Lumpen Guide to Civic Security
Welcome to the Lumpen Guide to Civic Security — a comprehensive, community-sourced resource providing detailed, practical information on digital security, physical safety, legal rights, and organizational resilience. This guide is written for activists, protesters, journalists, community organizers, and anyone who engages in civic life under heightened risk.
A note on threat calibration: Not every person needs every section of this guide. A community organizer facing doxxers has different needs than a journalist covering federal operations. Read the Threat Modeling Guide first to understand your specific risk profile before implementing countermeasures.
Leer en Español (Read in Spanish) 한국어로 읽기 (Read in Korean)
Table of Contents
I. Core Principles & Strategy
- Core OPSEC Principles: The foundational mindset and mechanics of operational security.
- Threat Modeling for Activists: A quantitative framework for assessing your specific adversaries and risks.
- Organizational OPSEC: Defending your group against infiltration, informants, and internal failure.
- The Activist’s Guide to Counter-Surveillance: A layered physical and digital defense strategy.
- Combating Government Surveillance: High-level resilience strategy for sustained civic campaigns.
- OSINT Defense: Protecting Your Digital Footprint: Removing yourself from public databases and limiting your attack surface.
- Chicago Surveillance Deep Dive: A detailed map of the tools deployed in Chicago — applicable to most major U.S. cities.
II. Hardened Operating Systems
- GrapheneOS Guide: Maximum mobile security for Pixel devices.
- CalyxOS Guide: A balance of privacy and usability for everyday activists.
- Qubes OS Guide: Compartmentalized desktop security through hardware isolation.
- Tails OS Guide: An amnesic OS that leaves no trace on any machine.
III. Secure Communication
- Signal Messenger Guide: Complete best-practices for the most widely-used secure messenger.
- Signal Alternatives: Briar, Session, Element/Matrix, and SimpleX for different threat levels.
- Protest Communications Guide: Real-time field communication strategies during direct actions.
- Burner Phone Guide: Procuring, configuring, and retiring operational devices safely.
- Meshtastic / LoRa Off-Grid Comms: Encrypted mesh networking with no cellular infrastructure.
IV. Secure Protocols & Data Hygiene
- Device Encryption: Full-disk encryption for phones, laptops, and external drives.
- Password Management & 2FA: Password managers, hardware keys, and authenticator apps.
- Secure File Transfer: OnionShare, Magic Wormhole, and encrypted cloud drops.
- Secure Cloud Storage: Proton Drive, Cryptomator, and zero-knowledge storage.
- Metadata & Data Deletion: Stripping EXIF data, securely wiping devices, and data minimization.
- Financial Privacy: Cash, Monero, and privacy-preserving payment strategies.
V. Privacy Networks & Anonymity
- Tor Browser Guide: Anonymous browsing and accessing .onion services.
- Mullvad VPN Guide: A no-logs VPN for everyday operational use.
- NYM Network Guide: Traffic analysis-resistant networking beyond VPNs.
VI. Physical Security
- Tactical Field Deployment Checklist: A phased pre-, during-, and post-action checklist.
- Counter-Surveillance in the Field: Detecting and evading physical surveillance.
- Bluetooth Tracker Detection: Finding and defeating AirTags and similar tracking devices.
- Mental Health & Psychological Security: Resilience against coercion, trauma, and psychological operations.
VII. Legal Rights
- Know Your Rights: Digital & Field Encounters: Fourth and Fifth Amendment protections, device seizure law, and encounter protocols.
VIII. Chicago Resources
- Chicago Legal Support Contacts: NLG, FDLA, and local legal support hotlines.
IX. Direct Action
- Creative Protest & Direct Action Zine: Tactics, creativity, and keeping morale in sustained campaigns.
How to Use This Guide
If you are new, start here:
- Threat Modeling — understand who your adversary is
- Core OPSEC Principles — build the right mindset
- Know Your Rights — know what law enforcement can and cannot do
If you are preparing for a specific action:
- Protest Checklist — 48-hour pre-action protocol
- Signal Guide — secure your communications
- Device Encryption — protect your device from forensics
If you are organizing a group:
- Organizational OPSEC — defend against infiltration
- Signal Alternatives — pick the right platform for your needs
- Secure File Transfer — share information safely
This guide is maintained by the community. It does not constitute legal advice. Laws vary by jurisdiction. For legal matters, consult a licensed attorney.