Preamble
For the record: I don't have information that will lead to the arrest of HRC, nor am I suicidal. The phrase has become a meme that pops up any time someone notable dies: internet pranksters will create an image that looks like a Twitter screenshot of them claiming to have such evidence just before their death. It's funny because the Clinton’s have been accused of more murders than Putin, though the evidence is light on most such accusations.
Though what if you did have such information, then what? How could you make that information known widely without waking up dead? Let's stipulate that you just received a paper document proving something which places your life at risk if known you have it, and that document was received in such a way that didn't leave any traces. This stipulation is made because if you received such risky information via email or text message -- or Signal or Protonmail for that matter -- there is a significant risk that you're already a dead man walking. For simplicity just know that the NSA records every packet across the internet, and separately records all emails and texts, and separately has phone backdoors to capture screenshots of Signal messages (which are OCR'd), and has a long history of being surreptitiously behind "high security" communication systems. There's a lot more to say about this, though if you want to stay alive you can't receive sensitive documents electronically unless you take very strong precautions that only an expert should even attempt. You're not an expert: don't attempt it.
Maybe you've found evidence of organized crime that you want to make the public aware of but you fear reprisals. Maybe you want to make the US public aware of crucial information you have about foreign adversaries but you don't trust the media or authorities to act on your information if you gave it to them privately and/or you fear the authorities themselves are infiltrated / subverted / compromised. History is replete with examples of whistleblowers whose lives ended badly. If you have information that places your life at risk, this message is for you. It's a combination of warnings and security protocols that will increase your chances of dying from old age rather than a sudden heart-attack or fast-acting cancer or a car or plane crash or committing suicide with two bullets to the back of your head.
In 2022 Vice made FOIA requests to the FBI asking for their training material and operations manuals related to how they track people using their phones. This reveals how long different companies retain data of use to the FBI (phone suppliers, telecom providers, VMNOs, social media companies, etc). This includes call data records (CDRs), iCloud iPhone backups, Google WiFi location tracking, Google Photos GPS image data, Facebook location tracking, Twitter location tracking, etc etc etc. These and many more sources of information from and about you can reveal up to your every email and text, every note and contact and voicemail and picture (etc) on your phone, and your real-time location as you move throughout the day and going back months or years.
These various bits of information are used by the FBI to establish a "pattern of life" for you. What are your daily routines? Weekly and monthly routines? Do you walk the dog at particular times each day? Do you go out for drinks with friends every Thursday? Do you leave your phone in the car every Sunday morning while you're in church? Do you keep your phone on your night stand while you sleep? This and much more is part of your pattern of life. The intelligence community knows all of this and much more.
How to think about your pattern of life
Once you've spent a month observing your own "pattern of life" as seen from the point of view of your phone (don't make any behavior changes, act normally; don't do any online browsing or searches even tenuously related to this), note that the FBI has easy access to 3 months of your texts, 1 year of your browsing history, and all of your real-time location tracking history (at least 7 years). Depending on how deep the look is at you, the FBI may gain access to your phone backups to extract all your text messages. Or they might use their access to the NSA databases to read all your text messages from there (this is illegal but they do it all the time for "parallel construction"), rather than just getting a few months from the telecom provider. Or they might use "no click" spyware like Pegasus to install malware on your phone to gain access to everything you have and do. Or deploy Stingray by you to intercept your mobile phone tower. It's important to know the scope of their information about you so that you can mitigate your risks associated with their information advantage. The first step: don't be naive about how sophisticated mass surveillance technology has become. I'm not even scratching the surface here.
Once you have a good sense of what the national security state would see as your normal "pattern of life" you want to start modifying that in small ways to create regular daily or weekly changes which provide a normal gap in activity. For example: leave your phone at home when you go to the gym. Or when you walk the dog. Or every Friday when you go out partying. Modify your "pattern of life" as seen from the point of view of your phone so that it's normal for there to be at least a few hours a week when no activity is recorded. I'll refer to this regular time when your phone has no activity (it's not moved or interacted with at all) as a "regular blackout period." You will use regular blackout periods to take actions which demand high operational security, or "OpSec."
Anywhere you go with your phone is tracked. All phone use is tracked. All internet activity (home and otherwise) is tracked. Any time you move around with a radio device in your possession (Bluetooth headset, smart watch, etc) other devices see you go by. Cities routinely have sensors at intersections and on garbage trucks and in roving surveillance vans which make note of any radio devices that pass by. Same for "smart" stores like any Apple store or mall or most grocery chains, or many credit card readers at any location. Other phones walking by your house also are used as sensors to pick up radio emission from your house. Even if you don't have any active radio devices, just carrying an RFID tag is enough for sophisticated sensors to detect you if you get too close. Also note that "Amazon sidewalk" and Apple AirTag mesh mean that if you have an RFID tag or any radio device that just passing near a house with Ring doorbell or Alexa smart speaker potentially gives up your location. Credit cards, driver licenses, passports, and even fancy clothes may all have RFID tags. Only wear old generic cotton clothes with no branding from head to toe, carrying no cards, no electronics, no watches, no headphones (not even wired), etc during your regular blackout period. To simplify: avoid all metal in or on or near your body. When you have to carry a driver's license: keep it in a blackout bag.
You will need to borrow an automobile that is old. For simplicity it's easiest to look before circa 1980, with no computerized electronics. No OnStar. No LoJack. Ideally you want something old and simple: look for something with a carburetor. You don't want to buy it, ideally. You want to find a family member or friend who will let you borrow the vehicle as needed. To protect that individual it's necessary that they not know why you're borrowing the vehicle. A minimalist cheap motorcycle (think 250 CC carbureted, smallest street legal) up to circa 2010 is also workable if you're a motorcycle rider (nothing fancy enough to have a radio). It's ideal to have someone else refill it with gas or at least to refill using gas cans. Try to minimize how many times and contexts in which you will be recorded with the vehicle. Gas stations record everything.
Using a small scooter or electric-motor-assist bike or similar (think: street legal without license plates or any radio equipment) is even better than using an automobile or motorcycle if possible. License plates are tracked everywhere they go.
You will need to acquire an old computer, pre-2010 is good, maybe circa 2000-2005 is ideal, without integrated WiFi or Bluetooth or a cellular modem. Get one of your friends' or families old computers: don't buy it. If needed, have a trusted friend buy a suitable used computer from a small single-person-run repair shop on your behalf, taking OpSec seriously (don't bring their phone or other electronics to do the purchase, pay in cash, etc). As with the car: their safety depends on them not knowing why you need this. When you meet with them, do so only during a regular blackout period following high OpSec protocol. The first thing you need is the vehicle, so work on that first. Once you have access to the vehicle, use it during a regular blackout period to acquire the computer, taking OpSec seriously.
If the computer has a networking card, remove it. If it has integrated Ethernet, disable it in the BIOS. Disable all networking functionality. Find an old Linux CD/DVD that's a year or so newer than the old computer you acquired. If you don't have such a disc ask a trusted friend to make one for you. Install Linux on the computer installing a full development toolchain for all languages and all compression/archiving/document/image/audio/video editing libraries, tools, and apps. The end-goal is to have a computer running Linux that can compile C/C++ code and more, create PDF documents, create MP3s, and create images and movies and burn discs. Don't install any server functionality. No SSH. No DNS server. No web server. No networking. Remember you're installing old software versions for which many security vulnerabilities exist: any exposure to the outside world is a problem, so don't do it.
Think of this computer as being a clean room inside which you will do all your media creation needed for eventual disclosure. All work must stay inside the clean room. No networking. Ideally on battery power (not connected to an outlet), inside a faraday cage, inside a sound isolated chamber. Any type of emission spectrum you can imagine, from the sound of your keyboard clacking to the RF waves of the CPU activity or AC power cord have all been weaponized by clever spooks (I'm serious as a heart-attack: this isn't even the tip of the iceberg). Recognize the risks that exist and take mitigation’s as appropriate when operating your computer. When your computer is not in use it must be secured in such a way that will reveal tampering (recognizing that your adversary has lockpicks and new "vendor" replacement seals, etc). Using software-based file system-level high-grade encryption for all temporary files and work in progress and anything sensitive on a computer with zero swap file that is always cleanly unmounted and shut down is a good mitigation. It's also desirable to keep the encryption key on removable media you take with you at all times so it can never be cloned when you're not near it. That encryption key itself should be encrypted with a password that only you know in your head, that's secure and very unlike all your other passwords. You also want to have the computer setup in such a way that you can run memtest86 or equivalent easily because every time you shut it down and remove the removable media with the key you must then reboot the computer and rewrite all system memory thoroughly before then shutting down the computer between uses. Inside the encrypted filesystem is your clean room inside which all write activity should be limited to while working on your disclosure project. Mount everything else read-only to be sure.
Your goal is to use this clean room to type up the information you want to disclose, create any images that need to be created, create any audio or videos that need to be created, etc as appropriate. Start with any text editor that can eventually be used to make PDF documents, among other formats. The written disclosure is in key ways the most survivable. The smaller the file size, the easier a thing is to replicate widely via diverse approaches. Following plain text, PDF is the next most survivable format. Only use the simplest features, most compatible choices, for all mediums of use in your disclosure. In general you should seek to create a master document as plain text that can be converted into PDF, audio of transcript, video of the PDF, etc. Prepare your materials and then burn them onto a disclosure disc.
Special considerations for chemistry
Special considerations for propulsion or energy systems
Recognizing that you can't run experiments without being detected, it would be wise to do experiments under a very careful condition: assume your location will be targeted by a "recovery team" within T time of display of first successful experiment. Be prepared to have left nothing that deanonimizes you at that site and have your own surveillance system monitor what / who might show up after. If there's valuable experimental tech at the location you want to preserve, put that in something ordinary looking but mobile and depart with it, while leaving behind a decoy setup (preferably a decoy setup that signals you were doing something more ordinary that accidentally released the signature).
I've prepared my disclosure disc, now what?
Possibility #2: use a regular blackout period to visit a friend or family member who can acquire for you, used, with high OpSec, the oldest but still WiFi capable thing that can read your disclosure disc. Note that every radio has a unique hardware fingerprint. If you wanted to use a device to upload your disc just borrowing the library's WiFi (or a bank or Cafe or whatever), the unique hardware fingerprint of your device will be recorded. This fingerprint can be used to reveal the make and model of device readily, and it can be used to lookup in NSA databases all the previous people to use that device near a mobile phone (etc) for all of time. This means if you want to use a device to upload via WiFi you must acquire that device in a high-OpSec anonymous way and you must destroy it in a secure way after your disclosure upload. It's not safe to ever turn the device on or take it out of a radio blackout bag at or near your house. To prepare the device for use with the disclosure disc information you must use high OpSec during regular blackout periods to drive your vehicle to a remote place (no WiFi within range) in another county before taking it out of the blackout bag or turning it on. Any oversight in protocol and you risk waking up dead: don't be naive about how all-pervasive the dragnet is. Cf. Wikileaks, Snowden, Cryptome, Black Vault, COINTELPRO congressional documents, etc etc etc.
Note that every disc has a serial number on it which is recorded in the operating system logs when inserted. This means the disc itself (unrelated to the contents) leaves a trail and so should be destroyed in a secure way (melt it into puddle then keep burning until it's vaporized) after your disclosure upload. This also means you should acquire your disc in an high OpSec anonymous way, as identifiers are routinely tracked back to purchases.
Note that this document is readily traced back to me because I've made no effort to conceal my writing style. The words you prefer, the punctuation’s you do and don't use, whether you single or double space after a period -- this and much more can be used by automated algorithms to identify you. Remember that your adversary has every email and text message and online comment all of us have ever written in a massive database that they can use to compare against a disclosure email / document. With this in mind, take great care to compose your disclosure materials in such a way to mitigate this.
Note that in this document I'm trying to thread the needle between providing needed context and security protocols while doing so in a generic way so that people following this document will not accidentally make themselves suspicious by following a protocol that itself generates a fingerprint. If I recommend very specific behavior or devices or software or algorithms (etc) that has downsides. The myriad security apparatuses are staffed by some very clever people who are very good at identifying patterns -- even very indirect and tenuous ones. For your own safety it's desirable that you consider this when following any advice written here. If I say go to the public library, consider alternatives. I say get a blackout bag, consider alternatives. Always consider ways to personalize your disclosure effort while staying strictly within the bounds of the security protocols outlined.
Appendix A - Group security
If you find yourself a part of a like-minded community that wishes to increase their security as a group there are several things to know.
First: about 20% of militia members, hacker group members, civil rights group members, etc are federales. That rate falls to about 5% for knitting, cooking, and book clubs, and grows to about 40% for racial supremacy or black bloc activist organizations. If your life depends on you succeeding at anonymously disclosing sensitive information it's far safer to pursue your effort as a "lone wolf." Any interaction with any groups of people outside your normal pattern of life decreases your survival odds. Telling anyone anything about your disclosure decreases your survival odds (and theirs).
Having said that, there are conditions where groups may be necessary. After all individuals have analyzed their own "pattern of life" and created a regular blackout period for themselves, group members should use their regular blackout period following high OpSec and physically visit other group members (who likely have different non-overlapping regular blackout periods). These one on one meetings should be used to identify a list of times they could add another regular blackout period which will be shared by others. After visiting all group members you'll have a list of all available times and from that you should pick one and then visit your friends again (again, high OpSec on your part) and let them know of the new time. To explain the regular group blackout period to significant others (etc) who aren't included, you need a plausible cover. This could be "screen-free Saturdays to reset your dopamine" or "breakfast chess club" or "meditation hour on Monday" or "stay remote from all electromagnetic signals from 8pm to 8am for better sleep" or "bird-watching Wednesday" whatever makes sense for your group. Whatever it is, it should be chosen to be uninteresting to those who aren't seeking high OpSec so as to minimize how much it has to be discussed.
It may be acceptable or even desirable in some cases to allow people into the group who aren't pursuing high OpSec. These people must remain completely oblivious to the high OpSec goal. To participate it must be ensured that, although they're not pursuing high OpSec, they must follow the protocol anyway and not know why (leave their phone at home, travel by high-OpSec old vehicle, wear only old generic cotton, carry no electronics, no ID or credit cards, etc). The cover should provide a plausible natural excuse for the lack of electronics and cards, wearing cotton clothing, etc, and the guest(s) should be picked up and dropped off by someone with a high OpSec vehicle. Having a guest means nothing interesting can be discussed when they're present. However, high OpSec group members can still exchange hand-written paper notes discretely (burn afterward) during these events which include group-outsiders.
Regular group blackout periods must never be marked on calendars or discussed electronically in any form. Your goal is to be a ninja who leaves no traces of any kind as you go to meet other ninjas who leave no trace of any kind.
Leaving no trace is the goal to strive for, though it's not possible. Driving anywhere ensures you will be recorded. For simplicity you should imagine every vehicle on the road has a dash camera, every building has security cameras, every house has a Ring doorbell, every intersection has red light cameras, every passing truck or van has a license plate reader, etc. Seen this way, you want to mitigate your visual signature to some degree. Pursue travel routes that have the lowest density of vehicles and buildings and traffic cameras (etc). Never go through any tolls. If possible wear a mask and sunglasses or similar so as to obscure your appearance. Park a few blocks from your destination and never park in the same area twice.
What are high-OpSec groups good for?
One of the benefits of having a group with shared interests is group purchasing. If you want to acquire something and mitigate having it traced back to you, the group can help. Ask a group member to ask one of their friends or family members to purchase it, choosing the people involved such that they'll be discrete about it without asking questions. The goal is to be twice removed from the purchase and to receive the item(s) during the group blackout period from a high OpSec group member who followed high OpSec protocol to pick it up from their friend/family during their regular individual blackout period. Note that asking someone to buy certain items on behalf of another is illegal in some contexts, most notably for some firearms transfers in some jurisdictions -- it's called "straw purchasing" and you definitely shouldn't do it. Committing crimes risks increasing the attention on you and that's the opposite of what you want. You want the lowest profile possible. Thankfully firearms aren't likely relevant to any disclosure needs, though I use firearms as an example of the broader point: don't break the law even if you think you can get away with it. Don't even drive 26 MPH in a 25 MPH zone.
Appendix B - how to think about phones, cameras, radios, etc
Mobile phones should be conceptualized as an always-on microphone, an always-on video camera, an always-on radio sniffer, and an always-on GPS tracker. Even if the device is turned off it should be regarded as though it's still turned on in the same way firearms enthusiasts treat all guns as loaded. It's exact position within a foot, and sound or light or radio within distance should be conceptualized as being transmitted in real-time straight to a DHS Fusion Center, the NSA, the CIA, Palentir, Mossad, MI6, Apple, Google, Facebook, etc. This real time information should be thought of as though it's all being analyzed for facial recognition and gait recognition and voiceprints and network analysis of what people are near what other people, etc.
Appendix C - how to browse the internet securely
Have one group member rent the cheapest Linux virtual machine from a domestic cloud provider and set it up to function as a remote desktop that can only be reached by using an SSH tunnel over an IPsec VPN tunnel over an SSL VPN tunnel. The end-goal is that externally visible traffic is SSL over port 443 using only self-signed certificates you generate yourself that were not pre-generated by the OS and not relying on the system random seed. Inside that SSL tunnel (IPv4 TCP transport) is IPsec traffic that should be using a different transport (e.g. UDP) with the MTU something like half the outer MTU so as to create conditions that obscure packet size and timing analysis as seen from outside the tunnels. Inside that IPsec tunnel is SSH traffic secured with keys you generate yourself, not pre-generated or relying on the system-level random seed. Make an effort to ensure the SSL, IPsec, and SSH all use different strong cipher suites and use compression if available. The cloud provider should ideally not be one of the big names (not Amazon or Google or Microsoft, etc) as these all have special arrangements with the government to provide them deep internal visibility analogous to PRISM of days gone by.
Have a different group member rent the cheapest Linux VM from Russia and configure it similarly as the first VM, though using different cipher suites. Now a third group member who did not rent either VM can be provided access to these systems such that they connect to the domestic remote desktop over SSH over IPsec over SSL, and from there establish a remote desktop connection to the foreign VM over SSH over IPsec over SSL. Now the third member has remote desktop access to a foreign VM, using a domestic VM as a jump box, using multiple layers of encrypted tunneling that obscures packet size and timing information that might otherwise reveal indirect clues about what's going on inside the encryption.
Make sure both VMs are configured to have logging disabled, including shell history, as any information written to block storage of the VM provider can be analyzed. For the same reason, don't write configuration files (or install any software) to block storage, only tmpfs. Roughly speaking you should login to the VM console only once to create a tmpfs or similar and upload a single static binary (your "bootstrap binary") that from that point forward allows you to login to the VM using your own binary you know does not leave any traces and operates exclusively inside the tmpfs. All binaries and configuration files and keys should then be transferred via this bootstrap binary into tmpfs. The goal is to leave no trace of how the systems were configured or what they were used for: no binaries, no configuration files, no keys, no shell history, no system logs, no kernel messages, etc. Use the foreign remote desktop to establish a VPN tunnel back to the domestic country (use a free service) and use this for high-OpSec internet activity.
Appendix D - mitigating writing style analysis, stylometry
Your favorite vocabulary and typical grammar (etc) can be used to identify you by comparing your disclosure material to your whole lifetime of internet comments and text messages and emails. To mitigate this you must edit all disclosure material to have a different style from yours. If you always use double space after a period, make your disclosure material have a single space. The bulk of your disclosure writing may benefit from lossy translation, as in translate from English to German to Russian back to English or similar (this must be done offline using your clean room computer). You may also benefit from picking a random book and mining sentences from it that can be used to express your disclosure using their words, not yours. Similar to how some people cut words or letters out of magazines and glue them together to make sentences to foil handwriting analysis, though done at a sentence level.
Appendix E - other considerations
Note that using a printer leaves secret marks on the printed page which identify the printer used, make model and serial number, which can be tracked to purchase and often location.
Related material, context
https://cryptome.org/cryptome-anon.htm
Source:
https://epistemologist.substack.com/p/how-to-avoid-mass-surveillance-and
