So You Want To Be A Whistleblower? A Crash Course in OPSEC.

So You Want To Be A Whistleblower? A Crash Course in OPSEC.

Your voice is powerful. Did you know that? We take our words for granted, but the truth is, we all have the power to speak life or death to the people in our lives, to the world around us, and even ourselves and our circumstances. Our words can literally change the world. It’s why I write what I write here almost every day.

But sometimes, we need to be shrewd – especially in the case of whistleblowers, where some bad indviduals may seek to silence us.

Despite this, lots of leakers – especially in Hollywood – are starting to speak up.

Perhaps you are someone who wishes to expose some evil in the world, but doesn’t know how to stay safe while doing it.

Well you’re in luck, because this guide is for you:

We’re going to go over a few steps today to keep you secure while dropping intel on the chans.

Here’s what you’re going to need to get started:

A laptop. Preferably something that isn’t your daily driver, something with a fresh OS, but we can work with whatever you’ve got.

  1. Familiarity with 8ch.net/qresearch. Learn how chans work, if you haven’t already, and learn how to post.
  2. At least TWO USB drives. At least 8 GB each. These are pretty cheap these days, but you’ll need more if you’re making dead-man switches.
  3. A public wifi connection in an unsurveilled place. Local coffee shops are usually good (but make sure they have no security cameras and a public toilet – more on that later). Or you can hijack wifi from a publicly available, unsecured connection (think a neighbor who doesn’t have a password on his router… but make sure it’s not actually a neighbor. This is why I prefer coffee shops). Sit in the back, somewhere private.
  4. A VPN connection.
  5. Friends and family you absolutely trust.
  6. An appropriate level of personal protection before you start leaking. This could be as simple as travelling out-of-state for a while, or as costly as hiring armed security and installing a panic room in your home. I’ll let you determine what’s appropriate, based on your own good judgment.

The goals of having all this in place are to

  1. Keep you alive.
  2. Keep you free from harm.
  3. Keep your ID safe and secure.

We can do all three, if we’re smart.

Part 1) Meatspace plans:

So you’ve made the decision to leak online. Good. The world thanks you.

The first thing you need to do is this:

GET RID OF YOUR PHONE.

Don’t bring it with you ANYWHERE. Don’t talk about sensitive things over it. Don’t even talk about sensitive things IN THE SAME ROOM as your phone, because it is always listening and transcribing everything you say.

When travelling to our hypothetical coffee shop, you’re not bringing your phone with you, because it tracks where you go (even if you tell it not to).

If you ignore this rule, you will be caught.

If you need a phone for emergencies, buy a physical prepaid burner with cash, and stuff it in your glove box, powered off.

The second thing you need to do is:

Be careful and plan ahead.

What this means is this:

Write out and plan your drops beforehand.

Whatever it is you want to say, make sure you have, at the very least, a VERY good idea of what you’re going to say. I would even recommend writing them out on paper beforehand, perhaps in a notebook. When you are done, you can destroy the papers (either by ripping them up and flushing them down said coffee shop toilet), or through other means (though I highly recommend doing this as soon as you’re done dropping.

When you are planning your drops, keep them as short as you can. 

An economy of words is always best. You’re not trying to impress anyone with your linguistic prowess.

Make sure there is nothing in your drops that could personally identify you.

Plausible deniability only goes so far. For instance, if you know that, say, David Geffen ordered a hit because you two were the only ones in his office when he was on the phone with his favorite hitman, he’s going to figure out pretty quickly who’s squealing, and send that hitman after you.

If you have a lot of personally identifying drops…

Create a deadman’s switch. There are a couple ways to do this. One would be to give individuals you know and trust encrypted USB drives, and to put the password to those drives in a safety deposit box. Grant them access to the safety deposit box, in case you were ever to pass away.

Another method is similar, but digital and automated. I can not vouch for the security of this service, but if you were to do the exact same thing as above – give out encrypted USB drives to individuals you trust – you can use http://www.deadman.io/ to automatically send them the password.

Just know, if you are setting this up, you need to keep a few things in mind:

You absolutely have to trust these people.

You may be putting them in danger by asking them to do this for you.

That’s not the worst thing in the world, and in all likelihood, they’ll be very concerned and start asking you all kinds of questions. You can share your goals with them, but not specific details. The less they know, the better. It’s important that they’re onboard with “your mission” while simultaneously knowing as little as possible.

They need to know what do do with the information, should you come to an unfortunate end.

PLAN the next steps with them. Give them specific instructions. Say something like, “If I die, I’m going to need you to upload the contents of this drive to 8ch.net/qresearch.” I would even leave a file called “INSTRUCTIONS.txt” on the drive itself laying out step-by-step what you want them to do, and how you want them to do it.

Obviously, don’t just leave this with grandma, who not only doesn’t know how to use a computer, but will also freak out and go to a corrupt police department only to hand over the drive and the password, never to see it again.

I mean… unless you want to see your grandma in the afterlife shortly after you appear there.

Oh, and if you HAVE to buy the coffee and pastry when you finally get to that little coffee shop – DON’T USE YOUR CREDIT CARD!

Use cash. Last thing you want is a financial record of you being there.

 

Part 2) Digital Tools:

It’s time to get technical.

 

Okay, enough of that silliness.

 

Creating Deadman Drives

If you’re going to make Encrypted USB drives to go along with your deadman switch, you’ll need a program called Veracrypt, which you can get below. As of this writing, the Latest Stable Release is version 1.22 (Friday March 30, 2018):

Here’s a video tutorial on how to use it. It’s pretty straightforward. These things won’t open without a password. If you fail to check in with your deadman switch service, that password get sent to your deadman switch holders.

 

 

 

Creating a Secure Laptop

I may say something that might shock you, if you weren’t already aware of this fact.

Your normal laptop isn’t secure!

No, if you WANT to get caught, do your drops on Windows or Mac OS.

You have to use something more secure; something designed for safety and security and TOTAL PRIVACY.

You’re going to be using TAILS.

TAILS is a linux-based system that is designed to erase all traces of your activity after using it. You plug in your USB stick, boot your computer from that stick, and anything you do on the OS while its running will be erased when you turn off your computer. No traces whatsoever.

It’s configured to run all internet traffic through TOR out-of-the-box, and it comes with built-in MAC address spoofing by default. So even if someone managed to track you (through the TOR onion network, which is no small feat) – they would still have no idea what the source was, because you’ve spoofed your MAC address.

Now, you can buy USB sticks with it pre-installed from some third party vendors, and while this is easier, I think it’s much more secure to just download a copy of the OS yourself and install it on your drives manually.

It’s a bit of a pain, but it’s much more secure.

This video will explain how to do this, but the alternate course of action – and this might be a bit simpler, if a bit more expensive – would be to just install TAILS to a “burner” computer. Say you went online and bought a cheap windows machine for 200 or 300 bucks. That would be suitable for this. But in case you don’t want to do that, this is how you proceed:

 

 

 

Here are the links you’ll need to get this done:

 

 

Once you’re up and running, you’re going to be using the TOR Browser to get online with TAILS.

The TOR network is interesting because it is basically what allows one to get on to the “dark web” by creating a network of nodes, and in theory, your data gets split between all these nodes and randomized, and the theory goes that anyone can operate a node, but in actuality, this means that intelligence agencies are also operating TOR nodes. So what they could do to potentially track you is correlate the data flowing from your entrance node to whatever exit node it’s landing and, and get a match, thereby tracking your IP.

But this is pretty difficult to do, and it’s why you’re using public wifi in said hypothetical coffee shop (ideally, out of state, or at least several hours from your home).

Even if you are tracked, it’s not going back to your home, or place of work. It’s going to some random public coffee shop, where hundreds, if not thousands of people go every day.

All that’s left is for you to actually drive to our hypothetical coffee shop (without your phone), buy your coffee and croissant (with cash) and drop what you have to drop.

Head over to: 8ch.net/qresearch, join the latest Qresearch General thread, and get dropping!

Move as quickly as you can. Don’t linger. Say what you need to say. Get in and get out. Once you’re done, shut down the system, unplug the tails drive, and head home. You can keep the TAILS USB drives, in case you need to use them again. They won’t have any incriminating info on them. Or, if you’re paranoid, you can destroy them completely (and heck, even the “burner” laptop, if you so choose).

Civilians can’t do much better than this when it comes to whistleblowing. If you’re smart, you’ll be safe. And these are by far the only how-to guides on how to do this kind of stuff. I was just trying to compile a bunch of resources here to make it (relatively) easy for someone like you to get started with this, but if you need more help – yes, search youtube. Yes, look all over online. There are TONS of tutorials that can help you get up and running safely and securely.

Godspeed, whistleblowers.

Let’s take down #TheCabal together.


Hey guys, thanks for reading and sharing my articles today.

By now you know about my Threadless store, where you can buy all my lovely t-shirt designs, including the excellent Where We Go One, We Go All – Tigerstripes shirt. This is a men’s tri-blend t-shirt in navy blue, but we’ve got this design and more on shirts for women, children, long sleeve, short sleeve, hoodie,  heck – even shower curtains (if you’re so inclined).

Got a Trump rally coming to your neck of the woods? I’d love to see if one my readers could get a call-out from Trump! Threadless is great; they’ll get your shirt printed and out to you in a jiffy, and you’ll be supporting my work, like the article above, here on the site.

You can check out some of the other designs available in the sidebar, here on the site, and the whole store can be found at https://neonrevolt.threadless.com/

Thanks so much.

19 thoughts on “So You Want To Be A Whistleblower? A Crash Course in OPSEC.”

  1. WooHoo, Neon! Nice work, as always. Great info. Let’s also pray for them– for wisdom, safety, for success, and that evil is vanquished! For greater is He that is in you than he that is in the world WWG1WGA

  2. One serious problem is that IF you read this article they will know you read it! It can then be assumed you leaked… Unless you read all this on your burner… There is still plausible deniability of course but it’s risky.

  3. Where’s that neon video of the dancer on the beach, then one joins and soon the whole crowd is dancing. Just a few brave souls can start a revolution. So so so important, we are talking children, this has to stop.

  4. Solid thread, but I think you’re too set on people using 8ch Qresearch board. You need to separate Q from opsec advice. Mostly good advice, but the final part is just wrong. Why exactly would most leakers post to the current Qresearch breads? Those threads fill up very rapidly, and the userbase is substantially smaller than elsewhere. I think renegade wasn’t entirely stupid picking the great masses of 4 rather than 8. We have no proof 8 is under whitehat control beyond a very old unsubstantiated post, and Qresearch is a very specific board. I do agree 8ch makes sense because you can post through tor, but I’d suggest they just use 8pol or at the very least, a less fast moving thread on Qresearch.

  5. Reminder to all:
    If you have a modern car, leave it in the driveway, ride a bike to somewhere, take a bus, etc.
    Lots of modern vechiles now have things like, OnStar, 4GLte Hotspots, Low-jack, etc. Leaving your phone at home when someone can just ping your car won’t do any good.
    Also remember the OnStar system can activate the microphone in the car ‘in case of emergency’, and you spilling the beans will be an emergency to the Cabal, so don’t think your car is ever ‘private’ unless its a ’72 Oldsmobile.
    Don’t make it easy for them to track you.

    Neon, if we are just a ‘newfag’ with no ‘links’ to this mess and just want to post research, do we need to go to this level of OpSec?

  6. if this is news to you….you should not be playing . not negative however knowing how angry we are these things are best for people who do not need a roadmap. neon-getting paid on your trade is the real issue now….had so many busted trades at cftc i gave it up. being right doesnt mean uget paid in a crowded trade…..think mf global and what was allowed. wiped me out and iwas “right” like you

  7. In retrospect it was incredibly foolish to ask for a publicity photo, i apologize. Keep doing what your doing and stay safe. Maybe when all is said and done it will be possible.
    Best Regards,
    Grace

  8. Other points:
    1) When you buy your burner, ay attention to cameras in the store, maybe wear a disguise, etc.
    2) The actual time most people get caught is ACTIVATING the phone. The metadata will get you. Any phone in the vicinity that shares contacts in the contact list, etc, will be forever linked to your burner account and used to identify you. Even a friends or family members on a separate carrier. I personally ‘know of someone’ that drove 500 miles to another city, without their phone of course, and had a college kid activate it for $50 on a campus he never went to.
    3) Likewise when you use it. Don’t be anywhere around your usual haunts. Keep it unpowered and battery removed when not using it. Only use it for your illicit activities ( I didn’t say illegal ). Never do the same activities or similar on your personal phone, even in an emergency – never call ANYONE on your contact list or similar on your burner. If possible, keep your browser history and cookies completely separate between the two phones. Do NOT rely on deleting, wiping, etc. I used to find things that had been deleted several times.
    4) The burner should be destroyed, even if you follow all the rules, shortly after using it. Even if you break it into little pieces, remove the battery first, and do not discard it anywhere near you normal haunts nor where you did your illicit activities. Always discard it where no one that may find it may use it after you abandon it. The point is for the phone to disappear. Having a shill use it after you will ALWAYS come back to you and NOT frame the other person. I can’t tell you how many court cases I testified as an expert witness on precisely this point that ended in conviction.
    5) Never trust your burner, treat it like plutonium – valuable and necessary, but toxic with prolonged exposure.

    Everything else is pretty good, but this is a science and there’s lots of literature on it. The court records of these cases, starting with Mitnick are public. Do your research. You CANNOT be too careful.
    Develop a conscience – when in doubt, throw it out. It’ll be much more expensive if you get caught because your trying to save money.
    Just some basic OPSEC points.

    JB
    CISSP, GIAC certified Forensics and Intrusion Detection

  9. Also…
    After SGTReport, I’ve been doing mass downloads and backups of many channels and blogs at my cost. You mentioned recently that tech support lost some of your posts. I can get some of your stuff via RSS, but if you might want to have an independent backup that you have total control and rights to, let me know please. I’m using distributed systems to try to combat censorship.

    • I’ve got everything; don’t worry. It’s all backed up now. Nothing lost except some comments from when I transitioned between hosting providers.

      • No worries, thought I’d offer. I have access to numerous distributed systems (redundancy in a time of censorship) and it’s my small contribution to free speech. You’re always the first one I check and read every day, and would be lost without you.

  10. Another method to send messages to people is old fashioned snail mail (paid by cash of course) from a location a fair distance from your life. Also if you want to randomize locations first go to the first place you chose then somewhere nearby so that cluster analysis wont reveal your true location.

  11. Breaking: Roblox Reported To FBI – Predators Target Kids on Popular Video Game
    Newsbud
    Published on Jul 27, 2018

  12. Never Ever Ever use that laptop at home. Ever. It should be powered off and wifi on it physically disconnected.

    And for goodness sakes don’t login to your regular accounts on that laptop. Ever. Your web site usage should be completely orthogonal to your regular usage. User tracking is amazing these days, the slightest commonality between what you have and what you do at home and at the coffee shop will give you away.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: