For everyone, especially persecuted groups
For everyone, especially journalists, academics, public servants
Ethical hacking, web publishing, AI/LLM
For activists, whistle blowers, freedom fighters
For anyone under oppressive governments
For activists, whistle blowers, freedom fighters
Technology, freedom, democracy | Tools, education
This chapter is for individuals and organizations interested in sharpening their security and privacy. Especially important for journalists, academics, and other public servants. Also for activists, whistle blowers, and all kinds of freedom fighters. | 2026.02.09
Book security testing or workshop. And support the development of Abstrude.
What needs to be protected, from who, and how – on a more individual, fine-grained level?
Initially, the same as in the basic context; passwords, email and social media accounts, direct messages, photos/videos and documents (personal notes, medical data), debit/credit cards, and anything else that could be abused or used as leverage.
Additionally, your specific situation – as an organisation, or individual, defines the threat assessment. For example, a journalist must protect their sources – who could be insiders – taking big personal risks or mission risks. Consider extra efforts to make sure documents are scrubbed, no metadata getting published by mistake (such as photos' or videos' metadata, or invisible but in clear-text available comments in MS Office files). What are the sensitive, or weak links? Where are they?
Not only could you be attacked randomly by hackers, scammers, ransomware, financial fraud, and similar – or even by an ex-collaborator who's been turned informant, or the relationship has gone sour. Think this through carefully, who – what sort of groups, people, or individuals, might go after you or your organization? Use the results to plan out your efforts, in detail.
The potential consequences of a certain breach – of a certain piece of information ending up in the wrong hands, should be the defining factor. Let's say you classify breaches in three categories YELLOW, ORANGE, and RED. A breach of a password manager's master password, or an adversarial getting access to the 2FA/MFA application should be defined as RED (the most troublesome level). Leaking a somewhat sensitive file's metadata might be considered YELLOW (given it mostly pose as an embarrassment, but not threatening anyone's safety in any meaningful way). Use your conclusions as a foundation for planning counter measures.
Probably some assets are less sensitive and also needs to be accessed more often – these can be kept in a less secured silo. The more sensitive assets, less frequently accessed can – and should be – put in a different silo, handled behind several layers of protection, to which the very least possible number of people have access at all.
In real life – IRL, you lower your voice before telling someone about something sensitive or secret. When getting cash from an ATM you (should) shield the keypad from prying eyes (and hidden cameras) when entering your PIN-code. Try to consider anything digital the same way – i.e. nothing should be considered really private, or fully secure.
When doing sensitive work or activities, simply put some tape over all cameras - both front and back. If discussing any sort of (potentially) sensitive topic, consider leaving your phones in a different room, even in an airtight box, or perhaps under a folded blanket. Also, avoid rooms with other "smart" devices such as TVs, watches, iPads, Bluetooth connected headsets, etc.
These types of devices are regularly hacked by governments and scammers alike. But also, upon reading the user agreement fine print for once, you might find out that voice input in fact is recorded and uploaded to Amazon, Google, or whoever made the hardware/software in question, all day – and all night... officially – to train artificial intelligence/machine learning models. Those recordings though, might later be accessed by employees, hackers, scammers, or local/global authorities, police, intelligence agencies, etc. At this point in time, internet traffic is captured en masse and stored by intelligence agencies, and that traffic may get analysed, de-encrypted, used for say... political targeting, black mailing at a later point in time, either when quantum computing is more adapted, and/or when the local (global) political landscape changes. It's probably a good idea to be a little prepared, just in case.
Configure browsers to not save any:
– Cookies (or at the very least delete all cookies very often, like every week or month)
– Browsing history
– Download history
– Login data such as usernames and passwords, instead use a password manager
Use one or two foundational browser plugins (such as an ad-blocker), but avoid installing anything you don't really need, because it could become an attack vector - if a plugin has, or causes, a vulnerability, and also because the more browser plugins installed - the less neutral your browser looks to all sites/servers/services you interact with.
Avoid using web browser plugin versions of password managers, email clients, and similar. If available, do install the desktop version, especially your password manager(s).
Read about it here.
Consider switching to:
– Brave: With the Shields Up setting active, their by default lock down/hardening (iOS, Android, Windows, Mac, Linux)
– Mullvad: Designed to minimize tracking and fingerprints
– Firefox Focus: A hardened version, saves no history, is non-profit (iOS, Android)
– Firefox: The standard version also has quite good privacy settings (iOS, Android, Windows, Mac, Linux)
– TOR Browser: Learn more here
A smartphone is essentially a surveillance and spying device, that we carry around everywhere, all of the time – voluntarily. Here's a list of actions to consider.
– Set the longest possible PIN-code (make it random, hard to guess, i.e. not your kid's birthday)
– Turn off device login via facial recognition
– Turn off device login via fingerprint, at the very least don't use your thumb or index finger, plus configure the device to do a factory reset if too many failed login tries by fingerprint (useful if you find yourself in a pressured situation...)
– Set device to auto-lock within seconds of idleness
– Set device to give you access to the camera app, without needing to unlock the device
– Delete files that are sensitive or no longer need to be stored on device, or connected via cloud/backup
– Delete all apps you don't use
– Limit the permissions each app, especially if the app is not well known
– No app needs access to all your photos and videos, give access only to those you want to upload for the moment
– Most apps don't need access to your text messages (SMS/MMS), certainly Facebook don't need it
– Most apps don't need 24-7-365 access to your geo-location (GPS)
– If possible, turn it off globally, only turn it on when you really need it, then turn it off again, or turn it off per app individually
– Turn off identifiers (this also disables personalized advertising to some extent)
– Disable telemetry and/or diagnostics data sharing
Activate randomized MAC address.
– iOS: Settings > WiFi > I (per each individual WiFi) > Private WiFi Address; Rotating (or Fixed, if using MAC white listing on your router)
*Also enable Limit IP Address Tracking
– Android: Settings > Network and Internet > Internet > Settings > Privacy; Use per-connection randomized MAC (or per-network if using MAC white listing on your router)
*Also disable Send device name
– Make sure the device is encrypted, aka. whole disk encryption
– Disable all data features over USB port/cable, set to accept charging only
– Drive: Encrypted, read more below
– Cloud: Proton Drive or other alternative (avoid Microsoft One Drive, Apple iCloud, Google Drive), read more below
– Set all to run automatically, both apps and OS
A protection available on both Android and iOS (incl. iPadOS, watchOS, macOS). In Apple's own words:
"An optional, extreme protection that’s designed for the very few individuals who, because of who they are or what they do, might be personally targeted by some of the most sophisticated digital threats. /---/ To reduce the attack surface that potentially could be exploited by highly targeted mercenary spyware, certain apps, websites, and features are strictly limited for security and some experiences might not be available at all."
– iOS: Settings > Privacy & Security > Lockdown Mode > Turn On Lockdown Mode > Turn On > Restart device
– Android: Settings > Search for Lockdown > Show Lockdown option (Enter your pin if prompted) > Enable, and exit Settings > Power Menu > Lockdown*
*Important note! On Android, lockdown mode will immediately be disabled upon successful login. It must be re-enabled again, every single time you've logged into the device via PIN-code.
Google's default version of Android OS is essentially a surveillance device. Consider installing an alternative version of Android:
– Calyx OS
– Graphene OS (only works on Google Pixel-hardware, for security reasons)
*More details here
– Switch from Windows or Mac, to Linux. This gets you a lot better security and much better privacy. Read more here! The following recommendations are valid for all operating systems.
– Make sure the device is encrypted, aka. whole disk encryption (BitLocker on Windows, FileVault on Mac, LUKS on Linux)
– Folders can be encrypted and made invisible with VeraCrypt
– Turn off identifiers (this also disables personalized advertising to some extent)
– Disable telemetry and/or diagnostics data sharing
– Enable randomized MAC address
– Use an Ethernet cable, rather than WiFi
– Make sure WiFi is turned off
– Public folder; set to accept transfers only with password authentication..
– ..or even better, disable SMB
– Use cable connected keyboard, mouse, headphones, rather than Bluetooth connected
– Make sure Bluetooth is turned off
– Drive: Encrypted, read more below
– Cloud: Proton Drive or other alternative (avoid Microsoft One Drive, Apple iCloud, Google Drive), read more below
– Set all to run automatically, both apps and OS
In Canonical's own words: "...[Ubuntu Linux] systems carrying dedicated workloads can be further hardened to reduce their attack surface. Canonical provides the Ubuntu Security Guide to automatically harden systems... /---/ Security Technical Implementation Guides like the CIS benchmark or DISA-STIG have hundreds of configuration recommendations, so hardening and auditing a Linux system manually can be very tedious. Ubuntu Security Guide (USG) is a tool that greatly improves the usability of hardening..."
– Install Ubuntu Security Guide (USG) by following these instructions
To make 2FA/MFA even more secure, use a physical USB-key as one of the authentication steps. Some keys also have Near Field Communication (NFC).
YubiKey is good a good choice, with several products following the FIDO U2F and FIDO2 authentication standards, and can be used to protect many different logins.
When using an external drive, at the very least encrypt it via software (BitLocker on Windows, FileVault on Mac, LUKS on Linux, folders can be encrypted and made invisible with VeraCrypt).
Better though, choose a drive with hardware based encryption (FIPS 140-2 L3, FIPS 140-3 L3).
– Apricorn: SSD, HD, flash
– iStorage: SSD, HD, flash
– iStorage: 2FA/MFA hardware security module/key, for local drive, NAS, cloud. Read more below!
Avoid Microsoft One Drive, Apple iCloud, Google Drive, Google Docs. Use more private alternatives such as:
– Proton Drive: End-to-end encrypted cloud storage
– Proton Docs: End-to-end encrypted collaborative documents
– Proton Calendar: End-to-end encrypted shared schedule
– Proton Meet: End-to-end encrypted video conferencing
– Other alternatives
One can also put files in a folder, create an archive out of that folder – with password protection (with 7-Zip). This way the files have an extra layer of encryption, both during transit – over the internet, and during rest – sitting at the cloud provider's drives.
An even more secure way to utilise cloud storage (or local drives, NAS), is using a PIN-code protected, multi-factor authentication hardware key, like the iStorage cloudAshur hardware security module.
Sign up for Proton Drive – 14 Days Free!
First off, don't just buy the cheapest router. Buy from a well known brand. This way you are more likely to get a solution with at least reasonable security posture. Of course, in reality there's no guarantees, but it's at least one obvious step to take, given that well known brands at least will be motivated to protect their brand name – if not their customers, or so one would assume.
– Make sure it has the newest firmware version
– Make sure not to leave routers with defalt passwords
– Make sure the Wi-Fi password is long and complex
– Make sure it has a firewall, and that it's enabled
– Use only WPA3, or mixed WPA3/WPA2 (never use WPA or WEP)
– Segmentation (VLANs)
– Consider using a MAC address white list, so that only pre-chosen devices can access the WiFi
– Consider connecting phones and computers only via physical Ethernet cables (utilize USB-adapters), and keep WiFi fully disabled
– Consider purchasing a D-Link, and flash it with the open source ddWRT firmware
Before uploading for example photos anywhere – decide if you want the meta data to available publicly (e.g. the GPS/location data for where the photo was taken).
Before sending office documents anywhere (MS Excel, PowerPoint, Word, and the open source or Apple equivalents), don't forget that you, or someone else might have added comments in the documents, that's not visible by default. Even the "us" government, the White House, have made this mistake recently.
When receiving files from strangers, consider using a live operating system running on a USB memory (for example Ubuntu Linux). This way, if documents or folders are infected with malware/virus, it most probably will be contained to that USB memory, instead of infecting your daily driver system, or your phone.
Use Virus Total to analyse suspicious files, domains, IPs, and URLs to detect malware and other breaches, automatically share them with the security community.
– virustotal.com/.../upload
– virustotal.com/.../browser-extensions
Consider using VPN at all times, 24-7-365, for all your devices. Activate kill switch, so that all internet traffic is stopped, should the VPN disconnect for some reason.
Avoid any special DNS settings when using VPN, because that could cause your DNS requests (such as www.freedom.org) to be sent over the internet unencrypted – in clear text – for any actor to capture, analyse and store.
Sign up for Proton VPN – 14 Days Free!
The way to chose an operating system, OS, for a laptop/desktop or server, is to first conclude what software you're using, or planning to use. Some might be available for only one or two of the main options, which are Windows, macOS, and Linux. If Linux meets your specific needs, you can chose an OS that is not only free and open source, but also the number one choice among professionals.
Next, consider your philosophy on freedom, democracy, security, privacy, business models, surveillance, total cost of ownership, code of conduct – or lack there of. For example; Apple, Google and Microsoft actively supporting "israel's" genocide, ethnic cleansing, systematic rape, hostage taking (risen from 5,000 in 2023 to over 12,500 in 2025) and terrorism, using Your data and Your money.
Here's the statistics on what individuals and organizations use, globally.
63-71% Microsoft Windows
16-26% Apple macOS
2-5 % Linux
2% Google ChromeOS (which is based on Linux)
72% Google Android (which is based on Linux)
28% Apple iOS
96% Linux of the top 1,000,000 web servers
92% Linux of the top 500 fastest supercomputers
70% Linux of all web servers
68% Linux of all IoT devices
43-50% Linux of all software developers
57-64% Windows of all software developers
42-49% macOS of all software developers
Here's a few different Linux distributions to chose between.
– Ubuntu: Daily driver/all around machine, faster update cycles, broad hardware and software support, good for gaming and game development
– Debian: Daily driver/all around machine, slower update cycles in exchange for the utmost stability and general security
– Mint: Daily driver/all around machine, designed to work 'out of the box', comes fully equipped with the apps most people need
– Qubes: For security and privacy through isolation
– Tails: For anonymity, with TOR for all internet traffic, but this also means very strong privacy and security, albeit very limited features (in default mode)
– Whonix: For anonymity, with TOR for all internet traffic, but this also means very strong privacy and security (more flexible than Tails)
– Parrot Sec: For security testing/penetration testing, comes with many tools pre-installed (but could all be installed manually in other distro)
– Kali: For security testing/penetration testing, comes with many tools pre-installed (but could all be installed manually in other distro)
Both of these Linux distributions are very user friendly, with an overall experience similar to that of macOS. As matter of fact, Ubuntu and Mint are a lot easier to use than Windows. Linux also has better security and privacy, compared to Windows and macOS, when all is taken into account. To be fair, Windows has become more secure lately, but at the same time even less private – Microsoft is silently tracking your usage, as is Google and Apple.
Before installing, verify that the download is not corrupted, and not tampered with. Here's the Ubuntu 24.04.3 LTS (Noble Numbat) SHA 256 SUMS. In Terminal:
sha256sum <drag and drop .iso file here, looks like this:> '/home/user/Downloads/ubuntu-24.04.3-desktop-amd64.iso'
You don't have to use the command terminal, but if you start using it, you'll quickly realize how efficient it is and actually not hard at all. Here's a short introduction.
Show current directory:
pwd
Show files and folders, in current directory:
ls
Show files and folders, in current directory, as a list:
ls -li
Open text-file:
cat file.txt
Change directory:
cd Desktop
cd /Desktop/project/version
cd ../Documents
cd ..
cd ../../
Copy, move, rename, delete file:
cp /home/user/Desktop/file.txt /home/user/Documents/file.txt
mv /home/user/Desktop/file.txt /home/user/Documents/file.txt
mv file.txt renamed-file.txt
rm file.txt
Show system version, update/upgrade software:
lsb_release -a
sudo apt update && sudo apt upgrade
Install/uninstall software, examples; Net Tools, Uncomplicated FireWall (UFW), MAC Changer:
sudo apt install -y net-tools
sudo apt install -y ufw
sudo apt install -y macchanger
sudo apt remove <software name>
sudo apt autoremove
Show network information, enable UFW, verify UFW status, UFW help menu, change to a random MAC address:
ip addr
ip link show
sudo ifconfig
sudo ufw enable
sudo ufw status
ufw help
sudo macchanger -r -b <wifi adapter name, or real mac address>
Clear, exit Terminal, reboot computer:
clear
exit
reboot
The global Boycott, Divestment and Sanctions (BDS) movement, firmly believes that ending the complicity of states, corporations, and institutions in “israel’s” ongoing, live-streamed genocide against 2.3+ million Palestinians in Gaza [and the West Bank] is the most effective form of solidarity with the Palestinian struggle to end the genocide and dismantle “israel’s” 78-year-old regime of settler-colonialism and apartheid. – bdsmovement.net
Search brands and scan products, to see if it’s being boycotted and why. Make ethical shopping choices with confidence! – boycat.io
Read the PDF-file emails! [SFW, redacted] – jmail.world Watch the videos! [SFW, censored] – jmail.world/jefftube
From Latin abstrūdō; to conceal, hide, push or thrust away. Evolved to abstruse; difficult to comprehend or understand, obscure. Synonyms; cryptic, covert, secret.
No tracking, no cookies. Only HTML and CSS, plus one JavaScript function for color inversion – sessionStorage, deleted when closing browser.
Optimized for Brave – a privacy and security oriented browser.
All information is provided in a best effort, beginner friendly manner. Intended for educational purposes only – how anyone make use of it, is their own responsibility. By choosing to utilize any of the mentioned tools or methods – in part or in whole, You confirm Your agreement with the aforementioned statement.
Book security testing or workshop.
The continued efforts of developing Abstrude can be supported via:
– Buy Me a Coffee (Stripe)
– BTC bc1qxtfks0vy3x6w9p7t9cvxkxsx56ptmfm0wydwld
– ETH 0xa1AEbebe632D8170D7a4d716B44Ef93F64Ed62c6
– Referrals Proton
|
Starlink |
Simply
hind.rajab@abstru.de
|
Instagram
|
UpScrolled
|
Substack
|
Twitter/X
|
GitHub
[A]bstrude © 2025 – 2026
"I had been looking for leaders, but realized that leadership is about being the first to act." ― Edward Snowden