is not true; in fact, informants break the law all the time. The thing is, they get literally authorized to break the law, in the hopes that they can get you to break it too.

How bad is it? Between 2011 and 2014, the FBI alone authorized informants to commit crimes 22,823 times. That averages to over 15 times a day. Think about that. In addition, these crimes aren’t necessarily small things. In fact, one example was an informant who helped facilitate the breach of Stratfor in 2011–one of the most “most high-profile cyberattacks of the last decade.” Sure, they got the main hacker responsible, but they also cost Stratfor “millions of dollars in damages and left and estimated 700,000 credit card holders vulnerable to fraud.” In short, what you need to understand is this:

  • They are willing to do whatever they have to in order to make their case, including break the law themselves.
  • They do not care about the collateral damage of their actions.

Now consider this: The government views “anti-government extremists” as a worse threat to Americans than ISIS. In this article, in fact, the media skillfully lumps the average constitution-loving ‘patriot’, the Malheur occupation, the KKK, and terrorism violence up in one neat little package. Does the average citizen know the actual difference between all of those things? Of course not. This means that not only do you have the federal government willing to do anything to get you, you also have the general public–whose support is absolutely critical–seeing you as a threat worse than animals who behead children (when they’re not raping them and using them as assassins, that is).

The feds have a long history of infiltrating and even controlling various movements and efforts; do you really think they’re not doing the same here? When you consider the fact that many groups use social media to organize and/or recruit (and the only vetting done is a quick question or two and a check to make sure there’s “liberty material”) it’s safe to say that the movement has made it incredibly simple for itself to BE infiltrated. Even some groups who claim to take ‘vetting’ seriously often do one or two face to face meetings and a short probation period, during which the new guy is still given all kinds of access.

There’s no way that could end badly, right?

 

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”Row” make_fullwidth=”off” use_custom_width=”off” width_unit=”on” use_custom_gutter=”on” custom_padding=”50px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” column_padding_mobile=”on” custom_padding_tablet=”17px|||” custom_padding_last_edited=”on|tablet” custom_width_px=”830px” parallax_2=”off” parallax_method_2=”off” gutter_width=”2″][et_pb_column type=”4_4″][et_pb_image admin_label=”Image” src=”https://www.whiterose.us/wp-content/uploads/2016/08/Untitled-design5.jpg” show_in_lightbox=”off” url_new_window=”off” use_overlay=”off” animation=”fade_in” sticky=”on” align=”left” force_fullwidth=”off” always_center_on_mobile=”on” use_border_color=”off” border_color=”#ffffff” border_style=”solid”] [/et_pb_image][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”16″ text_line_height=”1em” custom_margin=”20px||0px|”]

Someone in your group may be wearing a mask.

[/et_pb_text][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” text_font=”PT Serif||on||” text_font_size=”12″ text_line_height=”1.2em” custom_margin=”6px|||”]

Are you willing to bet your family’s lives on your group members?

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

So what’s to be done about all of this? Certainly the obvious answer is to prevent them from even getting into your groups through solid vetting practices, which are an article or even class in themselves. But let’s say you’ve already got a group. The members already have access. What now? You have options, but first a few principles.

 

  • No one is ‘too high up’ or ‘too connected’ to be compromised or working for the other side. One thing that a lot of people do is assume that someone teaching a class is automatically trustworthy, or that prominent people must be solid because they’re ‘so high up in the movement.’ You would not believe the amount of information that we hear in our own classes, or the info I’ve heard in other classes, as people assume that every instructor is trustworthy. Don’t ever make this mistake, because the bottom line is, you do not know for sure–and besides, what’s the most basic of information sharing rules? Need to know.
  • You don’t have to agree with someone’s philosophy in order to learn from their tactics. There is MUCH to be learned from all manner of groups on security and/or resistance tactics–regardless of whether you like or agree with what they’re using their tactics to accomplish.
  • Benefit of the doubt is for suckers. Trust is earned, period–and it’s subject to change. Be willing to look at conduct that doesn’t fit–even if it’s from someone that you already trust. Circumstances change, and so do vulnerabilities. The guy who would’ve taken a bullet for you six months ago may suddenly find himself in a life-or-death medical situation with his wife or child that he can’t afford. Be aware of changes in situation that signal exploitability. We don’t have to hold people to our own set of morals, but the bottom line is that things like extramarital affairs, financial troubles, vices, and character failings are openings to those who are looking to exploit. Be aware of that. Understand that everyone has a vulnerability. Perhaps most importantly, know your own, and figure out how to mitigate it as much as possible.
  • Watch out for the loudmouth. Like it or not, if you’ve got a loudmouth in your group who’s always trying to get people to do stuff that could land them in in jail or dead tomorrow, that’s a problem. Best case scenario is that he makes emotional decisions and is a liability. Worst case scenario is that he’s not on your side and is actively trying to entrap you. If this describes one of your inner circle folks, you might be tempted to brush it off and claim that he’s “emotional” or “passionate” or even “immature.” Don’t. Take the time to think critically and logically about what’s going on. Several groups have learned the hard way that the guy yelling the loudest and trying to incite the most violence is often reporting on the very people he’s trying to incite. Look up Steve Haug and Hal Turner.
  • Third party “vouching” is not a catch-all solution. When you’re talking about networking for supplies/barter, creating “tribe” then sure; you may give someone some help or perform a favor on the basis of someone in your inner circle vouching for him and asking for that help on their behalf. That’s one thing. When you’re talking about actual resistance acts or access to sensitive information or groups, however, it’s a really bad idea. It’s very simple–ask yourself the following question: Do I trust my friend’s instincts and vetting process so much that I’m willing to bet going to jail on it or worse if he vouches for someone and is wrong? Vet people yourself; don’t rely on someone else to do it. I have people come to me and tell me that so-and-so is a solid guy, and I’ve asked people I trust for their take on someone; neither of those, however, is good enough to take someone in and work with. That doesn’t mean they’re in the door; it just means they can knock.
  • Document things that don’t make sense. Do this on paper, in a notebook. Claire Wolfe has an excellent primer on such things. Learn how to do critical analysis and start doing it on the info you’re collecting. Find the patterns and figure out what they signify.
  • Don’t ask yourself, “How would *I* act if I were a fed informant” and use that as your measuring stick.  That’s called “mirror imaging,” and it’s one of the most common mistakes out there.

[/et_pb_text][/et_pb_column][/et_pb_row][et_pb_row admin_label=”row” make_fullwidth=”off” use_custom_width=”on” width_unit=”on” use_custom_gutter=”off” custom_padding=”17px|||” padding_mobile=”on” allow_player_pause=”off” parallax=”off” parallax_method=”off” make_equal=”off” parallax_1=”off” parallax_method_1=”off” parallax_2=”off” parallax_method_2=”off” column_padding_mobile=”on” custom_width_px=”620px”][et_pb_column type=”4_4″][et_pb_text admin_label=”Text” background_layout=”light” text_orientation=”left” max_width=”620px” text_font=”PT Serif||||” text_font_size=”20″ text_text_color=”#363636″ use_border_color=”off” border_color=”#ffffff” border_style=”solid” custom_margin=”30px||0px|” text_line_height=”1.5em” text_font_size_last_edited=”on|tablet”]

Does this mean you don’t bother networking? Absolutely not. Does it mean you start treating people you’ve known and worked with as though they’re federal agents hell-bent on your destruction? No. It does, however, mean that you stop glossing over things that you know don’t make sense. It means that you do some self-assessment and engage in some brutal self-honesty about what your weaknesses and vulnerabilities are–and if it means you need to ditch some secret vices, clean house with your finances, or even end certain types of relationships, get it done. Stop associating yourself with people who support first strike violence, and make it clear on your social media, website or other public means that you do NOT support it. Above all, keep in mind that they can and will entrap you. They will encourage you to commit federal crimes and even provide the means to do it.

The point and principle that drives all of our actions in this arena should be simple: Is it morally right, does it help the cause of liberty both short AND long term, and does it fall in line with the Three Percenter principles we claim to live by?  That goes for everything from the things we do to the people we associate with.

We can’t afford any more mistakes.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

TOWR Guides: The Case for Throwaway Email Addresses

As of April of this year, there were 336,724,945 breached accounts in the Have I Been Pwned? database (yes, I suggest you go to that database and check your email addresses).  That number has since jumped to 1,307,907,501.  This means almost 1.5 BILLION people/credit card numbers/addresses/email addresses/etc. are available, and not many of them are throwaway email addresses; most of them are people’s actual, log-in-every-day, synced-to-your-phone addresses. Before you raise your nose in the air just slightly and sniff that there’s no way you’re on that list because you are careful, let me ask you the following:

  1. Do you remember every single site you have ever entered your email address, name, or any other details about yourself, since the first time you ever logged into the internet?
  2. If by some act of God you could answer “yes” to the above, do you know (and have you kept track of) every business acquisition, re-branding effort, or data sale from every site you’ve ever given your data to, for as long as you’ve been on the internet?

I rest my case. (By the way, here’s a link to answer the question “How is my data in a breach on a site I never gave info to?”) That’s not even counting all the ways that major email providers such as Gmail, Hotmail, and Yahoo already spy on you and use your information.

So what are you supposed to do about all your personal data floating around everywhere? The bad news is, you can’t take that info off the internet completely. The good news, however, is that you can keep them from getting more, and you can change some of the info you have. Enter the throwaway email. When combined with a fake name and even birthdate, you can do a great deal to mitigate the threat there. Before we get into the advanced stuff, however, let’s take a look at one easy way to sign up for things without giving away the proverbial farm.

Mailinator

I happen to think this option is the best for certain situations. The way it works is this: You have a site you need to give an email to in order to sign up; we’ll call that site databuyers.com. You give databuyers.com literally any email address you want, as long as it ends in mailinator.com. It does not matter what mailinator address you give them, because when databuyers.com sends an email to that address, it will create the address at mailinator. This means that if you want to have databuyers.com go to circusmidgetfestival@mailinator.com you can, without setting up an account at mailinator.

How is this possible? It’s because Mailinator has no privacy. Every single email address is public domain and wide open, and anyone can read any email sent to any address. So, if you tell databuyers.com to send the verification email to circusmidgetfestival@mailinator.com, you can immediately go to Mailinator and type that address in (no password needed, since it’s public) and hit Check Any Inbox, and boom, there’s the email. Any email sent to mailinator also gets deleted after a few hours, so don’t think you can go back 2 weeks from now and see that email you got, because it’ll be gone. You can, however, still use the email again, simply by putting the address into whatever site you need it for, because mailinator will recreate it as soon as the email is received. Nifty, right? The more intelligent and creative among you can probably think of some other ways to use this as well.

Pros:

  • You don’t have to give any personal information. In fact, I’d advise against using your real name in Mailinator or when signing up for new accounts at all (even when you’re purchasing something, but circumventing the whole “need all personal info” thing when buying online is a whole other article and involves a bit more work).
  • No passwords or account setup are needed; you simply make up an address that you plan to use, and give that out.
  • Free. We like free.
  • Anonymous at the mailinator site (caveats exist; see the Con list for details)
  • Very easy to use.

Cons:

  • Anyone can read anything sent to any email address in Mailinator. You can test this by going to the Mailinator site and checking johnsmith@mailinator.com. You’ll see all kinds of emails, from spam to account resets. This means you would NOT use this for sending uncoded sensitive messages within your group, for instance (the mailinator website, in fact, points out that if you do, you’re a “stupid head”).
  • If you do need to reset your password (you use KeePassX, so this isn’t a problem, right?), you’d have to send your password reset to the public mailbox, which could be a problem. See above point.
  • Some sites may not allow you to use these email addresses since they’re known as anonymous. They don’t like when you send them fake data; they want your real data. If you find yourself in this position, you may want to ask yourself if you really need to sign up there.

Overall, Mailinator is a solid way to stop giving your personal information to every site you log into. You may even want to change some of your existing accounts to a mailinator address as well.

GuerrillaMail

GuerrillaMail is another option for those who need a throwaway email. Also free, this works somewhat like Mailinator in that it’s a publicly available email inbox. Where guerrillamail differs, however, is in the scrambling of the email address, which means your email can be something like 43r1vk+bze63cax9k05c@sharklasers.com. If someone knows the ID you used on the email inbox, they can access whatever is in there, so it’s best to not use your.name1@sharklasers.com or something like that.

Basically, GuerrillaMail has the same pros and cons as Mailinator, but also has address scrambling to help obfuscate your actual email (which may be something like randomname@, but show up as 43r2cd+8cdzul7vlvf4@sharklasers.com).

The Advanced Stuff

If you’re familiar with the dark web, you may want to consider something on the Tor network as well, for sites you need to use there. (Keep in mind that Tor has its own issues, however; best practices for Tor include using a virtual machine–Qubes if you can run it–a VPN, and not using it at home or work.) Same goes for other darknets like i2p or freenet. If this paragraph made no sense to you, that’s okay for the moment; you might want to start learning though.

What NOT to Do

A lot of us have a Gmail account (or Yahoo/Hotmail/MSN etc). In many cases it’s either our name or some identifying characteristic that lets people know it’s us (mine is from back when I was an aircraft mechanic but I have had Gmail accounts that were my name too, from when I didn’t know better). It’s easy and convenient to just use that for the spam and logins but that’s a bad idea. First of all, as we have taught in our Basic Privacy and Anonymity course, the more convenient something is, the less secure it is. Secondly, if you’re using one of those emails to log into everything, then everyone who has access to your email data also has access to everything in it. Gmail, by default, is a “gigantic profiling machine,” and as far back as 2013, Google was quite clear that anyone who emails a Gmail user has “no legitimate expectation of privacy in information” because they “voluntarily” turned over information to “third parties.”

This means that if you decide to get Protonmail (a good choice) for your sensitive emails but then decide to use your Gmail for all the rest of your everyday logins, you’ve just defeated the purpose of the exercise. In fact, if you own a Gmail account, go look at your Google Dashboard and see how much information there is about you.

The Third Option

Staying on top of your privacy is a never ending endeavor. If you’re an activist or involved in liberty work, however, you don’t have another choice. As a society we are conditioned to think in terms of binary options: one, or zero. Republican/Democrat is a classic example. In reality, however, often there’s a third option that we don’t think of. When it comes to being tracked everywhere we go or having all of our purchases cataloged, it seems sometimes like there’s no way out. Either we are getting tracked (in which case, our beliefs and activities draw suspicion and extra attention), or we go all out and drop off the radar, which also draw suspicion and gets us more attention. It’s easy to feel like we’re being funneled into a no-win situation. But we aren’t, if we think smart. There are ways to turn the system back on itself.

Imagine doing any of the following:

  • Having your Gmail signed up for updates from the DNC, Hillary, Obama, and every anti-gun group there is (if you paid attention to the article on infiltration, you may already be doing this). Obviously this won’t work if your Facebook looks like a meme shrine, and most people suffer from one very exploitable weakness that will ruin this, which I’ll talk about in a future article.
  • Downloading an app that you know tracks your every location when it’s open (such as Pokemon Go or Waze), and establishing a pattern of places and times where you are known to be. Then, send your phone with someone else, in your vehicle, to a place/time in the pattern who will have the app open, tracking “you”—while you go elsewhere to meet with a contact, pick up an anonymous purchase, or check your message drops.
  • Sending yourself a lot of encrypted material at Gmail. As in, so much encrypted stuff that they have to spend resources digging into it. I prefer encrypted cat pics, myself.  While they’re digging through those, I can send other things elsewhere, through different means. Do not send anything related to your activism through your regular email. Ever. For any reason. I see a lot of emails coming to TOWR, asking for training on various topics or wanting to ask us a question related to the movement somehow. It seems like with very few exceptions, all of them are coming from email addresses hosted at Gmail, MSN, or other open provider. In fact, we’ve gotten a few that were from their actual ISP domain (Comcast, Frontier, etc.) Do not do this.

The list goes on. Be creative.

The bottom line is, you’re being tracked. We know that; it’s old news. Our job is to find ways to either dodge that surveillance, or use it in ways that let us work the system to our own advantage. Throwaway email addresses are just one of the tools we have.