[gsch]

I would absolutely start by running a threat modeling exercise, as that will help you focus on the important things and tune out unnecessary FUD (e.g. do you really need to PGP-encrypt everything and run TAILS if you're not being targeted by the NSA?).

Once you have an understanding of what you need to protect and who your main adversaries are, choosing the right tools should become more straightforward.

My favorite guide to threat modeling for activists comes from WITNESS: https://blog.witness.org/2016/11/getting-started-digital-sec...

EFF Surveillance Self-Defense (mentioned elsewhere in this thread) also has a guide to threat modeling, as well as a lot of good resources around how to use various tools.

But my advice: don't choose the tools first, or the non-techies won't understand why they have to use them and may become discouraged by the friction and poor usability they encounter.

[tptacek]

Ross Ulbricht was crushed by a mountain of evidence generated by the FBI simply by snatching his laptop from him when he was arrested and not allowing FDE to kick in. Had he compartmentalized and separately encrypted his files, much of that evidence might not have been available to the court. That might have been the difference between a few years in prison and the rest of his natural life.

So, the idea that people should be blasé about encryption is worth questioning. If your threat model includes "law enforcement", then there's not much difference between "ostensibly NSA proof"† and "protected from police".

† Security people have a bit about this, which you can find by searching for "you're gonna get Mossaded".

[toomanybeersies]

You're proving GP's point. If you're running the largest darknet drug market in the world, you should probably have stronger security and assume a group like the NSA, or with the means of the NSA, is targeting you.

Local police aren't going to be able to tap into the power of the NSA. Your local country sheriff isn't going to be able to tap into NSA resources, it's going to be difficult enough for them to tap into the resources of the FBI.

For the average person participating in activism of whatever sort, it's going to be perceived as more effort than it's worth if you suggest that they compartmentalize and separately encrypt all their files, keep several burner phones etc. etc. Simply encrypting their full drive is enough.

There's diminishing returns the further down security rabbit hole you go.

[spcelzrd]

MLK's inner circle of most trusted associates included a photographer who was an FBI informant.

It may limit your choices for civil disobedience that breaks laws, but the only reasonable assumption is that if a state actor wants access to your information, they will get it. I suggest reading "This is an Uprising" which has a fantastic history of activism.

[sneak]

could you please provide links? googling this phrase is unhelpfully returning this precise thread and not much else that appears useful.

[FabHK]

Probably this gem: https://www.usenix.org/system/files/1401_08-12_mickens.pdf

> In the real world, threat models are much simpler (see Figure 1). Basically, you’re either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you’ll probably be fine if you pick a good password and don’t respond to emails from ChEaPestPAiNPi11s@virus-basket.biz.ru. If your adversary is the Mossad, YOU’RE GONNA DIE AND THERE’S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they’re going to use a drone to replace your cellphone with a piece of uranium that’s shaped like a cellphone, and when you die of tumors filled with tumors, they’re going to hold a press conference and say “It wasn’t us” as they wear t-shirts that say “IT WAS DEFINITELY US"

> Threat: Organized criminals breaking into your email account and sending spam using your identity

Solution:

Strong passwords + common sense (don’t click on unsolicited herbal Viagra ads that result in keyloggers and sorrow)

> Threat: The Mossad doing Mossad things with your email account

Solution

* Magical amulets?

* Fake your own death, move into a submarine?

* YOU’RE STILL GONNA BE MOSSAD’ED UPON