If you are an activist of any sort, I might be able to help you with security.
Context: I am not an activist. I am utterly certain that, while we might gain some simulacrum of limited political goals, the system will simply route around it because the insiders have their own rules. The only way to really change things is to slaughter a lot of politicians and I most certainly do not advocate murder. The mess we have today is partly getting what we deserve, and genuine change is not in our hands. God is in charge.
However, you can most certainly convince me God has called you to engage in activism and I won’t argue. I might even help you. My cynicism about the long term has nothing to do with whether I can bring God’s glory into any context.
As far back as the appearance of the Guerilla Open Access Cookbook, I tried to help them when I saw the appalling lack of compsec in their proposal. I hastily drafted some advice, which was added to the cookbook, but that project is either gone or moved. I’m not following it because it’s not that important for my calling; it was all about the compsec.
I’ve actually tried to get involved in some private, commercial and even government agency compsec work. I even volunteered to do it for free. Most people just can’t be bothered until something specific happens and it’s too late. Maybe you know how hard it is to get people to think about something as simple as cookies. Even after all the stuff Snowden revealed, most people just don’t care. Maybe it doesn’t matter and never will for you. That’s for you to decide. But I suppose if you are close enough to a compsec disaster, you begin to care. The people involved in supporting Andrew Rose are now fairly active in trading information on how to avoid planted evidence like that.
Of course, at least a few serious activists are aware of the dangers since that business with Luke Rudkowski. Still, I am appalled at how many people who are so sincere about fighting evil are leaving their computers wide open, even as they rely on them for so much.
So here’s the deal: Never assume you have it covered. Don’t freeze with fear, but never lose track. Learn OpSec in general, and CompSec as a part of that. When you are doing something that can rile the system, don’t make it so easy for them to shut you down. If it matters so much that you are willing to take necessary risks, at least reduce your risks to those you can’t avoid. You can avoid an awful lot of computer threats. I’m quite willing to help folks who need guidance in OpSec in general and CompSec in particular. Tell me what you are doing and I’ll tell you what you need to minimize risk. I am hardly the only guy who knows about this stuff, but I’ll do it for free if I can. I’m serious about this; my concern is purely pastoral. You need to pursue your conscience, but you don’t need to be a fool about it.
The business of CompSec changes daily, so writing up a single guide for all occasions won’t work. By the time I post it, part of it is already out of date. But you need to start where you are today and close up some of the gaps. You’ll never achieve perfect security, but that’s okay. The system is even more imperfect; they simply have certain advantages. Let me help you even the odds a bit. I don’t have all the answers by any means, but I’m willing to bet I can be of some help to most folks.
