OpSec and Hexbear

lol

My biggest opsec is just deleting 90% of my post before I actually post them.

I used to delete all my comments on occassion. Nowadays I just add false information about my self at times

There's definitely value in spiking your posts with false data to obscure who you are and where you live. Lie about where you live or travel to, what car you drive or where you work/have worked. If you think you've revealed a bit too much about yourself, burn your account and make a new one, or better yet, gradually move from one account to another so it's harder for people to track you to your new acct. Blur out backgrounds in photos you share that may have things like licence plates on cars, shop names or street signs. Think critically about how a drip feed of PII (personally identifiable information) may not be enough to pin you as one individual, but enough yo narrow it to, say, 100 or so who may go to a certain bar or venue, or live on a certain street. A sufficiently motivated chud may think that those odds are good enough to shift from online to offline work and potential harrassment.

I mean there's definitely multiple power users here who have posted more than enough to be identified by a moderately determined adversary. I think the de facto rule really is just that users decide their own level of privacy, and the no-selfies policy is mostly useless.

Anyone who has ever posted any kind of payment service handle to /c/mutual_aid could be identified by the feds if they had a reason, for example.

i genuinely hope the cops identify and charge me with terrorism for my hexbear posts because you know what, I think this site DOES need a "stereotypical Hexbear" kind of person that'll haunt their minds and I'm willing to be that...stay tuned folks

1. Use a VPN
2. Limit personal identifying content that can be cross referenced. Example: I just got a plane ticket on Sunday to go to Bora Bora.
3. Never post self identifying material. Example: here's my new tattoo!
4. If you post something time related that can lead to 2 or 3, change details. Basically, lie. Example: last week I went to Bora Bora. Really it was Fiji 3 months ago.
5. Don't give them a reason to want to investigate you. There's plenty of Left leaning folk (some of whom probably are pretty far up in corporate and/or government spaces) who quite frankly aren't worth going after. The time and energy it would take to round up people who just think differently, the opposition doesn't have (most likely).
6. Change your profile on the reg. Personally I don't do this, or do I? (SEE #4)
7. Go periods of time without posting. The more you post, the more you will likely have a signature in the way you post, what you post about, and who you interact with.
8. Delete posts (not sure how effective this is but if I feel like my posts are rearing too close to #2 or #3 I'll go back and delete them).

Anyhow I just booked my trip to Uzbekistan via cruise liner where I intend on instigating the revolution by introducing vegan pilaf. During this time I will only post Kelly emoji to convey my progress. o7 o7 o7

Afaik the implementation of Lemmy this is a real problem due to federation to other instances, you can post things here that end up somewhere you don't want them to and if you delete them it's not certain if they will also be deleted there as well. It's been stated for a long time but it's one or the other really, you can't have a decentralized social media without federation, and you can't have full privacy with federation. I might very likely be wrong about the specifics of this, but this should be also taken in account when considering to post something more personal.

My pets are the cutest but my op sec game is too strong

Good post and should be stickied.

The culture generally leans towards anonymity but there's some leeway for how much you personally.fond necessary. I've got a record, anything I post here really doesnt matter, it's posting consistent with my arrest record. But I still try to.be vague and keep a general culture of relative anonymity going on. I've described my tattoos but I'd never post a picture of them, I'll post pics of the inside of my house but not my house. If you go through my lists it's pretty easy to tell.ehat city I live in but I've never explicitly said so. I'd say probably my piss poor level of personal security is thr bare minimum and I'm a bit internationally sloppy cause if feds are looking me up.its gonna get a we'll established file and it's a waste of their time. Others, maybe not so much. Just be cautious, there's people out here to whom jail is less of a big deal. Be a cautious cat as standard practice.

Electronic Frontier Foundation has a good collection of articles and guides that are not just practical but teach you how to think about your own particular situation: Surveillance Self-Defense

First thing is you need to think about your "threat model". Which means what information are you trying to protect, and why? There is no universally "best" way to do anything. Tactics that might increase security/privacy in one situation might impair it in another. Like if you are trying to avoid getting doxxed by random internet people who take a dislike to you that's one thing, but if you are trying to avoid government (which government(s)?) spying that's another. If you are trying to avoid government spying, is it to avoid legal prosecution, or to avoid covert interference in your organizing (ala COINTELPRO)? They can be totally different kinds of surveillance so you need to have different strategies to avoid them.

Also need to consider that making an extremely elaborate or onerous plan that you will never bother to actually enact, or requires a high degree of technical skill or perfect execution might not be practical. They might interfere with your purpose too much.

This page covers the basics of how to think about your own goals, fears and priorities. It's very generic but is a good overview. It's really key to think about this ongoing to avoid falling into the trap of following advise that might be perfectly reasonable for another person but counter productive for yourself.

The first rule of hexbear is to not talk about hexbear.

I know I'm bad about it. I delete my account every couple of months but I bet a dedicated person could track me down based on my posts.

Though I'll say that in the real world I've gotten more guff for not having a mainstream social media account than for openly expressing my communist views. Even lost a job offer over it once (though I consider that a bullet dodged) because I had shared with them my linkdin acct that only has my resume and they wanted to check a Facebook acct that I've never had.

Imo it's good to raze the account every year or so. I've been lazy and have let this one go for way too long

The thing that creeps me out most now is the availability to feed all our posts into LLMs. The tech exists now most likely to tie burner accounts together and form a more complete profile, so it's not just what you put in an individual account but all of them. Not for chuds but for cops. I'm not even doing anything illegal but if at any point there's a commie roundup, well...

I think I'm gonna join the bureaucracy next for another layer of opsec.

For voicing your opinion about activism,
I'd recommend to at least use:

• A burner account,
  do not post your opinion through your daily account.
• A paid, no-log VPN or Tor when posting.

Above should cover the needs of most people.
But if you think you're a high profile target,
then following would also be smart:

• Alter you writing,
  do not post in similar writing as your main account, e.g. if you usually capitalize each sentence, don't, if you usually use emoji's, don't etc etc.
• Use a privacy oriented OS to post on,
  e.g. no Windows, no Apple, no closed source Android fork, but do use QubesOS, or TailsOS, or GrapheneOS.
• Only use chat clients with E2EE (End to End Encryption) and without identifiers, e.g. SimpleX.

I throw in a few lies here and there to keep em guessing.

Remember. We all live in Liberal Mt.

Hey look it's the post that caused me to make a hexbear account

Honestly it's pretty much impossible to be anonymous these days anyway so I guess I'll live fast and die young

I do lie a lot though, I find that helps.

One thing that I've thought about:

My phone and many others automatically sync their photos and downloaded images to my Apple or Google account. If the feds thought an account was yours, that would be an easy way to confirm it.

I'm a strong advocate of regular account restarts. I've probably been through 20 since the site opened, due a new one now really.

In addition to this (and because of the inevitably of just flat being honest when posting) I have a tendency to 1.) add deliberate misinformation occasionally to poison the info (like saying I grew up on the west side of Philly, just spending most of my childhood days shooting basketball with the boys), and 2.) burn accounts after enough time has passed. My current one is long overdue for that treatment.

My OpSec has been lacking recently across all social media. I need to set up a new internet identity entirely but I'm too lazy for that.

I don't think there are any rules, just recommendations. If a person is already publicly known, it probably doesn't matter if they keep being open about it here.

i can't give this account up. i have alts but meh.

had to grab that 3 letter name.

i don't communicate like this anywhere else on the web nor have i ever (or have i???)

so yeah pick a unique style and make it different. also be vague and lie lots.

there are a few people here i trust. we've shared some mutual info so i guess mutually assured destruction or some shit. but yeah i wince every time i see a real life selfie

here's an idea: make a selfie but have it be AI generated

The thing i personally think people should be focused on is compartmentalizing their internet activity. Cross-site tracking is pretty much everywhere these days. So if you have a twitter, instagram, lemmy, reddit, pintrest, whatever it is you do online. If you do not want your activity on lemmy to be linked back to those accounts you should be using a different browser for lemmy, preferably something like Librewolf. Privacy focused. If your really feeling paranoid go ahead and use TOR browser to login to lemmy. Assuming they dont block TOR connections here I've never tried.

Burning your accounts not a bad idea either. Back when i used reddit id make new accounts regularly and never use the old ones again. With lemmy i dont bother tho. Even if you make a new account regularly on a site as small as this its pretty easy to see if an account showed up around the time your old one went inactive and then followed all the same communities your old one did. Not a big assumption that is your new one then. the way you type, and words you use can also be fingerprinted and used to ID you across accounts. Of course you can take steps to prevent this type of tracking too if you want.

If what you want tho is to not get some chud sending you death threats thats pretty easy to accomplish. Make yourself a new account, dont post any personal photos, and only give very vague information about yourself. For example, How old are you? I'm in my 30s, 20s, etc. Dont say the exact number. Whats your name? Its Xiisadaddy as far as your concerned. Whats your gender? Irrelevant need to know only. Chuds arent that smart. They can only find you if you hand it to them on a silver platter.

Now let me see if i can find out some info about you from this account: Based on your profile just a quick glance tells me, your a woman, live in australia, seems like maybe you or someone you know was in the military, you live in an area with public transport that isnt good, a food desert, your landlord has a meth test cause in your lease, probably live in an apartment building, you have a niece, and siblings, and are autistic. I'm guessing late 20s, early 30s? Took me maybe 10mins to get all that. Don't feel like putting in more effort, but yeah id say you need a new account. Thats some pretty specific stuff an internet stranger just found out about you in 10 minutes. (reply to this and let me know if you want me to delete this comment btw so its gone too if you decide to get rid of your account)

Funnily enough ive been considering making a new one too this might be what pushes me to do it.

This one hunna. I wish I could show you guys my pet and tell you all about him etc, he's the best thing in the world and there are so many cool facts to share about him and his type of what he is. I'm very proud of him. But alas, it is not to be.

Someone prolific and popular here posted about a cringe food item they saw IRL and I immediately knew which country they're from. Its hard to avoid not leaking your own info if you want to be a normal sociable and fun person on here.

I try to obfuscate by switching up my language here and there in certain ways but its not enough. my identity could be triangulated by matching metadata to posts linking out to eg youtube on the odd occasion i post a series of songs to the music comm in a given day. Fortunately other than framing Luigi for that time i shot the ceo I never really have to worry about threat vectors with the resources to ID me via that level of sophistication.

Remember to assess your threat model realistically. Problem is any random chud could recognise my pet without needing to be NSA tier, so while I dont have to be so paranoid as to avoid posting a series of music videos I'm watching, i do have to worry about shit like pets and tattoos and photos of my garden or of irl of any kind. I'm not a threat to anyone with power but my real world area does have natsocs with enough time on their hands to go walking in numbers masked up for shows of force.

I guess what I'm saying is be realistic, be reserved and dont get paralysed by the worst case scenario situations. Because we wouldn't even be posting at all if we engaged in truly serious activities, or thought one day we might do something funny irl.

Remember they caught dread pirate roberts off a fkn historic old question he asked on stack exchange probably made long before he had any idea his little coding project might potentially attract serious heat. Its probably too late for any of us to scrub accounts and get away with cool hijinx

If you really mite do a hardcore direct action one day then yes, be paranoid af. Otherwise just make sure a nazi tourist on the site cant ID you because they happen to live nearby and see you on your daily walks with your ferret.

This account is the only one with this name but there are a couple users, i believe, who know my other handle. I've definitely got holes in my opsec but I'm pretty confident I'm low on the list of potential political prisoners.

I'm more worried about my cellphone data being used to track my IRL crimes so I usually just leave it at home

The space was generally masc,

Is hexbear a femme space? If hexbear was masc, would that be really bad and perverted innately?

Sorry, I don't disagree with the whole post but this lil zinger is just hiding in there all innocuous.